IT Governance Blog on IT governance, risk management, compliance and information security.

Last month we launched five new toolkits – all of which help organisations to implement specific frameworks or standards. I want to talk to you about two of these toolkits as I think they will be of particular interest to your organisation:

SharePoint Governance Toolkit Microsoft Office SharePoint Server (MOSS) is an immensely useful colloboration and information sharing tool for organisations, teams and workgroups. Poorly governed SharePoint deployments can create significant holes in organisational information structures as well as exposing the organisation and its information to a wide range of risks.

(more…)

During March and April we published lot’s of new books and toolkits. I want to take this opportunity to bring two of these books, which were our two best selling books at the Info Security Europe show, to your attention:

1. ISO27001 in a Windows® Environment; &
2. Assessing Information Security: Strategies, Tactics, Logic and Framework.

www.issdconference.com

Special discount for the International Secure Systems Development Conference

 - 20th and 21st May 2010, Westminster Conference Centre

The ISSD Conference opens its doors next week. This 2-day event is a must-attend for those involved in planning, designing or implementing secure software systems and architectures, and features a range of high profile speakers covering topics as diverse as the Secure Development Life-Cycle, comparisons of Code Analysis & Testing Tools, SQL injection vulnerabilities and how to retro-fit security onto existing code. The full programme is available online at www.issdconference.com and a discount of £150 off the price of the delegate ticket. Quote the code LM01 online to receive this special offer.

Unplanned absence from work could cost the UK economy as much as
£12 billion a year!

How many of your staff do you expect to go AWOL when the World Cup gets underway in June?

When your organisation can no longer meet its deadlines, or provide customers with the high quality of service they expect, you have a problem. Unplanned absence also has a bad effect on morale, putting the rest of the team under pressure as they struggle to deal with the additional workload. Unplanned absence can occur as a result of force majeure (for example, when an airline is hit by strike action), or because of poor employee motivation and commitment.

Get a Free World Cup Staff Absence policy when you pre-order this Pocket Guide…..

(more…)

Control Objectives for Information and Related Technology (CobiT) is an IT governance control framework that helps organisations meet today’s business challenges in the areas of regulatory compliance, risk management and aligning IT strategy with organisational goals.

This COBIT 4.1 Foundation Course, delivered by an experienced ISACA-accredited trainer, gives you an introduction to COBIT. The course enables delegates to earn a COBIT Foundation Certificate and to use the COBIT framework effectively in their workplace.
(more…)

The three-day Implementing ISO20000 Training Course prepares the IT practitioner (or ISO20000 project manager), to implement ISO/IEC 20000 in an organisation. It covers the interpretation and application of the ISO/IEC 20000 Standard, has a wider scope than the Certificated Auditor training course and is therefore ideal for all IT(SM) consultants who wish to assist organisations in preparing for audit/certification to ISO20000.

The next course will be held in London between 17-19 May 2010. It has a highly practical focus and enables delegates to be immediately effective in any ISO20000 project.

The Certificate is awarded to candidates passing the relevant examination, which can only be taken as part of an accredited training course. In order to achieve the qualification, candidates must score at least 50% in each of the elements with a combined total of 65% or higher.
(more…)

ISO27001 Certificated Internal Auditor training provides an excellent career progression and skills development opportunity for information security staff and internal auditors.

This two-day certificated training course prepares the internal auditor to effectively audit compliance with the information security standard ISO27001 and against the controls contained in ISO27002 (ISO17799). Certificates of attendance are awarded to all delegates and this course qualifies for 16 CPE credits, or 16 hours for all professional Continuous Professional Education programs.
(more…)

There has been a huge uptake in USA based organizations adopting the PRINCE2™ methodology for their projects. The latest updates to the method were made in 2009 and all the core publications were re-launched reflecting the improvements.

You can now get all of the core PRINCE2:2009 books in one go by purchasing the The Official PRINCE2:2009 Book Bundle.All of the advice and guidance within these manuals is fully aligned with the latest version of PRINCE2. Meaning that by purchasing this set you are receiving the most up-to-date information on the PRINCE2 methodology.

Included in the Book bundle are:
(more…)

Social media is, for many organisations, a critical part of how they speak to customers, partners and stakeholders; for others, social media are a dangerous distraction.

Dealing effectively with social media requires a joined-up approach that is aligned with the objectives and risk appetite of the business – a governance approach.

The ITG Social Media Governance toolkit contains a comprehensive suite of documents and templates that will help you develop, implement, monitor and improve social media activities across your organisation.
(more…)

In a speech at the Infosec security conference last week, the deputy Information Commissioner, David Smith, said that the NHS reported the highest number of serious data breaches of any UK organisation since the end of 2007.

The NHS – the UK’s largest employer with 1.7m staff reported 287 breaches it in the period, accounting for more than 30% of the total number of reported breaches. Most of the breaches (113) were the result of stolen data or hardware, followed by 82 cases of lost data or hardware.

Skewed Results

Mr Smith said the problems were not confined to the public sector and that results could be skewed because the public sector has a culture of reporting all breaches whereas not all private sector firms did.

Currently the reporting procedure for data breaches in the UK is voluntary although the ICO is “moving towards” a compulsory system. In April the ICO introduced fines of up to £500,000 for serious data breaches.

(more…)