IT Governance Blog on IT governance, risk management, compliance and information security.

Effectively audit compliance with the ISO27001 Certified ISMS Internal Auditor Training Course!

Special Offer, book today and receive 30% off the February course date.

This two-day certificated training course prepares the internal auditor to effectively audit compliance with the information security standard ISO27001 and against the controls contained in ISO27002.

ISO27001 Certified ISMS Internal Auditor training provides an excellent career progression and skills development opportunity for information security staff and internal auditors.

Effectively audit compliance with the ISO27001 Certified ISMS Internal Auditor Training Course. Book on the February course date and save 30%! >>

	ISO27001 Certified ISMS Internal Auditor Training Course – London – 6-7 Feb 2012 RRP: £850.00 Price: £595.00 You Save: £255.00

Effectively audit compliance with the ISO27001 Certified ISMS Internal Auditor Training Course. Book on the February course date and save 30%! >>

More to explore …

Information Security Foundation based on ISO/IEC 27002 30% off the February course date!

No 3 ISO27001 Comprehensive ISMS Toolkit

ISO27001 Cyber Security Toolkit

Cyber crime is on the rise and all organisations need to ensure they protect themselves and their critical assets from cyber attack. Start this January with these time limited special offers:

	ISO 27001 Cyber Security Toolkit Get a free Cyber Security Self Assessment Tool – Until 31stJanuary! RRP: £1,864.00 Price: £1,695 You Save: £169.00 FREE!

Book Training …

	ISO 27001 Information Security Combination Course 21 to 24 February 2012 in Manchester RRP: £2,209.00 Price: £1,994 You Save:£295.00 This specially priced package includes attendance at both the ISO27001 Certified ISMS Foundations course, and ISO27001 Certified ISMS Lead Implementer Class.

More to explore …

Digital Forensics Foundation Training 30% off the February course!

Cyber Risks for Business Professionals £10 off for January!

ISO27001 Certified ISMS Internal Auditor Training 30% off the February course!

Following on from last week’s discussion ‘Which, Why and How is an ISO 27001 ISMS toolkit right for you‘, I thought we should take a closer look at the ISO 27001 implementation team and how our special January offer is the logical step that your organisation should take to implement ISO 27001.

Organisations that are serious about implementing ISO 27001, and successfully achieve certification, develop the in-house capability and skills through training.

They also take a risk based approach to develop the information security management System (ISMS), using our tried and tested ISO 27001 ISMS toolkits.

Buy any variation of the ISO 27001 ISMS toolkit before 31st January and get 15% off any ITG Training Course.

	No 3 ISO27001 Comprehensive ISMS Toolkit Price: £1,795 Buy before 31st January and get a 15% discount code for any ITG Training Course!

Our range of training courses offer a structured learning path from Foundation to Advanced level in ISO27001 and ISO27002 together with related topics that include PCI DSS, Data Protection Act and Digital Forensics.

Training the ISO 27001 implementation team:

• In any ISO 27001 project you will have a Lead Implementer that is capable of leading their organisation to successful certification. The ISO27001 Certified ISMS Lead Implementer Masterclass is the perfect course for this role.
• You will need a team of Internal Auditors to effectively audit compliance with the ISO 27001 standard and against the controls contained in ISO 27002. You should book multiple people onto our essential ISO27001 Certified ISMS Internal Auditor training course.
• An understanding of the best practice guidance as outlined in ISO27002 is essential to ensure the compliance to ISO27001 in any organisation. Information Security Foundation based on ISO/IEC 27002 serves as a practical guideline for all members of staff as they initiate, implement and maintain an information security programme.

Save 15% on any of these courses when you buy an ISO 27001 ISMS toolkit before the end of January!

Global research consultancy company, Illuminas, receives ISO 27001 certification after over a year’s worth of dedicated work.

John Ricketts (Director of IT and Information Security) and John Ricketts (Global COO)  comment, “We are delighted to achieve ISO 27001 at a time when data protection and data privacy are increasingly important in both the research industry and society generally.  ISO 27001 ensures there are clear benefits for clients and respondents, with personal information as well as client confidential material encrypted 100% of the time whilst on Illuminas systems. The standard is a systematic approach to managing the security of sensitive information covering people, processes, IT systems and policy. We believe all research companies should follow the guidelines of the standard given they are often entrusted with personal information.”

Source: Illuminas Press Release, PRWeb

Achieving ISO 27001 instills confidence within your customers on how you handle their data. ISO 27001 is the international standard for Information Security Management Systems (ISMS) and covers topics such as:

• Extensive risk management evaluation
• Business resilience planning
• Ensuring data security standards set by client companies are met

If you’re thinking about implementing ISO 27001 requrements, then take advantage of our Value Added ISO 27001 ISMS Toolkit Offer. This comprehensive toolkit will cost effectively accelerate your ISO 27001 project and help you to become certification-ready in no time!

Find out the the steps of standard approach towards implementation of an ISMS that is recommended by all international certification bodies>>

Before we get on the ‘which’, lets explore ‘why’ and ‘how’ the ISO 27001 ISMS toolkit range has helped hundreds of organisations across the world to achieve ISO 27001 certification readiness.

‘WHY’ choose an ISO 27001 ISMS toolkit?

The hardest part of achieving ISO 27001 certification is the documentation of the Information Security Management System (ISMS). The documentation that is necessary to create a conforming system can, particularly in more complex businesses, be up to a thousand pages.

A toolkit can accelerate your ISO 27001 project immensely. The key benefits of a toolkit are:

• A toolkit is cheaper than one days’ consultancy
• Provides clear guidance on the role of risk assessment
• Template documents are easy to edit and customise
• Template documents save you time on research
• Template documents save you time on procedure writing
• Makes you your own expert
• An after sales support service
• 12 months of automatic updates

Then there’s the ‘HOW to do it’ issue.

The resource, time and management implications of making all this happen are immense. But that’s where toolkits come in. Our toolkits are precisely tailored to the requirements of ISO 27001 and contain pre-written documents, which can be tailored to your organisation. Our unique document support service offers after sales support to answer your queries, and each toolkit includes 12 months of free updates

Importantly, you do not want hundreds and hundreds of policies, after all ISO 27001 only requires 7 policies. By purchasing a toolkit, you receive a set of policies and procedures that really enable you to implement ISO 27001.

And finally, ‘WHICH’ toolkit is right for you?

	No 3 ISO27001 Comprehensive ISMS Toolkit Price: £1,795 Buy before 31st January and get a 25% discount code for any ITG Training Course!

A recent report by Cisco shows frightening statistics that threaten to damage IT security as we know it.

The report found:

• 70% of young employees frequently ignore IT policies
• Two-thirds of young employees believe their companies policies need to be changed
• 61% said corporate IT security isn’t their responsibility, and that it should be that of their employer or the maker of their devices

This ‘casual’ attitude towards IT security may be a contributing factor to the fact that one in four people asked have been a victim of identity theft before the age of 30.

“The desire for on-demand access to information is so ingrained in the incoming generation of employees that many young professionals take extreme measures to access the Internet, even if it compromises their company or their own security,” the report said.

And when asked why 70% of young employees ignore IT policies, the reasons given were:

• They didn’t think they were doing anything wrong
• They needed to do it to get there job done
• They didn’t have time to think about policies while they were working
• The policies weren’t inforced in the first place
• Adhering to the policies was not convenient

This attitude towards IT security needs to change amongst young people, otherwise their employers could be in serious trouble. Leaving networks vulnerable to attacks could cause your system to be infiltrated by hackers, with the risk of losing sensitive data and suffering a data breach.

To ensure that all your employees are up to scratch on what, and what not to do on the Internet, take an Information Security Staff Awareness e-Learning Course.

This Information Security course recognises that information security awareness starts at home and then aims to help employees understand the organization’s information and compliance risks, thereby reducing the organization’s liability due to security failures. The course not only familiarises the learners with the basics of information security, including security threats via emails, the Internet and at the workplace, but also introduces the learners to the policies on incident reporting and responses. Having completed the 40-minute course, students can take a 20-question multiple-choice test.

This Information Security Staff Awareness course, which includes an online certificated test, is squarely based on the detailed guidance of ISO27002 and covers the following areas:.

• What has Information Security got to do with you?
• Where does your organisation fit in?
• Definitions: what is Information Security?
• Could this happen to you? (Scenarios and follow up questions).
• Information Security at home – potential weaknesses (Passwords, Phishing, Web 2.0, USB sticks, Sat Nat)
• Information Security at work
• Secure perimeters
• Tailgating
• Clear desk and screen
• Passwords
• Portable media
• Information classification
• Intellectual property
• Security incidents
• Business continuity
• Important documentation, with links to key policies and procedures

For more information on the Information Security Staff Awareness e-Learning Course, click here >>

Take advantage of the new year by creating a new you. If you’re tired of your current job or just want to add something valuable to your CV, then IT Governance can help.

There are a number of different qualifications and certifications out there available to you to better your career if you’re in the IT industry. Whether you’re involved with Information Security, IT Service Management, Project Governance, Data Protection or IT Governance there are various courses and certifications you can take to get yourself that step higher up the ladder.

Adding certifications and qualification to your CV/profile will increase your job prospects immensely. Ranging from individual to company certifications, you will be sure to find something that is applicable to you. 

View our training page to see what courses are on offer to you and what they can do for you.

New year, New You: Take one of our training courses that bests suits you, and improve your career prospects >>

The Internet security passwords at global intelligence company, Stratfor, were ‘too weak’ claims researchers at Utah Valley University.

Stratfor (aka Stategic Forecasting) was hacked shortly before Christmas by well-known cyber gang, Anonymous. The firewall systems were broken into and subscribers of Strafor’s details data was posted online for all to see. What makes this case so unique, is that Stratfor provides analysis of data security issues, holding sensitive data regarding the online security industry.

Utah Valley University analysed the stolen data, only to find that security measures such as username and passwords were not secure enough to ward off hackers. Subscribers to Strafor were put at risk as details of their accounts and card numbers were published by Anonymous.

IT director and professor for Utah Valley University, Kevin Young, said that Stratfor “should have known better” in order to protect themselves against such a thing happening.

So if a data security company can’t use strong passwords, then what hope does this leave for the rest of us? 

Make sure you and the rest of your staff use strong passwords to protect your confidential data. Take the ITG E-Learning Course: Information Security & ISO27001 Staff Awareness. The contents of this course covers these key points:

• What has Information Security got to do with you?
• Where does your organisation fit in?
• Definitions: what is Information Security?
• Could this happen to you? (Scenarios and follow up questions).
• Information Security at work
• Clear desk and screen
• Passwords
• Information classification
• Intellectual property
• Security incidents
• Business continuity
• Important documentation, with links to key policies and procedures
• Information Security & ISO27001 Staff Awareness – Online Test & Certificate

Make sure you and your staff are aware of information security and alert to the threats it brings.

Take this e-Learning course today >>>