Bøger udgivet af Itgp

The PCI DSS (Payment Card Industry Data Security Standard) is now on its fourth version. The withdrawal date for v3.2.1 is 31 March 2024. Many organisations around the world - particularly those that fall below the top tier of payment card transaction volumes - are not yet compliant with the new version. This book: Explains the fundamental concepts of PCI DSS v4.0;Is a perfect quick reference guide for PCI professionals, or a handy introduction for people new to the payment card industry; andCovers the consequences of a data breach and how to comply with the Standard, giving practical insights. An ideal introduction to PCI DSS v4.0 Organisations that accept payment cards are prey for criminal hackers trying to steal financial information and commit identity fraud. Many attacks are highly automated, searching for website and payment card system vulnerabilities remotely, using increasingly sophisticated tools and techniques. This guide will help you understand: How you can comply with the requirements of the Standard;The PCI DSS and ISO/IEC 27001:2022;PTS (PIN Transaction Security); andP2PE (Point-to-point encryption).

DORA - A guide to the EU Digital Operational Resilience ActThis guide will introduce you to key elements of the DORA (Digital Operational Resilience Act) framework, such as: The implementation process;Risk management;Incident response and reporting;Digital operational resilience testing; andInformation and intelligence sharing.For organisations operating in the financial sector, government interference and regulatory oversight are nothing new. It stands to reason, of course: finances dictate so much of how a country and society functions that the power of government could be hobbled should the financial sector be struck down or left impotent. Furthermore, a secure financial market draws business to itself, which is obviously desirable for all governments.In 2020, the ESRB (European Systemic Risk Board) examined systemic cyber risk in the EU financial sector. The resulting report found that the primary risks arose from key developments in modern networks and ways of doing business: - High levels of interconnectedness across financial entities and markets.- Interdependence between systems - e.g. payments systems, securities clearing and settlement, claims management, peer-to-peer finance, etc.- Deepened interconnectedness between financial entities and third-party service providers and suppliers.- Financial entities deploy services across national borders and cyber threats know no borders.- Likelihood that vulnerabilities can propagate across the entire EU financial system, compromising stability of EU financial systems.It was a combination of these factors that led the EU to create DORA. As a regulation, DORA will be enforced from a fixed date regardless of what any member state does. Some countries may apply more restrictive conditions, but it is not possible for any of them to override DORA to relax requirements.Buy this guide today and begin your DORA compliance journey.

Schritt-für-Schritt-Anleitung für eine erfolgreiche ISO 27001-ImplementierungIn sinnvoller, nicht technischer Sprache führt Sie dieser Leitfaden durch die wichtigsten Schritte eines ISO 27001-Projekts, um Ihnen den Erfolg desselben zu garantieren - von der Einführung bis hin zur Zertifizierung: Projektmandat Projektanbahnung Initiierung eines ISMS Management-Framework Grundlegende Sicherheitskriterien Risikomanagement Implementierung Maßnahme, Überwachung und Überprüfung ZertifizierungIn dieser dritten Auflage und ausgerichtet auf ISO 27001: 2013 eignet sich das Handbuch ideal für alle jene, die sich zum ersten Mal mit der Norm beschäftigen."Es ist als hätten Sie einen $ 300 / h-Berater an Ihrer Seite, wenn Sie die Aspekte der Gewinnung von Management-Unterstützung, Planung, Problembestimmung (Scoping), Kommunikation etc. betrachten."Thomas F. Witwicki Mit Hilfe dieses Buches erfahren Sie wie Sie: Unterstützung im Management und die Aufmerksamkeit des Vorstands erhalten; Erstellen Sie ein Management-Framework und eine Gap-Analyse, um klar zu verstehen, was Sie bereits unter Kontrolle haben und worauf ihre Bemühungen abzielen sollen; Strukturieren Sie Ihr Projekt und statten Sie es mit Ressourcen aus - einschließlich der Festlegung, ob Sie einen Berater verwenden werden oder die Tätigkeit selbst durchführen sowie der Überprüfung der vorhandenen Mittel und Ressourcen, die ihre Arbeit erleichtern werden; Führen Sie eine fünfstufige Risikobewertung durch und erstellen Sie eine Aussage zur Anwendbarkeit sowie einen Risikoplan; Integrieren Sie Ihr ISO 27001 ISMS mit einem ISO 9001 QMS und anderem Managementsystem; Adressieren Sie die Dokumentationsherausforderungen, denen Sie im Rahmen der Erstellung von Geschäftsgrundsätzen, Verfahren, Arbeitsanweisungen und Datensätzen begegnen - einschließlich realisierbarer Alternativen zum kostspieligen Trial- und Error Ansatz Kontinuierliche Verbesserung Ihres ISMS, einschließlich interner Prüfungen und Tests sowie Kontrollen durch das Management;Dieses Buch liefert Ihnen die nötige Anleitung zum Verständnis der Anforderungen der Norm und zur Gewährleistung, dass ihr Implementierungsprojekt ein Erfolg wird. Dabei werden sechs Geheimtipps für den Erfolg gegeben. BackgroundDie Erlangung und Aufrechterhaltung der akkreditierten Zertifizierung nach der internationalen Norm für Informationssicherheit-Management - ISO 27001 - kann ein kompliziertes Vorhaben darstellen, besonders dann, wenn die Norm für Sie noch neu ist.Autor Alan Calder kennt ISO 27001 in- und auswendig: der Gründer und Vorstandsvorsitzende von IT Governance, er leitete die erste Implementierung eines nach BS 7799 zertifizierten Managementsystems - dem Vorläufer der ISO 27001 - und arbeitet seither mit der Norm und seinen Nachfolgern zusammen.Hunderte Organisationen weltweit haben akkreditierte Zertifizierungen nach ISO 27001 mit der IT-Governance-Beratung erlangt- wie in diesem Buch zusammengefasst.Kaufen Sie dieses Buch heute und erlernen Sie die neun Schritte für eine erfolgreiche ISO 27001 ISMS Implementierung.

Artificial intelligence - Ethical, social, and security impacts for the present and the futureA global perspective on AIAI is much more than just a simple tool powering our smartphones or allowing us to ask Alexa about the latest cinema times. It is a technology that is, in very subtle but unmistakable ways, exerting an ever-increasing influence over our lives - and the more we use it, the more AI is altering our existence.The rise of AI and super-intelligent AI raises ethical issues. AI is the power behind Google's search engine, enables social media sites to serve up targeted advertising, and gives Alexa and Siri their voices. It is also the technology enabling self-driving vehicles, predictive policing, and autonomous weapons that have the ability to kill without direct human intervention. All of these bring up complex ethical issues that are still unresolved and will continue to be the subject of ongoing debate.This book presents a concrete approach to identifying appropriate ethical principles in AI solutionsThere are untold how-to books on AI technology, replete with methods to improve and advance the statistics and algorithms of AI; however, the social, ethical and security impacts are often at best a secondary consideration - if discussed at all.This book explores the complex topic of AI ethics in a cross-functional way, alternating between theory and practice. Practical and recent events, and their associated challenges, are presented, such as the collateral effects of the COVID-19 pandemic on the application of AI technologies. The book also gives an up-to-date overview of the potential positive and negative outcomes of AI implementations together with an analysis of AI from an ethical perspective.Before you dive into a world populated with AI, read this book to understand the associated ethical challenges of AI technologies

The Art of Cyber Security - A practical guide to winning the war on cyber crimeThis book is about cyber security, but it's also about so much more; it's about giving you the skills to think creatively about your role in the cyber security industry.In Part 1, the author discusses his thoughts on the cyber security industry and how those that operate within it should approach their role with the mindset of an artist.Part 2 explores the work of Sun Tzu's The Art of War. The author analyses key sections and reviews them through the lens of cyber security and data protection to derive how his teachings can be used within the cyber security industry. Although Tzu's book on military strategy, tactics and operations was written more than 2,000 years ago, The Art of Cyber Security - A practical guide to winning the war on cyber crime reflects on how relevant Tzu's words are for today's technological era.Receive a different perspective on cyber security, and think differently about the industry and your place within itThis book celebrates the individuals who are striving to protect us in an ever-expanding technological era. Data and technology are so important to our lives, that protecting people who use technology is incredibly important. The professionals working to protect children, adults and corporations have a tough job, and this book celebrates their work while advocating ways for improving cyber security services and fighting cyber crime.This book will challenge your thinking and force you to approach cyber security and data protection from theoretical, philosophical, strategic, tactical and operational perspectives.

Understand the CCPA (California Consumer Privacy Act) and how to implement strategies to comply with this privacy regulation.Established in June 2018, the CCPA was created to remedy the lack of comprehensive privacy regulation in the state of California. The CCPA came into effect on January 1, 2020, and gives California residents the right to:Learn what personal data a business has collected about themUnderstand who this data has been disclosed toFind out whether their personal data has been sold to third parties, and who these third parties areOpt out of such data transactions, or request that the data be deleted.Many organizations that do business in the state of California must align to the provisions of the CCPA. Much like the EU's GDPR (General Data Protection Regulation), businesses that fail to comply with the CCPA will face economic penalties.Achieve CCPA compliance with our implementation guide that:Provides the reader with a comprehensive understanding of the legislation by explaining key termsExplains how a business can implement strategies to comply with the CCPADiscusses potential developments of the CCPA to further aid complianceYour guide to understanding the CCPA and how you can implement a strategy to comply with this legislation - buy this book today to get the guidance you need!About the authorPreston Bukaty is an attorney and consultant. He specializes in data privacy GRC projects, from data inventory audits to gap analyses, contract management, and remediation planning. His compliance background and experience operationalizing compliance in a variety of industries give him a strong understanding of the legal issues presented by international regulatory frameworks. Having conducted more than 3,000 data mapping audits, he also understands the practical realities of project management in operationalizing compliance initiatives.Preston's legal experience andenthusiasmfor technology make him uniquely suited to understanding the business impact of privacy regulations such as theGeneral Data Protection Regulation (GDPR)andthe California Consumer Privacy Act (CCPA).He has advised more than 250 organizations engaged in businesses as varied as SaaS platforms, mobile geolocation applications, GNSS/telematics tools, financial institutions, fleet management software, architectural/engineering design systems, and web hosting. He also teaches certification courses on GDPR compliance and ISO 27001implementation, andwrites on data privacy law topics.Preston lives in Denver, Colorado. Prior to working as a data privacy consultant, he worked for an international GPS software company, advising business areas on compliance issues across 140 countries. Preston holds a juris doctorate from the University of Kansas School of Law, along with a basketball signed by Hall of Fame coach Bill Self.

Take the first steps to ISO 14001 certification with this practical overview.This book provides practical advice on how to achieve compliance with ISO 14001:2015, the international standard for an EMS (environmental management system). With an EMS certified to ISO 14001, you can improve the efficiency of your business operations and fulfil compliance obligations, while reassuring your employees, clients and other stakeholders that you are monitoring your environmental impact.This easy-to-follow guide takes a step-by-step approach, and provides many sample documents to help you understand how to record and monitor your organisation's EMS processes.Ideal for compliance managers, IT and general managers, environmental officers, auditors and trainers, this book will provide you with: The confidence to plan and design an EMS. Detailed descriptions of the ISO 14001:2015 requirements will give you a clear understanding of the standard, even if you lack specialist knowledge or previous experience; Guidance to build stakeholder support for your EMS. Information on why it is important for an organisation to have an environmental policy, and a sample communications procedure will help you to raise awareness of the benefits of implementing an EMS; and Advice on how to become an ISO 14001-certified organisation. The book takes a step-by-step approach to implementing an 1SO 14001-compliant EMS.Key features: A concise summary of the ISO 14001:2015 requirements and how you can meet them. An overview of the documentation needed to achieve ISO 14001:2015 accreditation. Sample documents to help you understand how to record and monitor your organisation's environmental management processes. New for the second edition: Updated for ISO 14001:2015, including terms, definitions and references; Revised approach to take into account requirements to address "risks and opportunities".Your practical guide to implementing an EMS that complies with ISO 14001:2015 - buy this book today to get the help and guidance you need!

This pocket guide is an introduction to the EU's NIS Directive (Directive on security of network and information systems). It outlines the key requirements, details which digital service providers are within scope, and explains how the security objectives from ENISA's Technical Guidelines and international standards can help DSPs achieve compliance. This pocket guide is a primer for any DSP that needs to comply with the NIS Directive.The pocket guide helps DSPs: Gain insight into the NIS Directive and who is regulating it; Identify if they are within the scope of the Directive; Understand the key requirements; and Understand how guidance from international standards and ENISA can help them comply.Your essential guide to understanding the EU's NIS Directive - buy this book today and get the help and guidance you need.

This concise guide is essential reading for EU organisations wanting an easy to follow overview of the new regulation and the compliance obligations for handling data of EU citizens.The EU General Data Protection Regulation (GDPR) will unify data protection and simplify the use of personal data across the EU, and automatically supersedes member states domestic data protection laws.It will also apply to every organisation in the world that processes personal information of EU residents.The Regulation introduces a number of key changes for all organisations that process EU residents' personal data.EU GDPR: A Pocket Guide provides an essential introduction to this new data protection law, explaining the Regulation and setting out the compliance obligations for EU organisations.This second edition has been updated with improved guidance around related laws such as the NIS Directive and the future ePrivacy Regulation.EU GDPR - A Pocket Guide sets out: A brief history of data protection and national data protection laws in the EU (such as the German BDSG, French LIL and UK DPA). The terms and definitions used in the GDPR, including explanations. The key requirements of the GDPR, including: Which fines apply to which Articles; The six principles that should be applied to any collection and processing of personal data; The Regulation's applicability; Data subjects' rights; Data protection impact assessments (DPIAs); The role of the data protection officer (DPO) and whether you need one; Data breaches, and the notification of supervisory authorities and data subjects; Obligations for international data transfers. How to comply with the Regulation, including: Understanding your data, and where and how it is used (e.g. Cloud suppliers, physical records); The documentation you need to maintain (such as statements of the information you collect and process, records of data subject consent, processes for protecting personal data); The "appropriate technical and organisational measures" you need to take to ensure your compliance with the Regulation. A full index of the Regulation, enabling you to find relevant Articles quickly and easily.Buy your copy today.

Istruzioni per la corretta attuazione della Norma ISO 27001Con un linguaggio funzionale e scevro da tecnicismi, questa guida ti accompagnerà lungo le fasi principali di un progetto ISO 27001 per garantirne il successo - dalla fase iniziale fino alla certificazione finale: Mandato dell progetto Avvio del progetto Avvio del SGSI Quadro di gestione Criteri di sicurezza basilari Gestione del rischio Attuazione. Misurazione, monitoraggio e riesame CertificazioneOra alla sua terza edizione e allineata a ISO 27001:2013, questa guida è ideale per tutti coloro che sono chiamati per la prima volta a cimentarsi con questo Standard."È come trovarsi gomito a gomito con un consulente da 300 dollari all'ora a considerare tutti gli aspetti legati al conseguimento del sostegno della direzione, alla pianificazione, alla definizione degli ambiti, alla comunicazione di gestione, ecc."Thomas F. WitwickiCon questo libro scoprirai come: Conseguire il sostegno della direzione e mantenere l'attenzione del consiglio; Creare un guadro di gestione ed eseguire una gap analysis, in modo da poter comprendere chiaramente i controlli già in atto e identificare dove concentrare i propri sforzi; Strutturare e fornire risorse al tuo progetto - con consigli che ti aiuteranno a decidere se avvalerti di consulenti o fare tutto da solo, e a esaminare gli strumenti e le risorse disponibili che possono facilitarti il lavoro; Condurre una valutazione dei rischi in cinque fasi, e creare una Dichiarazione di Applicabilità e un piano di trattamento dei rischi; Integrare il tuo SGSI ISO 27001 con un QMS ISO 9001 ed altri sistemi di gestione; Affrontare le sfide legate alla documentazione che incontrerai sul tuo cammino mentre formulerai politiche aziendali, procedure, istruzioni operative e documenti di registrazione - tra cui alternative sostenibili a un dispendioso approccio euristico; Migliorare continuamente il tuo SGSI, con gli audit e le verifiche interne e il riesame della direzione;Questa pubblicazione ti fornirà la guida necessaria per comprendere i requisiti dello Standard e garantire la riuscita del tuo progetto di attuazione, che racchiude sei segreti che conducono al successo della certificazione.BackgroundIl conseguimento e il mantenimento della certificazione accreditata secondo lo standard internazionale per la gestione della sicurezza delle informazioni - ISO 27001 - può essere un'impresa complicata, soprattutto per i non addetti ai lavori.L'autore, Alan Calder conosce a fondo la norma ISO 27001: egli è il fondatore e il presidente esecutivo di IT Governance, ha diretto l'attuazione del primo sistema di gestione che ha conseguito la certificazione secondo BS 7799 - il precursore della norma ISO 27001 - e da allora non ha mai smesso di lavorare con il citato Standard.

Proteja la información de su organización con la ISO27001:2013La información es uno de los recursos más importantes de su organización y mantener esa información segura es vital para su negocio. Esta guía de bolsillo útil es una visión de conjunto esencial sobre las dos normas de la seguridad de la información clave que cubren los requisitos formales (ISO27001:2013) para crear un Sistema de Gestión de la Seguridad de la Información (SGSI) y las recomendaciones de mejores prácticas (ISO27002:2013) para aquellos responsables de iniciar, implementar o mantenerlo.Un SGSI basado en la ISO27001/ISO27002 ofrece un sinfín de beneficios: Eficacia mejorada implantando procedimientos y sistemas de seguridad de la información, que le permiten concentrarse en su actividad empresarial principal. Protege sus activos de información de un amplio abanico de ciberamenazas, actividad criminal, compromiso de información privilegiada y fallo del sistema. Gestione sus riesgos sistemáticamente y establezca planes para eliminar o reducir las ciberamenazas. Permite la detección temprana de amenazas o errores de procesamiento y una solicuón más rápida¿Siguiente paso para la certificación?Puede organizar una auditoría independiente de su SGSI frente a las especificaciones de la ISO27001 y, si su SGSI se ajusta, finalmente logra la certificación acreditada. Publicamos una variedad de libros y herramientas de documentación del SGSI (como Nueve pasos para el éxito) para ayudarle a lograr esto.Índice La familia de normas de la seguridad de la información ISO-/IEC 27000; Historia de las Normas; Especificación frente al Código de Prácticas; Proceso de certificación; El SGSI y la ISO27001; Visión de conjunto de la ISO/IEC 27001:2013; Visión de conjunto de la ISO/IEC 27002:2013; Documentación y registros; Responsabilidad de la gestión; Enfoque del proceso y el ciclo PDCA; Contexto, política y alcance; Evaluación del riesgo; La declaración de aplicabilidad (SoA); Implementación; 15. Verificar y actuar; Revisión gerencial; ISO27001; Anexo AAcerca del autorAlan Calder es el fundador y presidente ejecutivo de IT Governance Ltd, una empresa de información, asesoramiento y consultoría que ayuda a los consejos de administración de empresas a abordar problemas de gobierno de TI, gestión del riesgo, cumplimiento y seguridad de la información. Tiene muchos años de experiencia en alta gerencia en los sectores públicos y privados.Una guía de bolsillo que proporciona una visión de conjunto esencial de dos normas de la seguridad de la información clave, cómprela hoy y aprenda cómo proteger el activo más importante de su organización.

Proteggi le informazioni della tua organizzazione con ISO27001:2013Le informazioni costituiscono una delle risorse più importanti della tua organizzazione, e proteggerne la sicurezza è di importanza vitale per la tua attività. Questa pratica guida tascabile costituisce una panoramica essenziale di due norme di sicurezza delle informazioni che prende in esame i requisiti formali (ISO27001:2013) per la creazione di un Sistema di Gestione della Sicurezza delle Informazioni (SGSI), e le procedure consigliate (ISO27002:2013) rivolte ai responsabili dell'avvio, dell'attuazione o del mantenimento di tale sistema.Un SGSI basato sulle norme ISO27001/ISO27002 presenta numerosi vantaggi: Una maggiore efficienza derivante dalla messa in atto di sistemi e procedure di sicurezza delle informazioni, consentendoti di concentrarti maggiormente sul tuo core business. Protegge il tuo patrimonio informativo da un gran numero di minacce informatiche, attività criminose, compromissione interna dei dati e errori di sistema. Gestisce i tuoi rischi in modo sistematico e stabilisce piani d'azione per eliminare o ridurre le minacce informatiche. Consente il rilevamento precoce di minacce o errori d'elaborazione e la loro rapida risoluzione.Qualè il passo successivo verso la certificazione?Puoi disporre una verifica indipendente del tuo SGSI per accertarne la conformità alle specifiche dello standard ISO27001 e, in caso di conformità, ottenere quindi la certificazione accreditata. Pubblichiamo una vasta gamma di compendi e libri documentativi sullo standard SGSI (come I Nove Passi Per il Successo) che possono aiutarti a conseguire tale obiettivo.Indice Il gruppo di norme sulla sicurezza delle informazioni ISO/IEC 27000 ; Il contesto delle norme; Specifica e codice di comportamento a confronto; Il processo di certificazione; Il SGSI e l'ISO27001; Panoramica dell'ISO/IEC 27001:2013; Panoramica dell'ISO/IEC 27002:2013; Documentazione e registrazioni; Responsabilità della direzione; Approccio al processo e ciclo PDCA; Contesto, politica e campo di applicazione; Valutazione dei rischi; La dichiarazione di applicabilità; Attuazione; Check and Act; Riesame della direzione; Allegato A ISO27001L'autoreAlan Calder è fondatore e presidente esecutivo di IT Governance Ltd, un'azienda di assistenza e consulenza che aiuta gli organi sociali ad occuparsi di IT governance, gestione dei rischi, conformità e problemi di sicurezza delle informazioni. Alan ha occupato per molti anni incarichi di alto livello sia nel settore pubblico che privato. -Una pratica guida tascabile che offre una panoramica essenziale di due norme sulla sicurezza delle informazioni. Acquistala oggi stesso e apprendi come proteggere il patrimonio più importante della tua organizzazione