Bøger udgivet af It Governance Ltd

Step-by-step guidance on a successful ISO 27001 implementation from an industry leaderResilience against cyber attacks requires an organization to defend itself across all of its attack surface: people, processes, and technology. ISO 27001 is the international standard that sets out the requirements of an information security management system (ISMS) – a holistic approach to information security that encompasses people, processes, and technology. Accredited certification to the Standard is recognized worldwide as the hallmark of best-practice information security management.Achieving and maintaining accredited certification to ISO 27001 can be complicated, especially for those who are new to the Standard.Alan Calder knows ISO 27001 inside out: the founder and executive chairman of IT Governance, he led the implementation of the management system that achieved the world’s first accredited certification to BS 7799 – the forerunner to ISO 27001 – and has been working with the Standard ever since. Hundreds of organizations around the world have achieved accredited certification to ISO 27001 with IT Governance’s guidance, which is distilled in this book.In Nine Steps to Success – An ISO 27001 Implementation Overview, Alan provides a comprehensive overview of how to lead an ISO 27001-compliant ISMS implementation in just nine steps.Product overviewAligned with the latest iteration of ISO 27001:2013, this third edition of the original, no-nonsense guide to successful ISO 27001 certification is ideal for anyone tackling ISO 27001 for the first time. In nine critical steps, the guide covers each element of the ISO 27001 project in simple, non-technical language. There is a special focus on how US organizations can tackle this governance.Aligned with the latest iteration of ISO 27001:2013, this book is ideal for anyone tackling ISO 27001 for the first time, and covers each element of the ISO 27001 project in simple, non-technical language, including:Getting management support and keeping the board’s attentionCreating a management framework and performing a gap analysis so that you can clearly understand the controls you already have in place, and identify where you need to focusStructuring and resourcing your project, including advice on whether to use a consultant or do it yourself, and examining the tools and resources that will make your job easierConducting a five-step risk assessment, and creating a Statement of Applicability (SoA) and risk treatment plan (RTP)Guidance on integrating your ISO 27001 ISMS with an ISO 9001 quality management system (QMS) and other management systemsAddressing the documentation challenges you’ll face as you create business policies, procedures, work instructions, and records – including viable alternatives to a costly trial-and-error approachContinual improvement of your ISMS, including internal auditing and testing, and management reviewThe six secrets to certification success.If you’re tackling ISO 27001 for the first time, Nine Steps to Success – An ISO 27001 Implementation Overview will give you the guidance you need to understand the Standard’s requirements and ensure your implementation project is a success – from inception to certification. 

On 12 October 2022, the EDPB (European Data Protection Board) endorsed the Europrivacy(TM)/(R) certification scheme. This is the first certification mechanism, or data protection seal, that entities can achieve to demonstrate their compliance with the GDPR (General Data Protection Regulation) and other national data privacy obligations.This guide introduces the following key elements of Europrivacy: Preparing for certification.The certification criteria.The GDPR core criteria.Complementary contextual checks and controls.Technical and organisational checks and controls .National requirements.The certification process. There are considerable advantages for entities that certify some, or all, of their personal data processing activities to Europrivacy: Demonstrate to customers, clients, employees, suppliers and other stakeholders that protection of personal data being processed is of utmost importance.Reduce the financial and legal risks of non-compliance with the requirements of the GDPR. Non-compliance could lead to fines of up to £17.5 million ( 20 million) or 4% of total worldwide turnover, whichever is greater.Get peace of mind that Europrivacy checks and controls are continually updated to take into account any regulatory or legislative changes, advice and guidance from the EDPB, and changes to national and domain-specific obligations. Buy this guide today to begin your Europrivacy compliance journey!

A clear, concise primer on the CMMC (Cybersecurity Maturity Model Certification), this pocket guide:Summarizes the CMMC and proposes useful tips for implementationDiscusses why the scheme has been createdCovers who it applies toHighlights the requirements for achieving and maintaining compliance

A universal service desk (USD) is the central point of contact between a service provider and users for everyday activities, and within an organisation for all requests for and enquiries about the services provided to customers, both internal and external.The USD is a concept of service delivery and resolution through different channels (Internet, post, intranet, phone, email, physical counter). It also covers account management and its focus on customer relationships at different levels in the organisation.The Universal Service Desk (USD) - Implementing, controlling and improving service delivery defines what a USD is, why it is valuable to an organisation and how to build and implement one. This practical guide gives advice about: The use of software tools; Service sites; Self-service; Call centre functionality; Account management; Processes between the USD and back office; Quality management; Competence management; Capabilities; and The service catalogue.It also discusses the evolution of the USD as part of integrated workplace management.This book is ideal for those working in service management and the service desk industry, from managers to employees, and can also be used by students to understand all the components that relate to a USD.Understand the essentials of any USD - buy this book today!

Securing Cloud Services - A pragmatic guide gives an overview of security architecture processes and explains how they may be used to derive an appropriate set of security controls to manage the risks associated with working in the Cloud. The book: Introduces the concepts of Cloud computing and the associated security threats; Explains key security architectures and how they can be applied to Cloud services; and Covers security considerations for the different Cloud service models: IaaS (Infrastructure as a Service), PaaS (Platform as a Service), SaaS (Software as a Service) and FaaS (Function as a Service).Cloud computing represents a major change to the IT services landscape, but it also introduces changes to the risk landscape, which need to be understood and addressed. The flexibility of Cloud computing does not come without compromise or risk.Security remains a major concern for CIOs (chief information officers) considering a move to Cloud-based services. This book gives organisations pragmatic guidance on how to achieve consistent and cohesive security across their IT services - regardless of whether those services are hosted on-premises, on Cloud services or using a combination of both.This guidance in Securing Cloud Services - A pragmatic guide is provided through the application of a Security Reference Model to the different Cloud delivery models - IaaS, PaaS and SaaS - and also considers the changes in approach required to work securely with the newer FaaS model.Part 1 introduces the concepts embodied within Cloud computing, describes the associated security threats and lists some of the leading industry initiatives dedicated to improving the security of Cloud services.Part 2 introduces security architecture concepts and a conceptual Security Reference Model. This model is then applied to the different Cloud service models to show how the conceptual security services within the reference model can be delivered for each Cloud service model.This book will help organisations looking to implement Cloud services aimed at the enterprise - such as Amazon Web Services, Microsoft Azure, Google Cloud Platform and Salesforce - and to do so in a risk-managed manner.It is aimed at business decision makers, senior IT stakeholders, enterprise architects, information security professionals.Manage the risks associated with Cloud computing - buy this book today!

Enhanced IT Service Management though integrated management frameworksWith the increasing popularity of ITILas a framework for IT Service Management (ITSM), a number of organizations have realized that this approach is sometimes not enough on its own. As a result, service managers are looking for ways to enhance their ITIL-based ITSM without having to throw it away and start again. Many are already working towards compliance with ISO/IEC 20000 - the International Standard for IT Service Management. With the recent release of COBIT service management practitioners have even more options. However, until now, there has been little guidance on how to merge these frameworks, standards and methodologies to develop best practice across the ITSM function and produce a robust enterprise philosophy for service delivery.Guidance on creating an integrated systemWritten by service management gurus Suzanne D. Van Hove and Mark Thomas,Pragmatic Application of Service Managementis the first book to provide guidance on creating an integrated system based on the three leading service management approaches: COBIT ISO/IEC 20000 and ITIL and, to provide a unique mapping to assist service management practitioners in their information gathering. This practical book presents a holistic view of the three and enables service managers to immediately adapt and deploy the guidance, quickly improving their ITSM function.Create a stronger, more robust Service Management SystemPacked with instructive illustrations and helpful tables, this book is ideal for service managers, consultants, auditors and anyone who is considering adopting, adapting or merging COBIT ISO/IEC 20000 and ITIL. Through mini case studies, the authors apply their unique Five Anchor Approach to demonstrate how the improvement aspects of COBIT ISO/IEC 20000 and ITIL can help identify and deal with common problems faced by today's organizations.Read this book to learn how to merge COBIT ISO/IEC 20000 and ITIL for better service managementThis product is accredited by AXELOS, the licensors of official ITIL products. ITIL is a Registered Trade Mark of AXELOS Limited.

An ideal primer for anyone implementing a PIMS (privacy information management system) based on ISO/IEC 27701ISO/IEC 27701:2019 is a privacy extension to the international information security management standard, ISO/IEC 27001. It has been designed to integrate with ISO 27001 to extend an existing ISMS (information security management system) with additional requirements, enabling an organisation to establish, implement, maintain and continually improve its PIMS.ISO 27701 provides guidance on the protection of privacy, including how organisations should manage personal information, and helps demonstrate compliance with privacy regulations around the world, such as the GDPR (General Data Protection Regulation).ISO/IEC 27701:2019: An introduction to privacy information management offers a concise introduction to the Standard, aiding those organisations looking to improve their privacy information management regime, particularly where ISO/IEC 27701:2019 is involved. It is intended for: Individuals looking for general information about privacy information management; and Organisations implementing, or considering improving, a PIMS, particularly where the use of ISO/IEC 27701:2019 is being considered.It will enable you to understand the basics of privacy information management, including: What privacy information management means; How to manage privacy information successfully using a PIMS aligned to ISO/IEC 27701; Key areas of investment for a business-focused PIMS; and How your organisation can demonstrate the degree of assurance it offers with regard to privacy information management.This guide will prove useful throughout a number of stages in any privacy information management project - buy your copy today!

Reduce energy costs and combat climate change with ISO 50001ISO 50001:2018, the international standard for energy management, provides a framework for organisations - both large and small - to manage and reduce their energy usage and associated costs. Implementing an effective EnMS (energy management system) that complies with ISO 50001 ensures that an organisation can: Meet legal and contractual energy compliance requirements; Save money by managing energy more efficiently; Reduce its carbon footprint; Increase energy security; and Demonstrate a commitment to improved energy performance.With energy security concerns rising and climate change an existential threat, consumers are increasingly aware of sustainability issues.ISO 50001 - A strategic guide to establishing an energy management system provides a practical but strategic overview for leadership teams of what an EnMS is and how implementing one can bring added value to an organisation. It: Explains how ISO 50001:2018 (which is based on ISO's Annex SL) differs from the previous version of the Standard; Provides readers with a greater understanding of what energy management is and how taking a risk-based approach can save money and improve brand reputation; and Covers how ISO 50001 can be implemented and how the EnMS can be integrated with other management systems, such as an ISO 14001 EMS (environmental management system).Your strategic guide to energy management and ISO 50001 - buy this book today!

Understand ISO 38500: the standard for the corporate governance of ITIn the 21st century, IT governance has become a much-discussed topic among IT professionals. An IT governance framework serves to close the gap between the importance of IT and the understanding of IT, helping to improve your organisation's competitive position.ISO/IEC 38500 is the international standard for the corporate governance of information and communication technology. The purpose of the standard is to create a framework to ensure that the board is appropriately involved, and it sets out guiding principles for governing bodies on how to ensure the effective, efficient and acceptable use of IT within their company.This useful pocket guide is an ideal introduction for those wanting to understand more about ISO 38500. It describes the scope, application and objectives of the Standard and outlines its six core principles. It covers: What is ISO/IEC 38500? The corporate governance context Scope, application and objectives Principles and model for good governance of it Implementing the six IT governance principles ISO/IEC 38500 and the IT steering committee Project governance Other IT governance standards and frameworks Integrated frameworksImplement an IT governance framework to improve your organisation's competitive position. Buy this pocket guide today!About the authorAlan Calder is a leading author on IT governance and information security issues. He is Group CEO of GRC International Group plc, the AIM-listed company that owns IT Governance Ltd. Alan is a frequent media commentator on IT governance and information security issues, and has contributed articles and expert comment to a wide range of trade, national and online news outlets.

An ideal introduction to PCI DSS v3.2.1All businesses that accept payment cards are prey for criminal hackers trying to steal financial information and commit identity fraud. The PCI DSS (Payment Card Industry Data Security Standard) exists to ensure that businesses process credit and debit card payments in a way that effectively protects cardholder data.All organisations that accept, store, transmit or process cardholder data must comply with the Standard; failure to do so can have serious consequences and expensive repercussions. These range from customer desertion and brand damage to significant financial penalties and operating restrictions imposed by their acquiring bank.Covering PCI DSS v3.2.1, this handy pocket guide provides all the information you need to consider as you approach the Standard. It is also an ideal training resource for those in your organisation involved with payment card processing. Topics include: An overview of PCI DSS v3.2.1 How to comply with the requirements of the Standard Maintaining compliance The PCI SAQ (self-assessment questionnaire) The PCI DSS and ISO 27001 Procedures and qualifications An overview of the PA-DSS (Payment Application Data Security Standard) PTS (PIN Transaction Security) Software-based PIN entryBuy your copy of this quick-reference guide to PCI DSS v3.2.1 today!About the authorsAlan Calder is a leading author on IT governance and information security issues. He is the CEO of GRC International Group plc, the AIM-listed company that owns IT Governance Ltd.Alan is an acknowledged international cyber security guru. He is a frequent media commentator on information security and IT governance issues, and has contributed articles and expert comment to a wide range of trade, national and online news outlets.Geraint Williams is the CISO for the GRC International Group of companies, and a knowledgeable and experienced senior information security consultant and former PCI QSA, with a strong technical background and experience in the PCI DSS and security testing.Geraint has provided consultancy on implementing the PCI DSS, and has conducted audits for a wide range of merchants and service providers as well as penetration testing and vulnerability assessments for clients. He has broad technical knowledge of security and IT infrastructure, including high-performance computing and Cloud computing. His certifications include CISSP® and PCIP.

Manage your team successfully so you can all reap the rewards of remote workingThe rise of remote workingThe world of work is changing. Many employees no longer hold the traditional nine-to-five job. Instead, working time is increasingly flexible. Technology has enabled a rapid rise in the number of remote workers in recent years; the TUC estimates that the number of UK people working from home increased by a fifth in the ten years to 2018, and now stands at around 2.5 million people. This number is expected to continue to rise - as a result of changing attitudes and technological developments - with half the UK workforce expected to be working remotely by 2025.Benefits of remote workingRemote working, flexible working, working from home - whichever terminology you use - allows employees to change the locations they work from and their working hours. For the organisation, proven benefits include improved employee retention, a wider pool of applicants, reduced costs, increased productivity, lower absenteeism and carbon footprint reductions. For the individual, the flexibility brings a better work-life balance, reductions in costs such as those associated with commuting, less stress, increased well-being and less time spent travelling. For a manager, it can help them empower team members to give their best, improve well-being in the team and improve job performance and satisfaction.Making a success of managing and working remotelyThis book will help managers and team members alike who are about to or have already started working remotely. It will enable managers to comprehend the challenges of managing remote workers and put strategies in place to overcome these, and will advise employees how to approach their work when doing so remotely. For the manager, this book provides practical advice on how to manage remotely, with emphasis on the use of technology, creating team cohesion and avoiding isolation factors. For the team member, the book provides tips and techniques on how to work remotely, balance work and outside-work demands, and deliver desired outcomes.Using case studies, diagrams and tables, with a good balance of research and practical advice, the book discusses both the technological and psychological aspects of remote working, helping employees and managers understand how they should approach and evaluate working remotely.Ensure you make remote working a success with proven, practical advice - buy this book today.About the authorSarah Cook is the managing director of The Stairway Consultancy Ltd. She has 20 years' consulting experience specialising in leadership and management development. Before this, Sarah worked for Unilever and as head of customer care for a retail marketing consultancy.Sarah has practical experience helping managers to manage remotely and create high-performing teams. She has also worked extensively with team members to help them effectively transition to new ways of working. Sarah is a business author and has written widely on the topics of leadership, management development, team building and coaching. She also speaks regularly at conferences and seminars on these topics.Sarah is a Fellow of the Chartered Institute of Personnel and Development and is a Chartered Marketer. She has an MA from the University of Cambridge and an MBA from The Open University. She is an accredited user of a wide range of psychometric and team diagnostic tools.

This pocket guide is a primer for any OES (operators of essential services) that needs to comply with the NIS Regulations, and explores who they are, and why the NIS Regulations are different for them.An introduction to the new NIS Regulations 2018 that bring the EU's NIS Directive and Implementing Regulation into UK law.This guide outlines the requirements for operators of essential services based on the Cyber Assessment Framework established by the National Cyber Security Centre (NCSC), including an explanation of the objectives, principles and indicators of good practice, and offers implementation guidance.This guide will help you:Understand how to comply with NIS Regulations, and avoid penalties associated with non-complianceUnravel the key definitions, authorities and points of contactLearn the benefits of a good Cyber Resilience planInterpret and ensure compliance with the Cyber Assessment FrameworkEstablish the NCSC's cyber security objectives, principles and indicators of good practiceYour essential guide to understanding the NIS Regulations - buy this book today and get the help and guidance you need.

This pocket guide is a primer for any DSPs (digital service providers) that needs to comply with the NIS Regulations, and explores who they are, and why the NIS Regulations are different for them.An introduction to the new NIS Regulations 2018 that bring the EU's NIS Directive and Implementing Regulation into UK law. This guide outlines the key requirements, details exactly which digital service providers are within scope, and explains how the security objectives from ENISA's Technical Guidelines and international standards can help DSPs achieve compliance.This guide will help you:Clarify how to identify if you are within the scope of the NIS RegulationsGain an insight into the NIS DirectiveUnravel the key definitions, authorities and points of contactUnderstand the benefits of a good cyber resilience planYour essential guide to understanding the NIS Regulations - buy this book today and get the help and guidance you need.

With a view to helping managers ask the right questions, Data Protection and the Cloud explains how you can effectively manage the risks associated with the Cloud and meet regulatory requirements. This book discusses:The controller-processor relationship and what you should pay attention to;How to mitigate security risks in the Cloud to comply with Article 32 of the EU GDPR (General Data Protection Regulation);How to comply with Chapter V of the GDPR when transferring data to third countries; andThe implications of the NIS Directive (Directive on security of network and information systems) for Cloud providers.One of the most dramatic recent developments in computing has been the rapid adoption of Cloud applications. According to the Bitglass Cloud Adoption Report, more than 81% of organisations have now adopted the Cloud in some form, compared with only 24% in 2014. And there are no signs that this is slowing down.The GDPR was enforced on 25 May 2018, superseding the 1995 Data Protection Directive and all local implementations. Bringing data protection into the 21st century, the Regulation expands the rights of individuals, but also introduces new, stricter requirements for organisations. This pocket guide discusses the GDPR requirements relating to Cloud sourcing and the risks involved.With a view to helping managers ask the right questions, Data Protection and the Cloud explains how you can effectively manage the risks associated with the Cloud and meet regulatory requirements. This book discusses:The controller-processor relationship and what you should pay attention to;How to mitigate security risks in the Cloud to comply with Article 32 of the EU GDPR (General Data Protection Regulation);How to comply with Chapter V of the GDPR when transferring data to third countries; andThe implications of the NIS Directive (Directive on security of network and information systems) for Cloud providers.One of the most dramatic recent developments in computing has been the rapid adoption of Cloud applications. According to the Bitglass Cloud Adoption Report, more than 81% of organisations have now adopted the Cloud in some form, compared with only 24% in 2014. And there are no signs that this is slowing down.The GDPR was enforced on 25 May 2018, superseding the 1995 Data Protection Directive and all local implementations. Bringing data protection into the 21st century, the Regulation expands the rights of individuals, but also introduces new, stricter requirements for organisations. This pocket guide discusses the GDPR requirements relating to Cloud sourcing and the risks involved.Buy today and learn how to meet your data protection obligations when using Cloud services.

Learn how to integrate well-known concepts, methods and processes from ITIL(R) and COBIT(R), combining the best from each approach. IT4B is not about reinventing your favourite method, but putting it into the context of improvement and identifying any potential gaps.

The author details 30 achievable ways that such a role will increase relevance, quality and overall business value, and provide business users with crucial support. The Agile business analyst is also a boon to the development team, being a ready source of business knowledge and ensuring that project outcomes align with requirements.

Used by the UK government and extensively throughout the world, PRINCE2(R) uses seven principles, seven themes and seven processes, which the author believes can be tailored to any project, in any environment, at any time and with anyone - be it work-related or not.This step-by-step guide:Explains the principles of PRINCE2 in straightforward, manageable chunks;Emphasises how to apply PRINCE2 in practice, using real-life examples;Is written by an experienced PRINCE2 practitioner and trainer, so you can be sure that the information is based upon approaches that work;Gives clear explanations and practical illustrations in each section;Explains how to effectively apply PRINCE2's principles, themes and processes to your projects and other real-world scenarios; andHas been updated for PRINCE2 2017.A guide to effective project managementThis book will guide you through each step of your project, clearly defining the underlying principles that should be applied to every project, regardless of what is going on inside or outside the project environment. They are sound, proven rules, which can be used as markers on the way to project success.PRINCE2 is principle-based rather than prescriptive. The principles are:Universal in that they apply to every project;Self-validating in that they have been proven in practice over many years; andEmpowering because they give practitioners greater confidence and the ability to influence and shape how a project will be managed.Susan Tuttle has 20 years' experience in project management, programme management and change management, producing exceptional results across diverse industries. She is an accredited trainer in PRINCE2. Her training style is influenced by her strong commitment to human development. She uses learner-centred theories and principles in her training and writing to help explain and communicate difficult topics.

This book defines critical infrastructure services, including how to: Describe the critical infrastructure service; Identify the interconnections and dependencies of information systems; Create a functioning organisation to protect CII Train people to make sure they are aware of cyber threats.

Collaborative business service design (CBSD) is a methodology to help business and IT cooperate more effectively to create IT-driven business services that fully support business requirements.

Schützen Sie die Informationen Ihrer Organisation mit ISO27001:2013Informationen gehören zu den wichtigsten Ressourcen Ihrer Organisation und ihre Sicherheit ist überlebenswichtig für Ihr Geschäft. Dieser praktische Taschenführer bietet einen grundlegenden Überblick über die beiden wichtigsten Informationssicherheitsstandards mit den formalen Anforderungen (ISO27001:2013) zum Erstellen eines Informationssicherheit-Managementsystems (ISMS) sowie Empfehlungen zu besten Verfahren (ISO27002:2013) für alle jenen, die dieses Einführen, Umsetzen oder Verwalten müssen.Ein auf der Norm ISO27001/ISO27002 basierendes ISMS bietet zahlreiche Vorteile: Verbessern Sie Ihre Effizienz durch Informationssicherheitssysteme und vorgehensweisen, dank derer Sie sich auf ihr Kerngeschäft konzentrieren können Schützen Sie Ihre Informationswerte vor einer Reihe von Cyber-Bedrohungen, krimineller Aktivitäten, Gefährdungen durch Insider und Systemausfälle Managen Sie Ihre Risiken systematisch und erstellen Sie Pläne zum Beseitigen oder Verringern von Cyber-Bedrohungen Erkennen Sie Bedrohungen oder Prozessfehler eher und beheben Sie sie schnellerDer nächste Schritt zur Zertifizierung?Sie können einen unabhängigen Audit Ihres ISMS anhand der Spezifikationen der Norm ISO27001 vornehmen lassen und, wenn dieser die Konformität Ihres ISMS bestätigt, unter Umständen einen akkreditierte Zertifizierung erhalten. Wir veröffentlichen eine Reihe von Toolkits und Büchern zum Thema ISMS (wie „Nine Steps to Success"), die Sie dabei unterstützen.Inhalt Die ISO/IEC 27000 Familie von Informationssicherheitsstandards; Hintergrund der Normen; Unterschied Spezifikation - Leitfaden; Zertifizierungsprozess; Die ISMS und ISO27001; Überblick über ISO/IEC 27001:2013; Überblick über ISO/IEC 27002:2013; Dokumente und Aufzeichnungen; Führungsverantwortung; Prozessansatz und PDCA-Zyklus; Kontext, Politik und Anwendungsbereich; Risikobeurteilung; Die Erklärung zur Anwendbarkeit; Umsetzung; Überprüfung und Handeln; Managementprüfung; ISO27001 Anhang A;Über den AutorAlan Calder ist Gründer und Vorstandsvorsitzender der IT Governance Ltd, ein Informations-, Analyse- und Beratungsunternehmen, das Unternehmen bei der Verwaltung von IT-Governance-, Risikomanagement-, Compliance- und Informationssicherheitsfragen unterstützt. Er verfügt über eine langjährige Erfahrung im Senior Management im privaten und öffentlichen Sektor.Dieser praktische Taschenführer bietet einen grundlegenden Überblick über die beiden wichtigsten Informationssicherheitsstandards - kaufen Sie ihn noch heute und erfahren Sie, wie Sie das wertvollste Gut Ihrer Organisation schützen können.

Protégez l'information de votre organisation grâce à l'ISO27001 :2013L'information est l'une des ressources les plus importantes de votre organisation, et la conservation de cette information est vitale pour votre entreprise Ce guide de poche pratique est un aperçu essentiel de deux normes clés en matière de sécurité de l'information, il couvre les exigences formelles (ISO27001:2013) pour la création d'un système de management de la sécurité de l'information (SMSI), ainsi que les recommandations des meilleures pratiques (ISO27002:2013) pour les responsables du lancement, de la mise en œuvre ou du suivi.Un SMSI se basant sur l'ISO27001/ISO27002 offre une foule d'avantages: Une amélioration de l'efficacité, en mettant en place des systèmes et des procédures de sécurité de l'information vous permettant de vous concentrer davantage sur votre activité principale. Il protège vos actifs d'information d'un large éventail de cyber-attaques, d'activités criminelles, de compromis internes et de défaillance du système. Gérez vos risques de façon systémique et établissez des plans pour éliminer ou réduire les menaces cybernétiques. Il permet une détection plus rapide des menaces ou des erreurs de traitement, et une résolution plus rapide.Prochaine étape vers la certification ?Vous pouvez organiser un audit indépendant de votre SMSI en fonction des spécifications de l'ISO27001 et, si votre SMSI est conforme, obtenir éventuellement une certification accréditée. Nous publions une série de boîtes à outils de documentations et des ouvrages sur le SMSI (tels que Neuf étapes vers le succès) pour vous aider à atteindre cet objectif.Sommaire La famille ISO/CEI 27000 des normes de sécurité de l'information ; Historique des normes ; Spécification ou Code de bonne pratique ; Procédure de certification ; Le SMSI et l'ISO27001 ; Aperçu de l'ISO/CEI 27001 :2013 ; Aperçu de l'ISO/CEI 27002 :2013 ; Documentation et enregistrements ; Responsabilités du management ; Approche procédurale et cycle PDCA ; Contexte, politique et domaine d'application ; Évaluation des risques ; La Déclaration d'Applicabilité ; Mise en œuvre ; Contrôler et agir ; Examen par le management ; ISO27001 Annexe AConcernant l'auteurAlan Calder est le fondateur et le président exécutif d'IT Governance Ltd, un cabinet d'information, d'avis et de conseils qui aide les conseils d'administration des entreprises à s'attaquer aux questions de gouvernance informatique, de gestion des risques, de conformité et de sécurité de l'information. Il est riche de nombreuses années d'expérience en haute direction dans les secteurs privé et public.

When is a gift not a gift? When it's a bribe.For many, corporate hospitality oils the wheels of commerce. But where do you draw the line?Bribes, incentives, and inducements are not just a matter of used banknotes stuffed in brown envelopes. Expenses, corporate settlement of personal bills, gifts, and hospitality can all be used to influence business partners, clients, and contractors.Can you afford unlimited fines?With strict penalties and reputational damage both possibilities, it's important for organizations to have processes and procedures in place to prevent bribery.Such processes and procedures can be found in ISO 37001, the international standard for ABMSs.How to implement an ABMSISO 37001: An Introduction to Anti-Bribery Management Systems explains how to implement an ABMS that meets the requirements of ISO 37001, from the initial gap analysis to due diligence management, and covers the following: An introduction to ISO 37001 An ABMS explained Management processes within an ABMS Implementing an ABMS Risk assessment in due diligence Whistleblowing and bribery investigations Internal auditing and corrective action Certification to ISO 37001The book provides helpful guidance on the importance of clearly defining policies; logging gifts and hospitality in auditable records; ensuring a consistent approach across the organization; controls for contractors; facilitation payments; and charitable and political donations.An ethical approach to business is not just a legal obligation but a way to protect your reputation.About the authorAlan Field, MA, LL.B (Hons), PgC, MCQI CQP, MIIRSM, GIFireE, GradIOSH is a Chartered Quality Professional, an IRCA Registered Lead Auditor, and member of the Society of Authors.Alan has expertise in auditing and assessing ABMSs to ISO 37001 and public-sector counter-fraud systems to ISO 9001. Alan has many years' experience with quality and integrated management systems in the legal, financial, property, and project management sectors in auditing, assessment, and gap analysis roles.Your company's integrity is important. ISO 37001: An Introduction to Anti-Bribery Management Systems shows you how to maintain and prove it.

"Love the fact that it jumped in with 10 top tips for security, a great opening to the book… Excellent section on phishing emails/vishing/smishing, with great practical examples …"Christopher Wright, Wright-CandA Consulting LtdProtect yourself from cyber threats and risksCyberspace, the Internet, computer networks, the digital world - call it what you will - is always developing. And so are the threats and risks of being online.Security in the Digital World explains the common digital threats to home users, home offices, mobile users, consumers and parents alike, as well as providing tips, advice and guidance. It doesn't matter if you are working in the most mature enterprise environment, unemployed, retired or still at school, whether you often have a smartphone in your hand or only use an e-reader, you are at risk.Security in the Digital World is a straightforward guide for the home user, parent, consumer and home office, providing a fountain of knowledge for modern security needs. It gives an overview of who conducts cyber attacks any why, and where cyber threats come from. It also explains what you can do to protect yourself and others, and provides a personal cyber security risk assessment.Deeper insight into threats in the digital worldThis must-have guide gives up-to-date information on consumer risks and provides: Ten tips to keep your digital information secure; Understanding and awareness of information security and cyber threats; Explanations of what social engineering is and techniques used by cyber criminals; Advice on what to look out for online and your rights as a consumer; and Guidance on common threats in the digital age, including malware, social engineering and ransomware.There is little technical knowledge or skill needed to understand and apply the book's tips and advice, and there are lots of images to help guide you.From the top ten tips and the breakdown of consumer risks, to social networking and parental security, this book is an essential guide for anyone and everyone trying to stay safe and secure in the evolving digital world.About the authorGraham Day spent 24 years in the military, including more than a decade as a counter-intelligence and security specialist on operational deployments around the world.Since retiring from the military, Graham has provided a range of services as a consultant, including, but not limited to, information security, cyber security , business continuity, cyber risk and cyber resilience.He is a CESG Certified Professional Security Information Risk Advisor, a Certified Information Systems Security Professional, and a member of the Author Group for British Standard 31111 Cyber Risk & Resilience.

Fundamentals of Assurance for Lean Projects explains the fundamental concepts of Lean and how they can be applied to any project, including software development and organisational change.It explains the jargon and dispels the mystique that surrounds Lean, providing readers with guidance and tips on performing audits or assurance reviews for Lean projects.It also describes how Lean fits with Agile and Kanban, and how it can be combined with Six Sigma to create an efficient, high-quality approach. The book provides strong practical guidance for those tasked with providing assurance for Lean projects.Read this book to learn about the approach and principles of Lean, the governance of Lean projects, and Lean audit and review. Topics covered include: The five main Lean principles and their significance. Tools used for root-cause analysis (the five whys and fishbone analysis). Defining and modelling customer value, and innovative responses to customer needs (the Kano model). Common causes of waste and how to improve flow. Customer pull and Kanban mechanisms to manage the associated flow of processing and information. The pursuit of perfection (Kaikaku and Kaizen) and total quality management (TQM). The application of Lean principles to software development. Practical suggestions for approaches to auditing.As with all books in the Fundamentals Series, Fundamentals of Assurance for Lean Projects introduces the subject and includes references for those who would like to further investigate specific areas.Buy today and learn the fundamental concepts of Lean and how they can be applied to any project!Christopher Wright is a qualified accountant, a Certified Information Systems Auditor and a Certified ScrumMaster(TM) with over 30 years' experience providing financial and IT advisory and risk management services. For 16 years he worked at KPMG, where he was head of information risk training in the UK and ran training courses in overseas locations, including India and mainland Europe. He managed a number of major IS audit and risk assignments, including project risk and business control reviews. He has worked in a wide range of industry sectors, including oil and gas, the public sector, aviation, and travel. For the past ten years, he has been an independent consultant specialising in financial, SOX and operational controls for major ERP implementations, mainly at oil and gas enterprises.He is an international speaker and trainer for Agile audit and governance, and is the author of three other titles, also published by ITGP: Agile Governance and Audit, Reviewing IT in Due Diligence and Fundamentals of Information Risk Management Auditing.

Only by understanding IT-driven business services and anchoring them in a service design statement (SDS) can enterprises translate business needs into IT-intensive business services.In Collaborative Business Design - Improving and innovating the design of IT-driven business services, Brian Johnson and Léon-Paul de Rouw comprehensively explain how to use business service design (BSD) to formulate an effective SDS that will help business and IT cooperate to create robust, efficient services that support business requirements.Product overviewCollaborative Business Design delves into the inner workings of services, with the aim of making sure that each side - business and IT - understands the other's needs and drivers so that services can deliver what is required, expected and promised throughout their lifecycle. It: Examines the gap in understanding between IT and business. Introduces BSD - an analytic approach to understanding the characteristics of IT-driven business services. Provides an overview of the components and characteristics of IT-driven business services. Considers the different parts of the BSD and SDS. Offers insight into the design of IT-driven business services using BSD. Discusses practical consequences for business transformation to continuously define, develop and improve services that customers want to use.Full of useful diagrams and examples (and quotations from an unusual range of sources including Star Trek, Mick Jagger and Oscar Wilde), Collaborative Business Design explains how to guide the development, building, programme management, and maintenance of IT-driven business services.Introducing business service design (BSD)BSD is a simple approach to designing the overarching architecture of any IT-driven business service.It merges the pragmatism and logic of the UK Government Gateway method with service blueprinting and the stakeholder approach to gaining consensus.BSD is not an architecture for software development or for technology support - it complements existing frameworks such as TOGAF, IT4IT, BiSL® Next and ITIL® by focusing on business architecture, a subject rarely discussed before designing an IT-intensive, complex business service.Who should read this bookThis book is intended for anyone responsible for designing and implementing IT-driven services, or who is involved in their operation. This includes everyone on both sides of supply and demand, including: Internal and external service providers, such as service managers, contract managers, bid managers, lead architects, requirement analysts Business, financial, sales, marketing and operations managers who are responsible for output and outcome Sales and product managers who need to present and improve service offerings Developers who need to develop new and improved services Contract managers and those responsible for purchasing Consultants, strategists, business managers, business process owners, business architects, business information managers, chief information officers, information systems owners and information architectsAbout the authorsBrian Johnson has published more than 30 books, including over a dozen official titles in the IT Infrastructure Library (ITIL), many of which are used worldwide. He designed and led the programme for ITIL version 2. Léon-Paul de Rouw studied technical management and organisation sociology. He worked for several years as a consultant and researcher in the private sector.

A unique holistic approach to ITIL in the real worldAs more companies begin an adopt/adapt initiative based on ITIL guidance, they quickly realize that looking at single processes in isolation is not enough. To benefit fully from the framework, companies have to look at the relationships between processes, understanding upstream and downstream impacts. However, advice on using this approach has not been readily available ... until now. Manage your ITIL implementation like never before Co-published by ITGP and itSMF USA, It's All About Relationships: What ITIL® doesn't tell you is the third book in the Thought Leadership Series. Providing a view into the vital relationships between the ITIL lifecycle stages, this unrivalled publication provides invaluable guidance that no service manager should be without. Practical, sensible and sound advice from industry expertsThe authors bring together their extensive practical experience to provide a guide written for IT professionals, ITSM practitioners, Service Owners and Process Owners, university students, and in fact anyone working to adopt the ITIL framework or needing a deeper understanding of its interfaces. 'Suzanne's and Kathy's knowledge and attention to detail shine through in the very high quality of this publication. No doubt you will find it indispensable and in short order, I'm sure your copy will be well used and dog-eared!' Dwight Kayto PMP, ITSM Fellow, ITIL Expert.ITIL® is a registered trade mark of the PeopleCert group. Used under licence from PeopleCert. All rights reserved.