IT Governance Blog on IT governance, risk management, compliance and information security.

ISO/IEC 27001:2005 is the best practice specification that helps businesses and organisations throughout the world to develop a best-in-class Information Security Management System. This standard together with the ISO27002 Code of Best Practice recognise that no matter how many security products are implemented, the information in an organisation is not completely secure unless the employees are trained in security awareness policies and procedures.

As clause 8.2.2 of ISO 27002 sets out, it is now imperative that security issues are addressed at the employee level and that a firm foundation is built for an employee to understand the implications of his/her actions and be mindful of these in their daily activities.

How can you ensure that you fully comply with the staff awareness requirements of ISO27001?

Share	ITG e-Learning – Information Security & ISO27001 Staff Awareness Designed to increase employees’ awareness of the ISO27001 requirements and thereby reduce the organisation’s liability due to security failures.

The course not only familiarises learners with the basics of information security, including security threats via emails, the Internet and at the workplace, but also introduces the policies on incident reporting and responses.

e – learning technology is at the core of our commitment to helping you deliver information security awareness induction and training programmes. Developed and hosted by IT Governance, the Information Security & ISO27001 Staff Awareness course offers the following benefits:

• Online learning accessed from staff desks or at home
• Reduced cost with no travel or accommodation overhead
• Minimise time away from core work activities
• 40-minute course with a 20 minute test to assess learning effectiveness
• Can be customised for additional specific technical or commercial needs

Positive, aware and well trained members of staff are a key part of ensuring that you fully comply with the ISO27001 standard AND protect the crucial intellectual assets of your organisation, namely your confidential information, relationships and reputation.

Please order the ITG e-Learning – Information Security & ISO27001 Staff Awareness course today.

If you require a more intensive and trainer-lead approach to fully implementing the ISO27001 standard, we recommend that you consider attending our ISO27001 Certified ISMS Foundation Training Course.

Do you want to effectively use the latest technology developments to help your organisation to do things better, faster and more cheaply? If so, then ITGP has it all covered for you!

With these essential weekend eBooks you can now effectively, and without any hassle, navigate, integrate and deploy to best corporate and commercial advantage the most widely known IT practices.

Plus, with these fantastic eBooks you save money! Hurry, offer ends on Monday 10th!

	Running IT like a Business: Accenture’s Step-by-Step Guide (Pre-order) by Robert E. Kress RRP Price: £29.95 Our Price: £24.95 You save: £5.00 Uncover the secrets of an award-winning IT function and apply them to your business! - buy your eBook today!

More to explore …

IT Governance – Guidelines for Directors by Alan Calder Save £10.00!

Outsourcing IT: A governance guide by Rupert Kendrick Save £10.00!

IT Governance: Implementing Frameworks and Standards for the Corporate Governance of IT by Alan Calder Save £10.00!

Browse our full eBook collection here >>

Looking for a cost-effective route to acheiving compliance? ITGP Toolkits are available with up to £100 off from 5th to 12th October only. Available for immediate download or Free standard shipping!

This Week’s Top Deals:

RRP: £499.00 Price: £399 You Save: £100.00 RRP: £495.00 Price: £395 You Save: £100.00 RRP: £395.00 Price: £295 You Save: £100.00

Immediate Download or Free Shipping …

Social Media Governance RRP: £199.95 Price: £149.95 You Save: £50.00

Sharepoint Govenance RRP: £149.95 Price: £99.95 You Save: £50.00

PCI DSS Compliance RRP: £249.95 Price: £199.95 You Save: £50.00

DPA Compliance RRP: £156.00 Price: £100 You Save: £50.00

DPA with BS10012 RRP: £249.95 Price: £199.95 You Save: £50.00

ITSM, ITIL® & ISO20000 RRP: £495.00 Price: £445 You Save: £50.00

ISO20000 Documentation RRP: £199.00 Price: £149 You Save: £50.00

ISO9001 Quality Management RRP: £199.00 Price: £149 You Save: £50.00

ISO14001 Environmental Management RRP: £199.00 Price: £149 You Save: £50.00

ISO50001 Energy Management RRP: £199.00 Price: £149 You Save: £50.00

EN16001 Energy Management RRP: £199.00 Price: £149 You Save: £50.00

OHSAS 18001 Health and Safety RRP: £199.00 Price: £149 You Save: £50.00

This special offer toolkit will cost effectively accelerate your ISO27001 project and help you to become certification-ready in no time!

	Value Added ISO27001 ISMS Toolkit Offer RRP: £1,931.90 Price: £1,795 Additional Resource Value: £180.90 Total Saving: £316.90

There is a standard approach towards implementation of an ISMS that is recommended by all international certification bodies:

1. Purchase and study the Standards
2. Assemble a team, agree project strategy, ISMS scope and draft an initial corporate information security policy
3. Asset inventory, risk assessment, & develop risk treatment plan
4. Draft statement of Applicability and supporting policies and procedures and get board approval
5. Implement the ISMS, develop incident response procedures and provide training across the organisation
6. Monitor, review, check and audit – ensuring that the ISMS works as planned
7. Identify and implement improvements prior to seeking external certification.

These steps fit within what is known as the Deming, or PDCA (for Plan-Do-Check-Act) cycle, which ISO 27001 requires to be applied in developing an ISMS.

This special offer toolkit contains everything you need to use this standard approach towards implementation of an ISMS and an additional 7 resources to help you kick-start your information security staff awareness project!

Find out more and buy today >>

Take advantage of our September Value Added Offers including the following toolkits and training courses:

	Value Added ISO27001 ISMS Toolkit Offer This special offer toolkit will cost effectively accelerate your ISO27001 project and help you to become certification-ready in no time! Value Added: 7 resources to help you kick-start your information security staff awareness project!

	IT Governance Framework – Toolkit Special Offer Improve IT governance in your organisation for less less than one day of consultant cost and dramatic improvements! Value Added: 4 FREE IT Governance eBooks to help you prepare for success!

	BS25999 BCMS Implementation Toolkit Special Offer Enables a BC manager to quickly and effectively implement a BCMS in line with BS25999. Value Added: FREE eBook enabling you to cope with unplanned absences and a FREE ‘Route to Business Continuity’ book!

	Complete Data Protection Toolkit Provides all the tools and resources you need to carry out your own DPA project and become compliant quickly and cost-effectively. Value Added: Free e-Learning Staff Awareness course!

	vsRisk – ISO 27001 Compliant Information Security Risk Assessment Tool Recession-busting September 2011 offer RRP: £995.00 Price: £795 You Save: £200.00

	Principles of IT Governance Training Course Certificated Foundation Course for all IT – GRC Professionals. RRP: £1,495 Price: £747 You Save: £747 (50%)

	Management System Toolkits Reduced for September!

See all offers now >>

Many of you have already downloaded our ITG Asia information security and ISO 27001 white paper. I hope our expert advice and resources in the paper helped you better understand and tackle your information security project.

Below is the book that, we know, will be of interest for you.

Application Security in the ISO 27001 Environment (Download) demonstrates how to secure software applications within a best practice ISO/IEC 27001 environment and supports implementation of the PCI DSS Payment Application Security Standard.

Application Security in the ISO27001 Environment (Download) is written by Vinod Vasudevan, Anoop Mangla, Firosh Ummer, Sachin Shetty, Sangita Pakala and Siddharth Anbalahan. Together, the authors offer a wealth of expertise in ISO27001 information security, risk management and software application development.

	Application Security in the ISO 27001 Environment (Download) Key features: De-facto standard on application security in the ISO/IEC 27001 environment. Leads the reader step-by-step through all of the phases of how to secure software applications in the context of rolling out of an ISO/IEC 27001 ISMS. Demonstrates how to secure such mainstream applications as the Microsoft Office suite, SAP, Lotus Notes, Adobe applications, SAGE, Skype, and many other software applications. Buy now!

Download it today to know how best practice can help you secure individual applications as part of Information Security Management System.

The holiday season is finally here and there’s no better way to kick-back and relax than with an eBook from ITGP!

Below is a small sample from our range of 80+ titles that are subject focused and easy to read:

See the full range here >>

Above the Clouds: Managing Risk in the World of Cloud Computing £39.95	Managing Information Security Breaches: Studies from real life £29.95	SWANSON on Internal Auditing: Raising the Bar £39.95
Presentation Skills for Technical Professionals £24.95	Breaking the Addiction to Process: An Introduction to Agile Project Management £24.95	Information Security Risk Management for ISO27001/ISO27002 £39.95
Cloud Security and Governance: Who’s on your cloud? £9.95	IT Project Management: 30 steps to success £19.95	Threat 2.0: Security and compliance for Web 2.0 sites £19.95

ITGP sources and creates pocket guides, books, posters and toolkits that fall within the broad range of IT Governance subjects including information risk, compliance, risk management, business continuity, IT service management, and more.

All our books are available in printed and electronic format.

See the full range here >>

We have 7 fantastic toolkit offers available ONLY until the end of June! Buy today to save money or for value add eBooks!

1. No 3 ISO27001 Comprehensive ISMS Toolkit
   10% OFF – Voucher code: junetoolkit
2. BS25999 BCMS Implementation Toolkit
   10% OFF – Voucher code: junetoolkit
3. IT Governance Framework Toolkit
   10% OFF – Voucher code: junetoolkit
4. Complete Data Protection Toolkit and DPA Awareness Posters
   10% OFF – Voucher code: junetoolkit
5. PCI DSS v2.0 Documentation Compliance Toolkit
   Free eBook: PCI DSS: A Practical Guide
6. ITSM and ISO/IEC 20000 Documentation Toolkit
   Free eBook: Implementing Service Quality based on ISO/IEC 20000
7. Social Media Governance Toolkit
   2 Free eBooks: How to use Web2.0 and Threat 2.0

Buy a toolkit today and make the most of these time limited offers!

Many organisations have taken advantage of our May ‘value-add toolkit offers‘, securing the vital tools that will be the difference between success and failure over the next 12 months.

Our May offers are about to expire so you have until the end of the month before the free value added resources are withdrawn!

	No 3 ISO27001 Comprehensive ISMS Toolkit – Claim 7 Free eBooks Today! Buy the No 3 ISO27001 Comprehensive ISMS Toolkitbefore the end of May, we’ll send a further 7 unique resources to help kick-start your information security programme – absolutely free! FREE >> Complete set of FIVE ISO27001 Pocket Guides FREE >> Information Security Risk Management for ISO27001/ISO27002 FREE >> Information Security Awareness Posters Save hundreds of hours of drafting and planning & kick-start your information security project – Buy this toolkit offer today!

	IT Governance Framework Toolkit – benefits and features If you want to get on with improving IT governance in your organisation, and want to spend less than one day of consultant cost for dramatic improvements, then buy this toolkit offer today! FREE >> IT Governance: A Pocket Guide FREE >> IT Governance to Drive High Performance: Lessons from Accenture FREE >> ISO/IEC 38500 The IT governance standard – Pocket Guide FREE >> IT Governance: Implementing Frameworks and Standards for the Corporate Governance of IT Order the ISO38500 IT Governance Framework Toolkit and receive 4 essential guides FREE!

	Complete Data Protection Toolkit – benefits and features Buy this Complete Data Protection Toolkit before the end of May (2011) and we’ll send you our essential best practice report Data breaches: Trends, costs and best practicesabsolutely Free!Since April 2010, the Information Commissioner is expected to impose 25 Monetary Penalty Notices for failure to comply with the DPA, each of up to £500k, per annum. This complete DPA toolkit contains everything you need to do it yourself! Comply with the DPA – Download this essential DPA Compliance Kit Today!

ITGP Toolkits provide a value-for-money resource that will save you time and money and offers a cost effective route to do-it-yourself compliance.

Alternatively, Buy the complete suite of ITGP toolkits in a single transaction and save £1000!

Standards are often misunderstood and misapplied. Too many times I have seen organisations try to address standards as a project which results in a lot of documentation, bound in a folder, only viewed by the auditor and kept away from the business. The key lies in the definition of each one of these management system standards (MSS), which begins:

“That part of the overall organisational management system …”

This indicates that standards are not meant to be delivered as a project in a folder, but embedded in the culture of the business and aligned with the business process and objectives. To be honest, in the best implementations I have seen, the standard seamlessly integrates and updates established business processes. This leads me to think that the best standards are invisible. They have become so embedded in the business process, the staff don’t know they are there.

ISO9001 is the granddaddy of management systems (MS) and therefore a lot of other standards have inherited their terminology and structure from it. It includes 8 quality management principles which all management systems implementers could benefit from understanding.

The 8 quality management principles are:

1. Customer focus
2. Leadership
3. Involvement of people
4. Process approach
5. Systematic approach to management
6. Continual Improvement
7. Factual approach to decision making
8. Mutually beneficial supplier relationships.

By adopting these principles, and understanding the fundamental nature of an MSS as part of the wider business. Thia means that all standards can all be integrated as parts of a single, wider, integrated corporate management system.

Common elements that can be integrated across the standards include:

• management review
• internal audit
• document control
• record control
• corrective action
• preventive actions.

These apply for all management system standards (MSS) such as 9001, 14001, 18001, 20001, 27001, BS 25999-2, etc.

However, each standard has a specific focus, such as:

• 9001 deals with process conformity to ensure quality of products/services
• 27001 deals with protecting confidentiality, availability and integrity of assets
• 25999 deals with business interruption and disaster by safeguarding critical business activities.

So, each standard has common MS elements, but applies the Plan-Do-Check-Act model with a different focus, to form individual requirements specific to the topic. Looking at the standards, it is easy to break each down into the PDCA, focused on its topic and then the common requirements that can be integrated as a wider MS. Though each certainly has its own certification scheme and certificate, they can be implemented and audited as part of a wider corporate MS, leading to cost savings.

The International Standards Committee is further enhancing this integration by enforcing a future “harmonisation” of all MSS when they are reviewed and superseded, aligning their terminology, clauses, numbers and structure, and ensuring that some MSS contain standard areas of text. The future format is due to be based on a 10 point clause list as follows:

1. Scope
2. Normative references
3. Terms and definitions
4. Context of the organisation
5. Leadership
6. Planning
7. Support
8. Operation
9. Performance evaluation
10. Improvement.

Standards are designed to work together as part of a wider governance picture for the organisation. Organisations with ISO9001 will already have elements in place that will make the others easier to achieve.

Using a documentation toolkit from the ITGP Toolkit suite will also help to ensure harmonisation across multiple management systems. They are designed to help small and medium organisations adapt and adopt best management practice in technology governance, risk management and compliance and have been designed to integrate with each other, saving time and money.

	Complete ITGP Toolkit Suite – Buy an individual toolkit, or buy the suite, and save £1000! For the first time ever, all ITGP toolkits are available to purchase as a complete suite! You can buy an individual toolkit for the management system and/or standard you are focused on today, or you can purchase the complete suite and save £1000! We are at the forefront of bringing to market tools, software and publications that are on the cutting-edge of new standards, legislation and government recommendations. Our toolkits have been designed to integrate with each other saving time and money and preventing duplication.Remember, For the first time ever, all ITGP toolkits are available to purchase as a complete suite! Buy today and save £1K!

This complete ITGP Suite contains CD-Rom versions of all the following toolkits:

1. No 3 ISO27001 Comprehensive ISMS Toolkit (CD-Rom/Download)
2. ISO38500 IT Governance Framework Toolkit (CD-Rom)
3. Social Media Governance Toolkit (CD-Rom)
4. SharePoint Governance Toolkit (CD-Rom)
5. BS25999 BCMS Implementation Toolkit (CD-Rom)
6. PCI DSS v2.0 Documentation Compliance Toolkit (CD-Rom)
7. Complete Data Protection Toolkit and Awareness Posters (CD-Rom)
8. ISO9001 QMS Quality Management System Documentation Toolkit (CD-Rom)
9. ISO14001 EMS Environmental Management System Documentation Toolkit (CD-Rom)

EN16001 Energy Management System Documentation Toolkit (CD-Rom)

10. OHSAS 18001 Occupational Health and Safety Toolkit (Download)

Not all toolkits will be relevant for your organisation right now but the chances are, in time, they will be! If you only need one toolkit today and another in three months’ time, that’s fine. Buy whichever toolkit you need now, and then, when you are ready, you can buy the next toolkit and integrate it easily into your existing framework – they are designed to integrate in this way.

Price-conscious organisations will see the benefit of purchasing the entire suite and will save £1000.

Take advantage of this exclusive offer and save £1000 today!