An ideal introduction and a quick reference to PCI DSS version 3.1 All businesses that accept payment cards are prey for hackers and criminal gangs trying to steal financial information and commit identity fraud. The PCI DSS (Payment Card Industry Data Security Standard) exists to ensure that businesses process credit and debit card orders in a way that protects cardholder data effectively. All organisations that accept, store, transmit or process cardholder data must comply with the Standard; failure to do so can have serious consequences for their ability to process card payments. Product overview Co-written by a PCI QSA (Qualified Security Assessor) and updated to cover PCI DSS version 3.1, this handy pocket guide provides all the information you need to consider as you approach the PCI DSS. It is also an ideal training resource for anyone in your organisation who deals with payment card processing. Coverage includes: An overview of Payment Card Industry Data Security Standard v3.1. A PCI self-assessment questionnaire (SAQ). Procedures and qualifications. An overview of the Payment Application Data Security Standard. Contents 1.What is the Payment Card Industry Data Security Standard (PCI DSS)? 2.What is the Scope of the PCI DSS? 3.Compliance and Compliance Programmes 4.Consequences of a Breach 5.How do you Comply with the Requirements of the Standard? 6.Maintaining Compliance 7.PCI DSS - The Standard 8.Aspects of PCI DSS Compliance 9.The PCI Self-Assessment Questionnaire 10.Procedures and Qualifications 11.The PCI DSS and ISO/IEC 27001 12.The Payment Application Data Security Standard (PA-DSS) 13.PIN Transaction Security (PTS) About the authors Alan Calder is the founder and executive chairman of IT Governance Ltd, an information, advice and consultancy firm that helps company boards tackle IT governance, risk management, compliance and information security issues. He has many years of senior management experience in the private and public sectors. Geraint Williams is a knowledgeable and experienced senior information security consultant and PCI QSA, with a strong technical background and experience of the PCI DSS and security testing. Geraint has provided consultancy on implementation of the PCI DSS, and conducted audits with a wide range of merchants and service providers. He has performed penetration testing and vulnerability assessments for various clients. Geraint leads the IT Governance CISSP Accelerated Training Programme, as well as the PCI Foundation and Implementer training courses. He has broad technical knowledge of security and IT infrastructure, including high performance computing, and Cloud computing. His certifications include CISSP, PCI QSA, CREST Registered Tester, CEH and CHFI."

When is a gift not a gift? When it's a bribe. For many, corporate hospitality oils the wheels of commerce. But where do you draw the line? Bribes, incentives and inducements are not just a matter of used banknotes stuffed in brown envelopes. Expenses, corporate settlement of personal bills, gifts and hospitality can all be used to influence business partners, clients and contractors. Can you afford unlimited fines? Under the Bribery Act 2010, a maximum of ten years' imprisonment and an unlimited fine may be imposed for offering, promising, giving, requesting, agreeing, receiving or accepting bribes. With such strict penalties, it's astonishing that so few companies have few or no measures in place to ensure that they are not liable for prosecution. This is especially astonishing as the Ministry of Justice's Quick start guide to the Bribery Act makes it clear that "There is a full defence if you can show you had adequate procedures in place to prevent bribery." Such procedures can be found in BS 10500:2010, the British Standard for anti-bribery management systems (ABMSs). How to implement an ABMS An Introduction to Anti-Bribery Management Systems (BS 10500) explains how to implement an ABMS that meets the requirements of BS 10500, from initial gap analysis to due diligence management: * An introduction to BS 10500 * An explanation of an ABMS * Management processes within an ABMS * Implementing an ABMS * Risk assessment in due diligence * Whistleblowing and bribery investigations * Internal auditing and corrective action * Certification to BS 10500 It provides helpful guidance on the importance of clearly defining policies; logging gifts and hospitality in auditable records; ensuring a consistent approach across the organisation; controls for contractors; facilitation payments; charitable and political donations; risk assessment in due diligence; whistle-blowing and bribery investigations; and internal auditing and corrective action. Meet the stringent requirements of the Bribery Act Not only will a BS 10500-compliant ABMS help your organisation prove its probity by meeting the stringent requirements of the Bribery Act, it can also be adapted to most legal or compliance systems. An ethical approach to business is not just a legal obligation but a way to protect your reputation. About the author Alan Field, MA, LL.B (Hons), PgC, MCQI CQP, MIIRSM, AIEMA, GIFireE, GradIOSH is a Chartered Quality Professional, an IRCA Registered Lead Auditor and member of the Society of Authors. Alan has particular expertise in auditing and assessing anti-bribery management systems to BS 10500 and public-sector counter-fraud systems to ISO9001. Alan has many years' experience with quality and integrated management systems in the legal, financial, property services and project management sectors in auditing, assessment and gap analysis roles. Your company's integrity is important. An Introduction to Anti-Bribery Management Systems (BS 10500) shows you how to maintain and prove it.

Take the first steps to ISO 14001 certification with this practical overview. This book provides practical advice on how to achieve compliance with ISO 14001:2015, the international standard for an EMS (environmental management system). With an EMS certified to ISO 14001, you can improve the efficiency of your business operations and fulfil compliance obligations, while reassuring your employees, clients and other stakeholders that you are monitoring your environmental impact. This easy-to-follow guide takes a step-by-step approach, and provides many sample documents to help you understand how to record and monitor your organisation's EMS processes. Ideal for compliance managers, IT and general managers, environmental officers, auditors and trainers, this book will provide you with: The confidence to plan and design an EMS. Detailed descriptions of the ISO 14001:2015 requirements will give you a clear understanding of the standard, even if you lack specialist knowledge or previous experience; Guidance to build stakeholder support for your EMS. Information on why it is important for an organisation to have an environmental policy, and a sample communications procedure will help you to raise awareness of the benefits of implementing an EMS; and Advice on how to become an ISO 14001-certified organisation. The book takes a step-by-step approach to implementing an 1SO 14001-compliant EMS. Key features: A concise summary of the ISO 14001:2015 requirements and how you can meet them. An overview of the documentation needed to achieve ISO 14001:2015 accreditation. Sample documents to help you understand how to record and monitor your organisation's environmental management processes. New for the second edition: Updated for ISO 14001:2015, including terms, definitions and references; Revised approach to take into account requirements to address "risks and opportunities". Your practical guide to implementing an EMS that complies with ISO 14001:2015 - buy this book today to get the help and guidance you need!

In the world as we know it, you can be attacked both physically and virtually. For today's organisations, which rely so heavily on technology - particularly the Internet - to do business, the latter is the far more threatening of the two. The cyber threat landscape is complex and constantly changing. For every vulnerability fixed, another pops up, ripe for exploitation. This book is a comprehensive cyber security implementation manual which gives practical guidance on the individual activities identified in the IT Governance Cyber Resilience Framework (CRF) that can help organisations become cyber resilient and combat the cyber threat landscape. Suitable for senior directors (CEO, CISO, CIO), compliance managers, privacy managers, IT managers, security analysts and others, the book is divided into six parts: Part 1: Introduction. The world of cyber security and the approach taken in this book. Part 2: Threats and vulnerabilities. A discussion of a range of threats organisations face, organised by threat category, to help you understand what you are defending yourself against before you start thinking about your actual defences. Part 3: The CRF processes. Detailed discussions of each of the 24 CRF processes, explaining a wide range of security areas by process category and offering guidance on how to implement each. Part 4: Eight steps to implementing cyber security. Our eight-step approach to implementing the cyber security processes you need and maintaining them. Part 5: Reference frameworks. An explanation of how standards and frameworks work, along with their benefits. It also presents ten framework options, introducing you to some of the best-known standards and giving you an idea of the range available. Part 6: Conclusion and appendices. The appendices include a glossary of all the acronyms and abbreviations used in this book. Whether you are just starting out on the road to cyber security or looking to enhance and improve your existing cyber resilience programme, it should be clear that cyber security is no longer optional in today's information age; it is an essential component of business success. Make sure you understand the threats and vulnerabilities your organisation faces and how the Cyber Resilience Framework can help you tackle them. Start your journey to cyber security now - buy this book today!

Protect your organisation from information security risks For any modern business to thrive, it must assess, control and audit the risks it faces in a manner appropriate to its risk appetite. As information-based risks and threats continue to proliferate, it is essential that they are addressed as an integral component of your enterprise's risk management strategy, not in isolation. They must be identified, documented, assessed and managed, and assigned to risk owners so that they can be mitigated and audited. Fundamentals of Information Risk Management Auditing provides insight and guidance on this practice for those considering a career in information risk management, and an introduction for non-specialists, such as those managing technical specialists. Product overview Fundamentals of Information Risk Management Auditing - An Introduction for Managers and Auditors has four main parts: What is risk and why is it important? An introduction to general risk management and information risk. Introduction to general IS and management risks An overview of general information security controls, and controls over the operation and management of information security, plus risks and controls for the confidentiality, integrity and availability of information. Introduction to application controls An introduction to application controls, the controls built into systems to ensure that they process data accurately and completely. Life as an information risk management specialist/auditor A guide for those considering, or undergoing, a career in information risk management. Each chapter contains an overview of the risks and controls that you may encounter when performing an audit of information risk, together with suggested mitigation approaches based on those risks and controls. Chapter summaries provide an overview of the salient points for easy reference, and case studies illustrate how those points are relevant to businesses. The book concludes with an examination of the skills and qualifications necessary for an information risk management auditor, an overview of typical job responsibilities, and an examination of the professional and ethical standards that an information risk auditor should adhere to. Topics covered Fundamentals of Information Risk Management Auditing covers, among other subjects, the three lines of defence; change management; service management; disaster planning; frameworks and approaches, including Agile, COBIT(R)5, CRAMM, PRINCE2(R), ITIL(R) and PMBOK; international standards, including ISO 31000, ISO 27001, ISO 22301 and ISO 38500; the UK Government's Cyber Essentials scheme; IT security controls; and application controls. About the author Christopher Wright is a qualified accountant, Certified Information Systems Auditor and Certified ScrumMaster(TM) with over 30 years' experience providing financial and IT advisory and risk management services. For 16 years, he worked at KPMG, where he was head of information risk training in the UK and also ran training courses overseas, including in India and throughout mainland Europe. He managed a number of major IS audit and risk assignments, including project risk and business control reviews. He has worked in a wide range of industry sectors including oil and gas, the public sector, aviation, and travel. For the past eight years, he has been an independent consultant specialising in financial, SOX and operational controls for major ERP implementations, mainly at oil and gas/utilities enterprises. He is an international speaker and trainer on Agile audit and governance, and is the author of two other titles, also published by ITGP: Agile Governance and Audit and Reviewing IT in Due Diligence.

The Universal Service Desk (USD) - Implementing, controlling and improving service delivery defines what a USD is, why it is valuable to an organisation and how to build and implement one. It also discusses the evolution of the USD as part of integrated workplace management. Understand the essentials of any USD - buy this book today!

Securing Cloud Services - A pragmatic guide gives an overview of security architecture processes and explains how they may be used to derive an appropriate set of security controls to manage the risks associated with working in the Cloud. Manage the risks associated with Cloud computing - buy this book today!

Cyber Security - Essential principles to secure your organisation takes you through the fundamentals of cyber security, the principles that underpin it, vulnerabilities and threats, and how to defend against attacks. Organisations large and small experience attacks every day, from simple phishing emails to intricate, detailed operations masterminded by criminal gangs, and for every vulnerability fixed, another pops up, ripe for exploitation. Cyber security doesn't have to cost vast amounts of money or take a short ice age to implement. No matter the size of your organisation, improving cyber security helps protect your data and that of your clients, improving business relations and opening the door to new opportunities. This pocket guide will take you through the essentials of cyber security - the principles that underpin it, vulnerabilities and threats and the attackers who use them, and how to defend against them - so you can confidently develop a cyber security programme. Cyber Security - Essential principles to secure your organisation Covers the key differences between cyber and information security; Explains how cyber security is increasingly mandatory and how this ties into data protection, e.g. the Data Protection Act 2018 and the GDPR (General Data Protection Regulation); Focuses on the nature of the problem, looking at technical, physical and human threats and vulnerabilities; Explores the importance of security by design; Gives guidance on why security should be balanced and centralised; and Introduces the concept of using standards and frameworks to manage cyber security. No matter the size of your organisation, cyber security is no longer optional - it is an essential component of business success and a critical defence against the risks of the information age. The only questions left are to decide when and where your journey will begin. Start that journey now - buy this book today!

ISO/IEC 27701:2019: An introduction to privacy information management offers a concise introduction to the Standard, aiding those organisations looking to improve their privacy information management regime, particularly where ISO/IEC 27701:2019 is involved.

A must-have resource for anyone looking to establish, implement and maintain an ISMS. Ideal for information security managers, auditors, consultants and organisations preparing for ISO 27001 certification, this book will help readers understand the requirements of an ISMS (information security management system) based on ISO 27001. Similarly, for anyone involved in internal or external audits, the book includes the definitive requirements that auditors must address when certifying organisations to ISO 27001. The book covers: Implementation guidance - what needs to be considered to fulfil the requirements of the controls from ISO/IEC 27001, Annex A. This guidance is aligned with ISO/IEC 27002, which gives advice on implementing the controls; Auditing guidance - what should be checked, and how, when examining the ISO/IEC 27001 controls to ensure that the implementation covers the ISMS control requirements. The implementation guidance gives clear descriptions covering what needs to be considered to achieve compliance against the requirements, with examples given throughout. The auditing guidance covers what evidence an auditor should look for in order to satisfy themselves that the requirement has been met. Useful for internal auditors and consultants, the auditing guidance will also be useful for information security managers and lead implementers as a means of confirming that their implementation and evidence to support it will be sufficient to pass an audit. This guide is intended to be used by those involved in: Designing, implementing and/or maintaining an ISMS; Preparing for ISMS audits and assessments; or Undertaking both internal and third-party ISMS audits and assessments About the author Bridget Kenyon (CISSP) is global CISO for Thales eSecurity. Her experience in information security started in 2000 with a role in network vulnerabilities at DERA, following which she has been a PCI Qualified Security Assessor, information security officer for Warwick University and head of information security for UCL, and has held a variety of roles in consultancy and academia. Bridget has been contributing to international standards since 2006, when she first joined BSI Panel 1, coordinating development of information security management system standards; she is currently editor for ISO/IEC 27014. Bridget has also co-authored three textbooks on information security. She strongly believes that "information security is fundamental to reliable business operations, not a nice-to-have". In 2018, she was named one of the top 25 women in tech by UK publication PCR.

Summary Explains in easy-to-understand terms what executives and senior managers need to know and do about the ever-changing cyber threat landscape. Gives strategic, business-focused guidance and advice relevant to C-suite executives. Provides an effective and efficient framework for managing cyber governance, risk and compliance. Explains what is required to implement an effective cyber security strategy. Description With high-profile cyber attacks, data breaches and fines for GDPR (General Data Protection Regulation) non-compliance hitting the headlines daily, businesses must protect themselves and their reputations, while reassuring stakeholders they take cyber security seriously. Cyber attacks are becoming more sophisticated and prevalent, and the cost of data breaches is soaring. In addition, new regulations and reporting requirements make cyber security a critical business issue. Board members and senior management must understand the threat landscape and the strategies they can employ to establish, implement and maintain effective cyber resilience throughout their organisation. How Cyber Security Can Protect your Business - A guide for all stakeholders provides an effective and efficient framework for managing cyber governance, risk and compliance, which organisations can adapt to meet their own risk appetite and synchronise with their people, processes and technology. It explains what is meant by governance, risk and compliance, how it applies to cyber security and what is required to implement an effective cyber security strategy. The pocket guide: Gives readers a greater understanding of cyber governance, risk and compliance; Explains what executives, senior managers and their advisors need to know and do about the ever-changing cyber threat landscape; Provides context as to why stakeholders need to be aware of and in control of their organisation's cyber risk management and cyber incident response; Gives guidance on building an appropriate and efficient governance framework that enables organisations to demonstrate their cyber approach in a non-technical, strategic, business-focused way; Details an overview process to enable risk assessment, assess existing defence mitigations and provide a framework for developing suitable controls; and Includes a checklist to help readers focus on their higher-priority cyber areas. Suitable for all managers and executives, this pocket guide will be of interest to non-cyber specialists, including non-executive directors, who may be required to review cyber arrangements. For cyber specialists, it provides an approach for explaining cyber issues in non-jargonistic, business-based language. Kick-start your journey to becoming cyber secure - buy this pocket guide today!

ISO 50001 - A strategic guide to establishing an energy management system provides a practical but strategic overview for leadership teams of what an EnMS (energy management system) is and how implementing one can bring added value to an organisation.

This useful pocket guide is an ideal introduction for those wanting to understand more about ISO 38500. It describes the scope, application and objectives of the Standard and outlines its six core principles.

This pocket guide is perfect as a quick reference for PCI professionals, or as a handy introduction for new staff. It explains the fundamental concepts of the latest iteration of the PCI DSS, v3.2.1, making it an ideal training resource. It will teach you how to protect your customers' cardholder data with best practice from the Standard.

Achieving certification to multiple ISO standards can be time consuming and costly, but an IMS incorporates all of an organisation's processes and systems so that they are working under - and towards - one set of policies and objectives. With an IMS, risks and opportunities are no longer managed in silos within the organisation, but with one unified or integrated approach from the leadership team. This guide discusses the benefits of an IMS, and the strategies you should consider before implementing one. It references a vast number of standards that can be integrated but stresses the need for senior management to lead the implementation by deciding upon objectives and which standards to include. Ideal for the c-suite, directors, compliance managers, auditors and trainers, this pocket guide will explain: -What an IMS is - even if you have no prior knowledge, this book will help you envisage what an IMS is and how it works; -How to develop a strategy for IMS implementation - this guide emphasises the importance of effectively planning your IMS implementation by having objectives set by senior management to encourage a unified approach; and -The benefits of an IMS - information on how an IMS can benefit your organisation, e.g. avoiding duplication of effort as management systems are no longer working in silos, reducing the number of audits required, and making more effective use of senior management time. Key features: -An easy-to-follow introduction to an IMS, and advice on IMS implementation strategies. -Discusses the challenges you may face during implementation and how to prepare for and overcome them. -Advice on audits and IMS certification.

Succeed as a PRINCE2(R) practitioner with this concise overview. PRINCE2 is the leading model for effective project management methodology. PRINCE2 certification will help you implement projects across your organisation efficiently, creating a controlled and manageable environment for employees. This guide explains the fundamental principles of PRINCE2 2017, enabling you to review essential themes before taking your PRINCE2 Foundation exam. Following accreditation, it serves as a reference guide to help you manage ongoing PRINCE2 projects within your organisation. Ideal for anyone involved with implementing a new project that uses the PRINCE2 framework, whether you are a student, project board member or team manager, this guide will help you: Prepare for your PRINCE2 2017 Foundation exam; Implement PRINCE2-aligned projects; and Enhance your skills as a PRINCE2 practitioner. Key features: Concise summary of the fundamental principles and themes of PRINCE2 2017. Clear and comprehensible format. Serves as a reference guide while you manage ongoing PRINCE2 projects. New for the third edition: Updated to align with PRINCE2 2017. New diagrams to aid understanding of the framework. A succinct reference guide that summarises the key elements of PRINCE2 2017 - buy this book today to get the help and guidance you need!

This pocket guide is an introduction to the EU's NIS Directive (Directive on security of network and information systems). It outlines the key requirements, details which digital service providers are within scope, and explains how the security objectives from ENISA's Technical Guidelines and international standards can help DSPs achieve compliance. This pocket guide is a primer for any DSP that needs to comply with the NIS Directive. The pocket guide helps DSPs: Gain insight into the NIS Directive and who is regulating it; Identify if they are within the scope of the Directive; Understand the key requirements; and Understand how guidance from international standards and ENISA can help them comply. Your essential guide to understanding the EU's NIS Directive - buy this book today and get the help and guidance you need.

This pocket guide is a primer for any OES (operators of essential services) that needs to comply with the NIS Regulations, and explores who they are, and why the NIS Regulations are different for them. An introduction to the new NIS Regulations 2018 that bring the EU's NIS Directive and Implementing Regulation into UK law. This guide outlines the requirements for operators of essential services based on the Cyber Assessment Framework established by the National Cyber Security Centre (NCSC), including an explanation of the objectives, principles and indicators of good practice, and offers implementation guidance. This guide will help you: Understand how to comply with NIS Regulations, and avoid penalties associated with non-compliance Unravel the key definitions, authorities and points of contact Learn the benefits of a good Cyber Resilience plan Interpret and ensure compliance with the Cyber Assessment Framework Establish the NCSC's cyber security objectives, principles and indicators of good practice Your essential guide to understanding the NIS Regulations - buy this book today and get the help and guidance you need.

This pocket guide is a primer for any DSPs (digital service providers) that needs to comply with the NIS Regulations, and explores who they are, and why the NIS Regulations are different for them. An introduction to the new NIS Regulations 2018 that bring the EU's NIS Directive and Implementing Regulation into UK law. This guide outlines the key requirements, details exactly which digital service providers are within scope, and explains how the security objectives from ENISA's Technical Guidelines and international standards can help DSPs achieve compliance. This guide will help you: Clarify how to identify if you are within the scope of the NIS Regulations Gain an insight into the NIS Directive Unravel the key definitions, authorities and points of contact Understand the benefits of a good cyber resilience plan Your essential guide to understanding the NIS Regulations - buy this book today and get the help and guidance you need

Now in its second edition, The Power of the Agile Business Analyst has expanded to include new Agile methods that have emerged or gained prominence since the first edition. Buy this book to learn how to revolutionise your Agile development and increase the value and relevancy of your project outcomes. Learn 30 realistic, achievable ways that an Agile business analyst can increase project efficiency, add value and improve quality. Find out how an Agile business analyst bridges the gap between the needs of the business and the resources of the development team. Now updated with current Agile methods, to support emerging and established business analysts to adapt to new trends. 30 ways an Agile business analyst can help Drawing on her extensive experience, Jamie proposes a new role for Agile projects: The Agile business analyst. She details 30 achievable ways that such a role will increase relevance, quality and overall business value, and provide business users with crucial support. The Agile business analyst is also a boon to the development team, being a ready source of business knowledge and ensuring that project outcomes align with requirements. This book has been updated to Incorporate behaviour-driven development into the work that the business analyst does to support interface design; Align the programme management strategies of the Scaled Agile Framework (SAFe) to encourage cross-organisational communication and participation; Include full updates throughout the Qualifications section in 'Getting the Right Agile Business Analyst for Your Team'; and Provide Agile updates, bringing the book back into line with current methods. Support your Agile business user for better project outcomes.

What do a jilted bride, a football team and a scientist all have in common? They are all case studies that demonstrate how PRINCE2(R) can be used to manage both professional and private lives. This book can be used as a guide to the PRINCE2 framework, using everyday language and experiences, and focusing on areas such as product-based planning, project management, team structure and project flexibility. The translations and illustrations give a real-life context to the method, and provide evidence of how to use (and how not to use) it. This step-by-step guide: Explains the principles of PRINCE2 in straightforward, manageable chunks; Emphasises how to apply PRINCE2 in practice, using real-life examples; Is written by an experienced PRINCE2 practitioner and trainer, so you can be sure that the information is based upon approaches that work; Gives clear explanations and practical illustrations in each section; Explains how to effectively apply PRINCE2's principles, themes and processes to your projects and other real-world scenarios; and Has been updated for PRINCE2 2017. Susan Tuttle has 20 years' experience in project management, programme management and change management, producing exceptional results across diverse industries. She is an accredited trainer in PRINCE2. Her training style is influenced by her strong commitment to human development. She uses learner-centred theories and principles in her training and writing to help explain and communicate difficult topics.

Understand how to protect your critical information infrastructure (CII). Billions of people use the services of critical infrastructure providers, such as ambulances, hospitals, and electricity and transport networks. This number is increasing rapidly, yet there appears to be little protection for many of these services. IT solutions have allowed organisations to increase their efficiency in order to be competitive. However, do we even know or realise what happens when IT solutions are not working - when they simply don't function at all or not in the way we expect? This book aims to teach the IT framework from within, allowing you to reduce dependence on IT systems and put in place the necessary processes and procedures to help protect your CII. Lessons Learned: Critical Information Infrastructure Protection is aimed at people who organise the protection of critical infrastructure, such as chief executive officers, business managers, risk managers, IT managers, information security managers, business continuity managers and civil servants. Most of the principles and recommendations described are also valid in organisations that are not critical infrastructure service providers. The book covers the following: - Lesson 1: Define critical infrastructure services. - Lesson 2: Describe the critical infrastructure service and determine its service level. - Lesson 3: Define the providers of critical infrastructure services. - Lesson 4: Identify the critical activities, resources and responsible persons needed to provide the critical infrastructure service. - Lesson 5: Analyse and identify the interdependencies of services and their reliance upon power supplies. - Lesson 6: Visualise critical infrastructure data. - Lesson 7: Identify important information systems and assess their importance. - Lesson 8: Identify and analyse the interconnections and dependencies of information systems. - Lesson 9: Focus on more critical services and prioritise your activities. - Lesson 10: Identify threats and vulnerabilities. - Lesson 11: Assess the impact of service disruptions. - Lesson 12: Assess the risks associated with the service and information system. - Lesson 13: Implement the necessary security measures. - Lesson 14: Create a functioning organisation to protect CII. - Lesson 15: Follow regulations to improve the cyber resilience of critical infrastructure services. - Lesson 16: Assess the security level of your information systems yourself and ask external experts to assess them as well. - Lesson 17: Scan networks yourself and ask external experts to scan them as well to find the systems that shouldn't be connected to the Internet but still are. - Lesson 18: Prepare business continuity and disaster recovery plans and test them at reasonable intervals. - Lesson 19: Establish reliable relations and maintain them. - Lesson 20: Share information and be a part of networks where information is shared. - Lesson 21: Train people to make sure they are aware of cyber threats and know the correct behaviour. - Lesson 22: If the CII protection system does not work as planned or give the desired output, make improvements. - Lesson 23: Be prepared to provide critical infrastructure services without IT systems. If possible, reduce dependence on IT systems. If possible, during a crisis, provide critical services at reduced functionality and/or in reduced volumes. Author Toomas Viira is a highly motivated, experienced and results-orientated cyber security risk manager and IT auditor. He has more than 20 years' experience in the IT and cyber security sectors.

This adapted version of CBSD for the Fundamentals Series explores the characteristics of IT-driven business services, their requirements and how to gather the right requirements to improve the service lifecycle throughout design, development and maintenance until decommissioning. By understanding IT-driven business services and anchoring them in a service design statement (SDS), you will be able to accelerate the translation of the needs of the business to the delivery of IT-intensive business services. Product overview CBSD supports portfolio, programme and project management by identifying key questions and structuring the creative process of designing services. Insight into the CBSD approach to deriving an SDS is therefore a practical and powerful tool to help you: - Promote a coherent design so that fundamental issues and requirements of needs are mapped, based on different perspectives between demand and supply; - Gain insight into the dynamics between stakeholders within an enterprise; - Reflect on and formulate a practical and realistic roadmap; and - Guide the development, build, programme management and maintenance of IT-driven business services. CBSD complements existing frameworks such as TOGAF(R), IT4IT, BiSL(R) Next and ITIL(R) by focusing on business architecture, a subject rarely discussed before designing an IT-intensive, complex business service. Who should read this book This book is intended for anyone responsible for designing and implementing IT-driven services or involved in their operation. This includes: - Internal and external service providers, such as service managers, contract managers, bid managers, lead architects and requirement analysts; - Business, financial, sales, marketing and operations managers who are responsible for output and outcome; - Sales and product managers who need to present and improve service offerings; - Developers who need to develop new and improved services; - Contract managers and those responsible for purchasing; and - Consultants, strategists, business managers, business process owners, business architects, business information managers, chief information officers, information systems owners and information architects. Collaborative Business Design: The Fundamentals is part of the Fundamentals Series. Authors Brian Johnson has published more than 30 books, including a dozen official titles in the IT Infrastructure Library (ITIL), all of which are used worldwide. He designed and led the programme for ITIL version 2. He has fulfilled many roles during his career, including vice president, chief architect, senior director and executive consultant. One of his current roles is chief architect at the ASL BiSL Foundation, which provides guidance on business information management to a wide range of public and private-sector businesses in the Benelux region. Brian is chief architect for the redesign of all guidance and is the author of new strategic publications. Leon-Paul de Rouw studied technical management and organisation sociology. He worked for several years as a consultant and researcher in the private sector. Since 2003, he has been a programme manager with the central government in the Netherlands. He is responsible for all types of projects and programmes that focus on business enabled by IT.