IT Governance Blog on IT governance, risk management, compliance and information security.

Leading logistics service providers, Dachser, has reached ISO27001 certification across its central IT services, computer centres, infrastructure and IT departments in Germany.

Due to the ISO27001 certification, customers can now be sure that their data is kept safe. ISO27001 is the best practice specification that helps businesses and organisations throughout the world to develop a best-in-class Information Security Management System (ISMS).

“Customers do not just send us data. They also trust us to treat their sensitive business information responsibly. As an internationally operating logistics provider, we need to comply with these high standards of information security worldwide and be able to prove that we are doing so,” says Christian von Rutzen, Dachser’s team leader for IT security.

Source: TMC Net

Certifying yourself against ISO27001 enables you to gain a competitive edge, whilst cutting IT costs and improving ROI.

If you’re interested in adopting  ISO27001, but want to convince the management/board above you, then read The Case for ISO 27001. Written by Alan Calder (one of the first people to successfully implement ISO 27001 standard in the world), this book will give you a case for adopting ISO27001 and safeguarding your business.

Download today >> 

View more information on ISO27001 >>

Implementing ISO 27001 (the international best practices for an Information Security Management System (ISMS) will not only help keep your business secure, but :

• Complies to the Indian Information Technology Act (ITA) and the Indian privacy data law
• It is the most efficient way of complying to these regulations, meaning you will quickly see a ‘Return on Investment’
• It will give your business ‘the edge’ over other competitors
• It is a unique selling point; many customers/clients will feel reassured leaving their data in your hands
• It will define the responsibilities and duties of your team, strengthening your internal organization

ISO 27001 certification requires a lot of time and resources. Many small and mid-size companies are unable to invest money in consultancy, but conversely they cannot afford not to become ISO 27001-compliant. With those organizations in mind, IT Governance has developed the No 4 ISO27001 Complete ISMS Documentation Toolkit. It costs less than one day’s consultancy and at the same time, enables you to kick-start your ISO 27001 project.

Download this toolkit today >>

	No 4 ISO27001 Complete ISMS Documentation Toolkit Price: $495.00

Why pay high consultant fees when, for less than $500, you can have everything you need?
Don’t hesitate – try it today!

Download this toolkit today >>

Following on from last week’s discussion ‘Which, Why and How is an ISO 27001 ISMS toolkit right for you‘, I thought we should take a closer look at the ISO 27001 implementation team and how our special January offer is the logical step that your organisation should take to implement ISO 27001.

Organisations that are serious about implementing ISO 27001, and successfully achieve certification, develop the in-house capability and skills through training.

They also take a risk based approach to develop the information security management System (ISMS), using our tried and tested ISO 27001 ISMS toolkits.

Buy any variation of the ISO 27001 ISMS toolkit before 31st January and get 15% off any ITG Training Course.

	No 3 ISO27001 Comprehensive ISMS Toolkit Price: £1,795 Buy before 31st January and get a 15% discount code for any ITG Training Course!

Our range of training courses offer a structured learning path from Foundation to Advanced level in ISO27001 and ISO27002 together with related topics that include PCI DSS, Data Protection Act and Digital Forensics.

Training the ISO 27001 implementation team:

• In any ISO 27001 project you will have a Lead Implementer that is capable of leading their organisation to successful certification. The ISO27001 Certified ISMS Lead Implementer Masterclass is the perfect course for this role.
• You will need a team of Internal Auditors to effectively audit compliance with the ISO 27001 standard and against the controls contained in ISO 27002. You should book multiple people onto our essential ISO27001 Certified ISMS Internal Auditor training course.
• An understanding of the best practice guidance as outlined in ISO27002 is essential to ensure the compliance to ISO27001 in any organisation. Information Security Foundation based on ISO/IEC 27002 serves as a practical guideline for all members of staff as they initiate, implement and maintain an information security programme.

Save 15% on any of these courses when you buy an ISO 27001 ISMS toolkit before the end of January!

A recent report by Cisco shows frightening statistics that threaten to damage IT security as we know it.

The report found:

• 70% of young employees frequently ignore IT policies
• Two-thirds of young employees believe their companies policies need to be changed
• 61% said corporate IT security isn’t their responsibility, and that it should be that of their employer or the maker of their devices

This ‘casual’ attitude towards IT security may be a contributing factor to the fact that one in four people asked have been a victim of identity theft before the age of 30.

“The desire for on-demand access to information is so ingrained in the incoming generation of employees that many young professionals take extreme measures to access the Internet, even if it compromises their company or their own security,” the report said.

And when asked why 70% of young employees ignore IT policies, the reasons given were:

• They didn’t think they were doing anything wrong
• They needed to do it to get there job done
• They didn’t have time to think about policies while they were working
• The policies weren’t inforced in the first place
• Adhering to the policies was not convenient

This attitude towards IT security needs to change amongst young people, otherwise their employers could be in serious trouble. Leaving networks vulnerable to attacks could cause your system to be infiltrated by hackers, with the risk of losing sensitive data and suffering a data breach.

To ensure that all your employees are up to scratch on what, and what not to do on the Internet, take an Information Security Staff Awareness e-Learning Course.

This Information Security course recognises that information security awareness starts at home and then aims to help employees understand the organization’s information and compliance risks, thereby reducing the organization’s liability due to security failures. The course not only familiarises the learners with the basics of information security, including security threats via emails, the Internet and at the workplace, but also introduces the learners to the policies on incident reporting and responses. Having completed the 40-minute course, students can take a 20-question multiple-choice test.

This Information Security Staff Awareness course, which includes an online certificated test, is squarely based on the detailed guidance of ISO27002 and covers the following areas:.

• What has Information Security got to do with you?
• Where does your organisation fit in?
• Definitions: what is Information Security?
• Could this happen to you? (Scenarios and follow up questions).
• Information Security at home – potential weaknesses (Passwords, Phishing, Web 2.0, USB sticks, Sat Nat)
• Information Security at work
• Secure perimeters
• Tailgating
• Clear desk and screen
• Passwords
• Portable media
• Information classification
• Intellectual property
• Security incidents
• Business continuity
• Important documentation, with links to key policies and procedures

For more information on the Information Security Staff Awareness e-Learning Course, click here >>

ISO 27001 is the international best practise for an Information Security Management System (ISMS). Complying with the new Indian data privacy law is a must for all organisations that collect sensitive information. Organisations that become ISO 27001 certified, are deemed to be in full compliance with this law. Following the requirements of this standard will not only help you meet the obligations of the new Indian data privacy law, but will also protect your business against cyber threats and receive return on investments.

Comply with ISO 27001 by using the ISO 27001 (ISO/IEC 27001) ISMS Requirements. These can be employed by all types of organisations and ensures the selection of adequate and proportionate security controls that protect information assets and give confidence to interested parties.

Download these essential requirements today >>

	ISO 27001 (ISO/IEC 27001) ISMS Requirements (Download) Price: $30.00

What is ISO 27002?

ISO 27002 establishes guidelines and general principles for initiating, implementing, maintaining, and improving information security management in an organisation. ISO 27002 is a code of practice for information security, outlining potential controls and mechanisms which may be implemented subject to the guidance provided in ISO 27001.

This code of practice supports the implementation of ISO 27001 and helps organisations comply with new Data Privacy Regulations.

Download this code of practice today >>

The Internet security passwords at global intelligence company, Stratfor, were ‘too weak’ claims researchers at Utah Valley University.

Stratfor (aka Stategic Forecasting) was hacked shortly before Christmas by well-known cyber gang, Anonymous. The firewall systems were broken into and subscribers of Strafor’s details data was posted online for all to see. What makes this case so unique, is that Stratfor provides analysis of data security issues, holding sensitive data regarding the online security industry.

Utah Valley University analysed the stolen data, only to find that security measures such as username and passwords were not secure enough to ward off hackers. Subscribers to Strafor were put at risk as details of their accounts and card numbers were published by Anonymous.

IT director and professor for Utah Valley University, Kevin Young, said that Stratfor “should have known better” in order to protect themselves against such a thing happening.

So if a data security company can’t use strong passwords, then what hope does this leave for the rest of us? 

Make sure you and the rest of your staff use strong passwords to protect your confidential data. Take the ITG E-Learning Course: Information Security & ISO27001 Staff Awareness. The contents of this course covers these key points:

• What has Information Security got to do with you?
• Where does your organisation fit in?
• Definitions: what is Information Security?
• Could this happen to you? (Scenarios and follow up questions).
• Information Security at work
• Clear desk and screen
• Passwords
• Information classification
• Intellectual property
• Security incidents
• Business continuity
• Important documentation, with links to key policies and procedures
• Information Security & ISO27001 Staff Awareness – Online Test & Certificate

Make sure you and your staff are aware of information security and alert to the threats it brings.

Take this e-Learning course today >>>