IT Governance Blog on IT governance, risk management, compliance and information security.

We have been experiencing some intermittent downtime across our websites and have put steps in place to resolve these issues as quickly as possible.

As a result of the problems we are facing we will be accelerating our move to a different global hosting provider which will enable us to continue our usual high standards of service.

If you are experiencing difficulties accessing our websites and would like to place an order please call us on +44(0)845 070 1750 or email servicecentre@itgovernance.co.uk.

The PCI DSS must be met by all organisations (merchants and service providers) that transmit; process or store payment card data. It is a contractual obligation applied and enforced – by means of fines or other restrictions – directly by the payment providers themselves.

PCI DSS compliance requirements

The Standard basically requires merchants and member service providers (MSPs) who store, process or transmit cardholder data to:

• Build and maintain a secure IT network
• Protect cardholder data
• Maintain a vulnerability management program
• Implement strong access control measures
• Regularly monitor and test networks
• Maintain an information security policy.

Read the rest of this entry »

During times of austerity it’s more challenging than ever for an organisation to meet its compliance obligations, let alone follow a best-practice standard. With a difficult and uncertain economic environment, there can be a tendency to consider compliance issues, such as Business Continuity, as an unnecessary expense and, understandably, focus resources on revenue building projects instead.

Taking such a ‘short sighted’ approach can be dangerous!

While it makes good business sense to focus on revenue building activities, organisations that simply ignore their responsibilities, where business continuity is concerned, will be playing devils-advocate.

Read the rest of this entry »

During times of austerity it’s more challenging than ever for an organisation to meet its compliance obligations. With a difficult and uncertain economic environment, there can be a tendency to consider compliance issues, such as Information Security, as an unnecessary expense and, understandably, focus resources on revenue building projects instead.

Taking such a ‘short sighted’ approach can be dangerous!

While it makes good business sense to focus on revenue building activities, organisations that simply ignore their responsibilities, where information security is concerned, will be playing devils-advocate.

Read the rest of this entry »

In austere times, IT leaders need to be more radical if their organisations are to succeed – this book helps you change the IT Leader’s mindset.

Changing the IT Leader’s Mindset (eBook) Successfully balance Transactional and Transformational Leadership Understand the IT Leader stereotype and how to alter its perception Utilise tools like action learning and co-creation.

By employing key steps and reflective points, this book provides useful tools and sound advice to help you get to grips with balancing soft skills with hard techniques, letting you break out of the IT stereotype and bring innovation into the inner sanctum of your organisation.
Read the rest of this entry »

ISO27001 requires you to develop your ISMS, taking ‘into account business and legal or regulatory requirements, and contractual security obligations’ (Clause 4.2.1 b. 2).

The only cost-effective way to meet this requirement is with the ITG ISO27001 Compliance Database and Update Service – which also helps you comply with five key Annex A controls.

ITG ISO27001 Compliance Database and Update Service

Launch Date: 1 September 2010 – Early Adopter Pricing applies through 31 August 2010

The ISO27001 Compliance Database and Update Service provides plain-English ‘real world’ guidance, rather than a prescriptive, detailed legal review and update service; this is THE compliance service for the ISMS project manager and, where it is appropriate to take your own professional advice, this service will enable you to manage professional legal costs very effectively!

Easy-to-Deploy

The ISO27001 Compliance Database is in Microsoft Access format, which can be deployed directly onto a desktop or onto a SharePoint Server. The licence for this product covers one or multiple users within a single ISMS. The current version of this product is primarily suitable for oganisations that are based in, or have to comply with the laws of, England and Wales.

Database of All Critical Statutory & Regulatory Documents

Find all the critical statutory and regulatory documents in one place – saving you the time, hassle and expense of trying to track them down and make sense of them all yourself.

Subscribe to this service before the end of August to save 10%.

Enter AUGCOMPLIANCE at the checkout for 10% discount!

ITG ISO27001 Compliance Database and Update Service >>

Time is running out to make the most of our August IT Governance Framework Toolkit – Special Offer. Purchase before the end of August and receive 4 free e-books!

IT Governance Framework Toolkit – Special Offer IT Governance: A Pocket Guide FREE! IT Governance to Drive High Performance: Lessons from Accenture FREE! ISO/IEC 38500 The IT Governance Standard – Pocket Guide FREE! IT Governance: Implementing Frameworks and Standards for the Corporate Governance of IT FREE!

Read the rest of this entry »

Implementing ISO20000 (ISO20000 Consultant Certificate) Training Course

29 September – 01 October 2010 in London – Reduced to just £595!

• Pass the course guarantee
• Exam included in the price
• Lunch, refreshments, and full course materials included
• We offer help finding appropriate hotels close to the training venue
• Best price available anywhere!

Read the rest of this entry »

Time is running out to book on the next PCI DSS – 1-Day Introduction, Implementation & Compliance Masterclass, which will take place on the 10th September in London. Delegates who book during August will save £100 and get a free PCI DSS Online Staff Awareness Course!

This 1-day, information-packed course gives you everything you need to know for PCI compliance. It is ideal for those who have to comply with this bank-enforced standard.

PCI DSS – 1-Day Introduction, Implementation & Compliance Masterclass – 10 September in London If you have any responsibility for, or involvement in, your organisation’s PCI DSS compliance activities, or if you’re in information security management, you need to attend this masterclass. It is the essential step that takes you from uncertainty to clarity about all the key steps in preparing for and achieving compliance with the PCI DSS first time. ‘A complex topic covered in a clear and concise way – suitable for all levels’ – David Keech, Convergys Corporation.

This special IT Governance course provides unique insights that will steer delegates toward cost-effective PCI DSS compliance by:

• Providing insight on how to effectively scope your cardholder data environment, which is fundamental to cost-effective PCI DSS compliance
• Explaining the 10 key requirements of the PCI DSS and their multitude of mandatory sub-requirements, together with guidance on cost-effective implementation
• Providing details of common failures, (mis-interpreting the requirements of the standard is a common pitfall)
• Enabling you to effect suitable knowledge transfer to members of your PCI DSS project team to ensure a consistent approach to meeting the requirements
• Identifying areas which should be addressed as a matter of urgency, taking into consideration the resulting effects on revenue and the bottom line.

The free PCI DSS Online Course, Staff Awareness Edition, that delegates will receive if they book this course before the end of August, will enable you to go back into your organisation with the ability to share your new-found knowledge! Staff awareness is often half the battle, and this e-learning course offers the simplest, quickest, most economical and most convenient means possible for a company’s employees to learn how to comply.

There are just a few seats remaining so hurry!

BOOK for the PCI DSS Introduction, Implementation and Compliance course today!

Time is running out to make the most of out August offers. We have a very limited number of spaces left on our September ISO27001 Training Courses, which have money off and ‘added value’ tools & resources available until the end of August.

For those of you who can’t attend a training course, we have a fantastic offer available on the unique No 3 ISO27001 ISMS Toolkit.

Extra Value No 3 ISO27001 Comprehensive ISMS Toolkit Offer

ISO27001 Comprehensive ISMS Toolkit If you purchase this toolkit before the end of August (2010), we’ll send you a further 7 unique resources to help kick-start your information security programme – absolutely free! Implementing ISO/IEC 27001 and creating an effective Information Security Management System for the first time can be challenging! This toolkit has everything you will need. When you use our highly practical and informative books and tools to help you tackle the project, you receive unique guidance and support for your organisation – plus, with this package, you save money!

The No 3 ISO27001 Comprehensive ISMS Toolkit contains everything:

Read the rest of this entry »