it governance publishing gb (353 risultati)

Paperback. Condizione: New. Effective time-management techniques to revolutionise the way you work! Do you struggle to get everything done in the time you have available? Are you deluged with interruptions to your work flow? Do you find it difficult to prioritise your tasks and wish you were more organised? Today's working environment moves at a very fast pace and, at times, it can be difficult to keep up. Expectations are high, and there are so many things competing for our attention. On top of the workload, we're interrupted by the phone ringing, e-mails landing in the inbox, people dropping in the office and, before we know it, the day has passed and we've only achieved half of what we intended to do. If any of this sounds familiar, then this book is for you! Essential Time Management and Organisation will help you transform the way you work and regain control of your working day. This clear and concise guide offers tried and tested techniques for organising your time and achieving your goals.

Paperback. Condizione: New. Fifth. An ideal introduction and a quick reference to PCI DSS version 3.2All businesses that accept payment cards are prey for hackers and criminal gangs trying to steal financial information and commit identity fraud. The PCI DSS (Payment Card Industry Data Security Standard) exists to ensure that businesses process credit and debit card orders in a way that effectively protects cardholder data.All organisations that accept, store, transmit or process cardholder data must comply with the Standard; failure to do so can have serious consequences for their ability to process card payments. Product overviewCo-written by a PCI QSA (Qualified Security Assessor) and updated to cover PCI DSS version 3.2, this handy pocket guide provides all the information you need to consider as you approach the PCI DSS. It is also an ideal training resource for anyone in your organisation involved with payment card processing. Coverage includes:An overview of PCI DSS v3.2.A PCI self-assessment questionnaire (SAQ).Procedures and qualifications.An overview of the Payment Application Data Security Standard (PA-DSS). ContentsWhat is the Payment Card Industry Data Security Standard (PCI DSS)?What is the scope of the PCI DSS?Compliance and compliance programmesConsequences of a breachHow do you comply with the requirements of the Standard?Maintaining compliancePCI DSS - The StandardAspects of PCI DSS complianceThe PCI self-assessment questionnaireProcedures and qualificationsThe PCI DSS and ISO/IEC 27001The Payment Application Data Security Standard (PA-DSS)PIN transaction security (PTS) About the authorsAlan Calder is the founder and executive chairman of IT Governance Ltd, an information, advice and consultancy firm that helps company boards tackle IT governance, risk management, compliance and information security issues. He has many years of senior management experience in the private and public sectors.Geraint Williams is a knowledgeable and experienced senior information security consultant and PCI QSA, with a strong technical background and experience of the PCI DSS and security testing. He leads the IT Governance CISSP Accelerated Training Programme, as well as the PCI Foundation and Implementer training courses. He has broad technical knowledge of security and IT infrastructure, including high performance computing and Cloud computing. His certifications include CISSP, PCI QSA, CREST Registered Tester, CEH and CHFI.Buy today, in any format. We'll send you a download link right away, or dispatch today for fast delivery to your selected destination.

Paperback. Condizione: New. European. A concise introduction to the EU GDPRThe EU General Data Protection Regulation (GDPR) will unify data protection and simplify the use of personal data across the EU, and automatically supersede member states domestic data protection laws.It will also apply to every organisation in the world that processes personal information of EU residents.The Regulation introduces a number of key changes for all organisations that process EU residents' personal data.EU GDPR: A Pocket Guide provides an essentiall introduction to this new data protection law, explaining the Regulation and setting out the compliance obligations for EU organisations. Product overviewEU GDPR - A Pocket Guide sets out:A brief history of data protection and national data protection laws in the EU (such as the German BDSG, French LIL and UK DPA).The terms and definitions used in the GDPR, including explanations.The key requirements of the GDPR, including:Which fines apply to which Articles;The six principles that should be applied to any collection and processing of personal data;The Regulation's applicability;Data subjects' rights;Data protection impact assessments (DPIAs);The role of the data protection officer (DPO) and whether you need one;Data breaches, and the notification of supervisory authorities and data subjects;Obligations for international data transfers.How to comply with the Regulation, including:Understanding your data, and where and how it is used (e.g. Cloud suppliers, physical records);The documentation you need to maintain (such as statements of the information you collect and process, records of data subject consent, processes for protecting personal data);The "appropriate technical and organisational measures" you need to take to ensure your compliance with the Regulation.A full index of the Regulation, enabling you to find relevant Articles quickly and easily. About the authorAlan Calder, the founder and executive chairman of IT Governance Ltd, is an internationally acknowledged cyber security expert, and a leading author on information security and IT governance issues. He co-wrote the definitive compliance guide IT Governance: An International Guide to Data Security and ISO27001/ISO27002, which is the basis for the Open University's postgraduate course on information security, and has been involved in the development of a wide range of information security management training courses that have been accredited by the International Board for IT Governance Qualifications (IBITGQ). Alan has consulted on data security for numerous clients in the UK and abroad, and is a regular media commentator and speaker.Quickly understand your organisation's new obligations under the EU GDPR, and learn the essential compliance steps needed to avoid costly fines.

Paperback. Condizione: New. An official ITIL® Licensed product, ITIL® Foundation Essentials is a distillation of critical information - no waffle or padding - just exactly what you need to understand how to pass the ITIL Foundation exam. Written for self-study candidates, ITIL community training delegates, itSMF/BCS members and V2 Foundation Certificate holders, who have yet to take an upgraded exam, this pocket guide is fully aligned with the ITIL 2011 core volumes.Project managers, who are looking to expand their qualifications, and IT contractors or consultants, who don't want to take time out from their day jobs to attend a course, will also find this pocket guide an essential companion to their studies and education.

Paperback. Condizione: New. How would your organisation continue operating in the event of a crisis?If you were hit by a cyber attack and lost the use of your IT systems, would you be able to carry on? If your business premises were forced to close, what would you do? If you were affected by unexpected staff absence, how could you reassure your customers that you could still offer them the service they expected?If your organisation is affected by any of these issues and you're unprepared, then the financial and reputational damage you face could prove disastrous. You could fail to keep up with customer demand, lose important business, and your customers could go elsewhere. Without a proper risk assessment strategy, your company directors could even face prosecution if a major incident occurs and results in loss or injury.An introduction to ISO22301To minimise the impact of a disaster on your business, and to continue to provide essential services to your customers, you need to put in place a Business Continuity Management System (BCMS).ISO22301: A Pocket Guide is designed to help you satisfy the requirements of ISO22301, the latest international Standard for business continuity management (BCM). A BCMS based on ISO22301 will protect your organisation's turnover, profits and reputation. With the expert advice contained in this guide, you can ensure your organisation develops a business continuity plan that is fit for purpose, and ensure your continuing service when disaster strikes.Learn how to build your Business Continuity Management System (BCMS)Plan and manage a BCMS. If you are going to have a proper BCMS you will need to make business continuity a formal project. This pocket guide gives you valuable tips on how to draw up the BCM policy and establish the BCMS project, along with basic guidance on conducting a business impact analysis.Secure your licence to operate. Organisations such as law firms now have to put in place a BCMS in order to obtain a licence to operate.Retain your competitive edge. Organisations are beginning to seek formal assurance that their suppliers will be able to continue supplying them in the event of an interruptive incident. If you are a supplier, having a BCMS certified to ISO22301 represents a significant competitive advantage.Satisfy corporate governance concerns. A well-run company will have a strong corporate governance framework. Business continuity planning is a basic requirement of corporate governance.Expert ISO22301 guidance.

Paperback. Condizione: New. This pocket guide helps those who may be lacking in specialist knowledge achieve compliance with the ISO14001 Standard for Environmental Management. The authors, two experienced auditors, are acknowledged experts in the area and have drawn on material from the UK's Environment Agency. The pocket guide will prove invaluable, not only for auditors and trainers, but also for managers across many sectors of industry.

Paperback. Condizione: New. A wide range of industry sectors will outsource service provision (for example, banking, pharmaceuticals, and insurance companies). This can happen where an organisation outsources its IT payroll needs, its helpdesk and IT maintenance requirements, its payment processing, or its whole IT function.The key riskThe key risk for an organisation that enters into an outsourcing transaction, are that the services that it receives from the supplier will be worse than the services they were receiving before, or that the cost savings that were anticipated or promised, are not achieved.The SLATo try and avoid this scenario, the outsourcing contract should include a Service Level Agreement (SLA). The SLA must be drafted to govern the standard of service that you require, including the cost of those services and the consequences of not achieving pre-agreed standards.The wider environmentWhile Service Level Agreements are a key method, within ITIL, for setting out how two parties have agreed that a specific service (usually, but not necessarily, IT-related) will be delivered by one to the other, and the standards or levels to which it will be delivered, the basic concept is now far more widely applied than just in ITIL® and ITSM environments.This pocket guide provides information and guidance on SLAs to those in the wider environment, from a legal and practical view point.The benefits and the pitfallsIdentifying some of the benefits and the pitfalls that an organisation can encounter when negotiating and drafting SLAs, this pocket guide provides an overview of SLAs, highlighting typical scenarios that can arise, and provides information on typical solutions that have been adopted by other organisations.By reading this a short, legal and practical guide to SLAs, you should be able to quickly come up to speed with some of the legal and practical issues that might arise. Negotiating the SLA and putting the SLA into action are also discussed in the pocket guide. Whilst short and easy to digest, case references and weblinks have been provided in the text so readers can find out more information about SLAs.

Paperback. Condizione: New. Second edition. This concise guide is essential reading for EU organisations wanting an easy to follow overview of the new regulation and the compliance obligations for handling data of EU citizens.The EU General Data Protection Regulation (GDPR) will unify data protection and simplify the use of personal data across the EU, and automatically supersedes member states domestic data protection laws.It will also apply to every organisation in the world that processes personal information of EU residents.The Regulation introduces a number of key changes for all organisations that process EU residents' personal data.EU GDPR: A Pocket Guide provides an essential introduction to this new data protection law, explaining the Regulation and setting out the compliance obligations for EU organisations.This second edition has been updated with improved guidance around related laws such as the NIS Directive and the future ePrivacy Regulation.EU GDPR - A Pocket Guide sets out:A brief history of data protection and national data protection laws in the EU (such as the German BDSG, French LIL and UK DPA).The terms and definitions used in the GDPR, including explanations.The key requirements of the GDPR, including: Which fines apply to which Articles;The six principles that should be applied to any collection and processing of personal data;The Regulation's applicability;Data subjects' rights;Data protection impact assessments (DPIAs);The role of the data protection officer (DPO) and whether you need one;Data breaches, and the notification of supervisory authorities and data subjects;Obligations for international data transfers.How to comply with the Regulation, including: Understanding your data, and where and how it is used (e.g. Cloud suppliers, physical records);The documentation you need to maintain (such as statements of the information you collect and process, records of data subject consent, processes for protecting personal data);The "appropriate technical and organisational measures" you need to take to ensure your compliance with the Regulation.A full index of the Regulation, enabling you to find relevant Articles quickly and easily.Buy your copy today.

Paperback. Condizione: New. IT Outsourcing A wide range of industry sectors need IT, and many organisations choose to outsource this (for example, banking, pharmaceuticals, travel and insurance companies). Outsourcing exists in many guises; IT payroll, helpdesk and IT maintenance requirements or the whole IT function. This book identifies some of the benefits and the pitfalls that an organisation may encounter when outsourcing its IT. IT Outsourcing Contracts: A legal and practical guide will provide readers with: * An overview of IT outsourcing, including advantages and disadvantages * Details of what needs to be considered when choosing whether or not to outsource IT * Typical scenarios that can arise when outsourcing IT and information on typical solutions that have been adopted by other organisations * An overview of the IT outsourcing process and useful information about the lifecycle from choosing a supplier, through to termination * An understanding of legal and practical issues that might arise in an IT outsourcing contract. The benefits for your organisation IT outsourcing can provide many benefits for your organisation, including cost savings and improved services.It can thus enable your organisation to operate more efficiently, and potentially make more profit. This book details the issues you need to take into consideration and the steps you need to follow in order to achieve these benefits.

Paperback. Condizione: New. An expert introductionMore than 85% of businesses now take advantage of Cloud computing, but Cloud computing does not sit easily with the DPA. Data Protection and the Cloud addresses that issue, providing an expert introduction to the legal and practical data protection risks involved in using Cloud services. Data Protection and the Cloud highlights the risks an organisation's use of the Cloud might generate, and offers the kind of remedial measures that might be taken to mitigate those risks.Topics covered include: Protecting the confidentiality, integrity and accessibility of personal dataData protection responsibilitiesThe data controller/data processor relationshipHow to choose Cloud providersCloud security - including two-factor authentication, data classification and segmentationThe increased vulnerability of data in transitThe problem of BYOD (bring your own device)Data transfer abroad, US Safe Harbor and EU legislationRelevant legislation, frameworks and guidance, including: the EU General Data Protection RegulationCloud computing standardsthe international information security standard, ISO 27001the UK Government's Cyber Essentials scheme and security frameworkCESG's Cloud security management principlesguidance from the Information Commissioner's Office and the Open Web Application Security Project (OWASP)  Mitigate the security risks Mitigating security risks requires a range of combined measures to be used to provide end-to-end security. Moving to the Cloud does not solve security problems, it just adds another element that must be addressed. Data Protection and the Cloud provides information on how to do so while meeting the DPA's eight principles.

Paperback. Condizione: New. Make your organisation's email secureYour business relies on e-mail for its everyday dealings with partners, suppliers and customers. While e-mail is an invaluable form of communication, it also represents a potential threat to your information security. E-mail could become the means for criminals to install a virus or malicious software on your computer system and fraudsters will try to use e-mails to obtain sensitive information through phishing scams.Safeguard email securityIf you want to safeguard your company's ability to function, it is essential to have an effective e-mail security policy in place, and to ensure your staff understand the risks associated with e-mail.Email security best practiceThis pocket guide will help businesses to address the most important issues. Its comprehensive approach covers both the technical and the managerial aspects of the subject, offering valuable insights for IT professionals, managers and executives, as well as for individual users of e-mail.Overcome email security threatsThe pocket guide covers the various types of threat to which e-mail may expose your organisation, and offers advice on how to counter social engineering by raising staff awareness.Choose the most secure email clientThe client is the computer programme that manages the user's e-mail. Malicious e-mails often operate through attachment files that infect computer systems with malware when downloaded. This pocket guide explains how you can enhance your information security by configuring the e-mail client to block attachments or to limit their size.Protect your company's informationWhat kind of information should you include in an e-mail? How do you know that the e-mail will not be intercepted by a third party after you have sent it? This guide looks at countermeasures you can take to ensure that your e-mails only reach the intended recipient, and how to preserve confidentiality through the use of encryption.Protect your company's reputation Crude jokes, obscene language or sexist remarks will have an adverse effect on your organisation's reputation when they are found in e-mails sent out by your employees from their work account. This pocket guide offers advice on how to create an acceptable use policy to ensure that employee use of e-mail in the workplace does not end up embarrassing your organisation.The pocket guide provides a concise reference to the main security issues affecting those that deploy and use e-mail to support their organisations, considering e-mail in terms of its significance in a business context, and focusing upon why effective security policy and safeguards are crucial in ensuring the viability of business operations.

Paperback. Condizione: New. The primary purpose of computer forensics is to enable organisations to pinpoint where the malware has infected their computer systems and which files have been infected, so that they can close the vulnerability. More and more organisations have realised that they need to acquire a forensic capability to ensure they are ready to cope with an information security incident. This pocket guide illustrates the technical complexities involved in computer forensics, and shows managers what makes the discipline relevant to their organisation. For technical staff, the book offers an invaluable insight into the key processes and procedures that are required.

Paperback. Condizione: New. This guide looks at the human challenges associated with information security.It assesses the consequences of failing to meet them and - most importantly - looks at the steps organisations can take to make themselves and their information more secure.

Paperback. Condizione: New. This pocket guide is a handy reference to the key information on ISO/IEC 20000. It features an overview of the purpose of the standard and shows how to use it. It explains qualification programmes, certification schemes and the interrelationship of ISO20000 with other standards, such as ISO27001. The overall emphasis of the guide is on ISO20000's customer-driven approach to ensure your IT service management processes align with the needs of your business.

Paperback. Condizione: New. One ed. Formally founded in 2017, the EU Data Protection Code of Conduct for Cloud Service Providers (otherwise known as the EU Cloud Code of Conduct; the Code) is a voluntary code of conduct created specifically to support GDPR compliance within the B2B (business-to-business) Cloud industry. The EU Commission, the Article 29 Working Party (now the EDPB (European Data Protection Board)), the EU Directorate-General for Justice and Consumers, and Cloud-industry leaders have all contributed to its development, resulting in a robust framework that recognises the unique requirements of the Cloud industry.Cloud providers must ensure that their services - which by design involve accessing and transferring data across the Internet, exposing it to far greater risk than data stored and processed within an organisation's internal network - meet or exceed the GDPR's requirements in order to provide the security and privacy that the market expects. Organisations can achieve this via compliance with the EU Cloud Code of Conduct.The Code has already been adopted by major Cloud service organisations, including:MicrosoftOracleSalesforceIBMGoogle CloudDropboxAlibaba CloudPublic and business focus on information security and data protection continues to increase in the face of a constantly changing threat landscape and ever more stringent regulation, and compliance with initiatives such as the EU Cloud Code of Conduct demonstrates to current and potential customers that your organisation is taking data privacy seriously. It also strengthens your organisation's approach to information security management, and defences against data breaches.   The EU Data Protection Code of Conduct for Cloud Service Providers provides guidance on how to implement the Code. It explores the Code's objectives, and how compliance can be achieved with or without an ISMS (information security management system).Begin your journey to EU Cloud Code of Conduct implementation with our compliance guide - buy this book today! About the authorAlan Calder founded IT Governance Ltd in 2002 and began working full time for the organisation in 2007. He is Group CEO of GRC International Group PLC, the AIM-listed company that owns IT Governance Ltd. Alan has held a number of roles, including CEO of Business Link London City Partners (a government agency focused on helping growing businesses to develop) from 1995 to 1998, CEO of Focus Central London (a training and enterprise council) from 1998 to 2001, and CEO of Wide Learning (a supplier of e-learning) from 2001 to 2003 and the Outsourced Training Company (2005). He was also chairman of CEME (a public-private-sector skills partnership) from 2006 to 2011.Alan is an acknowledged international cyber security guru and a leading author on information security and IT governance issues. He has been involved in the development of a wide range of information security management training courses that have been accredited by IBITGQ (International Board for IT Governance.

Paperback. Condizione: New. The United States DoD (Department of Defense) is one of the largest employers in the world, with about 2.87 million employees. It spends more than a year among more than 350,000 contractors and subcontractors throughout its supply chain.Information in the DoD network is shared digitally across the contractor and subcontractor supply chain, offering an irresistible target for nation-states and cyber criminals.Protecting the DoD supply chainThe CMMC was developed to step up measures for protecting the DoD supply chain. Its objectives are to standardize cybersecurity controls and ensure that effective measures are in place to protect CUI (Controlled Unclassified Information) on contractor systems and networks.All companies doing business with the DoD, including subcontractors, must become certified by an independent third-party commercial certification organization.Your essential guide to understanding the CMMCTo help you get to grips with the CMMC, this essential pocket guide covers:What the CMMC is and why it has been introducedWho needs to comply with the CMMCThe implementation processThe road to certificationCMMC implications for firms doing business with the US governmentSuitable for senior management and the C-suite, general or legal counsel, IT executives, IT organizations, and IT and security students, this pocket guide will give you a solid introduction to the CMMC and its requirements.About the authorWilliam Gamble is an international cybersecurity and privacy compliance expert. He is one of the few lawyers to hold advanced cybersecurity professional qualifications, and has an in-depth understanding of the design, management, and deployment of technology within the ISO 27001 framework. With more than 30 years' experience of international regulatory practice in the U.S., EU, China, and other countries, William has had hundreds of articles published globally, written three books, and appeared on numerous radio and television programs around the world.William is a member of the Florida Bar and several federal courts. His qualifications include Juris Doctor (JD), Master of Laws?(LLM), CompTIA® A+, Network+, Security+, CASP (Advanced Security Practitioner), ISO 27001 Lead Auditor and Lead Implementer, and GDPR Practitioner (GDPR P).

Paperback. Condizione: New. Shows you the innovative IT governance model developed by the largest consulting firm in the worldThis pocket guide provides you with an insider's detailed description of Accenture's IT governance policy and details its governance structure. It will show how effective IT governance links IT strategy and IT decisions to Accenture's business strategy and business priorities.Following the best practices approach set out in this pocket guide will serve as an excellent starting point for any organisation with ambitions to achieve high performance.Benefits to business include:Boost productivity How hard do you work in other areas of your business to cut costs and improve efficiency? In testing economic times, is the absence of a clear strategy for your business's IT governance still a realistic option? Learning from Accenture's proven approach will enable you to increase your organisation's competitiveness over the longer term.Coordinate your operations To ensure effective decision-making and align your IT function with your broader business goals, you need to make the structure of your IT governance fit your overall corporate governance structure. That way, you can make your IT work for your business.Manage change effectively IT is crucial for realising the changes you want your business to make. For this reason, you cannot afford to have these changes treated merely as IT projects that have been foisted on the company by the IT department. By bringing top management on board, and giving business leaders a formal role in the IT governance of your organisation, you will make the success of any project with an IT component much more likely.  Keep a grip on budgets The costs of IT projects are notoriously prone to overrun, while some IT development programmes have promised more than they ever delivered. The Accenture way of doing business is different. Following the Accenture approach means ensuring that your IT investment is backed by a solid business case, and measuring the return on investment following project completion.High performanceChief executives now put high performance IT among their top strategic objectives. So, if you are looking to improve IT governance in your own organisation, finding out what Robert E. Kress has to say is as good a starting point as any.This book will show you his company's best practice approach to the subject. Whatever business you are in, there is nearly always a clear link between the performance of your IT function and your company's overall results.

Paperback. Condizione: New. This pocket guide is a primer for any DSPs (digital service providers) that needs to comply with the NIS Regulations, and explores who they are, and why the NIS Regulations are different for them.An introduction to the new NIS Regulations 2018 that bring the EU's NIS Directive and Implementing Regulation into UK law.  This guide outlines the key requirements, details exactly which digital service providers are within scope, and explains how the security objectives from ENISA's Technical Guidelines and international standards can help DSPs achieve compliance.This guide will help you:Clarify how to identify if you are within the scope of the NIS RegulationsGain an insight into the NIS DirectiveUnravel the key definitions, authorities and points of contactUnderstand the benefits of a good cyber resilience planYour essential guide to understanding the NIS Regulations - buy this book today and get the help and guidance you need.

Paperback. Condizione: New. SummaryExplains in easy-to-understand terms what executives and senior managers need to know and do about the ever-changing cyber threat landscape.Gives strategic, business-focused guidance and advice relevant to C-suite executives.Provides an effective and efficient framework for managing cyber governance, risk and compliance.Explains what is required to implement an effective cyber security strategy.DescriptionWith high-profile cyber attacks, data breaches and fines for GDPR (General Data Protection Regulation) non-compliance hitting the headlines daily, businesses must protect themselves and their reputations, while reassuring stakeholders they take cyber security seriously.Cyber attacks are becoming more sophisticated and prevalent, and the cost of data breaches is soaring. In addition, new regulations and reporting requirements make cyber security a critical business issue.Board members and senior management must understand the threat landscape and the strategies they can employ to establish, implement and maintain effective cyber resilience throughout their organisation.How Cyber Security Can Protect your Business - A guide for all stakeholders provides an effective and efficient framework for managing cyber governance, risk and compliance, which organisations can adapt to meet their own risk appetite and synchronise with their people, processes and technology. It explains what is meant by governance, risk and compliance, how it applies to cyber security and what is required to implement an effective cyber security strategy.The pocket guide:Gives readers a greater understanding of cyber governance, risk and compliance;Explains what executives, senior managers and their advisors need to know and do about the ever-changing cyber threat landscape;Provides context as to why stakeholders need to be aware of and in control of their organisation's cyber risk management and cyber incident response;Gives guidance on building an appropriate and efficient governance framework that enables organisations to demonstrate their cyber approach in a non-technical, strategic, business-focused way;Details an overview process to enable risk assessment, assess existing defence mitigations and provide a framework for developing suitable controls; andIncludes a checklist to help readers focus on their higher-priority cyber areas.Suitable for all managers and executives, this pocket guide will be of interest to non-cyber specialists, including non-executive directors, who may be required to review cyber arrangements. For cyber specialists, it provides an approach for explaining cyber issues in non-jargonistic, business-based language.Kick-start your journey to becoming cyber secure - buy this pocket guide today!

Paperback. Condizione: New. Written from personal experience of managing many successful projects over 15 years, Project Governance: The Essentials offers real, workable solutions in bite-size pieces. For small companies and large, whatever your experience, you will discover many keys to gain the best return on your investment.

Paperback. Condizione: New. A clear, concise primer on the GDPRThe GDPR aims to unify data protection and ease the flow of personal data across the EU. It applies to every organisation in the world that handles EU residents' personal data.While the GDPR is not law in countries outside the EU, it is effectively part of the legislative environment for organisations that do business with the EU. This is enforced through a combination of international trade law and business pressure - after all, a partner in the EU is unlikely to want to risk engaging with a company in the US, Australia or Singapore (or anywhere else) that will put them at risk.EU GDPR - An international guide to compliance is the ideal resource for anyone wanting a clear primer on the principles of data protection and their obligations under the GDPR.A concise pocket guide, it will help you understand:The terms and definitions used in the GDPR, including explanations;The key requirements of the GDPR, including:Which fines apply to which Articles;The principles that should be applied to any collection and processing of personal data;The Regulation's applicability;Data subjects' rights;Data protection impact assessments;The data protection officer role and whether you need one;Data breaches, and notifying supervisory authorities and data subjects; andObligations for international data transfers.How to comply with the Regulation, including:Understanding your data, and where and how it is used (e.g. Cloud suppliers, physical records);The documentation you must maintain (such as statements of the information you collect and process, records of data subject consent, processes for protecting personal data); andThe "appropriate technical and organisational measures" you need to take to ensure compliance with the Regulation.A full index of the Regulation, enabling you to find relevant Articles quickly and easily.Supplemental material While most of the EU GDPR's requirements are broadly unchanged in the UK GDPR, the context is quite different and will have knock-on effects.?You may need to update contracts regarding EU-UK data transfers, incorporate standard contractual clauses into existing agreements, and update your policies, processes and procedural documentation as a result of these changes.  We have published a supplement that sets out specific extra or amended information for this pocket guide. Click here to download the supplement. About the authorAlan Calder is the Group CEO of GRC?International Group?plc, the AIM-listed company that owns IT Governance?Ltd. He is an internationally acknowledged cyber security expert, and a leading author on information security and IT governance issues. He co-wrote the definitive compliance guide IT Governance: An International Guide to Data Security and ISO27001/ISO27002, which is the basis for the Open University's postgraduate course on information security, and has been involved in the development of a wide range of information security management training courses that have.

Paperback. Condizione: New. With a quality management system (QMS) based on ISO 9001 - the world's most established quality framework - you can ensure the quality of the products and services your company provides, thereby enhancing customer satisfaction and increasing profitability. ISO 9001:2015 - A Pocket Guide provides a useful introduction to ISO 9001 and the principles of quality management.

Paperback. Condizione: New. Second. Information technology plays a fundamental role in the operations of any modern business. While the confidentiality and integrity of your organisation's information have to be protected, a business still needs to have this information readily available in order to be able to function from day to day. If you are an information security practitioner, you need to be able to sell complex and often technical solutions to boards and management teams.Persuading the board to invest in information security measures requires sales skills. As an information security professional, you are a scientific and technical specialist; and yet you need to get your message across to people whose primary interests lie elsewhere, in turnover and overall performance. In other words, you need to develop sales and marketing skills.This pocket guide will help you with the essential sales skills that persuade company directors to commit money and resources to your information security initiatives.

Paperback. Condizione: New. Risk management is a primary concern for any organisation. Its significance has only increased since the start of the COVID-19 pandemic. Organisations need to prepare for all types of threats, both probable (a server breaking down) and improbable (the office being flooded), to ensure that their operations can survive and adapt to continue with BAU (business as usual) in the face of a disaster.Yet risk management isn't solely about preventing negative outcomes, it is also about an organisation taking a known risk to uncover new opportunities to improve the organisation. For example, the transition of employees to remote working could risk an organisation's security as an employee could connect their laptop to an unsecure Wi-Fi connection. However, as demonstrated in the pandemic, remote working helped protect employees as the risk of infecting one another with COVID-19 was reduced.Read this pocket guide to understand how:Risk-based management can prepare your organisation for future threats and therefore help the success of a BCP (business continuity plan);To identify whether the opportunities gained from a 'risky' decision can outweigh the perceived threat;The principles of ISO 31000 can help your organisation develop a framework for its approach to risk management;The guidelines of ISO 31000 can be interwoven with controls in other standards such as ISO 27001 and ISO 9001; andThe organisation must continually review its approach to risk management to stay prepared for the latest threats.

Paperback. Condizione: New. An Introduction to IT GovernanceIf you are unsure what IT governance is, or how it is relevant to your business, this pocket guide is for you. It outlines the key drivers for IT governance in the modern global economy, with particular reference to corporate governance requirements and the need for companies to protect their information assets.IT Governance for "Non-geeks"The guide examines the role of IT governance in the management of strategic and operational risk. It also looks at the most important considerations when setting up an IT governance framework, and introduces you to the Calder-Moir IT Governance Framework that the author helped to create. The approach throughout is resolutely non-geek, avoiding technical jargon and with the emphasis on business opportunities and needs.Find out about something that matters for your organisation's survival If you want your business to succeed, you have to make effective use of information technology. Otherwise you will be outpaced by your competitors. This pocket guide is about how to create a framework to ensure that your organisation's IT will support its overall objectives.Understand a crucial aspect of corporate governance Companies are regulated in order to protect the interests of shareholders from fraudulent or reckless activity on the part of the directors. For US-listed companies, compliance with the Sarbanes-Oxley Act (SOX) of 2002 is mandatory. The requirements of SOX and the UK's Combined Code can only be met if you have an effective IT governance framework already in place. Understand a crucial aspect of risk management Those running a company have a responsibility to manage risk. An IT governance framework will help you to stop hackers, fight cybercrime and minimise the disruption to your operations in the event of an accident.Cut costs and boost profits While businesses often need to spend money on upgrades to their computer systems and software, this issue has many pitfalls. This pocket guide shows how IT governance can help you to make better investment decisions. An IT governance framework also enhances your overall competitiveness and thus increases profitability.IT governance can dramatically improve your organisation's competitiveness. Read this pocket guide to find out how.

Paperback. Condizione: New. Cyber Security - Essential principles to secure your organisation takes you through the fundamentals of cyber security, the principles that underpin it, vulnerabilities and threats, and how to defend against attacks.Organisations large and small experience attacks every day, from simple phishing emails to intricate, detailed operations masterminded by criminal gangs, and for every vulnerability fixed, another pops up, ripe for exploitation.Cyber security doesn't have to cost vast amounts of money or take a short ice age to implement. No matter the size of your organisation, improving cyber security helps protect your data and that of your clients, improving business relations and opening the door to new opportunities.This pocket guide will take you through the essentials of cyber security - the principles that underpin it, vulnerabilities and threats and the attackers who use them, and how to defend against them - so you can confidently develop a cyber security programme.Cyber Security - Essential principles to secure your organisation:Covers the key differences between cyber and information security;Explains how cyber security is increasingly mandatory and how this ties into data protection, e.g. the Data Protection Act 2018 and the GDPR (General Data Protection Regulation);Focuses on the nature of the problem, looking at technical, physical and human threats and vulnerabilities;Explores the importance of security by design;Gives guidance on why security should be balanced and centralised; andIntroduces the concept of using standards and frameworks to manage cyber security.No matter the size of your organisation, cyber security is no longer optional - it is an essential component of business success and a critical defence against the risks of the information age. The only questions left are to decide when and where your journey will begin.Start that journey now - buy this book today!

Paperback. Condizione: New. A handy pocket guide to service integration and management (SIAM)IT outsourcing is the use of third-party resources to provide facilities and perform functions/services historically performed by internal IT personnel.Historically, IT organisations have outsourced their service provision to a single managed service provider.In today's competitive marketplace, however, many are focusing on their core activities and relying on the support of a multi-sourcing model.SIAM/MSI - An introduction to Service Integration and Management/Multi-sourcing Integration for IT Service Management explores the various characteristics of this IT operating model.Product overviewIn order for multi-sourcing to be successful, organisations must be capable of integrating their service providers into a single, cohesive unit.SIAM/MSI - An introduction to Service Integration and Management/Multi-sourcing Integration for IT Service Management explains:the merits of a multi-sourced approach to outsourcing service towersthe benefits of multi-sourcing contracts with service providers for specified towershow to align multi-sourced servicesthe challenges of using a multi-sourced modelhow to determine the IT operating model (with reference to the international standards ISO 38500, ISO 38501 and ISO 38502)the different types of service integration models (ISI, ESI and ETSI), and the benefits and challenges of eachaggregating service-level performancea multi-sourcing RFP approach, taking into account structural, operational and governance requirements.If you're thinking of moving from a single-source to a multi-source outsourcing model, SIAM/MSI - An introduction to Service Integration and Management/Multi-sourcing Integration for IT Service Management provides the answers to all of your questions.Buy now for a handy pocket guide to SIAM. Order your copy today.About the authorDavid Clifford is a director of Pace Harmon, an international advisory firm headquartered in the USA. He has contributed to a number of publications about IT service management, writing about ITIL®, service agreements and international standards. He also initiated, and contributed to the development and assisted with the promotion of EXIN's IT Service Management qualification program based on ISO/IEC 20000. He is currently Chair of the BSi committee on IT governance (ISO/IEC 38500) and contributes to the development of the IT service management standard ISO/IEC 20000 and BPO for IT enabled services (ISO/IEC 30105).

Paperback. Condizione: New. Information is one of your organisation's most important resources. Keeping that information secure is therefore vital to your business. This handy pocket guide is an essential overview of two key information security standards that cover the formal requirements (ISO27001:2013) for creating an Information Security Management System (ISMS), and the best-practice recommendations (ISO27002:2013) for those responsible for initiating, implementing or maintaining it.

Paperback. Condizione: New. Second. With a view to helping managers ask the right questions, Data Protection and the Cloud explains how you can effectively manage the risks associated with the Cloud and meet regulatory requirements. This book discusses:The controller-processor relationship and what you should pay attention to;How to mitigate security risks in the Cloud to comply with Article 32 of the EU GDPR (General Data Protection Regulation);How to comply with Chapter V of the GDPR when transferring data to third countries; andThe implications of the NIS Directive (Directive on security of network and information systems) for Cloud providers.One of the most dramatic recent developments in computing has been the rapid adoption of Cloud applications. According to the 2018 Bitglass Cloud Adoption Report, more than 81% of organisations have now adopted the Cloud in some form, compared with only 24% in 2014. And there are no signs that this is slowing down.The GDPR was enforced on 25 May 2018, superseding the 1995 Data Protection Directive and all local implementations. Bringing data protection into the 21st century, the Regulation expands the rights of individuals, but also introduces new, stricter requirements for organisations. This pocket guide discusses the GDPR requirements relating to Cloud sourcing and the risks involved.With a view to helping managers ask the right questions, Data Protection and the Cloud explains how you can effectively manage the risks associated with the Cloud and meet regulatory requirements. This book discusses:The controller-processor relationship and what you should pay attention to;How to mitigate security risks in the Cloud to comply with Article 32 of the EU GDPR (General Data Protection Regulation);How to comply with Chapter V of the GDPR when transferring data to third countries; andThe implications of the NIS Directive (Directive on security of network and information systems) for Cloud providers.One of the most dramatic recent developments in computing has been the rapid adoption of Cloud applications. According to the 2018 Bitglass Cloud Adoption Report, more than 81% of organisations have now adopted the Cloud in some form, compared with only 24% in 2014. And there are no signs that this is slowing down.The GDPR was enforced on 25 May 2018, superseding the 1995 Data Protection Directive and all local implementations. Bringing data protection into the 21st century, the Regulation expands the rights of individuals, but also introduces new, stricter requirements for organisations. This pocket guide discusses the GDPR requirements relating to Cloud sourcing and the risks involved.Supplemental material While most of the EU GDPR's requirements are broadly unchanged in the UK GDPR, the context is quite different and will have knock-on effects.?You may need to update contracts regarding EU-UK data transfers, incorporate standard contractual clauses into existing agreements, and update your policies, processes and procedural documentation as a result.

Paperback. Condizione: New. Reduce energy costs and combat climate change with ISO 50001ISO 50001:2018, the international standard for energy management, provides a framework for organisations - both large and small - to manage and reduce their energy usage and associated costs. Implementing an effective EnMS (energy management system) that complies with ISO 50001 ensures that an organisation can:Meet legal and contractual energy compliance requirements;Save money by managing energy more efficiently;Reduce its carbon footprint;Increase energy security; andDemonstrate a commitment to improved energy performance.With energy security concerns rising and climate change an existential threat, consumers are increasingly aware of sustainability issues.ISO 50001 - A strategic guide to establishing an energy management system provides a practical but strategic overview for leadership teams of what an EnMS is and how implementing one can bring added value to an organisation. It:Explains how ISO 50001:2018 (which is based on ISO's Annex SL) differs from the previous version of the Standard;Provides readers with a greater understanding of what energy management is and how taking a risk-based approach can save money and improve brand reputation; andCovers how ISO 50001 can be implemented and how the EnMS can be integrated with other management systems, such as an ISO 14001 EMS (environmental management system).Your strategic guide to energy management and ISO 50001 - buy this book today!