IT Governance Blog on IT governance, risk management, compliance and information security.

The PCI DSS must be met by all organisations (merchants and service providers) that transmit; process or store payment card data. It is a contractual obligation applied and enforced – by means of fines or other restrictions – directly by the payment providers themselves.

PCI DSS compliance requirements

The Standard basically requires merchants and member service providers (MSPs) who store, process or transmit cardholder data to:

• Build and maintain a secure IT network
• Protect cardholder data
• Maintain a vulnerability management program
• Implement strong access control measures
• Regularly monitor and test networks
• Maintain an information security policy.

(more…)

During times of austerity it’s more challenging than ever for an organisation to meet its compliance obligations. With a difficult and uncertain economic environment, there can be a tendency to consider compliance issues, such as Information Security, as an unnecessary expense and, understandably, focus resources on revenue building projects instead.

Taking such a ‘short sighted’ approach can be dangerous!

While it makes good business sense to focus on revenue building activities, organisations that simply ignore their responsibilities, where information security is concerned, will be playing devils-advocate.

(more…)

ISO27001 requires you to develop your ISMS, taking ‘into account business and legal or regulatory requirements, and contractual security obligations’ (Clause 4.2.1 b. 2).

The only cost-effective way to meet this requirement is with the ITG ISO27001 Compliance Database and Update Service – which also helps you comply with five key Annex A controls.

ITG ISO27001 Compliance Database and Update Service

Launch Date: 1 September 2010 – Early Adopter Pricing applies through 31 August 2010

The ISO27001 Compliance Database and Update Service provides plain-English ‘real world’ guidance, rather than a prescriptive, detailed legal review and update service; this is THE compliance service for the ISMS project manager and, where it is appropriate to take your own professional advice, this service will enable you to manage professional legal costs very effectively!

Easy-to-Deploy

The ISO27001 Compliance Database is in Microsoft Access format, which can be deployed directly onto a desktop or onto a SharePoint Server. The licence for this product covers one or multiple users within a single ISMS. The current version of this product is primarily suitable for oganisations that are based in, or have to comply with the laws of, England and Wales.

Database of All Critical Statutory & Regulatory Documents

Find all the critical statutory and regulatory documents in one place – saving you the time, hassle and expense of trying to track them down and make sense of them all yourself.

Subscribe to this service before the end of August to save 10%.

Enter AUGCOMPLIANCE at the checkout for 10% discount!

ITG ISO27001 Compliance Database and Update Service >>

Time is running out to book on the next PCI DSS – 1-Day Introduction, Implementation & Compliance Masterclass, which will take place on the 10th September in London. Delegates who book during August will save £100 and get a free PCI DSS Online Staff Awareness Course!

This 1-day, information-packed course gives you everything you need to know for PCI compliance. It is ideal for those who have to comply with this bank-enforced standard.

PCI DSS – 1-Day Introduction, Implementation & Compliance Masterclass – 10 September in London If you have any responsibility for, or involvement in, your organisation’s PCI DSS compliance activities, or if you’re in information security management, you need to attend this masterclass. It is the essential step that takes you from uncertainty to clarity about all the key steps in preparing for and achieving compliance with the PCI DSS first time. ‘A complex topic covered in a clear and concise way – suitable for all levels’ – David Keech, Convergys Corporation.

This special IT Governance course provides unique insights that will steer delegates toward cost-effective PCI DSS compliance by:

• Providing insight on how to effectively scope your cardholder data environment, which is fundamental to cost-effective PCI DSS compliance
• Explaining the 10 key requirements of the PCI DSS and their multitude of mandatory sub-requirements, together with guidance on cost-effective implementation
• Providing details of common failures, (mis-interpreting the requirements of the standard is a common pitfall)
• Enabling you to effect suitable knowledge transfer to members of your PCI DSS project team to ensure a consistent approach to meeting the requirements
• Identifying areas which should be addressed as a matter of urgency, taking into consideration the resulting effects on revenue and the bottom line.

The free PCI DSS Online Course, Staff Awareness Edition, that delegates will receive if they book this course before the end of August, will enable you to go back into your organisation with the ability to share your new-found knowledge! Staff awareness is often half the battle, and this e-learning course offers the simplest, quickest, most economical and most convenient means possible for a company’s employees to learn how to comply.

There are just a few seats remaining so hurry!

BOOK for the PCI DSS Introduction, Implementation and Compliance course today!

Time is running out to make the most of out August offers. We have a very limited number of spaces left on our September ISO27001 Training Courses, which have money off and ‘added value’ tools & resources available until the end of August.

For those of you who can’t attend a training course, we have a fantastic offer available on the unique No 3 ISO27001 ISMS Toolkit.

Extra Value No 3 ISO27001 Comprehensive ISMS Toolkit Offer

ISO27001 Comprehensive ISMS Toolkit If you purchase this toolkit before the end of August (2010), we’ll send you a further 7 unique resources to help kick-start your information security programme – absolutely free! Implementing ISO/IEC 27001 and creating an effective Information Security Management System for the first time can be challenging! This toolkit has everything you will need. When you use our highly practical and informative books and tools to help you tackle the project, you receive unique guidance and support for your organisation – plus, with this package, you save money!

The No 3 ISO27001 Comprehensive ISMS Toolkit contains everything:

(more…)

Our next PCI DSS – 1-Day Introduction, Implementation & Compliance Masterclass will take place on the 10th September in London and delegates who book during August will save £100 and get a free PCI DSS Online Staff Awareness Course!

This 1-day, information-packed course gives you everything you need to know for PCI compliance. It is ideal for those who have to comply with this bank-enforced standard.
(more…)

Throughout August we’re offering some fantastic deals on our September 2010 training courses and I would hate for you to miss out. You can see all the offers available on our blog. Below are some offers that I thought may be of particular interest to you:

Offer 1: ISO27001 Foundation Course

Foundations of Information Security Management According to ISO27001 Training

This 1-day course will be held in Manchester on 7 September and gives an excellent overview of the ISO27001 standard, including how ISO27001 is helping companies around the world compete more effectively,
how ISO27001 helps organisations meet their legal, regulatory and contractual compliance objectives, and how ISO27001 helps increase user productivity and reduce IT problems.

Delegates who book the course during August will receive a bundle of e-books (worth over £100), absolutely free, which will complement their training and help them towards successful ISO27001 certification.

Read more about this offer here >>

(more…)

Are you expecting the recently announced Government reduction in central funding to affect your business? If you sell to the Public Sector, the answer is of course ‘yes’; but do you really know if you will win or lose?

You may already be aware of the concept of Corporate Darwinism, where in a recession only the strong companies survive, usually at the expense of their competitors. In the Public Sector jungle, well managed companies with a strong product or service proposition will not only survive but will win new business!

While Public Sector organisations will be forced to ‘tighten their belts’, they will not be allowed to reduce their commitment to the management of information security. The public sector has been forced to implement an enhanced version of the ISO27001 Information Security Management Framework and a key part of this standard is to ensure that all of their suppliers are also fully compliant with ISO27001.

How can you strengthen your competitive position when competing for business in the Public Sector?

(more…)

CISA & CISM are top qualifications for career minded Information Security Professionals.

Secure your career and your company with a December 2010 CISA or CISM Certificate – but act now: exam registration closes soon!

The bi-annual Certified Information Systems Auditor (CISA^®) and Certified Information Security Manager (CISM^®) Exams will take place on 11th December and it’s looking likely that exam spaces may sell out fast. With austerity creating a challenging business environment, you could be competing for work with more people than ever, employers will base their recruitment decisions on qualifications as well as experience. This will lead to a massive influx of candidates wanting to take the December 2010 Exams.

Three steps to guarantee you sit and pass the exam

(more…)

Our next ISO27001 Foundations Course will be held in Manchester on 7th September 2010.

Delegates who attend this course will receive a bundle of e-books (worth over £100), absolutely free, which will complement their training and help them towards successful ISO27001 certification.

Foundations of Information Security Management according to ISO27001 Training benefits everyone who want to know more about:

How ISO27001 is helping companies around the world compete more effectively How ISO27001 helps organisations meet their legal, regulatory and contractual compliance objectives How ISO27001 helps increase user productivity and reduce IT problems The benefits of using ISO27001 (BS7799) to guide their information security activities How to use ISO27001 and ISO17799 (ISO27002) together Planning to develop and implement an ISMS based on ISO27001.

(more…)