IT Governance Blog on IT governance, risk management, compliance and information security.

During times of austerity it’s more challenging than ever for an organisation to meet its compliance obligations. With a difficult and uncertain economic environment, there can be a tendency to consider compliance issues, such as Information Security, as an unnecessary expense and, understandably, focus resources on revenue building projects instead.

Taking such a ‘short sighted’ approach can be dangerous!

While it makes good business sense to focus on revenue building activities, organisations that simply ignore their responsibilities, where information security is concerned, will be playing devils-advocate.

(more…)

Time is running out to make the most of out August offers. We have a very limited number of spaces left on our September ISO27001 Training Courses, which have money off and ‘added value’ tools & resources available until the end of August.

For those of you who can’t attend a training course, we have a fantastic offer available on the unique No 3 ISO27001 ISMS Toolkit.

Extra Value No 3 ISO27001 Comprehensive ISMS Toolkit Offer

ISO27001 Comprehensive ISMS Toolkit If you purchase this toolkit before the end of August (2010), we’ll send you a further 7 unique resources to help kick-start your information security programme – absolutely free! Implementing ISO/IEC 27001 and creating an effective Information Security Management System for the first time can be challenging! This toolkit has everything you will need. When you use our highly practical and informative books and tools to help you tackle the project, you receive unique guidance and support for your organisation – plus, with this package, you save money!

The No 3 ISO27001 Comprehensive ISMS Toolkit contains everything:

(more…)

Throughout August we’re offering some fantastic deals on our September 2010 training courses and I would hate for you to miss out. You can see all the offers available on our blog. Below are some offers that I thought may be of particular interest to you:

Offer 1: ISO27001 Foundation Course

Foundations of Information Security Management According to ISO27001 Training

This 1-day course will be held in Manchester on 7 September and gives an excellent overview of the ISO27001 standard, including how ISO27001 is helping companies around the world compete more effectively,
how ISO27001 helps organisations meet their legal, regulatory and contractual compliance objectives, and how ISO27001 helps increase user productivity and reduce IT problems.

Delegates who book the course during August will receive a bundle of e-books (worth over £100), absolutely free, which will complement their training and help them towards successful ISO27001 certification.

Read more about this offer here >>

(more…)

Our next ISO27001 Foundations Course will be held in Manchester on 7th September 2010.

Delegates who attend this course will receive a bundle of e-books (worth over £100), absolutely free, which will complement their training and help them towards successful ISO27001 certification.

Foundations of Information Security Management according to ISO27001 Training benefits everyone who want to know more about:

How ISO27001 is helping companies around the world compete more effectively How ISO27001 helps organisations meet their legal, regulatory and contractual compliance objectives How ISO27001 helps increase user productivity and reduce IT problems The benefits of using ISO27001 (BS7799) to guide their information security activities How to use ISO27001 and ISO17799 (ISO27002) together Planning to develop and implement an ISMS based on ISO27001.

(more…)

Do you require the ISO 27001 Information Security Management Standard to help you win new business with customers in the Public Sector?

Have you noticed how many Pre-Qualification Questionnaire and Invitation to Tender documents now ask for this standard as a compulsory requirement?

How can you afford the time and expense required to be awarded ISO 27001?

The IT Governance FastTrack ISO 27001 Consultancy Service is specifically designed to prepare your organisation for UKAS-accredited certification to ISO27001:2005 in just 3 months. Providing you have less than 19 members of staff and a single office location, we can offer this complete service for a fixed fee of just £5,000.
(more…)

This week only, we’re giving away a complete set of Information Security Awareness tools with our best selling No 3 ISO27001 ISMS toolkit.

No 3 Toolkit Offer - Additional FREE Resources Include: Information Security Awareness Posters (Download) Information Security Risk Management for ISO27001/ISO27002 (Download) Complete set of five ISO27001 Pocket Guides (Download)

Accelerate your ISO27001 project with the help of this toolkit – Buy before the end of August 2010 to get your 7 additional recources FREE!

Find out more about the No 3 Toolkit – buy it today >>

Want help understanding how ISO27001 will help your organisation? Read our blog post: How will ISO27001 help my organisation during economic austerity?

As the UK government grapples with the huge defecit in the aftermath of the global recession, the measures which have been announced, such as public sector spending cuts, have already had an effect on the wider economy. Headline’s in todays news show that UK inflation has slowed again in June.

For most organisations the economic outlook may seem grim and, in an attempt to control costs, they will be scrapping all non-essential projects.

How does your organisation determine which projects are non-essential?

The common sense approach is to look at the bottom line first:

• Which projects will deliver the greatest return on investment?
• Which projects will enable us to win new business?
• Which projects will deliver long-term business goals, yet fail to deliver short-term returns?

Secondly, compliance issues need to be taken into consideration:

• Which compliance projects will ensure we are trading legally?
• Which compliance projects will help us to comply with our contractual obligations?
• Which compliance projects will protect us in the event of a breach or other potentially damaging risks?

When you apply these questions to an information security and ISO27001 project, you will begin to see the real benefits of achieving certification, and will soon conclude that this is one project that is well worth pursuing.

How will ISO27001 help my organisation during economic austerity?

Implementing ISO27001 will enable an organisation to find efficiency savings which could have an immediate impact on its bottom line. Many organisations that already have ISO27001 certification have found themselves at an advantage over their competitors. This is particularly apparent during the tendering process as public sector organisations, and increasingly private sector organisations, are demanding ISO27001 certification as a pre-requisite.

So, as you can see, the commercial benefits to ISO 27001 certification are strong and when you back this up with the more obvious ‘compliance’ issues, there is a very strong case for bringing the project forward and making it happen as soon as possible.

Accelerate your ISO27001 project and develop an ISO27001-Compliant Information Security Management System (ISMS).

The No 3 ISO27001 Comprehensive ISMS Toolkit has everything you will need. When you use our highly practical and informative books and tools to help you tackle the project, you receive unique guidance and support for your organisation – plus, with this package, you save money!

Risk assessment is critical to effective deployment of an ISO/IEC 27001 Information Security Management System, and this toolkit enables you to demonstrate that you have a repeatable risk assessment process and appropriate documentation.

The No 3 ISO27001 Comprehensive ISMS Toolkit has 6 components which, when combined, give you the most powerful mix of resources available today!
(more…)

Buy the No 3 ISO27001 Comprehensive ISMS Toolkit before the end of June (2010), and get SEVEN additional resources free!

Implementing an information security management system in line with ISO27001, can be challenging for any organisation. The Extra Value No 3 ISO27001 Comprehensive ISMS Toolkit Offer has everything you need for successful implementation and will help you to accelerate your project saving you time and money.

(more…)

Organisations who have have an effective information security management system will be more than aware of the importance of risk management. ISO27001, which is best practice for an information security management system, specifies that a risk assessment has to be carried out before any controls can be selected and implemented, making risk assessment the core competence of information security management.

Information Security Risk Management for ISO27001/ISO27002 is a new book which provides expert guidance on planning and implementing a risk assessment and protecting your business information.

(more…)

During March and April we published lot’s of new books and toolkits. I want to take this opportunity to bring two of these books, which were our two best selling books at the Info Security Europe show, to your attention:

1. ISO27001 in a Windows® Environment; &
2. Assessing Information Security: Strategies, Tactics, Logic and Framework.