IT Governance Blog on IT governance, risk management, compliance and information security.

	Information Security Foundation based on ISO/IEC 27002   This course serves as a practical guideline for all members of staff as they initiate, implement and maintain an information security programme. An understanding of the best practice guidance as outlined in ISO2702 is essential to ensure the compliance to ISO27001 in any organisation.Find out more>>

Use THE Cyber Security Toolkit

The all-inclusive, comprehensive No 3 Toolkit will provide you with everything you need to accelerate and develop an ISO 27001-compliant ISMS.

	No 3 ISO27001 Comprehensive ISMS Toolkit   When you use our highly practical and informative books and tools to help you tackle the project, you receive unique guidance and support for your organisation – plus, with this package, you save money. Find out more>>

Get Cyber Security Qualified for just £500

With a growing demand for professionals possessing IS audit, control and security skills, CISA has become the preferred certification program by individuals and organisations around the world. If you’re interested, then take advantage of our fantastic saving on our CISA course.

	CISA – Certified Information Systems Auditor Training Course – In London EC4N RRP: £1,595.00 Price: £500.00 You Save: £1,095.00 Saving over £1,000, this course is run by ITG Training, the official UK reseller of ISACA’s CISA materials. This course will offer you concise exam preparation so you will feel ready for sitting the exam – and passing first time! Find out more>>
		-

Don’t give cyber criminals an early Christmas present. Protect your business with one or more of the options above and you’ll be able to have a very Merry Christmas!

Banks are charging higher fees by default to merchants that have not proved compliance with the payment card industry data security standard (PCI DSS). You could be paying much more than you need to – FACT!

In addition to these extra charges, the Information Commissioner’s Office (ICO), has made it absolutely clear that organisation found to be non-compliant with PCI DSS, and having suffered a data breach, will be deemed non-compliant with the data protection act (DPA) and will be fined up to £500,000. Double penalties are a very real risk, as well as reputation damage and diminished customer loyalty!

Tackle both compliance challenges together for just £600!!!

	DPA and PCI Foundation Combination Course 13-14 December 2011 in London RRP: £935.00 Price: £600 You Save: £335.00

Tackle both compliance challenges together, once and for all, this December …

This December we are holding our best selling DPA and PCI foundation courses back-to-back to allow organisations, such as yours, to get to grips with these important compliance issues.

If you book these courses separately, the cost would be £935. This combination course allows you to book for just £600, saving you £335 in the process!

Don’t miss out! Book on the PCI and DPA course now >>

Train your team, boost productivity and ensure your critical data is secure with our specially priced products!

iRiver Story HD eBook Reader + 10% Off All ITGP eBooks For Life!

SafeStick + Free Awareness Posters! Secure USB stick with hardware encryption

4 pack ‘High Performace’ Soft skills book bundle Save £20 and develop your team this new year!

More fantastic festive offers

Breaking the Addiction to Process Price: £19.95

Running IT Like A Business Price: £29.95

Changing the IT Leader’s Mindset Price: £24.95

PCI Training Offer

Information Security & ISO27001 Staff Awareness e-Learning Offer

Data Protection Training Offer

Visit our festive shop to see all our fantastic offers >>

The Information Commissioner has issued two local councils with fines after they sent highly sensitive personal information to the wrong recipients.

Worcestershire County Council was fined £80,000 after an incident in March and North Somerset Council £60,000 after a series of incidents in November and December of last year. In both cases the councils had appropriate policies and procedures in place, however they had both failed to ensure that staff had received relevant staff training.

Christopher Graham, the information commissioner commented:

“It is of great concern that this sort of information was simply sent to the wrong recipients by staff at two separate councils…. There is too much of this sort of thing going on across local government. People who handle highly sensitive personal information need to understand the real weight of responsibility that comes with keeping it secure.”

In a period where public spending is in decline, you cannot afford to be hit with a fine of up to £500K! For cost-effective avoidance, look no further than the IT Governance DPA Staff Awareness e-learning Course:

	DPA Staff Awareness e-Learning Price: £45.00
	This DPA Staff Awareness e-learning course is the most cost-effective way to ensure your staff know their DPA responsibilities and how to handle sensitive information.

As data breaches and data incidents are often caused by individuals, regardless of the security systems you have in place, staff training is essential. The fantastic DPA staff awareness e-Learning Course is non-technical and a quick and effective means of delivering staff DPA training.

• Provide a consistent message to all staff
• Teach your staff about the key concepts of the DPA
• Retain records of completion and training
• Systematically train everyone at a low individual cost

Don’t run the risk of a huge fine from the ICO.

Book your staff on our DPA e-learning course today >>>

Recent research has also shown that 25.9% of data breach cases, which led to the ICO extracting an undertaking from the organisation concerned, was a result of lost or stolen USB devices that were unencrypted. You should replace all USB sticks within your organisation with Safestick – a hardware encrypted USB stick that is CESG-approved.

Secure your data on the Safestick today >>>

Failure to encrypt confidential data, stored on USB sticks and laptops, is a breach of the DPA…

It seems the public sector need to take this issue more seriously…

A recent report from Big Brother Watch uncovered ‘more than 1000 incidents across 132 local authorities, including at least 35 councils who have lost information about children and those in care’.

435 of these cases involved the loss or theft of unencrypted USB sticks, laptops or mobile devices. The ICO’s Acting Head of Enforcement, Sally Anne Poole, states that the ICO’s position on encryption is clear:

‘All personal information – the loss of which is liable to cause individuals damage and distress – must be encrypted. This is one of the most basic security measures and is not expensive to put in place – yet we continue to see incidents being reported to us. This type of breach is inexcusable and is putting people’s personal information at risk unnecessarily’

Ensure your data is encrypted with the SafeStick

	SafeStick (FIPS 140-2 USB Stick, Various Capacities) Price: £76.50

SafeStick is CESG approved and features FIPS 140-2 certified hardware encryption, far stronger than software encryption. The Safestick is almost indestructible and in the event of loss or theft, you can remotely ‘kill’ a stick. SafeStick is government approved and is the NHS USB stick of choice.

SafeStick is compatible with the holy trinity of operating systems (Windows, Mac and Linux) and is so user friendly that you can have your data protected within minutes of plugging it in.

Keep personal data safe with the hardware encrypted Safestick

Buy this Complete Data Protection Toolkit today and we’ll send you a single user license for an e-Learning DPA Staff Awareness Course absolutely free!

DPA Compliance has never been so easy. Our Complete Data Protection Toolkit features all the tools you need to become DPA compliant and now contains a free e-Learning DPA Staff Awareness Course (worth £45.00). As data breaches are often caused by individuals and members of staff, this course is a quick and effective means of delivering staff DPA training.

All UK businesses must be compliant with the DPA. Failure to do so could incur you fines of up to £500,000.

Instigating a DPA project can, at first, seem daunting; after all there are lots of things to consider. However IT Governance can take all the pain out of your DPA project with the Complete Data Protection Toolkit. This fantastic toolkit provides all the tools and templates for you to complete your DPA project on your own, for just £156!

Buy this toolkit today before the offer expires! >>

	Complete Data Protection Toolkit Price: £156.00

Your Staff Need To Know Their DPA Responsibilities

As data breaches and data incidents are often caused by individuals, regardless of the security systems you have in place, staff training is essential. The fantastic DPA Staff awareness e-Learning Course is non technical and a quick and effective means of delivering staff DPA training.

This toolkit provides ALL the tools and resources you need to be complaint with the DPA.

Buy this toolkit today before the offer expires! >>

After just 2-days you’ll walk away knowing exactly how to achieve DPA and PCI DSS compliance!

In the UK all organisations must comply with the Data Protection Act (DPA), and every organisation that stores, transmits or processes card holder data must comply with the Payment Card Industry Data Security Standard (PCI DSS). These two compliance issues cannot be ignored and will not go away – FACT!

There’s nothing new about what you just read. You already know that you have to be compliant. You may be worrying about the cost, the time it will take and the resources you need. You may also be worried about the implications that a breach would have to your organisation, especially if you are found to be non-compliant with the DPA or PCI DSS.

	DPA and PCI Foundation Combination Course 13-14 December 2011 in London RRP: £935.00 Price: £600 You Save: £335.00

Tackle both compliance challenges together, once and for all, this December …

This December we are holding our best selling DPA and PCI foundation courses back-to-back to allow organisations, such as yours, to get to grips with these important compliance issues.

If you book these courses separately, the cost would be £935. This combination course allows you to book for just £600, saving you £335 in the process!

2011 has seen a vast increase in the scale of attacks on businesses of all sizes, facing us with a very clear and present danger of cyber attacks and data breaches.

Often businesses will spend money on insurance, security systems for their premises, fire alarms and so on, but have you taken similar care with your IT security measures? Your most critical assets (the systems which run your business and the information held within them) are extremely vulnerable to cyber attacks, yet are often left as the last to protect.

Not only is IT security an important issue for protecting your businesses’ critical assets, customer data and confidential information; it also protects your brand.

Make your business Cyber Secure by implementing an Information Security Management System (ISMS). This will enable you develop the right controls and systems to meet the ever increasing and demanding requirements of your customers and partners.

An ISMS compliant to ISO 27001 will help you demonstrate to your customers and clients that you take information security seriously and have made a commitment to ensuring the safety of your information.

The Standalone ISO27001 ISMS Documentation Toolkit will save you months of work, help you avoid costly trial-and-error dead-ends, and ensure that all your ISO27001 ISMS documentation is drafted in line with the requirements of the ISO/IEC27001 standard.

Make your business Cyber Secure with the ISO 27001 ISMS Documentation Toolkit >>

	Standalone ISO27001 ISMS Documentation Toolkit Price: €575.95

Our ISO27001 Toolkit provides all the tools, document templates, guidance and support you need to implement your own ISO27001 project. With this toolkit you can rapidly become ISO27001 ready and ensure your business is cyber secure.

Make your business Cyber Secure with the ISO 27001 ISMS Documentation Toolkit >>

Don’t miss out on this fantastic festive offer and book on the December DPA Foundation Course now to receive a free DPA e-learning single user license!

That’s right, book on the December course and get a free single user DPA e-learning license. This e-lerning course is a fantastic way of delivering DPA training to your staff in a non technical way.

Why is Data Protection, and DPA compliance, such a big issue?

Data loss in both public and private sectors is all over the media, and the governance of personal information now keeps company directors awake at night. This has been raised so far up the public agenda that the Information Commissioner (the UK’s regulatory body for the DPA) has now been granted extra powers and sanctions – including the power to levy fines of up to £500k.

This interactive and enjoyable one-day course gives both new and experienced staff and management – those involved with or responsible for personal data – an oversight of what the Data Protection Act means to their business and also to their own rights as an individual.

	DPA Foundation Course – in London, 13 December Offer available for a limited time only! Our Price: £440.00
	This 1-day DPA Foundation course combines a mixture of theory and group workshop sessions to examine the legislation and requirements on organisations handling personal data, and explores methods of complying with the DPA whilst supporting business objectives.

Some of the elements that this comprehensive course covers are:

• Why Data Protection? – Privacy evolution or erosion?
• What is personal data?
• Finding a legal basis for collecting and retaining data
• Fair processing statements, direct marketing and whether to “opt in” or “opt out”
• Getting the right amount of relevant personal information

This list is not exhaustive, for more information on what’s covered in the course please go to our DPA Foundation Course page >>>

Assessment of current level of compliance with the DPA is essential for organisations to close any gaps that are identified. IT Governance Ltd is a publisher of the DPA Compliance Assessment Tool which draws on core advice on DPA compliance from the UK Information Commissioner’s Office, and contains a series of 16 key questions with associated recommendations and guidance that enable you to identify steps that you need to deal with a specific issue or with a broad range of mitigation actions. For further information and to purchase this unique tool, please visit our dedicated DPA Compliance Assessment Tool page >>>

Ensure that you comply with the DPA – Book on the December DPA Foundation Course now and receive a free DPA e-learning single user license! >>>

Free Webinars From IT Governance

We are holding 3 free webinars over the next month. Each webinar is presented by a subject matter expert who has expert knowledge within their field. We invite you to register for any webinar you may find useful.

IT Governance EU is presenting IT Security Awareness Week on the 21-25 November, raising awareness amongst organisations about cybersecurity and the EU’s resilience to cyber attacks.

With IT security a growing issue, we wants to ensure that cybersecurity is at the top of every organisations priorities. In the past few months we have seen an increasing demand for help against cyber threats.

IT Governance: A Manager’s Guide to Data Security and ISO 27001/ISO 27002 is one of our most popular titles regarding IT security. This book covers everything you need to know about IT and data security, including viruses, hackers, malware, online fraud, privacy regulations, computer misuse and investigatory powers.

“…a comprehensive guide as to actions that should be taken”
Nigel Turnbull, Chairman, Lasmo Plc, author of the Turnbull Report.

Order your copy of the most popoular guide to IT and Data Security! >>

	IT Governance: A Manager’s Guide to Data Security and ISO 27001 / ISO 27002, Fourth Edition Price: €57.95

This books is:

• The de-facto guide for those designing & implementing an ISO 27001 Information Security Managment System (ISMS)
• Written in a useful, practical, pragmatic and non-technical style
• Provides a rigorous approach to implementing an ISMS
• Web-enabled to keep you up-to-date with key changes to the content of the book

Order your copy of the most popoular guide to IT and Data Security! >>

More to explore:

Cyber Risks for Business Professionals: A Management Guide

CyberWar, CyberTerror, CyberCrime

Information Security Management Principles: An ISEB Certificate