IT Governance Blog on IT governance, risk management, compliance and information security.

How do you get non-technical staff to adhere to information security policies and procedures?

James Warren — Mon, 21 May 2012 08:54:34 +0000

A report from the Information Commissioner's Office (ICO), showed that between March 2011 and February 2012 some 281 of the 730 reported data breaches were a result of human error, such as emails being sent by mistake and documents being sent to wrong addresses.

How do you get non-technical staff to adhere to information security policies and procedures? is a post from: IT Governance Blog on IT governance, risk management, compliance and information security.

PCI DSS Staff Awareness Training – essential for meeting the PCI DSS requirements and avoiding fines

kwright — Fri, 18 May 2012 16:12:43 +0000

Any organisation that processes, transmits or stores payment card data must comply with the PCI DSS Standard. Moreover, individual employees also have to meet the requirements of the current version of the standard to ensure that cardholder data is protected.

PCI DSS Staff Awareness Training – essential for meeting the PCI DSS requirements and avoiding fines is a post from: IT Governance Blog on IT governance, risk management, compliance and information security.

Understand the new Business Continuity Standard ISO22301 with this ebook

kwright — Fri, 18 May 2012 10:17:18 +0000

This week ISO22301, the international Business Continuity Standard, was launched and will very soon replace the existing British Standard, BS25999.

Understand the new Business Continuity Standard ISO22301 with this ebook is a post from: IT Governance Blog on IT governance, risk management, compliance and information security.

ISO 22301 – Catch up this weekend …

James Warren — Fri, 18 May 2012 09:56:16 +0000

Everything you want to know about Business Continuity, is a new book that will guide you through domestic and international standards relating to business continuity, with particular reference to ISO22301. Companies achieving certification under the Standard will communicate to their stakeholders their commitment to uninterrupted supply.

ISO 22301 – Catch up this weekend … is a post from: IT Governance Blog on IT governance, risk management, compliance and information security.

Everything you wanted to know about the new ISO22301 standard and business continuity

kwright — Fri, 18 May 2012 09:31:19 +0000

This week ISO22301, the international Business Continuity Standard, was launched and will very soon replace the existing British Standard, BS25999.

Everything you wanted to know about the new ISO22301 standard and business continuity is a post from: IT Governance Blog on IT governance, risk management, compliance and information security.

Deliver the benefits of the Cloud to your organisation

rfreeman — Fri, 18 May 2012 08:58:41 +0000

Are you planning to use Cloud-based services to support or even replace the in-house IT capability in your organisation? You may have already been asked by users who want access to Web applications or indeed by senior managers who wish to cut the cost of IT in the current demanding financial climate.

Deliver the benefits of the Cloud to your organisation is a post from: IT Governance Blog on IT governance, risk management, compliance and information security.

Win New Business With An ISO9001 Quality Management System

kwright — Thu, 17 May 2012 13:41:41 +0000

ISO 9001 is the best practice specification that helps businesses and organizations throughout the world to develop a best-in-class Quality Management System (QMS)

Win New Business With An ISO9001 Quality Management System is a post from: IT Governance Blog on IT governance, risk management, compliance and information security.

Data Protection Act – do staff have the right to know?

Desislava Aleksandrova — Thu, 17 May 2012 11:09:00 +0000

It also raises another, more important question: Who is accountable? Is it the staff who breach the Data Protection Act (DPA), or the employers for failing to make staff aware of their duties under the DPA in the first instance?

Data Protection Act – do staff have the right to know? is a post from: IT Governance Blog on IT governance, risk management, compliance and information security.

Implement Information Security Best Practice for ITIL 2011

rfreeman — Thu, 17 May 2012 09:51:54 +0000

Do you know how to deliver the ITIL recommendations for Information Security Management? Closely aligned with ISO27001, the ISO/IEC 27002:2005 standard serves as a practical guideline for all members of staff as they initiate, implement and maintain information security. An understanding of the best practice guidance as outlined in ISO27002 is essential to achieving the goals of an ITIL Service Management programme.

Implement Information Security Best Practice for ITIL 2011 is a post from: IT Governance Blog on IT governance, risk management, compliance and information security.

A step-by-step route to PCI compliance

Melanie Watson — Thu, 17 May 2012 08:28:30 +0000

The PCI Compliance Toolkit sets out a clear process which will enable you to become PCI compliant. Created by compliance experts the tools, documents and guidance in this toolkit will:

A step-by-step route to PCI compliance is a post from: IT Governance Blog on IT governance, risk management, compliance and information security.

Cybersecurity is a critical business issue. Avoid becoming the next Sony

James Warren — Thu, 17 May 2012 08:27:21 +0000

Cybersecurity is a critical business issue that is climbing the agenda in boardrooms everywhere. This is no surprise considering the high profile media storm that has been building since the Sony hacking scandal. A year has now passed since Sony shut its Playstation Network.

Cybersecurity is a critical business issue. Avoid becoming the next Sony is a post from: IT Governance Blog on IT governance, risk management, compliance and information security.

APMG Accredited Toolkit Can Help Improve Your ITSM & Achieve ISO20000 Certification

kwright — Wed, 16 May 2012 14:07:44 +0000

All organisations are dependent upon IT Service Management. The key is maximising its effectiveness and delivering a service that meets the businesses requirements. In challenging economic conditions the pressure on ITSM to deliver is higher than ever.

APMG Accredited Toolkit Can Help Improve Your ITSM & Achieve ISO20000 Certification is a post from: IT Governance Blog on IT governance, risk management, compliance and information security.

Official PRINCE2 study package on sale now!

Melanie Watson — Wed, 16 May 2012 13:35:50 +0000

PRINCE2 project management methodology is the de-facto standard for project management in the UK and is practiced worldwide. It covers the management, control and organisation of a project.

Official PRINCE2 study package on sale now! is a post from: IT Governance Blog on IT governance, risk management, compliance and information security.

Long Awaited ISO 22301 – BCMS Requirements – Now Available

James Warren — Wed, 16 May 2012 13:26:27 +0000

The long awaited International Standard – IS0 22301 – has now been published and is available to purchase.

Long Awaited ISO 22301 – BCMS Requirements – Now Available is a post from: IT Governance Blog on IT governance, risk management, compliance and information security.

Official PRINCE2 study package on sale now!

Melanie Watson — Wed, 16 May 2012 12:28:34 +0000

PRINCE2 project management methodology is the de-facto standard for project management in the UK and is practiced worldwide. It covers the management, control and organisation of a project.

Official PRINCE2 study package on sale now! is a post from: IT Governance Blog on IT governance, risk management, compliance and information security.

ICO fines: The expense no company wants to face

Melanie Watson — Wed, 16 May 2012 11:22:58 +0000

With the ICO issuing their first fine to an NHS organisation last week of £70,000, it is an ominous reminder of the power the ICO holds over organisations that breach the Data Protection Act (DPA).

ICO fines: The expense no company wants to face is a post from: IT Governance Blog on IT governance, risk management, compliance and information security.

Is Your Organisation Fully Compliant to the Data Protection Act?

rfreeman — Wed, 16 May 2012 10:08:54 +0000

The Information Commissioner's Office (ICO) announced last week that the first NHS organisation has been fined for a serious breach of the Data Protection Act. The Aneurin Bevan Health Board (ABHB) has been issued with a penalty of £70,000 after information relating to a patient’s health was sent to the wrong person.

Is Your Organisation Fully Compliant to the Data Protection Act? is a post from: IT Governance Blog on IT governance, risk management, compliance and information security.

A step-by-step route to PCI compliance

kwright — Wed, 16 May 2012 08:46:45 +0000

The PCI Compliance Toolkit sets out a clear process which will enable you to become PCI compliance. Created by compliance experts the tools, documents and guidance in this toolkit will:

A step-by-step route to PCI compliance is a post from: IT Governance Blog on IT governance, risk management, compliance and information security.

A step-by-step route to PCI compliance

kwright — Tue, 15 May 2012 15:51:44 +0000

The PCI Compliance Toolkit sets out a clear process which will enable you to become PCI compliance. Created by compliance experts the tools, documents and guidance in this toolkit will:

A step-by-step route to PCI compliance is a post from: IT Governance Blog on IT governance, risk management, compliance and information security.

Your complete library for ISO27001

Melanie Watson — Tue, 15 May 2012 15:48:47 +0000

At www.itgovernanceasia.com, we have a complete library of books, software and tools to help guide you through the ISO27001 process.

Your complete library for ISO27001 is a post from: IT Governance Blog on IT governance, risk management, compliance and information security.