IT Governance Blog on IT governance, risk management, compliance and information security.

Following the high profile rise of mass-hacking incidents in 2011 – Sony for example – ‘Cyber Attack’ could be the largest threat to your business this year.

It is a mandatory requirement for UK public sector organisation to inform the Information Commissioner’s Office of a data breach. The same legislation is not ‘currently’ enforced in the UK private sector (although it is in certain states in North America).

This notification law is actually irrelevant as hacking groups, such as ‘Annonymous’, tend to let the cat out of the bag (usually via Twitter), to announce a successful hack, sometimes before the victim organisation are aware themselves!

Gone are the days that you could brush your insecurities under the carpet.

As soon as a cyber attack is announced on Twitter, the media will ensure your customers are aware. As soon as your customers are aware, they will cut-and-run. There’s no such thing as brand loyalty when people’s personal information is at risk. The result of this negative publicity can end up with your share price tumbling (again, look at Sony), which will no-doubt result in members of the board resigning before they are fired.

Your focus need to be on protecting your business from cyber attack.
The best way to do this is to align your information security management system to ISO 27001 – the world’s only recognised cyber security management system standard.

Use the ISO27001 Cyber Security Toolkit to implement ISO 27001, create an effective ISMS and combat cyber threats!

This toolkit provides all the tools and resources you need to implement your own cyber security project and align your business with ISO 27001, the world’s only cyber security standard.

Protect your business and kick start your cyber security project with this toolkit today!

There is a standard approach towards achieving DPA compliance:

• Understand what the DPA is how it affects your business
• Identify your current level of conformance to the DPA
• Identify gaps and steps to achieve compliance
• Document your DPA policies
• Understand how to react if you suffered a data breach
• Initiate DPA staff training.

Our Complete Data Protection Toolkit contains everything you need to use this recommended approach.

Ensure you organisation avoids fines and brand damage and become DPA Compliant today!

Buy this toolkit before the end of February and get a free ICT Strategy Toolkit!

Achieving compliance with the payment card industry data security standard (PCI DSS), is not something that organisations can ignore.

Failure to comply can be costly, especially if a breach occurs. Penalties could be levied at three levels. First, for non-compliance by one or more of the card brands. Second, for the breach itself. Third, if the leaking of payment card data is part of a broader data loss event, there could be fines from other regulators, including the Information Commissioner’s Office and the Financial Services Authority.

This PCI DSS toolkit is specifically designed to assist payment card-accepting organisations become PCI DSS compliant.

This toolkit will guide you through:

• Understanding the PCI DSS Standard
• The initial PCI DSS Self-Assessment Questionnaire
• Data storage Do’s and Dont’s
• Creating a Roadmap
• Guidance on implementation and how to complete the document templates.

With this toolkit you can protect your brand and simplify the process of becoming PCI compliant.

Buy this toolkit before the end of February and get a free ICT Strategy Toolkit!

Organisations that are implementing business and IT Service Management want a trouble-free, rapid deployment approach that will maximise benefits and will minimise delays and cost. Effective management, process and procedure documentation is an essential to achieving those results.

The ITSM, ITIL^® & ISO/IEC 20000 Implementation Toolkit helps organisations implement service management and using ITIL practices to prepare for successful ISO/IEC 20000 certification. It will help organisations avoid costly trial-and-error dead-ends, and ensure everything is covered by using current ITIL best practices.

This toolkit will be particularly useful to:

• Organisations that must deliver quality services whilst meeting governance, regulatory and legal requirements.
• Organisations that can benefit from improved services and service management.
• Managers, consultants and implementers that want a quick and effective approach to setting up, implementing and improving service management.
• Assessors and auditors who are to review or audit a service management capability or service management system against the requirements of ISO/IEC 20000-1.
• People involved in procuring, in sourcing or outsourcing services.
• Projects that need to deliver IT enabled services underpinned by effective service management.
• Users of ISO/IEC 20000-5 that need to understand the implementation requirements of the 2011 edition of ISO/IEC 20000-1.

BUY this vital toolkit today and succeed in your ITSM, ITIL & ISO/IEC 20000 implementation and improvement projects!

Achieving ISO 27001 certification is the best way for an organisation to protect its information assets, mitigate the risk of Cyber attack (and other forms of data breach), and to win new business.

Risk assessment is critical to effective deployment of an ISO 27001 Information Security Management System (ISMS), and the hardest part of achieving ISO 27001 certification is the documentation.

A toolkit can accelerate your ISO 27001 project immensely. It enables a cost-effective route to certification readiness and the No 3 ISO27001 Comprehensive ISMS Toolkit has everything you will need.

When you use our highly practical and informative books and tools to help you tackle the project, you receive unique guidance and support for your organisation – plus, with this package, you save money.

What does this toolkit contain?

• Documentation Toolkit: a CD-ROM with nearly 450 densely packed pages of fit-for-purpose policies and procedures.
• IT Governance: a Manager’s Guide to Data Security (Soft Cover) 4th Edition.
• vsRisk^™ – the Definitive ISO/IEC27001:2005-Compliant Information Security Risk Assessment Tool.
• All three of the information security standards: ISO 27001; ISO 27002; ISO 27005.
• ISO27001 in a Windows^® Environment, Second edition (Softcover).
• LiveOnline Consultancy: a session with one of our in-house experts, ensuring your ISMS project gets off to the best possible start.

“Using the templates, was the only way that we could deliver a 1st edition ISMS in under 6 months. Our deliverable was a work in progress but miles ahead of where they would have been without the templates.”
Tim Moreton, President, Moreton & Co., airlinetechnology.net.

Accelerate your ISO27001 project with the help of this toolkit. Don’t hesitate – buy it today.