IT Governance Blog on IT governance, risk management, compliance and information security.

The (ISC)² CISSP certification is recognised as the premier qualification for a senior career in information security. At first sight, preparing for the CISSP exam seems straightforward although many find the huge amount of information associated with the 10 CBK Domains and a 6-hour examination a daunting prospect. Our training team regularly receive calls from desperate individuals who feel they have left their preparation too late!

CISSP Exam Preparation training courses were conceived to meet this need, but with so many courses available on the market, how can CISSP exam candidates choose one that will actually help?

At IT Governance, we launched our innovative CISSP Accelerated Training Programme about 18 months ago. Although we were not first to market, we started by talking to our customers about their CISSP experiences and reviewing the existing CISSP exam preparation books and courses. This confirmed that candidates who attended a pre-exam training course were more successful, particularly if the course focused on improving knowledge in the CBK Domains that they were struggling to understand.

By listening to our customers, we developed a training programme that includes a Pre-course CISSP Knowledge Assessment that determines the strengths and weaknesses of the each candidate’s current knowledge. Our trainer then uses this assessment to prepare an individual Pre Course Study Plan which is incorporated into the subsequent 5-day classroom training session.

>> Find out more about how our Pre-course Knowledge Assessment can help you achieve a first time pass in the CISSP exam 

If you work in the field of IT governance and want to gain recognition for your skills and knowledge, the CGEIT qualification is the way forward.

CGEIT (Certified in the Governance of Enterprise IT) is an IT governance qualification from ISACA. Gaining the qualification demonstrates that you have the knowledge and skills necessary to employ IT governance within your organisation.

Gaining the CGEIT qualification provides you with:

• A globally recognised qualification in the field of IT governance
• An advantage over non-certified IT governance professionals, helping you stand out from the crowd
• Higher earning potential and greater career opportunities
• Improved knowledge and skills in the field of IT governance, helping you complete tasks more efficiently

The benefits of gaining the CGEIT qualification are clear. The CGEIT exams take places twice a year at exam events organised by ISACA in June and December. If you are looking to study for the exam then self-study is a highly flexible route and ISACA have provided some manuals to facilitate this study:

• CGEIT Exam Passport 
• CGEIT Review Manual 2013 
• CGEIT Review Questions, Answers & Explanations Manual 2013 
• CGEIT Review, Questions, Answers & Explanations Manual 2013 Supplement 

The best way to get certified is to get started. Gain the recognition you deserve for your IT governance skills and knowledge by becoming CGEIT certified!

View the official CGEIT manuals >>

P.S. IT Governance also delivers a CGEIT training course to help prepare you for the exam.

As the frequency of information security breaches increases, cyber security is becoming a growing concern for business continuity professionals too.

During the past 12 months, even small businesses have experienced an average of 17 information security breaches and this rises to 113 in larger organisations.*

Cyber security and business continuity planning

When considering the potential disruption and cost of a serious information security breach, it’s perhaps not surprising that ISO27001, the information security standard has very close links with ISO22301, the business continuity standard. So close, that if you opt to comply with both standards you don’t need to duplicate the common elements – saving you a chunk of time!

With the right training and support, implementing ISO27001 or ISO22301 is much easier than you might think. As leading experts in ISO27001, our well established ISO27001 learning pathway has now helped over 700 professionals gain the skills required to implement this standard through classroom training.

By working with experienced Business Continuity Consultants, we’ve applied our expertise in ISO27001 training to develop a new ISO22301 learning pathway. This training pathway takes delegates from foundation level, through to developing the skills required to successfully implement and audit against the ISO22301 standard.

Organisations that have implemented both standards will certainly be sleeping well tonight, safe in the knowledge that the risk of a security breach has been minimised and if the worst should happen – their business continuity plan will keep them trading, when other, less prepared competitors may fail.

>> Find out more about ISO22301 training

>> Find out more about ISO27001 training

*2013 Information Security Breaches Survey

The recent ISBS survey commissioned by the Department for Business, Innovation and Skills dished up some eyebrow raising stats on the increasing number of information security breaches.

For example during the past year, large organisations reported an average of 113 security breaches (up from 71 in the previous year).

HR departments can play a key role in encouraging professional development amongst IT staff to counter this growing threat to information security.

Choosing the right training and qualifications

For HR professionals looking to support professional development our new, free ‘Information Security Qualifications – Fact Sheet’ provides a clear overview of a wide range of qualifications.

This straightforward paper will help you to decipher the difference between a whole range of qualifications, including CISA, CISM, CIS F, CIS LA and CIS LI.

Once clear on the qualification options, creating a professional development plan that builds in-house expertise, reduces the risk of security breaches and demonstrates a clear commitment to employee development will be a doddle.

>> Find out about the certifications available through our training courses

The Project Management Institute’s (PMI) recent Project Management Talent Gap Report estimates that a staggering 15.7 million new jobs will be created in the sector by 2020. These roles will be created globally across seven project intense industries: Manufacturing, Business Services, Finance, Oil & Gas, Information Services, Construction and Utilities.

Over the next 7 years there will be an extra 700,000 project management jobs taking the total to just over 6.1 million. PMI also estimates a 37% increase in GDP of project sensitive industries; bringing the profession to $5.81 trillion.

This is all fantastic news for those in or wanting to join the project management profession. Currently in the US, the industries that support the most project management roles are business services (2 million) and manufacturing (630,000). However the most rapid growth industry is healthcare, with over 30% expected growth of project management roles.

Rising Salaries

The study uncovered a huge difference in the average earning power of those in the project management profession, compared to non-project orientated occupations:

With the expected huge increase in PM roles, this divide is only likely to widen in the future. And if you really want to maximise your earning power…
…Get a project management qualification.

Those holding a PMP (Project Management Professionals) certificate typically earned 16% more than their non-accredited peers in 2011, whilst their salary growth was $2,800 versus $1,700 for the year.

The combination of a huge demand and excellent salaries means that there has never been a better time to get into project management.

PMP exams are based upon the Project Management Body of Knowledge (PMBOK). You can obtain your copy of the latest PMBOK Guide at IT Governance as well as a wealth of resources that will help you study and prepare for the exam.

Ok, so maybe it’s not a lost cause entirely, but when you measure it up next to other areas of your business it can seem that way!

Look at it like this: business continuity doesn’t have a measurable purpose, objective, goal or benefit. Instead, it prepares you for the unknown and since no one is certain of the unknown, then who’s to say business continuity is worth it? Just like car insurance – hey?

For these reasons, business continuity can often be seen as an unnecessary expense, especially where other areas of IT are scraping the barrel.

If you’re thinking along these lines, then we invite you to reconsider.

Business continuity can bring a significant number of benefits to your business which can be worth their weight in gold, paying back the investment several times over:

• Your business continuity plan will ensure your business keeps trading when otherwise it would have failed due to an incident
• It will significantly reduce the cost of disruptions
• You’ll benefit from insurance premium discounts and reduced excesses

Yes, you may go several months or even years without suffering a major disruption, but when that time comes and you’re in the middle of a disaster, you’ll be glad you prepared a business continuity plan (BCP).

ISO22301 outlines the international standard for a business continuity management system (BCMS) to help organisations prepare for a disruptive incident.

If you are interested in business continuity, it is advised you download a copy of the ISO22301 standard. Deploying a BCMS that is ISO 22301-compliant will allow your organisation to demonstrate to stakeholders – employees, customers, suppliers, shareholders – that your organisation is prepared for disruptive incidents that might otherwise affect you achieving your organisational goals.

Download the ISO22301 standards today >>

I have been perplexed over the years as to how Lean and ITSM can interface and deliver superior results for organisations. The main theory behind the Lean methodology is to maximise customer and user value whilst eliminating waste. ITSM on the other hand deals with delivering IT services that meet the customer’s expected level of both utility (fitness for purpose) and warranty (fitness for use).

Bearing these two perspectives in mind, it could be said that combining them to deliver IT services is a natural progression in the development of the ethos of delivering value in IT services.

In their book, Lean IT, Steven C Bell and Michael A Orzen advocate an approach to integrating Lean and ITIL® (the most widely used framework for ITSM), delivering IT services that are fit for purpose and use, whilst eliminating waste.

IT transformation has been one of the most widely discussed subjects for many years. If you wish to deliver real value with your IT services and eliminate waste – the route to follow is clear – became a Lean, mean ITSM machine using the approach in Lean IT.

Find out more and buy this book today >>

Other books by these authors:

• Making IT Lean – Applying Lean Practices to the Work of IT 
• Run Grow Transform – Integrating Business and Lean IT 

The US Department of Defense (DoD) has announced that military personnel can start using a hardened version of the Android operating system, Knox, on Samsung smartphones. Up until now, only BlackBerry devices were deemed to be sufficiently secure enough for military personnel to use.

In August 2011 it was reported that McAfee had found Android to be the least secure of all the mobile operating systems on the market. However, the decision by the DoD falls in line with their previously announced Mobile Device Strategy  in which the DoD aimed at opening itself up to the wider use of mobile technology.

Securing mobile devices is always going to be difficult, but even SMEs and private organisations can take steps to ensure Android and other devices are secure. Find out how to secure Androids in Android Security.

This book describes the fundamentals of Android Security, helping you protect your Android mobile systems.

Learn the fundamentals of Android security in this helpful book >>

We’ve taken five minutes to catch up with our ITIL trainer Andy Britton, following the success of the first ITIL Foundation (2 day) training course – which achieved a 100% pass rate!

You have worked in IT Service Management for over 20 years – how did you get started and what has kept you interested?

I had previously worked in software development (as a programmer and software development manager) and then took up an interesting IT Support role at Hewlett Packard. Because IT Service Management (ITSM) has so many facets (ITIL now includes 26 separate ITSM processes) I was able to keep my interest by regularly taking new, varied and interesting roles within their huge worldwide IT organisation, and then within other organisations. It has kept me challenged and interested!

What advice would you give someone considering ITIL Foundation as a route to building a career in ITSM?

Do it! ITIL is the best-known and most-used ITSM framework in the world and around 20,000 people every month are now taking the ITIL Foundation exam. Don’t get left-behind and overlooked for someone who already has ‘ITIL’ on their C.V.

What is the most challenging part of attaining the ITIL Foundation certificate?

Persuading your manager to let you attend a course. The exam itself isn’t too tough if you engage during the course.

If persuading managers is a challenge – why should they support their staff to pursue ITIL qualifications?

ITIL is all about best-practices (hundreds of them) so the more that staff have exposure to these, the more chance they have to see how they can be applied to the advantage of the organisation (and the customers that they deliver to).

Also, ITIL has its own terminology/language and with the spread in its popularity, it’s a language that more and more people now speak. Being familiar with ‘ITIL language’ is key to effective communication across large organisations or for integrating new staff.

Will our 2 day course help persuade managers to support ITIL training?

I think the 2 day approach, rather than the more typical 3 day courses, will be of particular interest to managers. For managers facing limited training budgets, or with several staff requiring training, the 2 day course offers a shorter, lower-cost solution.

What level of prior experience would you expect delegates attending our 2 day course to have?

Our 2 day approach is ideal for people who have spent a year or so working in an IT role, who are keen to gain the ITIL Foundation qualification quickly and efficiently. Smart folks from non-IT roles could also get a lot out of the course though as, after all, it’s an introductory-level course.

Thanks Andy.

If you are keen to progress your career in IT service management by getting the ITIL Foundation certificate under your belt, our new intensive ITIL Foundation (2 day) training course offers the quickest possible route to qualification. Andy Britton will deliver the next course on 18-19 July 2013 in London.

>> Find out more and book your place