it governance publishing gb (393 risultati)

Paperback. Condizione: New. Effective time-management techniques to revolutionise the way you work! Do you struggle to get everything done in the time you have available? Are you deluged with interruptions to your work flow? Do you find it difficult to prioritise your tasks and wish you were more organised? Today's working environment moves at a very fast pace and, at times, it can be difficult to keep up. Expectations are high, and there are so many things competing for our attention. On top of the workload, we're interrupted by the phone ringing, e-mails landing in the inbox, people dropping in the office and, before we know it, the day has passed and we've only achieved half of what we intended to do. If any of this sounds familiar, then this book is for you! Essential Time Management and Organisation will help you transform the way you work and regain control of your working day. This clear and concise guide offers tried and tested techniques for organising your time and achieving your goals.

Paperback. Condizione: New. An official ITIL® Licensed product, ITIL® Foundation Essentials is a distillation of critical information - no waffle or padding - just exactly what you need to understand how to pass the ITIL Foundation exam. Written for self-study candidates, ITIL community training delegates, itSMF/BCS members and V2 Foundation Certificate holders, who have yet to take an upgraded exam, this pocket guide is fully aligned with the ITIL 2011 core volumes.Project managers, who are looking to expand their qualifications, and IT contractors or consultants, who don't want to take time out from their day jobs to attend a course, will also find this pocket guide an essential companion to their studies and education.

Paperback. Condizione: New. How would your organisation continue operating in the event of a crisis?If you were hit by a cyber attack and lost the use of your IT systems, would you be able to carry on? If your business premises were forced to close, what would you do? If you were affected by unexpected staff absence, how could you reassure your customers that you could still offer them the service they expected?If your organisation is affected by any of these issues and you're unprepared, then the financial and reputational damage you face could prove disastrous. You could fail to keep up with customer demand, lose important business, and your customers could go elsewhere. Without a proper risk assessment strategy, your company directors could even face prosecution if a major incident occurs and results in loss or injury.An introduction to ISO22301To minimise the impact of a disaster on your business, and to continue to provide essential services to your customers, you need to put in place a Business Continuity Management System (BCMS).ISO22301: A Pocket Guide is designed to help you satisfy the requirements of ISO22301, the latest international Standard for business continuity management (BCM). A BCMS based on ISO22301 will protect your organisation's turnover, profits and reputation. With the expert advice contained in this guide, you can ensure your organisation develops a business continuity plan that is fit for purpose, and ensure your continuing service when disaster strikes.Learn how to build your Business Continuity Management System (BCMS)Plan and manage a BCMS. If you are going to have a proper BCMS you will need to make business continuity a formal project. This pocket guide gives you valuable tips on how to draw up the BCM policy and establish the BCMS project, along with basic guidance on conducting a business impact analysis.Secure your licence to operate. Organisations such as law firms now have to put in place a BCMS in order to obtain a licence to operate.Retain your competitive edge. Organisations are beginning to seek formal assurance that their suppliers will be able to continue supplying them in the event of an interruptive incident. If you are a supplier, having a BCMS certified to ISO22301 represents a significant competitive advantage.Satisfy corporate governance concerns. A well-run company will have a strong corporate governance framework. Business continuity planning is a basic requirement of corporate governance.Expert ISO22301 guidance.

Paperback. Condizione: New. This pocket guide helps those who may be lacking in specialist knowledge achieve compliance with the ISO14001 Standard for Environmental Management. The authors, two experienced auditors, are acknowledged experts in the area and have drawn on material from the UK's Environment Agency. The pocket guide will prove invaluable, not only for auditors and trainers, but also for managers across many sectors of industry.

Paperback. Condizione: New. Second edition. This concise guide is essential reading for EU organisations wanting an easy to follow overview of the new regulation and the compliance obligations for handling data of EU citizens.The EU General Data Protection Regulation (GDPR) will unify data protection and simplify the use of personal data across the EU, and automatically supersedes member states domestic data protection laws.It will also apply to every organisation in the world that processes personal information of EU residents.The Regulation introduces a number of key changes for all organisations that process EU residents' personal data.EU GDPR: A Pocket Guide provides an essential introduction to this new data protection law, explaining the Regulation and setting out the compliance obligations for EU organisations.This second edition has been updated with improved guidance around related laws such as the NIS Directive and the future ePrivacy Regulation.EU GDPR - A Pocket Guide sets out:A brief history of data protection and national data protection laws in the EU (such as the German BDSG, French LIL and UK DPA).The terms and definitions used in the GDPR, including explanations.The key requirements of the GDPR, including: Which fines apply to which Articles;The six principles that should be applied to any collection and processing of personal data;The Regulation's applicability;Data subjects' rights;Data protection impact assessments (DPIAs);The role of the data protection officer (DPO) and whether you need one;Data breaches, and the notification of supervisory authorities and data subjects;Obligations for international data transfers.How to comply with the Regulation, including: Understanding your data, and where and how it is used (e.g. Cloud suppliers, physical records);The documentation you need to maintain (such as statements of the information you collect and process, records of data subject consent, processes for protecting personal data);The "appropriate technical and organisational measures" you need to take to ensure your compliance with the Regulation.A full index of the Regulation, enabling you to find relevant Articles quickly and easily.Buy your copy today.

Paperback. Condizione: New. IT Outsourcing A wide range of industry sectors need IT, and many organisations choose to outsource this (for example, banking, pharmaceuticals, travel and insurance companies). Outsourcing exists in many guises; IT payroll, helpdesk and IT maintenance requirements or the whole IT function. This book identifies some of the benefits and the pitfalls that an organisation may encounter when outsourcing its IT. IT Outsourcing Contracts: A legal and practical guide will provide readers with: * An overview of IT outsourcing, including advantages and disadvantages * Details of what needs to be considered when choosing whether or not to outsource IT * Typical scenarios that can arise when outsourcing IT and information on typical solutions that have been adopted by other organisations * An overview of the IT outsourcing process and useful information about the lifecycle from choosing a supplier, through to termination * An understanding of legal and practical issues that might arise in an IT outsourcing contract. The benefits for your organisation IT outsourcing can provide many benefits for your organisation, including cost savings and improved services.It can thus enable your organisation to operate more efficiently, and potentially make more profit. This book details the issues you need to take into consideration and the steps you need to follow in order to achieve these benefits.

Paperback. Condizione: New. The primary purpose of computer forensics is to enable organisations to pinpoint where the malware has infected their computer systems and which files have been infected, so that they can close the vulnerability. More and more organisations have realised that they need to acquire a forensic capability to ensure they are ready to cope with an information security incident. This pocket guide illustrates the technical complexities involved in computer forensics, and shows managers what makes the discipline relevant to their organisation. For technical staff, the book offers an invaluable insight into the key processes and procedures that are required.

Paperback. Condizione: New. An expert introductionMore than 85% of businesses now take advantage of Cloud computing, but Cloud computing does not sit easily with the DPA. Data Protection and the Cloud addresses that issue, providing an expert introduction to the legal and practical data protection risks involved in using Cloud services. Data Protection and the Cloud highlights the risks an organisation's use of the Cloud might generate, and offers the kind of remedial measures that might be taken to mitigate those risks.Topics covered include: Protecting the confidentiality, integrity and accessibility of personal dataData protection responsibilitiesThe data controller/data processor relationshipHow to choose Cloud providersCloud security - including two-factor authentication, data classification and segmentationThe increased vulnerability of data in transitThe problem of BYOD (bring your own device)Data transfer abroad, US Safe Harbor and EU legislationRelevant legislation, frameworks and guidance, including: the EU General Data Protection RegulationCloud computing standardsthe international information security standard, ISO 27001the UK Government's Cyber Essentials scheme and security frameworkCESG's Cloud security management principlesguidance from the Information Commissioner's Office and the Open Web Application Security Project (OWASP)  Mitigate the security risks Mitigating security risks requires a range of combined measures to be used to provide end-to-end security. Moving to the Cloud does not solve security problems, it just adds another element that must be addressed. Data Protection and the Cloud provides information on how to do so while meeting the DPA's eight principles.

Paperback. Condizione: New. European. A concise introduction to the EU GDPRThe EU General Data Protection Regulation (GDPR) will unify data protection and simplify the use of personal data across the EU, and automatically supersede member states domestic data protection laws.It will also apply to every organisation in the world that processes personal information of EU residents.The Regulation introduces a number of key changes for all organisations that process EU residents' personal data.EU GDPR: A Pocket Guide provides an essentiall introduction to this new data protection law, explaining the Regulation and setting out the compliance obligations for EU organisations. Product overviewEU GDPR - A Pocket Guide sets out:A brief history of data protection and national data protection laws in the EU (such as the German BDSG, French LIL and UK DPA).The terms and definitions used in the GDPR, including explanations.The key requirements of the GDPR, including:Which fines apply to which Articles;The six principles that should be applied to any collection and processing of personal data;The Regulation's applicability;Data subjects' rights;Data protection impact assessments (DPIAs);The role of the data protection officer (DPO) and whether you need one;Data breaches, and the notification of supervisory authorities and data subjects;Obligations for international data transfers.How to comply with the Regulation, including:Understanding your data, and where and how it is used (e.g. Cloud suppliers, physical records);The documentation you need to maintain (such as statements of the information you collect and process, records of data subject consent, processes for protecting personal data);The "appropriate technical and organisational measures" you need to take to ensure your compliance with the Regulation.A full index of the Regulation, enabling you to find relevant Articles quickly and easily. About the authorAlan Calder, the founder and executive chairman of IT Governance Ltd, is an internationally acknowledged cyber security expert, and a leading author on information security and IT governance issues. He co-wrote the definitive compliance guide IT Governance: An International Guide to Data Security and ISO27001/ISO27002, which is the basis for the Open University's postgraduate course on information security, and has been involved in the development of a wide range of information security management training courses that have been accredited by the International Board for IT Governance Qualifications (IBITGQ). Alan has consulted on data security for numerous clients in the UK and abroad, and is a regular media commentator and speaker.Quickly understand your organisation's new obligations under the EU GDPR, and learn the essential compliance steps needed to avoid costly fines.

Paperback. Condizione: New. A wide range of industry sectors will outsource service provision (for example, banking, pharmaceuticals, and insurance companies). This can happen where an organisation outsources its IT payroll needs, its helpdesk and IT maintenance requirements, its payment processing, or its whole IT function.The key riskThe key risk for an organisation that enters into an outsourcing transaction, are that the services that it receives from the supplier will be worse than the services they were receiving before, or that the cost savings that were anticipated or promised, are not achieved.The SLATo try and avoid this scenario, the outsourcing contract should include a Service Level Agreement (SLA). The SLA must be drafted to govern the standard of service that you require, including the cost of those services and the consequences of not achieving pre-agreed standards.The wider environmentWhile Service Level Agreements are a key method, within ITIL, for setting out how two parties have agreed that a specific service (usually, but not necessarily, IT-related) will be delivered by one to the other, and the standards or levels to which it will be delivered, the basic concept is now far more widely applied than just in ITIL® and ITSM environments.This pocket guide provides information and guidance on SLAs to those in the wider environment, from a legal and practical view point.The benefits and the pitfallsIdentifying some of the benefits and the pitfalls that an organisation can encounter when negotiating and drafting SLAs, this pocket guide provides an overview of SLAs, highlighting typical scenarios that can arise, and provides information on typical solutions that have been adopted by other organisations.By reading this a short, legal and practical guide to SLAs, you should be able to quickly come up to speed with some of the legal and practical issues that might arise. Negotiating the SLA and putting the SLA into action are also discussed in the pocket guide. Whilst short and easy to digest, case references and weblinks have been provided in the text so readers can find out more information about SLAs.

Paperback. Condizione: New. Make your organisation's email secureYour business relies on e-mail for its everyday dealings with partners, suppliers and customers. While e-mail is an invaluable form of communication, it also represents a potential threat to your information security. E-mail could become the means for criminals to install a virus or malicious software on your computer system and fraudsters will try to use e-mails to obtain sensitive information through phishing scams.Safeguard email securityIf you want to safeguard your company's ability to function, it is essential to have an effective e-mail security policy in place, and to ensure your staff understand the risks associated with e-mail.Email security best practiceThis pocket guide will help businesses to address the most important issues. Its comprehensive approach covers both the technical and the managerial aspects of the subject, offering valuable insights for IT professionals, managers and executives, as well as for individual users of e-mail.Overcome email security threatsThe pocket guide covers the various types of threat to which e-mail may expose your organisation, and offers advice on how to counter social engineering by raising staff awareness.Choose the most secure email clientThe client is the computer programme that manages the user's e-mail. Malicious e-mails often operate through attachment files that infect computer systems with malware when downloaded. This pocket guide explains how you can enhance your information security by configuring the e-mail client to block attachments or to limit their size.Protect your company's informationWhat kind of information should you include in an e-mail? How do you know that the e-mail will not be intercepted by a third party after you have sent it? This guide looks at countermeasures you can take to ensure that your e-mails only reach the intended recipient, and how to preserve confidentiality through the use of encryption.Protect your company's reputation Crude jokes, obscene language or sexist remarks will have an adverse effect on your organisation's reputation when they are found in e-mails sent out by your employees from their work account. This pocket guide offers advice on how to create an acceptable use policy to ensure that employee use of e-mail in the workplace does not end up embarrassing your organisation.The pocket guide provides a concise reference to the main security issues affecting those that deploy and use e-mail to support their organisations, considering e-mail in terms of its significance in a business context, and focusing upon why effective security policy and safeguards are crucial in ensuring the viability of business operations.

Paperback. Condizione: New. Fifth. An ideal introduction and a quick reference to PCI DSS version 3.2All businesses that accept payment cards are prey for hackers and criminal gangs trying to steal financial information and commit identity fraud. The PCI DSS (Payment Card Industry Data Security Standard) exists to ensure that businesses process credit and debit card orders in a way that effectively protects cardholder data.All organisations that accept, store, transmit or process cardholder data must comply with the Standard; failure to do so can have serious consequences for their ability to process card payments. Product overviewCo-written by a PCI QSA (Qualified Security Assessor) and updated to cover PCI DSS version 3.2, this handy pocket guide provides all the information you need to consider as you approach the PCI DSS. It is also an ideal training resource for anyone in your organisation involved with payment card processing. Coverage includes:An overview of PCI DSS v3.2.A PCI self-assessment questionnaire (SAQ).Procedures and qualifications.An overview of the Payment Application Data Security Standard (PA-DSS). ContentsWhat is the Payment Card Industry Data Security Standard (PCI DSS)?What is the scope of the PCI DSS?Compliance and compliance programmesConsequences of a breachHow do you comply with the requirements of the Standard?Maintaining compliancePCI DSS - The StandardAspects of PCI DSS complianceThe PCI self-assessment questionnaireProcedures and qualificationsThe PCI DSS and ISO/IEC 27001The Payment Application Data Security Standard (PA-DSS)PIN transaction security (PTS) About the authorsAlan Calder is the founder and executive chairman of IT Governance Ltd, an information, advice and consultancy firm that helps company boards tackle IT governance, risk management, compliance and information security issues. He has many years of senior management experience in the private and public sectors.Geraint Williams is a knowledgeable and experienced senior information security consultant and PCI QSA, with a strong technical background and experience of the PCI DSS and security testing. He leads the IT Governance CISSP Accelerated Training Programme, as well as the PCI Foundation and Implementer training courses. He has broad technical knowledge of security and IT infrastructure, including high performance computing and Cloud computing. His certifications include CISSP, PCI QSA, CREST Registered Tester, CEH and CHFI.Buy today, in any format. We'll send you a download link right away, or dispatch today for fast delivery to your selected destination.

Paperback. Condizione: New. ISO/IEC38500 is the international standard for the corporate governance of information and communication technology. The purpose of the standard is to create a framework to ensure that the Board is appropriately involved in the governance of the organisation's IT. The standard sets out guiding principles for directors on how to ensure the effective, efficient and acceptable use of IT within their company.This useful pocket guide provides an account of the scope and objectives of the standard. It outlines the standard's six core principles, sets out the three major tasks that the standard assigns to directors regarding IT, and explains the interrelationship between the two. The guide also offers advice on how to set up and implement the IT governance framework.

Paperback. Condizione: New. This pocket guide is a handy reference to the key information on ISO/IEC 20000. It features an overview of the purpose of the standard and shows how to use it. It explains qualification programmes, certification schemes and the interrelationship of ISO20000 with other standards, such as ISO27001. The overall emphasis of the guide is on ISO20000's customer-driven approach to ensure your IT service management processes align with the needs of your business.

Paperback. Condizione: New. Aimed at IT professionals who have been tasked with putting in place Asset Management disciplines, this guide provides a commonsense introduction to the key processes outlined in the Information Technology Infrastructure Library (ITIL®), before proceeding to explain the various milestones of an Asset Management project.

Paperback. Condizione: New. The United States DoD (Department of Defense) is one of the largest employers in the world, with about 2.87 million employees. It spends more than a year among more than 350,000 contractors and subcontractors throughout its supply chain.Information in the DoD network is shared digitally across the contractor and subcontractor supply chain, offering an irresistible target for nation-states and cyber criminals.Protecting the DoD supply chainThe CMMC was developed to step up measures for protecting the DoD supply chain. Its objectives are to standardize cybersecurity controls and ensure that effective measures are in place to protect CUI (Controlled Unclassified Information) on contractor systems and networks.All companies doing business with the DoD, including subcontractors, must become certified by an independent third-party commercial certification organization.Your essential guide to understanding the CMMCTo help you get to grips with the CMMC, this essential pocket guide covers:What the CMMC is and why it has been introducedWho needs to comply with the CMMCThe implementation processThe road to certificationCMMC implications for firms doing business with the US governmentSuitable for senior management and the C-suite, general or legal counsel, IT executives, IT organizations, and IT and security students, this pocket guide will give you a solid introduction to the CMMC and its requirements.About the authorWilliam Gamble is an international cybersecurity and privacy compliance expert. He is one of the few lawyers to hold advanced cybersecurity professional qualifications, and has an in-depth understanding of the design, management, and deployment of technology within the ISO 27001 framework. With more than 30 years' experience of international regulatory practice in the U.S., EU, China, and other countries, William has had hundreds of articles published globally, written three books, and appeared on numerous radio and television programs around the world.William is a member of the Florida Bar and several federal courts. His qualifications include Juris Doctor (JD), Master of Laws?(LLM), CompTIA® A+, Network+, Security+, CASP (Advanced Security Practitioner), ISO 27001 Lead Auditor and Lead Implementer, and GDPR Practitioner (GDPR P).

Paperback. Condizione: New. Shows you the innovative IT governance model developed by the largest consulting firm in the worldThis pocket guide provides you with an insider's detailed description of Accenture's IT governance policy and details its governance structure. It will show how effective IT governance links IT strategy and IT decisions to Accenture's business strategy and business priorities.Following the best practices approach set out in this pocket guide will serve as an excellent starting point for any organisation with ambitions to achieve high performance.Benefits to business include:Boost productivity How hard do you work in other areas of your business to cut costs and improve efficiency? In testing economic times, is the absence of a clear strategy for your business's IT governance still a realistic option? Learning from Accenture's proven approach will enable you to increase your organisation's competitiveness over the longer term.Coordinate your operations To ensure effective decision-making and align your IT function with your broader business goals, you need to make the structure of your IT governance fit your overall corporate governance structure. That way, you can make your IT work for your business.Manage change effectively IT is crucial for realising the changes you want your business to make. For this reason, you cannot afford to have these changes treated merely as IT projects that have been foisted on the company by the IT department. By bringing top management on board, and giving business leaders a formal role in the IT governance of your organisation, you will make the success of any project with an IT component much more likely.  Keep a grip on budgets The costs of IT projects are notoriously prone to overrun, while some IT development programmes have promised more than they ever delivered. The Accenture way of doing business is different. Following the Accenture approach means ensuring that your IT investment is backed by a solid business case, and measuring the return on investment following project completion.High performanceChief executives now put high performance IT among their top strategic objectives. So, if you are looking to improve IT governance in your own organisation, finding out what Robert E. Kress has to say is as good a starting point as any.This book will show you his company's best practice approach to the subject. Whatever business you are in, there is nearly always a clear link between the performance of your IT function and your company's overall results.

Paperback. Condizione: New. This pocket guide is a primer for any DSPs (digital service providers) that needs to comply with the NIS Regulations, and explores who they are, and why the NIS Regulations are different for them.An introduction to the new NIS Regulations 2018 that bring the EU's NIS Directive and Implementing Regulation into UK law.  This guide outlines the key requirements, details exactly which digital service providers are within scope, and explains how the security objectives from ENISA's Technical Guidelines and international standards can help DSPs achieve compliance.This guide will help you:Clarify how to identify if you are within the scope of the NIS RegulationsGain an insight into the NIS DirectiveUnravel the key definitions, authorities and points of contactUnderstand the benefits of a good cyber resilience planYour essential guide to understanding the NIS Regulations - buy this book today and get the help and guidance you need.

Paperback. Condizione: New. SummaryExplains in easy-to-understand terms what executives and senior managers need to know and do about the ever-changing cyber threat landscape.Gives strategic, business-focused guidance and advice relevant to C-suite executives.Provides an effective and efficient framework for managing cyber governance, risk and compliance.Explains what is required to implement an effective cyber security strategy.DescriptionWith high-profile cyber attacks, data breaches and fines for GDPR (General Data Protection Regulation) non-compliance hitting the headlines daily, businesses must protect themselves and their reputations, while reassuring stakeholders they take cyber security seriously.Cyber attacks are becoming more sophisticated and prevalent, and the cost of data breaches is soaring. In addition, new regulations and reporting requirements make cyber security a critical business issue.Board members and senior management must understand the threat landscape and the strategies they can employ to establish, implement and maintain effective cyber resilience throughout their organisation.How Cyber Security Can Protect your Business - A guide for all stakeholders provides an effective and efficient framework for managing cyber governance, risk and compliance, which organisations can adapt to meet their own risk appetite and synchronise with their people, processes and technology. It explains what is meant by governance, risk and compliance, how it applies to cyber security and what is required to implement an effective cyber security strategy.The pocket guide:Gives readers a greater understanding of cyber governance, risk and compliance;Explains what executives, senior managers and their advisors need to know and do about the ever-changing cyber threat landscape;Provides context as to why stakeholders need to be aware of and in control of their organisation's cyber risk management and cyber incident response;Gives guidance on building an appropriate and efficient governance framework that enables organisations to demonstrate their cyber approach in a non-technical, strategic, business-focused way;Details an overview process to enable risk assessment, assess existing defence mitigations and provide a framework for developing suitable controls; andIncludes a checklist to help readers focus on their higher-priority cyber areas.Suitable for all managers and executives, this pocket guide will be of interest to non-cyber specialists, including non-executive directors, who may be required to review cyber arrangements. For cyber specialists, it provides an approach for explaining cyber issues in non-jargonistic, business-based language.Kick-start your journey to becoming cyber secure - buy this pocket guide today!

Paperback. Condizione: New. Written from personal experience of managing many successful projects over 15 years, Project Governance: The Essentials offers real, workable solutions in bite-size pieces. For small companies and large, whatever your experience, you will discover many keys to gain the best return on your investment.

Paperback. Condizione: New. With a quality management system (QMS) based on ISO 9001 - the world's most established quality framework - you can ensure the quality of the products and services your company provides, thereby enhancing customer satisfaction and increasing profitability. ISO 9001:2015 - A Pocket Guide provides a useful introduction to ISO 9001 and the principles of quality management.

Paperback. Condizione: New. Risk management is a primary concern for any organisation. Its significance has only increased since the start of the COVID-19 pandemic. Organisations need to prepare for all types of threats, both probable (a server breaking down) and improbable (the office being flooded), to ensure that their operations can survive and adapt to continue with BAU (business as usual) in the face of a disaster.Yet risk management isn't solely about preventing negative outcomes, it is also about an organisation taking a known risk to uncover new opportunities to improve the organisation. For example, the transition of employees to remote working could risk an organisation's security as an employee could connect their laptop to an unsecure Wi-Fi connection. However, as demonstrated in the pandemic, remote working helped protect employees as the risk of infecting one another with COVID-19 was reduced.Read this pocket guide to understand how:Risk-based management can prepare your organisation for future threats and therefore help the success of a BCP (business continuity plan);To identify whether the opportunities gained from a 'risky' decision can outweigh the perceived threat;The principles of ISO 31000 can help your organisation develop a framework for its approach to risk management;The guidelines of ISO 31000 can be interwoven with controls in other standards such as ISO 27001 and ISO 9001; andThe organisation must continually review its approach to risk management to stay prepared for the latest threats.

Paperback. Condizione: New. An Introduction to IT GovernanceIf you are unsure what IT governance is, or how it is relevant to your business, this pocket guide is for you. It outlines the key drivers for IT governance in the modern global economy, with particular reference to corporate governance requirements and the need for companies to protect their information assets.IT Governance for "Non-geeks"The guide examines the role of IT governance in the management of strategic and operational risk. It also looks at the most important considerations when setting up an IT governance framework, and introduces you to the Calder-Moir IT Governance Framework that the author helped to create. The approach throughout is resolutely non-geek, avoiding technical jargon and with the emphasis on business opportunities and needs.Find out about something that matters for your organisation's survival If you want your business to succeed, you have to make effective use of information technology. Otherwise you will be outpaced by your competitors. This pocket guide is about how to create a framework to ensure that your organisation's IT will support its overall objectives.Understand a crucial aspect of corporate governance Companies are regulated in order to protect the interests of shareholders from fraudulent or reckless activity on the part of the directors. For US-listed companies, compliance with the Sarbanes-Oxley Act (SOX) of 2002 is mandatory. The requirements of SOX and the UK's Combined Code can only be met if you have an effective IT governance framework already in place. Understand a crucial aspect of risk management Those running a company have a responsibility to manage risk. An IT governance framework will help you to stop hackers, fight cybercrime and minimise the disruption to your operations in the event of an accident.Cut costs and boost profits While businesses often need to spend money on upgrades to their computer systems and software, this issue has many pitfalls. This pocket guide shows how IT governance can help you to make better investment decisions. An IT governance framework also enhances your overall competitiveness and thus increases profitability.IT governance can dramatically improve your organisation's competitiveness. Read this pocket guide to find out how.

Paperback. Condizione: New. Information is one of your organisation's most important resources. Keeping that information secure is therefore vital to your business. This handy pocket guide is an essential overview of two key information security standards that cover the formal requirements (ISO27001:2013) for creating an Information Security Management System (ISMS), and the best-practice recommendations (ISO27002:2013) for those responsible for initiating, implementing or maintaining it.

Paperback. Condizione: New. Written by an acknowledged expert on the ISO/IEC 27001 Standard, ISO 27001:2022 - An Introduction to information security and the ISMS standard is an ideal primer for anyone implementing an information security management system aligned to ISO 27001:2022.The guide is a must-have resource giving a clear, concise and easy-to-read introduction to information security, providing guidance to ensure the management systems you put in place are effective, reliable and auditable.This pocket guide will help you to:Make informed decisionsUsing this guide will enable the key employees in your organisation to make better decisions before embarking on an information security project.Ensure everyone is up to speedThis guide will give the non-specialists on the project board and in the project team a clearer understanding of what an information security management system involves, reflecting the ISO 27001:2022 version of the Standard.Raise awareness among staffEnsure that your staff know what is at stake with regard to information security and understand what is expected of them with this pocket guide.Enhance your competitivenessUse this guide to begin your ISO 27001:2022 implementation journey and let your customers know that the information you hold about them is managed and protected appropriately.Get up to speed with the ISO 27001:2022 updates and keep your information secureAbout the author:Steve is a Director of Kinsnall Consulting Ltd, providing board-level advice on cyber security and related standards.Steve is an active member of SC 27, the international committee responsible for cyber security, information security and privacy protection standards, including the ISO 27001 family. He Chairs the UK national committee (IST 33) that mirrors SC 27 and is the Chair of the UK ISO/IEC 27001 User Group.He is also a contracted ISMS and ITSMS Technical Assessor for UKAS, supporting the assessment of certification bodies offering accredited certification to ISO/IEC 27001 and ISO/IEC 20000-1.TOC:IntroductionChapter 1: Information security - What's that?Chapter 2: It's not ITChapter 3: ISO 27001 and the management system requirementsChapter 4: Legal, regulatory and contractual requirements and business riskChapter 5: Information security controlsChapter 6: CertificationChapter 7: SignpostingFurther reading.

Paperback. Condizione: New. An ideal primer for anyone implementing a PIMS based on ISO/IEC 27701ISO/IEC 27701:2019 is a privacy extension to the international information security management standard, ISO/IEC 27001. It has been designed to integrate with ISO 27001 to extend an existing ISMS (information security management system) with additional requirements, enabling an organisation to establish, implement, maintain and continually improve its PIMS.ISO 27701 provides guidance on the protection of privacy, including how organisations should manage personal information, and helps demonstrate compliance with privacy regulations around the world, such as the GDPR (General Data Protection Regulation).ISO/IEC 27701:2019: An introduction to privacy information management offers a concise introduction to the Standard, aiding those organisations looking to improve their privacy information management regime, particularly where ISO/IEC 27701:2019 is involved. It is intended for:Individuals looking for general information about privacy information management; andOrganisations implementing, or considering improving, a PIMS, particularly where the use of ISO/IEC 27701:2019 is being considered.It will enable you to understand the basics of privacy information management, including:What privacy information management means;How to manage privacy information successfully using a PIMS aligned to ISO/IEC 27701;Key areas of investment for a business-focused PIMS; andHow your organisation can demonstrate the degree of assurance it offers with regard to privacy information management.This guide will prove useful throughout a number of stages in any privacy information management project - buy your copy today!

Paperback. Condizione: New. This pocket guide is a primer for any OES (operators of essential services) that needs to comply with the NIS Regulations, and explores who they are, and why the NIS Regulations are different for them.An introduction to the new NIS Regulations 2018 that bring the EU's NIS Directive and Implementing Regulation into UK law.This guide outlines the requirements for operators of essential services based on the Cyber Assessment Framework established by the National Cyber Security Centre (NCSC), including an explanation of the objectives, principles and indicators of good practice, and offers implementation guidance.This guide will help you:Understand how to comply with NIS Regulations, and avoid penalties associated with non-complianceUnravel the key definitions, authorities and points of contactLearn the benefits of a good Cyber Resilience planInterpret and ensure compliance with the Cyber Assessment FrameworkEstablish the NCSC's cyber security objectives, principles and indicators of good practiceYour essential guide to understanding the NIS Regulations - buy this book today and get the help and guidance you need.

Paperback. Condizione: New. Second Edition. Understand ISO 38500: the standard for the corporate governance of ITIn the 21st century, IT governance has become a much-discussed topic among IT professionals. An IT governance framework serves to close the gap between the importance of IT and the understanding of IT, helping to improve your organisation's competitive position.ISO/IEC 38500 is the international standard for the corporate governance of information and communication technology. The purpose of the standard is to create a framework to ensure that the board is appropriately involved, and it sets out guiding principles for governing bodies on how to ensure the effective, efficient and acceptable use of IT within their company.This useful pocket guide is an ideal introduction for those wanting to understand more about ISO 38500. It describes the scope, application and objectives of the Standard and outlines its six core principles. It covers:What is ISO/IEC 38500?The corporate governance contextScope, application and objectivesPrinciples and model for good governance of itImplementing the six IT governance principlesISO/IEC 38500 and the IT steering committeeProject governanceOther IT governance standards and frameworksIntegrated frameworksImplement an IT governance framework to improve your organisation's competitive position. Buy this pocket guide today!About the authorAlan Calder is a leading author on IT governance and information security issues. He is Group CEO of GRC International Group plc, the AIM-listed company that owns IT Governance Ltd. Alan is a frequent media commentator on IT governance and information security issues, and has contributed articles and expert comment to a wide range of trade, national and online news outlets.

Paperback. Condizione: New. Reduce energy costs and combat climate change with ISO 50001ISO 50001:2018, the international standard for energy management, provides a framework for organisations - both large and small - to manage and reduce their energy usage and associated costs. Implementing an effective EnMS (energy management system) that complies with ISO 50001 ensures that an organisation can:Meet legal and contractual energy compliance requirements;Save money by managing energy more efficiently;Reduce its carbon footprint;Increase energy security; andDemonstrate a commitment to improved energy performance.With energy security concerns rising and climate change an existential threat, consumers are increasingly aware of sustainability issues.ISO 50001 - A strategic guide to establishing an energy management system provides a practical but strategic overview for leadership teams of what an EnMS is and how implementing one can bring added value to an organisation. It:Explains how ISO 50001:2018 (which is based on ISO's Annex SL) differs from the previous version of the Standard;Provides readers with a greater understanding of what energy management is and how taking a risk-based approach can save money and improve brand reputation; andCovers how ISO 50001 can be implemented and how the EnMS can be integrated with other management systems, such as an ISO 14001 EMS (environmental management system).Your strategic guide to energy management and ISO 50001 - buy this book today!

Paperback. Condizione: New. In an increasingly volatile world, exemplified by the 2020 COVID-19 pandemic, organisations are looking at business continuity with a fresh perspective. While most organisations believe they are prepared for disruption, COVID-19 has proved otherwise. The need for business continuity has never been clearer.If you were hit by a cyber attack and lost the use of your IT systems, would you be able to carry on? If your business premises were forced to close, what would you do? If you were affected by unexpected staff absence, how could you reassure your customers that you can still offer them the service they expect?Being unprepared can lead to financial and reputational damage, which could prove disastrous. You could fail to keep up with customer demand or lose important business, or your customers could go elsewhere. Without a proper risk assessment strategy, your company directors could even face prosecution if a major incident occurs and results in loss or injury.An introduction to ISO 22301To minimise the impact of a disaster on your business, and to continue to provide essential services to your customers, you need to put in place a BCMS (business continuity management system). This pocket guide will help you understand the basics of business continuity and ISO 22301:2019, the international standard that describes the specification for a BCMS.It covers:What business continuity is;Key terms and definitions;A brief history of business continuity management;The BCMS;ISO 22301 BCMS requirements; andCertificationISO 22301:2019 - An introduction to a business continuity management system (BCMS) provides an easy-to-read and straightforward introduction to a BCMS that business continuity managers, compliance managers, C-suites and disaster recovery planners - or any organisation implementing, or considering implementing, an ISO 22301 BCMS - will find valuable.