IT Governance Blog on IT governance, risk management, compliance and information security.

The Government has announced that it has signed up the web host Memset as one of ten company’s trialing G-Cloud services. After months of rumour about the G-Cloud project, the Government is expected to produce is G-Cloud and the G-Cloud framework in the next few weeks. The announcement re-enforces the government’s desire to award 25% of G-Cloud contracts to small and midsized enterprises (SME’s).

But What is G-Cloud?

G-Cloud is the Government’s initiative to create a secure government cloud computing infrastructure. G-cloud could potentially create huge savings as public sector bodies require the use of similar applications and services.

The Government hopes to slash £3.2 billion off its annual £16 billion ICT budget through using G-Cloud, however Memset’s MD Kate Craig-Wood said expectations could be set higher if the project was executed to its maximum potential ‘saving the government 12billion per year by 2012’.

If you want to develop your understanding of Cloud Computing, its benefits and its risks, we recommend the highly acclaimed book ‘Above The Clouds’.

We also offer a range of other Cloud Computing books >>>

The Department of Health today announced that it will dismantle the £11.4 billion NHS National Programme for IT. It comes as a cross-party committee stated that the project had proved ‘…beyond the capacity of the Department of Health to deliver and the department is no longer delivering a universal system’.

The main objective of the project was to create a single digital network with a medical record for each of the country’s 62 million people. This would allow members of the NHS to access and share patients’ details across the country and across departments. This however has not been achieved, and what has been left is a disjointed and disparate set of IT systems.

Trying to justify some of the huge expenditure and not label the entire project a failure, the Department of Health stated:

“The NPfIT achieved much in terms of infrastructure and this will be maintained, along with national applications, such as the Summary Care Record and Electronic Prescriptions Service, which are crucial to improving patient safety and efficiency. But we need to move on from a top down approach and instead provide information systems driven by local decision-making. This is the only way to make sure we get value for money and that the modern NHS meets the needs of patients.”

Existing contracts for parts of the IT programme will be honoured, and the NHS Connecting for Health – the overseer of new IT systems – will also stay. However individual hospitals, GP practices and other NHS departments will now have to source and implement their own IT systems – provided they comply with the NHS Connecting for Health structure.

This all means that NHS hospitals and GP’s will now be able to implement IT systems that work for them and their patients. Because control will be passed to localised level, this should in theory, mean a quicker and more efficient delivery of IT services. Surely they cannot be any worse than the ill-fated national project; they certainly won’t be as expensive!

IT Governance provides specialist NHS NC Connecting for Health Consultancy. Read more about our NHS N3 consultancy service here >>>

As most people in the UK will be aware, the current economic woes that beset the UK economy started with the first run on a UK bank since 1886 – the bank in question was Northern Rock.

No one seemed aware in the heady days of 2007 that the cycle of boom and bust had returned. The first anyone here knew about it was from the long queues that started to appear outside every branch of the bank with customers wanting to withdraw their hard-earned savings.

It is very rare that one can firmly grasp why these disasters occur, but it is easy to understand why Northern Rock nearly collapsed after reading The Fall of Northern Rock by Brian Walters.

Brian, previously an employee of Northern Rock, has first-hand experience of what it was like to work for the bank. In the book he remembers how the bank was so hugely successful, he also details what lead to its spectacular collapse.

Having read the book it is easy to understand why in the days of cheap credit it was easy for a financial institution to expand. It is also easy to understand why, given the massive freeze in the credit markets, why the bank collapsed so spectacularly.

The question that comes to mind have we really learnt anything from the crisis and put in place systems to prevent such things happening again?

Sure, banks are now required to hold more capital, also banking regulation has been strengthened. Even a standard has been published for UK financial organisations to follow to help them ensure they are compliant with the relevant legislation, BS 8453:2011

Me thinks we haven’t really learnt that much – may be those in positions of influence at UK financial should read this book and learn how to not repeat the same mistakes as those at Northern Rock……we’d all be better off if they did!

Having undertaken a major cost cutting initiative myself recently within IT Governance, I was wondering what a book on cost cutting could actually tell me. So I decided to spend some time reading a book that had at least an interesting title, in this case Cut Costs Not Corners .

On reading the book I was surprised at how many aspects of cost cutting there were that I hadn’t even considered. Many people will be familiar with a lot of the traditional methods for cost cutting, so there’s no need for me to go into them here. They make up about 20-30% of the book, the rest is dedicated to innovative, new ways to cut costs within organisations.

The book’s main focus is on the role of the chief cost cutting officer (CCCO) as the person responsible for a continuous cost-cutting programme. Having covered the role that the CCCO should play in a cost-cutting programme i.e. the lead role, the book then moves on to provide practical steps that CCCOs in any organisation can take to cut costs whilst not cutting corners.

Cutting costs needn’t mean compromising on quality, and this is one of the key messages the author gets across in the book. He also shows how cutting costs should be a continuous process, not just something done in a recession.

There are two things for sure, chief cost cutting officers, your company needs you and you need this book

IT Governance Publishing (ITGP), the specialist publishing arm of IT Governance, is now offering all of its titles cheaper than Amazon!

ITGP is the world’s only niche corporate and IT governance publisher and offers titles covering topics including information security, risk management, IT service management, ITIL, business continuity and compliance.

ITGP currently has over 100 publications and is continually adding new titles to keep their customers informed of developments in the IT world. ITGP titles are available in softcover and ebook formats; as well as ePub and MOBI versions which allow Kindle users to download them.

Here are some of the fantastic offers ITGP are currently offering:

Above the Clouds: Managing Risk in the World of Cloud Computing List Price: £39.95 Our Price: £29.95 You save: £10.00

Visit the ITGP shop today, where all titles are cheaper than amazon!

All organisations that store, process or transmit payment card information must comply with the Payment Card Industry Data Security Standard (PCI DSS). Ensuring that new and existing staff members are continually aware of the company information security policy is a compulsory requirement of this standard.

Failure to comply with PCI DSS may result in being fined or even permanently excluded from a payment card scheme. More importantly, the failure to implement an effective information security awareness programme may result in the loss of valuable information and the confidence of your customers.

How can you ensure that you fully comply with the staff awareness requirements of PCI DSS?

The PCI DSS Online Staff Awareness course is designed to increase employees’ awareness of the PCI DSS requirements, and to provide clear and simple explanations of what companies and individual employees must do to meet the requirements of the recently released version (v2.0) of the standard.

	ITG PCI DSS Online Staff Awareness Course The PCI DSS Online Staff Awareness course is designed to increase employees’ awareness of the PCI DSS requirements, and to provide clear and simple explanations of what companies and individual employees must do to meet the requirements of the recently released version (v2.0) of the standard. Book this course today.

e – learning technology is at the core of our commitment to helping you deliver information security awareness induction and training programmes. Developed and hosted by IT Governance, the PCI DSS Online Staff Awareness course offers the following benefits:

• Online learning accessed from staff desks or at home
• Reduced cost with no travel or accommodation overhead
• Minimise time away from core work activities
• 40-minute course with a 20 minute test to assess learning effectiveness
• Can be customised for additional specific technical or commercial needs

Positive, aware and well trained members of staff are a key part of ensuring that you fully comply with the PCI DSS standard AND protect the crucial intellectual assets of your organisation, namely your confidential information, relationships and reputation.

Please order the ITG PCI DSS Online Staff Awareness course today

If you require a more intensive and trainer-lead approach to fully implementing the PCI DSS standard, we recommend that you consider attending the IT Governance PCI Foundation Training Course.

ISO/IEC 27001:2005 is the best practice specification that helps businesses and organisations throughout the world to develop a best-in-class Information Security Management System. This standard, together with the ISO 27002 Code of Best Practice, recognises that no matter how many security products are implemented, the information in an organisation is not completely secure unless the employees are trained in security awareness policies and procedures.

As clause 8.2.2 of ISO 27002 sets out, it is now imperative that security issues are addressed at the employee level and that a firm foundation is built for an employee to understand the implications of his/her actions and be mindful of these in their daily activities.

How can you ensure that you fully comply with the staff awareness requirements of ISO 27001?

	ITG e-Learning Course – Information Security & ISO 27001 Staff Awareness The ITG e-Learning – Information Security & ISO27001 Staff Awareness course is designed to increase employees’ awareness of the ISO 27001 requirements and thereby reduce the organisation’s liability due to security failures. The course not only familiarises learners with the basics of information security, including security threats via emails, the Internet and at the workplace, but also introduces the policies on incident reporting and responses. Book this course today.

e – learning technology is at the core of our commitment to helping you deliver information security awareness induction and training programmes. Developed and hosted by IT Governance, the Information Security & ISO 27001 Staff Awareness course offers the following benefits:

• Online learning accessed from staff desks or at home
• Reduced cost with no travel or accommodation overhead
• Minimise time away from core work activities
• 40-minute course with a 20 minute test to assess learning effectiveness
• Can be customised for additional specific technical or commercial needs

Positive, aware and well trained members of staff are a key part of ensuring that you fully comply with the ISO 27001 standard AND protect the crucial intellectual assets of your organisation, namely your confidential information, relationships and reputation.

Please order the ITG e-Learning – Information Security & ISO27001 Staff Awareness course today.

If you require a more intensive and trainer-led approach to fully implementing the ISO 27001 standard, we recommend that you consider attending our ISO27001 Certified ISMS Foundation Training Course.

While people are crucial to the success of information technology within an organisation, there is a conservative view that the users of IT systems represent the greatest information security risk. People will always make mistakes and create security incidents. Some may be tricked and manipulated by external influences (social engineering). A few disgruntled and possibly dishonest employees may cause considerable loss and damage.

How can you mitigate these risks and ensure that the ‘human factor’ becomes a key element in maintaining the information security in your organisation?

	ITG e-Learning Course – Information Security Staff Awareness The ITG e-Learning – Information Security Staff Awareness training course recognises that information security awareness starts at home and then aims to help employees understand the organisation’s information and compliance risks. This course not only familiarises the learners with the basics such as security threats via emails, the Internet and at the workplace, but also introduces policies on incident response and reporting. Book this course today.

Affordable and Effective Delivery of Information Security Awareness Training

e–learning technology is at the core of our commitment to helping you deliver Information Security Awareness induction and training programmes. Developed and hosted by IT Governance, the e-Learning – Information Security Staff Awareness training course offers the following benefits:

• Simple to use with relevant and informative content
• Low cost and easy to implement
• Content can be customised to meet specific needs of organisation
• Web-delivered with no additional technology costs
• Meets the requirements of ISO27001, PCI DSS, Data Protection Act standards

Positive, aware and well trained members of staff are a key part of ensuring that you protect the crucial intellectual assets of your organisation, namely your confidential information, relationships and reputation.

Please order the ITG e-Learning – Information Security Staff Awareness training course today.

Routine penetration testing at regular intervals is a compulsory requirement to ensure that your networks and applications are secure against today’s automated cyber attacks and to maintain compliance with standards such as ISO27001 and PCI DSS.

But how can you afford to regularly test your system at 6 or 12 month intervals?

At IT Governance, our approach to penetration testing is to use our extensive knowledge of hacking methodologies to simulate malicious attacks, identify the key vulnerabilities and recommend appropriate remedial activities. We can start on this work almost immediately and, for most organisations, offer this service at a lower cost than many of our competitors.

The benefits of the IT Governance Penetration Testing Packages include:

• A complete solution for the efficient and routine testing of your IT system
• Ensuring that networks and applications are secure against cyber attacks
• An agreed scope of testing delivered for known and fixed costs
• A comprehensive report indentifying vulnerabilities and recommended remedial activity

Visit our range of Penetration Testing packages here

	ITG Penetration Testing – Standard Package For smaller organisations, we recommend the ITG Penetration Testing – Standard Package which offers full network testing for a system with up to 20 externally facing IP addresses together with a comprehensive test report for a fixed fee of £1950 + VAT. But this package today

Please note that a range of optional ‘testing modules’ can be added to any IT Governance Penetration Testing Package. These include the testing of externally facing Web Applications (recommended) or a Wireless Network system as required.

Take the opportunity to contact us directly to discuss your requirements and find out how you can book your Penetration Testing Service. Our Customer Service team will be delighted to hear from you and, if required, can arrange for one our Consultants to call you for a no-obligation chat.

For further information, please e-mail us or call on 08450 701750.

IT Governance Penetration Testing Packages

Best management practice in technology governance, risk management and compliance will be a high priority for boards across the globe this year and with a new financial year fast approaching now is the time to procure the resources that will help you to meet these challenges. As belt-tightening continues through 2011, will your budget be significantly reduced? And what about the output from that budget – will you be expected to achieve less or more?

If you are fortunate enough to have some funds remaining from the 2010/2011 budget, you will do well to spend it now on the vital tools that will help you through the next 12 months. ITGP Toolkits are a value-for-money resource that will save you time and money and offers a cost effective route to do-it-yourself compliance.

	Complete ITGP Toolkit Suite – Buy an individual toolkit or buy the suite and save £1000! Our unique toolkits are designed to help small and medium organisations quickly adapt and adopt best management practice in technology governance, risk management and compliance. We are at the forefront of bringing to market tools, software and publications that are on the cutting-edge of new standards, legislation and government recommendations. Our toolkits have been designed to integrate with each other saving time and money and prevents work duplication. For the first time ever, all ITGP toolkits are available to purchase as a complete suite! Buy Today and Save £1K!

This complete ITGP Suite contains CD-Rom versions of all the following toolkits:

1. No 3 ISO27001 Comprehensive ISMS Toolkit (CD-Rom/Download)
2. ISO38500 IT Governance Framework Toolkit (CD-Rom)
3. Social Media Governance Toolkit (CD-Rom)
4. SharePoint Governance Toolkit (CD-Rom)
5. BS25999 BCMS Implementation Toolkit (CD-Rom)
6. PCI DSS v2.0 Documentation Compliance Toolkit (CD-Rom)
7. Complete Data Protection Toolkit and Awareness Posters (CD-Rom)
8. ISO9001 QMS Quality Management System Documentation Toolkit (CD-Rom)
9. ISO14001 EMS Environmental Management System Documentation Toolkit (CD-Rom)
10. EN16001 Energy Management System Documentation Toolkit (CD-Rom)
11. OHSAS 18001 Occupational Health and Safety Toolkit (Download)

Not all toolkits will be relevant for your organisation right now but the chances are, in time, they will be! If you only need one toolkit today and another in three months time, that’s fine. Buy whichever toolkit you need now, and then, when you are ready, you can buy the next toolkit and integrate it easily into your existing framework – they are designed to integrate in this way.

Price conscious organisations will see the benefit of purchsing the entire suite and will save £1000.

Take advantage of this exclusive offer and save £1000 Today!