ISO/IEC 27001:2005 is an international standard for information security management systems (ISMSs). Closely allied to ISO/IEC 27002:2005 (which used to be known as ISO17799), this standard (sometimes called the ISMS standard) can help organisations meet all their information-related regulatory compliance objectives and can help them prepare and position themselves for new and emerging regulations. Information is the lifeblood of today s organis-ation and, therefore, ensuring that information is simultaneously protected and available to those who need it is essential to modern business operations. Information systems are not usually designed from the outset to be secure. Technical security measures and checklists are limited in their ability to protect a complete information system. Management systems and procedural controls are essential components of any really secure information system and, to be effective, need careful planning and attention to detail. ISO/IEC 27001 provides the specification for an information security management system and, in the related Code of Practice, ISO/IEC 27002, it draws on the knowledge of a group of experienced information security practitioners in a wide range of significant organisations across more than 40 countries to set out best practice in information security. An ISO27001-compliant system will provide a systematic approach to ensuring the availability, confidentiality and integrity of corporate information. The controls of ISO27001 are based on identifying and combating the entire range of potential risks to the organisation s information assets. This helpful, handy ISO27001/ISO27002 pocket guide gives a useful overview of these two important information security standards. Key features include: The ISO/IEC 27000 Family of Information Security Standards Background to the Standards Specification vs Code of Practice Certification process The ISMS and ISO27001 Overview of ISO/IEC 27001:2005 Documentation & Records Management Responsibility Policy & Scope Risk Assessment Implementation

A clear, concise primer on the GDPR The GDPR aims to unify data protection and ease the flow of personal data across the EU. It applies to every organisation in the world that handles EU residents' personal data. While the GDPR is not law in countries outside the EU, it is effectively part of the legislative environment for organisations that do business with the EU. This is enforced through a combination of international trade law and business pressure - after all, a partner in the EU is unlikely to want to risk engaging with a company in the US, Australia or Singapore (or anywhere else) that will put them at risk. EU GDPR - An international guide to compliance is the ideal resource for anyone wanting a clear primer on the principles of data protection and their obligations under the GDPR. A concise pocket guide, it will help you understand: The terms and definitions used in the GDPR, including explanations; The key requirements of the GDPR, including: Which fines apply to which Articles; The principles that should be applied to any collection and processing of personal data; The Regulation's applicability; Data subjects' rights; Data protection impact assessments; The data protection officer role and whether you need one; Data breaches, and notifying supervisory authorities and data subjects; and Obligations for international data transfers. How to comply with the Regulation, including: Understanding your data, and where and how it is used (e.g. Cloud suppliers, physical records); The documentation you must maintain (such as statements of the information you collect and process, records of data subject consent, processes for protecting personal data); and The "appropriate technical and organisational measures" you need to take to ensure compliance with the Regulation. A full index of the Regulation, enabling you to find relevant Articles quickly and easily. Supplemental material While most of the EU GDPR's requirements are broadly unchanged in the UK GDPR, the context is quite different and will have knock-on effects. You may need to update contracts regarding EU-UK data transfers, incorporate standard contractual clauses into existing agreements, and update your policies, processes and procedural documentation as a result of these changes. We have published a supplement that sets out specific extra or amended information for this pocket guide. Click here to download the supplement.

Is your organisation prepared? In an increasingly volatile world, exemplified by the 2020 COVID-19 pandemic, organisations are looking at business continuity with a fresh perspective. While most organisations believe they are prepared for disruption, COVID-19 has proved otherwise. The need for business continuity has never been clearer. If you were hit by a cyber attack and lost the use of your IT systems, would you be able to carry on? If your business premises were forced to close, what would you do? If you were affected by unexpected staff absence, how could you reassure your customers that you can still offer them the service they expect? Being unprepared can lead to financial and reputational damage, which could prove disastrous. You could fail to keep up with customer demand or lose important business, or your customers could go elsewhere. Without a proper risk assessment strategy, your company directors could even face prosecution if a major incident occurs and results in loss or injury. An introduction to ISO 22301 To minimise the impact of a disaster on your business, and to continue to provide essential services to your customers, you need to put in place a BCMS (business continuity management system). This pocket guide will help you understand the basics of business continuity and ISO 22301:2019, the international standard that describes the specification for a BCMS. It covers: What business continuity is; Key terms and definitions; A brief history of business continuity management; The BCMS; ISO 22301 BCMS requirements; and Certification. ISO 22301:2019 - An introduction to a business continuity management system (BCMS) provides an easy-to-read and straightforward introduction to a BCMS that business continuity managers, compliance managers, C-suites and disaster recovery planners - or any organisation implementing, or considering implementing, an ISO 22301 BCMS - will find valuable.

ISO/IEC38500 is the international standard for the corporate governance of information and communication technology. The purpose of the standard is to create a framework to ensure that the Board is appropriately involved in the governance of the organisation's IT. The standard sets out guiding principles for directors on how to ensure the effective, efficient and acceptable use of IT within their company. This useful pocket guide provides an account of the scope and objectives of the standard. It outlines the standard's six core principles, sets out the three major tasks that the standard assigns to directors regarding IT, and explains the interrelationship between the two. The guide also offers advice on how to set up and implement the IT governance framework. Business benefits of ISO/IEC 38500 (ISO38500) include: Manage the organisation's investment in IT responsibly The pocket guide shows how the standard can be used to ensure that your decision making about IT investment remains clear and transparent, and that the associated risks are clearly understood. Meet compliance requirements ISO/IEC38500 requires directors to verify that their IT systems are in compliance with all applicable regulations. As this pocket guide explains, following the procedures set out in ISO/IEC38500 will help company directors both to achieve and demonstrate compliance. Improve the performance of the organisation On average, investment in IT represents more than 50 per cent of every organisation's annual capital investment. Both private and public sector organisations need to maintain a high standard of service while at the same time keeping costs low. The pocket guide looks at how following the guidance contained in ISO/IEC38500 can enable directors to retain a grip on costs and obtain better value for money from IT equipment. Introduce effective project governance This pocket guide describes how ISO/IEC38500 can help company directors to identify problems in an IT project at an early stage. In this way, the standard promotes effective management of the risks associated with major IT projects, enables the board to keep a grip on budgets and militates against project failure. Implement ISO38500, the international standard for corporate governance of IT An IT governance framework serves to close the gap between the importance of IT and the understanding of IT. For this reason, you can use an IT governance framework to improve your company's competitive position.

Faced with the compliance requirements of increasingly punitive information and privacy-related regulation, as well as the proliferation of complex threats to information security, there is an urgent need for organizations to adopt IT governance best practice. IT Governance is a key international resource for managers in organizations of all sizes and across industries, and deals with the strategic and operational aspects of information security. Now in its seventh edition, the bestselling IT Governance provides guidance for companies looking to protect and enhance their information security management systems (ISMS) and protect themselves against cyber threats. The new edition covers changes in global regulation, particularly GDPR, and updates to standards in the ISO/IEC 27000 family, BS 7799-3:2017 (information security risk management) plus the latest standards on auditing. It also includes advice on the development and implementation of an ISMS that will meet the ISO 27001 specification and how sector-specific standards can and should be factored in. With information on risk assessments, compliance, equipment and operations security, controls against malware and asset management, IT Governance is the definitive guide to implementing an effective information security management and governance system.

Faced with the compliance requirements of increasingly punitive information and privacy-related regulation, as well as the proliferation of complex threats to information security, there is an urgent need for organizations to adopt IT governance best practice. IT Governance is a key international resource for managers in organizations of all sizes and across industries, and deals with the strategic and operational aspects of information security. Now in its seventh edition, the bestselling IT Governance provides guidance for companies looking to protect and enhance their information security management systems (ISMS) and protect themselves against cyber threats. The new edition covers changes in global regulation, particularly GDPR, and updates to standards in the ISO/IEC 27000 family, BS 7799-3:2017 (information security risk management) plus the latest standards on auditing. It also includes advice on the development and implementation of an ISMS that will meet the ISO 27001 specification and how sector-specific standards can and should be factored in. With information on risk assessments, compliance, equipment and operations security, controls against malware and asset management, IT Governance is the definitive guide to implementing an effective information security management and governance system.

This pocket guide serves as an introduction to the National Institute of Standards and Technology (NIST) and to its Cybersecurity Framework (CSF). This is a US focused product. Now more than ever, organizations need to have a strong and flexible cybersecurity strategy in place in order to both protect themselves and be able to continue business in the event of a successful attack. The NIST CSF is a framework for organizations to manage and mitigate cybersecurity risk based on existing standards, guidelines, and practices. With this pocket guide you can: Adapt the CSF for organizations of any size to implement Establish an entirely new cybersecurity program, improve an existing one, or simply provide an opportunity to review your cybersecurity practices Break down the CSF and understand how other frameworks, such as ISO 27001 and ISO 22301, can integrate into your cybersecurity framework By implementing the CSF in accordance with their needs, organizations can manage cybersecurity risks in the most cost-effective way possible, maximizing the return on investment in the organization's security. This pocket guide also aims to help you take a structured, sensible, risk-based approach to cybersecurity.

Corporate governance increasingly provides the context within which twenty-first century organisations have to assess and deal with their investments in, and risks to, their corporate information assets and the Information and Communications Technology (ICT, or just IT) infrastructure within which those information assets are collected, manipulated, stored and deployed. But what is corporate governance, and why is it important to the IT professional? Why is IT governance important to the company director, and what do directors of companies both quoted and unquoted need to know? This book aims to do two things; The first is to set out for managers, executives and IT professionals the practical steps necessary to meet today s corporate and IT governance requirements. The second is to provide practical guidance on how board executives and IT professionals can navigate and deploy to best corporate and commercial advantage the numerous IT management and IT governance frameworks and standards particularly ISO/IEC 38500 that have been published over the course of the last 10 years. Each of these standards and frameworks has a potentially valuable role to play in the organisation; the challenge lies in integrating them so that each can deliver what it was designed to do, and do this within the context of an overarching framework (a super framework , or meta-framework ) that enables each organisation to design IT governance to meet its own needs.

Information is the currency of the information age and in many cases is the most valuable asset possessed by an organisation. Information security management is the discipline that focuses on protecting and securing these assets against the threats of natural disasters, fraud and other criminal activity, user error and system failure. Effective information security can be defined as the 'preservation of confidentiality, integrity and availability of information.' This book describes the approach taken by many organisations to realise these objectives. It discusses how information security cannot be achieved through technological means alone, but should include factors such as the organisation's approach to risk and pragmatic day-to-day business operations. This Management Guide provides an overview of the implementation of an Information Security Management System that conforms to the requirements of ISO/IEC 27001:2005 and which uses controls derived from ISO/IEC 17799:2005. It covers the following: Certification Risk Documentation and Project Management issues Process approach and the PDCA cycle Preparation for an Audit

In the world as we know it, you can be attacked both physically and virtually. For today's organisations, which rely so heavily on technology - particularly the Internet - to do business, the latter is the far more threatening of the two. The cyber threat landscape is complex and constantly changing. For every vulnerability fixed, another pops up, ripe for exploitation. This book is a comprehensive cyber security implementation manual which gives practical guidance on the individual activities identified in the IT Governance Cyber Resilience Framework (CRF) that can help organisations become cyber resilient and combat the cyber threat landscape. Suitable for senior directors (CEO, CISO, CIO), compliance managers, privacy managers, IT managers, security analysts and others, the book is divided into six parts: Part 1: Introduction. The world of cyber security and the approach taken in this book. Part 2: Threats and vulnerabilities. A discussion of a range of threats organisations face, organised by threat category, to help you understand what you are defending yourself against before you start thinking about your actual defences. Part 3: The CRF processes. Detailed discussions of each of the 24 CRF processes, explaining a wide range of security areas by process category and offering guidance on how to implement each. Part 4: Eight steps to implementing cyber security. Our eight-step approach to implementing the cyber security processes you need and maintaining them. Part 5: Reference frameworks. An explanation of how standards and frameworks work, along with their benefits. It also presents ten framework options, introducing you to some of the best-known standards and giving you an idea of the range available. Part 6: Conclusion and appendices. The appendices include a glossary of all the acronyms and abbreviations used in this book. Whether you are just starting out on the road to cyber security or looking to enhance and improve your existing cyber resilience programme, it should be clear that cyber security is no longer optional in today's information age; it is an essential component of business success. Make sure you understand the threats and vulnerabilities your organisation faces and how the Cyber Resilience Framework can help you tackle them. Start your journey to cyber security now - buy this book today!

What do you do to keep your business information secure? Information and information systems are vital to every organisation. Our reliance on data and information, and the fact that it is so easy to share, means that everyone is at risk of cyber attack from hackers, viruses, online fraudsters, malicious insiders, or even from simple human error. Manage cyber threat To counter these threats you have to identify the real information risks your business faces, then you need to find the most appropriate way to mitigate such risks. Adopting the ISO27001 Standard will give your organisation a reliable framework for creating an information security management system. The business case for investing in information security This friendly guide, updated to reflect ISO27001:2013, presents the compelling business case for implementing ISO27001 in order to protect your information assets. This makes it ideal reading for anyone unfamiliar with the many benefits of the standard, and as a supporting document for an ISO27001 project proposal. Understand ISO27001 and learn how your organisation can: *Fight cybercrime - Introducing the ISO 27001 information security management system will help protect your business from the threat of organised crime. *Combat cyber-terror - Terrorist organisations now work with computers as well as explosives. Introducing an information security management system makes it easier to defend your company from a destructive cyber-attack. *Improve your corporate governance - Reducing your company's financial exposure to the risk of losses resulting from IT system failure is now a corporate governance requirement. ISO 27001 will help you to comply. *Recover from accidents - With ISO 27001, you can minimise the risk that your information will be lost or corrupted as a result of human error. Read this book to learn how ISO27001 secures your information assets and protects your business.

Protect your organisation's information assets using ISO27001:2013 Information is one of your organisation's most important resources. Keeping that information secure is therefore vital to your business. This handy pocket guide is an essential overview of two key information security standards that cover the formal requirements (ISO27001:2013) for creating an Information Security Management System (ISMS), and the best-practice recommendations (ISO27002:2013) for those responsible for initiating, implementing or maintaining it. Furthering the objectives of your organisation Information security means much more than a technology solution, and requires buy-in from senior managers and the collaboration of all staff in the organisation. For this reason, ISO27001 is not a one-size-fits-all solution, nor is it designed to be a static, fixed entity. By looking at ISO27001 and ISO27002 together, this pocket guide gives a wider view of what it means to implement an ISO27001 ISMS. Creating an ISMS based on ISO27001/ISO27002 will help you to: *improve efficiency by having systems and procedures in place, enabling you to focus more on your core business; *protect your information assets from a wide range of cyber threats such as criminal activity and fraud, user errors, outside attack, insider compromise and system failure; *manage risk systematically and put in place a plan to eliminate or reduce cyber threats to your organisation; *prepare for the worst, as ISO27001 requires you to monitor information security events, enabling earlier detection of threats or processing errors, and faster resolution. Completely up to date with the latest 2013 release of ISO27001, ISO27001/ISO27002: A Pocket Guide covers: *The ISO/IEC 27000:2013 family of information security standards *Background to the standards certification process *The ISMS and ISO27001:2013 *Specification vs. Code of Practice *Documentation and Records *Management Responsibility *Policy and Scope *Risk Assessment *Implementation *Continual Improvement

Deep in the heart of Nuropa's great forests live the Lascens - a peace loving tribe that believe in community and co-operation, their ethos being - 'Respect a human's being and the human being will respect you.' But, all is not well within the thriving community. The tribe's Sensitive unearths a dark secret and feels a grievous, 'Changing of the age!' Matters are made far worse by the early migration of the Gridlocks - monstrous creatures that travel from the east of Nuropa in search of flesh, including human. The tribe are forced to take refuge in their Fortress, where, encouraged by the Sensitive, a knot of youngsters hatch a plan to explore east and, for once and all, seek the truth to the mysterious, 'Lands Beyond, ' a place that no Lascen dare speak of, let alone venture! 'The Ages of Nuropa, The Embryo, is the first instalment in a trilogy that explores human nature and its want for power. The adventure continues in - The Ages of Nuropa II, The Nest and III, The Flight.

The Ages of Nuropa, The Nest, book II in the Nuropean trilogy. With the knowledge of their forbears discovered, and with the dreadful truth of the present age upon them, the forest dwelling Lascens head north-west, hoping to find a safe haven, leaving their once peaceful settlement far behind. However, their uniqueness is now known, and power hungry minds from the south are eager to exploit them. And as agressive forces further dominate the land, the Lascen youth, Coryn, and the tribe's other youngsters soon find themselves thrown into a culture very different to their own. Ruthless aquisition is the rage of the age. Intrigue, deceit, theft and murder darken the Lascens' days as each eventually travel south to sunny shores, where, beyond blood stained waves, lies an island - an island that has spawned some of the life distorting amino's most hideous creations.

From the depths of his conscience they came, their cry piteous and haunting. Will William Phillips find the courage to face the truth, or turn his back in hopeless desperation? SIX WOLVES, SIX CARVINGS THAT MUST BE FOUND! When young William Phillips learns that a much loved ancient wood is to be removed to make room for a shopping complex, he is devastated. However, when people suddenly start to go missing in his sleepy village and strange wolf carvings appear, William soon finds himself embroiled in a mystery- a mystery that if left unsolved could have terrifying consequences. Using the art of story 'The Legacy of The Six Wolves' highlights important issues in the world today, and is appropriate for both adult and teenage readers.

This pocket guide is designed to provide the reader with a basic understanding of how an organization's Information Technology supports and enables the achievement of its strategies and objectives. IT Governance recognizes that Information and Information Technology is at the heart of the modern economy - and at the heart of the modern business. It is a critical component of corporate governance and this pocket guide provides an introduction on how to approach this complex subject. This pocket guide describes the drivers for IT governance; why it matters; the relationship between IT governance, risk management, information risk, project governance and compliance risk; lists the symptoms of inadequate IT governance and the benefits that can be won by implementing an IT governance framework, and describes - in principle - how to go about doing this.

Clear guidance on aligning IT with the business Aligning IT with the business is a key objective for boards and executives. Organizations with effective IT governance consistently generate better returns for their shareholders than equivalent organizations with ineffective IT governance, and the directors of companies that effectively govern their IT are significantly less exposed to compliance and shareholder challenges than others. It links IT governance to today's corporate governance environment and assesses the corporate impact that the convergence of financial, accounting and governance frameworks will have on organizations competing in today's economy. Security governance and the role of the CIO Whether it's protecting the organization from cyber-criminals, avoiding privacy protection failures or getting IT projects to come in on time, to budget and to specification, this book has the answers. The proper role of the CIO, appropriate IT departmental structures and the relationship between business strategy and IT strategy are all examined and pragmatic, new approaches proposed. It is not a technology book. It is written specifically for directors, executives and senior business advisers - a high level guide to the business-critical subject of leveraging IT to compete more effectively in the information economy.