|
Showing 1 - 25 of
29 matches in All Departments
ISO/IEC 27001:2005 is an international standard for information
security management systems (ISMSs). Closely allied to ISO/IEC
27002:2005 (which used to be known as ISO17799), this standard
(sometimes called the ISMS standard) can help organisations meet
all their information-related regulatory compliance objectives and
can help them prepare and position themselves for new and emerging
regulations. Information is the lifeblood of today s organis-ation
and, therefore, ensuring that information is simultaneously
protected and available to those who need it is essential to modern
business operations. Information systems are not usually designed
from the outset to be secure. Technical security measures and
checklists are limited in their ability to protect a complete
information system. Management systems and procedural controls are
essential components of any really secure information system and,
to be effective, need careful planning and attention to detail.
ISO/IEC 27001 provides the specification for an information
security management system and, in the related Code of Practice,
ISO/IEC 27002, it draws on the knowledge of a group of experienced
information security practitioners in a wide range of significant
organisations across more than 40 countries to set out best
practice in information security. An ISO27001-compliant system will
provide a systematic approach to ensuring the availability,
confidentiality and integrity of corporate information. The
controls of ISO27001 are based on identifying and combating the
entire range of potential risks to the organisation s information
assets. This helpful, handy ISO27001/ISO27002 pocket guide gives a
useful overview of these two important information security
standards. Key features include: The ISO/IEC 27000 Family of
Information Security Standards Background to the Standards
Specification vs Code of Practice Certification process The ISMS
and ISO27001 Overview of ISO/IEC 27001:2005 Documentation &
Records Management Responsibility Policy & Scope Risk
Assessment Implementation
A clear, concise primer on the GDPR The GDPR aims to unify data
protection and ease the flow of personal data across the EU. It
applies to every organisation in the world that handles EU
residents' personal data. While the GDPR is not law in countries
outside the EU, it is effectively part of the legislative
environment for organisations that do business with the EU. This is
enforced through a combination of international trade law and
business pressure - after all, a partner in the EU is unlikely to
want to risk engaging with a company in the US, Australia or
Singapore (or anywhere else) that will put them at risk. EU GDPR -
An international guide to compliance is the ideal resource for
anyone wanting a clear primer on the principles of data protection
and their obligations under the GDPR. A concise pocket guide, it
will help you understand: The terms and definitions used in the
GDPR, including explanations; The key requirements of the GDPR,
including: Which fines apply to which Articles; The principles that
should be applied to any collection and processing of personal
data; The Regulation's applicability; Data subjects' rights; Data
protection impact assessments; The data protection officer role and
whether you need one; Data breaches, and notifying supervisory
authorities and data subjects; and Obligations for international
data transfers. How to comply with the Regulation, including:
Understanding your data, and where and how it is used (e.g. Cloud
suppliers, physical records); The documentation you must maintain
(such as statements of the information you collect and process,
records of data subject consent, processes for protecting personal
data); and The "appropriate technical and organisational measures"
you need to take to ensure compliance with the Regulation. A full
index of the Regulation, enabling you to find relevant Articles
quickly and easily. Supplemental material While most of the EU
GDPR's requirements are broadly unchanged in the UK GDPR, the
context is quite different and will have knock-on effects. You may
need to update contracts regarding EU-UK data transfers,
incorporate standard contractual clauses into existing agreements,
and update your policies, processes and procedural documentation as
a result of these changes. We have published a supplement that sets
out specific extra or amended information for this pocket guide.
Click here to download the supplement.
Is your organisation prepared? In an increasingly volatile world,
exemplified by the 2020 COVID-19 pandemic, organisations are
looking at business continuity with a fresh perspective. While most
organisations believe they are prepared for disruption, COVID-19
has proved otherwise. The need for business continuity has never
been clearer. If you were hit by a cyber attack and lost the use of
your IT systems, would you be able to carry on? If your business
premises were forced to close, what would you do? If you were
affected by unexpected staff absence, how could you reassure your
customers that you can still offer them the service they expect?
Being unprepared can lead to financial and reputational damage,
which could prove disastrous. You could fail to keep up with
customer demand or lose important business, or your customers could
go elsewhere. Without a proper risk assessment strategy, your
company directors could even face prosecution if a major incident
occurs and results in loss or injury. An introduction to ISO 22301
To minimise the impact of a disaster on your business, and to
continue to provide essential services to your customers, you need
to put in place a BCMS (business continuity management system).
This pocket guide will help you understand the basics of business
continuity and ISO 22301:2019, the international standard that
describes the specification for a BCMS. It covers: What business
continuity is; Key terms and definitions; A brief history of
business continuity management; The BCMS; ISO 22301 BCMS
requirements; and Certification. ISO 22301:2019 - An introduction
to a business continuity management system (BCMS) provides an
easy-to-read and straightforward introduction to a BCMS that
business continuity managers, compliance managers, C-suites and
disaster recovery planners - or any organisation implementing, or
considering implementing, an ISO 22301 BCMS - will find valuable.
ISO/IEC38500 is the international standard for the corporate
governance of information and communication technology. The purpose
of the standard is to create a framework to ensure that the Board
is appropriately involved in the governance of the organisation's
IT. The standard sets out guiding principles for directors on how
to ensure the effective, efficient and acceptable use of IT within
their company. This useful pocket guide provides an account of the
scope and objectives of the standard. It outlines the standard's
six core principles, sets out the three major tasks that the
standard assigns to directors regarding IT, and explains the
interrelationship between the two. The guide also offers advice on
how to set up and implement the IT governance framework. Business
benefits of ISO/IEC 38500 (ISO38500) include: Manage the
organisation's investment in IT responsibly The pocket guide shows
how the standard can be used to ensure that your decision making
about IT investment remains clear and transparent, and that the
associated risks are clearly understood. Meet compliance
requirements ISO/IEC38500 requires directors to verify that their
IT systems are in compliance with all applicable regulations. As
this pocket guide explains, following the procedures set out in
ISO/IEC38500 will help company directors both to achieve and
demonstrate compliance. Improve the performance of the organisation
On average, investment in IT represents more than 50 per cent of
every organisation's annual capital investment. Both private and
public sector organisations need to maintain a high standard of
service while at the same time keeping costs low. The pocket guide
looks at how following the guidance contained in ISO/IEC38500 can
enable directors to retain a grip on costs and obtain better value
for money from IT equipment. Introduce effective project governance
This pocket guide describes how ISO/IEC38500 can help company
directors to identify problems in an IT project at an early stage.
In this way, the standard promotes effective management of the
risks associated with major IT projects, enables the board to keep
a grip on budgets and militates against project failure. Implement
ISO38500, the international standard for corporate governance of IT
An IT governance framework serves to close the gap between the
importance of IT and the understanding of IT. For this reason, you
can use an IT governance framework to improve your company's
competitive position.
Faced with the compliance requirements of increasingly punitive
information and privacy-related regulation, as well as the
proliferation of complex threats to information security, there is
an urgent need for organizations to adopt IT governance best
practice. IT Governance is a key international resource for
managers in organizations of all sizes and across industries, and
deals with the strategic and operational aspects of information
security. Now in its seventh edition, the bestselling IT Governance
provides guidance for companies looking to protect and enhance
their information security management systems (ISMS) and protect
themselves against cyber threats. The new edition covers changes in
global regulation, particularly GDPR, and updates to standards in
the ISO/IEC 27000 family, BS 7799-3:2017 (information security risk
management) plus the latest standards on auditing. It also includes
advice on the development and implementation of an ISMS that will
meet the ISO 27001 specification and how sector-specific standards
can and should be factored in. With information on risk
assessments, compliance, equipment and operations security,
controls against malware and asset management, IT Governance is the
definitive guide to implementing an effective information security
management and governance system.
Faced with the compliance requirements of increasingly punitive
information and privacy-related regulation, as well as the
proliferation of complex threats to information security, there is
an urgent need for organizations to adopt IT governance best
practice. IT Governance is a key international resource for
managers in organizations of all sizes and across industries, and
deals with the strategic and operational aspects of information
security. Now in its seventh edition, the bestselling IT Governance
provides guidance for companies looking to protect and enhance
their information security management systems (ISMS) and protect
themselves against cyber threats. The new edition covers changes in
global regulation, particularly GDPR, and updates to standards in
the ISO/IEC 27000 family, BS 7799-3:2017 (information security risk
management) plus the latest standards on auditing. It also includes
advice on the development and implementation of an ISMS that will
meet the ISO 27001 specification and how sector-specific standards
can and should be factored in. With information on risk
assessments, compliance, equipment and operations security,
controls against malware and asset management, IT Governance is the
definitive guide to implementing an effective information security
management and governance system.
This pocket guide serves as an introduction to the National
Institute of Standards and Technology (NIST) and to its
Cybersecurity Framework (CSF). This is a US focused product. Now
more than ever, organizations need to have a strong and flexible
cybersecurity strategy in place in order to both protect themselves
and be able to continue business in the event of a successful
attack. The NIST CSF is a framework for organizations to manage and
mitigate cybersecurity risk based on existing standards,
guidelines, and practices. With this pocket guide you can: Adapt
the CSF for organizations of any size to implement Establish an
entirely new cybersecurity program, improve an existing one, or
simply provide an opportunity to review your cybersecurity
practices Break down the CSF and understand how other frameworks,
such as ISO 27001 and ISO 22301, can integrate into your
cybersecurity framework By implementing the CSF in accordance with
their needs, organizations can manage cybersecurity risks in the
most cost-effective way possible, maximizing the return on
investment in the organization's security. This pocket guide also
aims to help you take a structured, sensible, risk-based approach
to cybersecurity.
Corporate governance increasingly provides the context within which
twenty-first century organisations have to assess and deal with
their investments in, and risks to, their corporate information
assets and the Information and Communications Technology (ICT, or
just IT) infrastructure within which those information assets are
collected, manipulated, stored and deployed. But what is corporate
governance, and why is it important to the IT professional? Why is
IT governance important to the company director, and what do
directors of companies both quoted and unquoted need to know? This
book aims to do two things; The first is to set out for managers,
executives and IT professionals the practical steps necessary to
meet today s corporate and IT governance requirements. The second
is to provide practical guidance on how board executives and IT
professionals can navigate and deploy to best corporate and
commercial advantage the numerous IT management and IT governance
frameworks and standards particularly ISO/IEC 38500 that have been
published over the course of the last 10 years. Each of these
standards and frameworks has a potentially valuable role to play in
the organisation; the challenge lies in integrating them so that
each can deliver what it was designed to do, and do this within the
context of an overarching framework (a super framework , or
meta-framework ) that enables each organisation to design IT
governance to meet its own needs.
Information is the currency of the information age and in many
cases is the most valuable asset possessed by an organisation.
Information security management is the discipline that focuses on
protecting and securing these assets against the threats of natural
disasters, fraud and other criminal activity, user error and system
failure. Effective information security can be defined as the
'preservation of confidentiality, integrity and availability of
information.' This book describes the approach taken by many
organisations to realise these objectives. It discusses how
information security cannot be achieved through technological means
alone, but should include factors such as the organisation's
approach to risk and pragmatic day-to-day business operations. This
Management Guide provides an overview of the implementation of an
Information Security Management System that conforms to the
requirements of ISO/IEC 27001:2005 and which uses controls derived
from ISO/IEC 17799:2005. It covers the following: Certification
Risk Documentation and Project Management issues Process approach
and the PDCA cycle Preparation for an Audit
In the world as we know it, you can be attacked both physically and
virtually. For today's organisations, which rely so heavily on
technology - particularly the Internet - to do business, the latter
is the far more threatening of the two. The cyber threat landscape
is complex and constantly changing. For every vulnerability fixed,
another pops up, ripe for exploitation. This book is a
comprehensive cyber security implementation manual which gives
practical guidance on the individual activities identified in the
IT Governance Cyber Resilience Framework (CRF) that can help
organisations become cyber resilient and combat the cyber threat
landscape. Suitable for senior directors (CEO, CISO, CIO),
compliance managers, privacy managers, IT managers, security
analysts and others, the book is divided into six parts: Part 1:
Introduction. The world of cyber security and the approach taken in
this book. Part 2: Threats and vulnerabilities. A discussion of a
range of threats organisations face, organised by threat category,
to help you understand what you are defending yourself against
before you start thinking about your actual defences. Part 3: The
CRF processes. Detailed discussions of each of the 24 CRF
processes, explaining a wide range of security areas by process
category and offering guidance on how to implement each. Part 4:
Eight steps to implementing cyber security. Our eight-step approach
to implementing the cyber security processes you need and
maintaining them. Part 5: Reference frameworks. An explanation of
how standards and frameworks work, along with their benefits. It
also presents ten framework options, introducing you to some of the
best-known standards and giving you an idea of the range available.
Part 6: Conclusion and appendices. The appendices include a
glossary of all the acronyms and abbreviations used in this book.
Whether you are just starting out on the road to cyber security or
looking to enhance and improve your existing cyber resilience
programme, it should be clear that cyber security is no longer
optional in today's information age; it is an essential component
of business success. Make sure you understand the threats and
vulnerabilities your organisation faces and how the Cyber
Resilience Framework can help you tackle them. Start your journey
to cyber security now - buy this book today!
What do you do to keep your business information secure?
Information and information systems are vital to every
organisation. Our reliance on data and information, and the fact
that it is so easy to share, means that everyone is at risk of
cyber attack from hackers, viruses, online fraudsters, malicious
insiders, or even from simple human error. Manage cyber threat To
counter these threats you have to identify the real information
risks your business faces, then you need to find the most
appropriate way to mitigate such risks. Adopting the ISO27001
Standard will give your organisation a reliable framework for
creating an information security management system. The business
case for investing in information security This friendly guide,
updated to reflect ISO27001:2013, presents the compelling business
case for implementing ISO27001 in order to protect your information
assets. This makes it ideal reading for anyone unfamiliar with the
many benefits of the standard, and as a supporting document for an
ISO27001 project proposal. Understand ISO27001 and learn how your
organisation can: *Fight cybercrime - Introducing the ISO 27001
information security management system will help protect your
business from the threat of organised crime. *Combat cyber-terror -
Terrorist organisations now work with computers as well as
explosives. Introducing an information security management system
makes it easier to defend your company from a destructive
cyber-attack. *Improve your corporate governance - Reducing your
company's financial exposure to the risk of losses resulting from
IT system failure is now a corporate governance requirement. ISO
27001 will help you to comply. *Recover from accidents - With ISO
27001, you can minimise the risk that your information will be lost
or corrupted as a result of human error. Read this book to learn
how ISO27001 secures your information assets and protects your
business.
Protect your organisation's information assets using ISO27001:2013
Information is one of your organisation's most important resources.
Keeping that information secure is therefore vital to your
business. This handy pocket guide is an essential overview of two
key information security standards that cover the formal
requirements (ISO27001:2013) for creating an Information Security
Management System (ISMS), and the best-practice recommendations
(ISO27002:2013) for those responsible for initiating, implementing
or maintaining it. Furthering the objectives of your organisation
Information security means much more than a technology solution,
and requires buy-in from senior managers and the collaboration of
all staff in the organisation. For this reason, ISO27001 is not a
one-size-fits-all solution, nor is it designed to be a static,
fixed entity. By looking at ISO27001 and ISO27002 together, this
pocket guide gives a wider view of what it means to implement an
ISO27001 ISMS. Creating an ISMS based on ISO27001/ISO27002 will
help you to: *improve efficiency by having systems and procedures
in place, enabling you to focus more on your core business;
*protect your information assets from a wide range of cyber threats
such as criminal activity and fraud, user errors, outside attack,
insider compromise and system failure; *manage risk systematically
and put in place a plan to eliminate or reduce cyber threats to
your organisation; *prepare for the worst, as ISO27001 requires you
to monitor information security events, enabling earlier detection
of threats or processing errors, and faster resolution. Completely
up to date with the latest 2013 release of ISO27001,
ISO27001/ISO27002: A Pocket Guide covers: *The ISO/IEC 27000:2013
family of information security standards *Background to the
standards certification process *The ISMS and ISO27001:2013
*Specification vs. Code of Practice *Documentation and Records
*Management Responsibility *Policy and Scope *Risk Assessment
*Implementation *Continual Improvement
Deep in the heart of Nuropa's great forests live the Lascens - a
peace loving tribe that believe in community and co-operation,
their ethos being - 'Respect a human's being and the human being
will respect you.' But, all is not well within the thriving
community. The tribe's Sensitive unearths a dark secret and feels a
grievous, 'Changing of the age!' Matters are made far worse by the
early migration of the Gridlocks - monstrous creatures that travel
from the east of Nuropa in search of flesh, including human. The
tribe are forced to take refuge in their Fortress, where,
encouraged by the Sensitive, a knot of youngsters hatch a plan to
explore east and, for once and all, seek the truth to the
mysterious, 'Lands Beyond, ' a place that no Lascen dare speak of,
let alone venture! 'The Ages of Nuropa, The Embryo, is the first
instalment in a trilogy that explores human nature and its want for
power. The adventure continues in - The Ages of Nuropa II, The Nest
and III, The Flight.
The Ages of Nuropa, The Nest, book II in the Nuropean trilogy. With
the knowledge of their forbears discovered, and with the dreadful
truth of the present age upon them, the forest dwelling Lascens
head north-west, hoping to find a safe haven, leaving their once
peaceful settlement far behind. However, their uniqueness is now
known, and power hungry minds from the south are eager to exploit
them. And as agressive forces further dominate the land, the Lascen
youth, Coryn, and the tribe's other youngsters soon find themselves
thrown into a culture very different to their own. Ruthless
aquisition is the rage of the age. Intrigue, deceit, theft and
murder darken the Lascens' days as each eventually travel south to
sunny shores, where, beyond blood stained waves, lies an island -
an island that has spawned some of the life distorting amino's most
hideous creations.
From the depths of his conscience they came, their cry piteous and
haunting. Will William Phillips find the courage to face the truth,
or turn his back in hopeless desperation? SIX WOLVES, SIX CARVINGS
THAT MUST BE FOUND! When young William Phillips learns that a much
loved ancient wood is to be removed to make room for a shopping
complex, he is devastated. However, when people suddenly start to
go missing in his sleepy village and strange wolf carvings appear,
William soon finds himself embroiled in a mystery- a mystery that
if left unsolved could have terrifying consequences. Using the art
of story 'The Legacy of The Six Wolves' highlights important issues
in the world today, and is appropriate for both adult and teenage
readers.
This pocket guide is designed to provide the reader with a basic
understanding of how an organization's Information Technology
supports and enables the achievement of its strategies and
objectives. IT Governance recognizes that Information and
Information Technology is at the heart of the modern economy - and
at the heart of the modern business. It is a critical component of
corporate governance and this pocket guide provides an introduction
on how to approach this complex subject. This pocket guide
describes the drivers for IT governance; why it matters; the
relationship between IT governance, risk management, information
risk, project governance and compliance risk; lists the symptoms of
inadequate IT governance and the benefits that can be won by
implementing an IT governance framework, and describes - in
principle - how to go about doing this.
Clear guidance on aligning IT with the business Aligning IT with
the business is a key objective for boards and executives.
Organizations with effective IT governance consistently generate
better returns for their shareholders than equivalent organizations
with ineffective IT governance, and the directors of companies that
effectively govern their IT are significantly less exposed to
compliance and shareholder challenges than others. It links IT
governance to today's corporate governance environment and assesses
the corporate impact that the convergence of financial, accounting
and governance frameworks will have on organizations competing in
today's economy. Security governance and the role of the CIO
Whether it's protecting the organization from cyber-criminals,
avoiding privacy protection failures or getting IT projects to come
in on time, to budget and to specification, this book has the
answers. The proper role of the CIO, appropriate IT departmental
structures and the relationship between business strategy and IT
strategy are all examined and pragmatic, new approaches proposed.
It is not a technology book. It is written specifically for
directors, executives and senior business advisers - a high level
guide to the business-critical subject of leveraging IT to compete
more effectively in the information economy.
|
You may like...
Loot
Nadine Gordimer
Paperback
(2)
R398
R330
Discovery Miles 3 300
|