IT Governance Blog on IT governance, risk management, compliance and information security.

• Does your organisation comply with the DPA?
• Do you want to avoid fines and censure for data breaches?
• How do you manage personal data legally and effectively?

This interactive and enjoyable one-day course gives both new and experienced staff and management – those involved with or responsible for personal data – an oversight of what the Data Protection Act means to their business also to their own rights as an individual.
Read the rest of this entry »

Business continuity and disaster recovery planning is a key governance responsibility. The UK Companies Act 2006 gives statutory force to what has long been the worldwide common law duty of directors, which is to exercise due care in relation to their companies. Specifically, directors must “exercise reasonable care, skill and diligence” (s.174).

So, regardless of any impending budget cuts, the board of directors remain accountable for ensuring that the organisation has developed and tested business continuity and disaster recovery plans that deal with all the likely risks that face the organisation.

In the UK, the NHS has determined that BS25999 certification is a key way for NHS entities to demonstrate that they are adequately resilient, and UK local authorities have recognised the BS25999 certification is the best method possible for demonstrating they are meeting their obligations under the Civil Contingencies Act.

Internationally, organisations in both the public and private sector are pursuing BS25999 certification in order to demonstrate to stakeholders and customers that they have adequate business resilience arrangements in place.
Read the rest of this entry »

IT Governance Publishing (ITGP), the specialist publishing arm of information security experts IT Governance, is bringing the principles of Sun Tzu’s classic text, The Art of War, to the fight against cybercrime.

ITGP’s latest book, Assessing Information Security: Strategies, Tactics, Logic and Framework, argues that the art of war, and the art of information security, are more closely aligned than one might expect. Technical skills and procedural knowledge are not enough; these qualities need to be deployed strategically to control the cybercrime battlefield.

The book, written by Dr Andrew Vladimirov, Konstantin Gavrilenko and Andriej Michajlowski, demonstrates that businesses need clear objectives and strategies, just like a military campaign, to implement information security effectively. The book explains, for example, that:
Read the rest of this entry »

If you have any excess funds available from this financial year, now is the time to procure the vital resources needed to succeed in projects planned for later this year. In spite of budget cuts, and an uncertain economic climate, information security will continue you be one of the most important issues facing an organisation throughout 2010 and beyond.

Read the rest of this entry »

ISO/IEC 38500:2008 provides guiding principles for directors of organisations on the effective, efficient, and acceptable use of information technology (IT). These principles are designed to be used within an organisations.

Implementing an effective IT Governance framework, compatible with ISO38500, within an organisation has many benefits that can be directly attributed to bottom line savings.

Read the rest of this entry »

This course offers a low cost alternative to a classroom-based training course. Often savings are in the region of over 50% in real terms compared to a classroom training course.

Also, this course offers a flexible route to study for your ITIL version 3 Foundation exam in your own time and at your own pace. You can learn what you want when you want. If there is one part of the course you don’t understand simply repeat it until you do.
Read the rest of this entry »

Although PCI DSS compliance may seem like an inconvenience you could do without, it is not an optional standard and you will have to comply to avoid financial penalties and brand damage which could result from a data breach.

Use-up any remaining funds you have from the 2009/2010 financial year on a compliance project that will benefit your customers and protect your brand, before you lose it!
Read the rest of this entry »

We have reduced our prices across 75% of the ITGP range and remain highly competitive on pricing throughout our other ranges including titles from the OGC, such as ITIL, PRINCE2 and MSP.

Our USA website, www.itgovernanceUSA.com, is the one-stop-shop service delivering highly relevant knowledge, tools and advice to help IT leaders adopt best practice.

The ITGP range consists of pocket guides, books and toolkits that have been written by subject matter experts and cover a broad range of topics, at market beating prices, including:
Read the rest of this entry »

Where your information security is concerned, prevention is better than cure

If you want to tackle the problem of information security, you cannot rely on the help of technology alone. Information security breaches tend to occur as a result of human, as well as technological, failings. However, the human factor usually receives far less attention.

Information Security Awareness Bundle This carefully selected collection of products, will enable you to start to deliver general information security education, and provides resources to help you to create and implement an IT induction and information security awareness programme. "This clearly written booklet is soundly based in practice, and I challenge anyone with resonsibilities in IT or HR in an organisation not to find value in it." - David Clayden on IT Induction and Information Security Awareness Pocket Guide.

Read the rest of this entry »

Pass your PRINCE2® exams the first at the first attempt – use these officially accredited materials

This package of books is ideal for those taking either the PRINCE2 2009 Foundation or Practitioner exams, or both. It will give you the relevant knowledge and confidence to pass the exams first time!

This kit includes only officially accredited materials for study toward these highly regarded project management qualifications. Plus you SAVE MONEY over buying the books individually!
Read the rest of this entry »