IT Governance Blog on IT governance, risk management, compliance and information security.

Ever watched a presentation that’s left you with the feeling that it was an hour of your life you’ll never get back? Ever sat in a room full of people that are just two PowerPoint slides away from screaming “None of this matters!” before defenestrating themselves? Have you ever had to present to a room full of people like that? People who have so little interest in you, or your subject, that they’ve had to resort to stabbing their own leg with a biro just to stay awake?

I might be going out on a limb here, but I’m pretty sure that most people reading this will have been subjected to “Death by PowerPoint” at some time in their lives, and that most of us have previously resorted to any excuse short of actually faking our own death not to be subjected to it again. The simple fact is that it’s hard to keep your attention focussed on anything you’ve already decided you don’t care about. It doesn’t matter how often someone extols the virtues of something to you; if you can’t see how it matters to you, you’re unlikely to care.
(more…)

Recently my neck of the woods has been taking a bit of a beating from the weather gods. First it was the rain, which flooded part of the town I live in and all but destroyed a couple of towns nearby. This week it’s been snow, which has reduced the main roads in and out of my home town to a complete standstill at some times, and an outright deathtrap at others.

Happily having a member of staff, or even several members of staff, trapped by the weather has little or no impact on ITG’s continuing operation. Why? Because we operate an Information Security Management System to the ISO27001 standard. We are prepared.
(more…)

In my inaugural post last week I talked about those companies out there who certificate their own work, in particular to ISO27001. I’m not going to go over the same argument again here, but I do feel it would be remiss of me not to address the more pressing, underlying cause that feeds such organisations in the first place: information security can be expensive to do properly.

In particular, ISO27001 can be an expensive standard to tackle for small businesses. That doesn’t mean that there’s any less of a demand for it, however: The “information age” has provided start-ups and SME’s with the tools required to punch well above their weight, often finding themselves in the supply chains for much larger bodies who demand a certain standard in doing business, including how you manage your information security.

What to do in that situation? Well, there are a number of options available:
(more…)

There are some things that make me grind my teeth with despair. People who seem to think that everyone in the train carriage will appreciate the music on their phone, for example, or the grammar checking function on my word processor that’s convinced it knows better than I do. Oh, and companies that trade on the reputation of international standards, without actually complying with them. I admit, that last one’s probably a bit more specific to me than the other two.

In my particular field (information security) the international standard is ISO/IEC 27001:2005. There are lots of good reasons to comply with this standard, which are well documented elsewhere on the IT Governance website and in this great little pack of books on the subject. For the purposes of this post let’s just say that if you need to keep your company information present, correct and secure, ISO27001 is the standard you want. Organisations do want it, too, in their thousands, and they look for help in implementing it.
(more…)