IT Governance Blog on IT governance, risk management, compliance and information security.

Business continuity and disaster recovery planning is a key governance responsibility. The UK Companies Act 2006 gives statutory force to what has long been the worldwide common law duty of directors, which is to exercise due care in relation to their companies. Specifically, directors must “exercise reasonable care, skill and diligence” (s.174).

So, regardless of any impending budget cuts, the board of directors remain accountable for ensuring that the organisation has developed and tested business continuity and disaster recovery plans that deal with all the likely risks that face the organisation.

In the UK, the NHS has determined that BS25999 certification is a key way for NHS entities to demonstrate that they are adequately resilient, and UK local authorities have recognised the BS25999 certification is the best method possible for demonstrating they are meeting their obligations under the Civil Contingencies Act.

Internationally, organisations in both the public and private sector are pursuing BS25999 certification in order to demonstrate to stakeholders and customers that they have adequate business resilience arrangements in place.
(more…)

IT Governance Publishing (ITGP), the specialist publishing arm of information security experts IT Governance, is bringing the principles of Sun Tzu’s classic text, The Art of War, to the fight against cybercrime.

ITGP’s latest book, Assessing Information Security: Strategies, Tactics, Logic and Framework, argues that the art of war, and the art of information security, are more closely aligned than one might expect. Technical skills and procedural knowledge are not enough; these qualities need to be deployed strategically to control the cybercrime battlefield.

The book, written by Dr Andrew Vladimirov, Konstantin Gavrilenko and Andriej Michajlowski, demonstrates that businesses need clear objectives and strategies, just like a military campaign, to implement information security effectively. The book explains, for example, that:
(more…)

We have reduced our prices across 75% of the ITGP range and remain highly competitive on pricing throughout our other ranges including titles from the OGC, such as ITIL, PRINCE2 and MSP.

Our USA website, www.itgovernanceUSA.com, is the one-stop-shop service delivering highly relevant knowledge, tools and advice to help IT leaders adopt best practice.

The ITGP range consists of pocket guides, books and toolkits that have been written by subject matter experts and cover a broad range of topics, at market beating prices, including:
(more…)

Find out more about our range of information security training courses which will help you and your organisation make the most of 2010. Book now and use any remaining funds from the 2009/2010 financial year before your budget is slashed in the next financial year!

• ISO27001 Foundation Course – 1 Day
• ISO27001 ISMS Implementation Masterclass – 3 Days
• Certificated ISO 27001 Internal Auditor Training Course – 2 Days
• ISO27OO1 Certificated Lead Auditor Training Course – 4.5 Days
• PCI DSS Introduction, Implementation & Compliance Masterclass – 1 Day

Our fast-growing training division offers a wide range of IT governance and information security training courses, both public and in-house, as well as a comprehensive range of training courses that lead to accredited certifications.

(more…)

Pre-order today and be the first to get an exclusive insight into the state-of-the-art IT governance model that was developed by the largest consulting firm in the world!

This pocket guide provides you with an insider’s detailed description of Accenture’s IT governance policy and details its governance structure. It will show how effective IT governance links IT strategy and IT decisions to Accenture’s business strategy and business priorities.
(more…)

It’s that time of year again when most public sector organisations and many private sector organisations begin to look at budgets for the next financial year. With the country struggling to come out of recession and with big public sector cut backs on the horizon, it is vital that every pound spent can be justified, accounted for and not wasted. Whist tight financial controls are inevitable, given the state of the economy, it is essential that funds are available for projects that will help organisations to survive and prosper though the upturn.

Over the next few weeks, as budgets for 2010/2011 are agreed and finalised, it is likely that your budgetary requirements from the previous 12 months will be taken in to consideration. If you have remaining funds from the 2009/2010 financial year and plan to roll over any residual funds into the next financial year, think again. It is highly unlikely that you’ll be rewarded for good financial control, but rather penalised for holding excess cash and, as a result, will see a reduction in next year’s budget.
(more…)

Order the ISO38500 IT Governance Framework Toolkit before midnight on Friday (19 February 2010) and receive a free copy of IT Governance: Implementing Frameworks and Standards for the Corporate Governance of IT!

The IT Governance Framework – Toolkit & Book Special Offer provides you with:

A single integrated framework that enables you to get the best out of: CobiT, ITIL, ISO27001/ISO27002, ISO20000, Prince2, PMBOK, TOGAF, IT Balanced Scorecards, the Zachman Enterprise Architecture, IT Portfolio Management, IT Dashboards and so much more,

• A framework to navigate your wide-ranging and complex strategic, risk management, compliance and operational needs;
• A step-by-step guide to cross-company implementation;
• Templates and assessment tools that will simplify many aspects of the process for you; and
• Practical guidance working with ISO/IEC 38500 and for integrating widely-used IT governance frameworks, including CobiT, ISO27001, ITIL and so on.
• A FREE copy of IT Governance: Implementing Frameworks and Standards for the Corporate Governance of IT when your order before midnight on Friday 19th February 2010!

(more…)

Meet compliance requirements for information security and PCI DSS with the help of our toolkits. There is currently added value offers available which expire at Midnight this Friday 19th February 2010!

Order before Friday and get 5 Pocket Guides FREE!

Purchase this toolkit before Friday and get PCI DSS: A Pocket Guide Free!

(more…)

“Using the templates, was the only way that we could deliver a 1st
edition ISMS in under 6 months. Our deliverable was a work in progress but
miles ahead of where they would have been without the templates.”

Tim Moreton, President, Moreton & Co., airlinetechnology.net.

These Toolkits currently have added value offers which expire on Friday 19th February 2010!

IT Governance Framework – Toolkit Free – Implementing Frameworks & Standards for the Corporate Governance of IT!	BS25999 BCMS Implementation Toolkit Special Offer Free- Disaster Recovery and Business Continuity Book!	Risk Assessment Best Practice Toolkit Free – Risk Assessment for Asset Owners: Pocket Guide!
No 3 ISO27001 Comprehensive ISMS Toolkit Free – 5 Essential Pocket Guides	Complete Data Protection Toolkit Free – Data Breaches Report worth £195!	PCI DSS v1.2 Documentation Compliance Toolkit Free PCI DSS: A Pocket Guide!

All our toolkits are thoughtfully packaged bundles of tools and resources
which help you to achieve your goal in a timely manner and within budget.
Created by subject matter experts who have had successfully
implementations, allow you to follow in their footsteps saving you time,
money and stress.
(more…)

This PCI DSS v1.2 compliance toolkit is specifically designed to help payment card-accepting organizations quickly create all the documentation required to affirmatively answer the requirements of the PCI DSS as set out in the Self Assessment Questionnaire.

The PCI DSS v1.2 Documentation Compliance Toolkit contains a full set of documentation templates for the all mandatory PCI DSS policies, as well as implementation guidance and ISO27001 cross-mapping. These templates are developed out of those contained in our best-selling ISO27001 ISMS Documentation Toolkit and, therefore, are capable of being integrated into an ISO27001 ISMS.

(more…)