An ideal introduction and a quick reference to PCI DSS version 3.1 All businesses that accept payment cards are prey for hackers and criminal gangs trying to steal financial information and commit identity fraud. The PCI DSS (Payment Card Industry Data Security Standard) exists to ensure that businesses process credit and debit card orders in a way that protects cardholder data effectively. All organisations that accept, store, transmit or process cardholder data must comply with the Standard; failure to do so can have serious consequences for their ability to process card payments. Product overview Co-written by a PCI QSA (Qualified Security Assessor) and updated to cover PCI DSS version 3.1, this handy pocket guide provides all the information you need to consider as you approach the PCI DSS. It is also an ideal training resource for anyone in your organisation who deals with payment card processing. Coverage includes: An overview of Payment Card Industry Data Security Standard v3.1. A PCI self-assessment questionnaire (SAQ). Procedures and qualifications. An overview of the Payment Application Data Security Standard. Contents 1.What is the Payment Card Industry Data Security Standard (PCI DSS)? 2.What is the Scope of the PCI DSS? 3.Compliance and Compliance Programmes 4.Consequences of a Breach 5.How do you Comply with the Requirements of the Standard? 6.Maintaining Compliance 7.PCI DSS - The Standard 8.Aspects of PCI DSS Compliance 9.The PCI Self-Assessment Questionnaire 10.Procedures and Qualifications 11.The PCI DSS and ISO/IEC 27001 12.The Payment Application Data Security Standard (PA-DSS) 13.PIN Transaction Security (PTS) About the authors Alan Calder is the founder and executive chairman of IT Governance Ltd, an information, advice and consultancy firm that helps company boards tackle IT governance, risk management, compliance and information security issues. He has many years of senior management experience in the private and public sectors. Geraint Williams is a knowledgeable and experienced senior information security consultant and PCI QSA, with a strong technical background and experience of the PCI DSS and security testing. Geraint has provided consultancy on implementation of the PCI DSS, and conducted audits with a wide range of merchants and service providers. He has performed penetration testing and vulnerability assessments for various clients. Geraint leads the IT Governance CISSP Accelerated Training Programme, as well as the PCI Foundation and Implementer training courses. He has broad technical knowledge of security and IT infrastructure, including high performance computing, and Cloud computing. His certifications include CISSP, PCI QSA, CREST Registered Tester, CEH and CHFI."

When is a gift not a gift? When it's a bribe. For many, corporate hospitality oils the wheels of commerce. But where do you draw the line? Bribes, incentives and inducements are not just a matter of used banknotes stuffed in brown envelopes. Expenses, corporate settlement of personal bills, gifts and hospitality can all be used to influence business partners, clients and contractors. Can you afford unlimited fines? Under the Bribery Act 2010, a maximum of ten years' imprisonment and an unlimited fine may be imposed for offering, promising, giving, requesting, agreeing, receiving or accepting bribes. With such strict penalties, it's astonishing that so few companies have few or no measures in place to ensure that they are not liable for prosecution. This is especially astonishing as the Ministry of Justice's Quick start guide to the Bribery Act makes it clear that "There is a full defence if you can show you had adequate procedures in place to prevent bribery." Such procedures can be found in BS 10500:2010, the British Standard for anti-bribery management systems (ABMSs). How to implement an ABMS An Introduction to Anti-Bribery Management Systems (BS 10500) explains how to implement an ABMS that meets the requirements of BS 10500, from initial gap analysis to due diligence management: * An introduction to BS 10500 * An explanation of an ABMS * Management processes within an ABMS * Implementing an ABMS * Risk assessment in due diligence * Whistleblowing and bribery investigations * Internal auditing and corrective action * Certification to BS 10500 It provides helpful guidance on the importance of clearly defining policies; logging gifts and hospitality in auditable records; ensuring a consistent approach across the organisation; controls for contractors; facilitation payments; charitable and political donations; risk assessment in due diligence; whistle-blowing and bribery investigations; and internal auditing and corrective action. Meet the stringent requirements of the Bribery Act Not only will a BS 10500-compliant ABMS help your organisation prove its probity by meeting the stringent requirements of the Bribery Act, it can also be adapted to most legal or compliance systems. An ethical approach to business is not just a legal obligation but a way to protect your reputation. About the author Alan Field, MA, LL.B (Hons), PgC, MCQI CQP, MIIRSM, AIEMA, GIFireE, GradIOSH is a Chartered Quality Professional, an IRCA Registered Lead Auditor and member of the Society of Authors. Alan has particular expertise in auditing and assessing anti-bribery management systems to BS 10500 and public-sector counter-fraud systems to ISO9001. Alan has many years' experience with quality and integrated management systems in the legal, financial, property services and project management sectors in auditing, assessment and gap analysis roles. Your company's integrity is important. An Introduction to Anti-Bribery Management Systems (BS 10500) shows you how to maintain and prove it.

Take the first steps to ISO 14001 certification with this practical overview. This book provides practical advice on how to achieve compliance with ISO 14001:2015, the international standard for an EMS (environmental management system). With an EMS certified to ISO 14001, you can improve the efficiency of your business operations and fulfil compliance obligations, while reassuring your employees, clients and other stakeholders that you are monitoring your environmental impact. This easy-to-follow guide takes a step-by-step approach, and provides many sample documents to help you understand how to record and monitor your organisation's EMS processes. Ideal for compliance managers, IT and general managers, environmental officers, auditors and trainers, this book will provide you with: The confidence to plan and design an EMS. Detailed descriptions of the ISO 14001:2015 requirements will give you a clear understanding of the standard, even if you lack specialist knowledge or previous experience; Guidance to build stakeholder support for your EMS. Information on why it is important for an organisation to have an environmental policy, and a sample communications procedure will help you to raise awareness of the benefits of implementing an EMS; and Advice on how to become an ISO 14001-certified organisation. The book takes a step-by-step approach to implementing an 1SO 14001-compliant EMS. Key features: A concise summary of the ISO 14001:2015 requirements and how you can meet them. An overview of the documentation needed to achieve ISO 14001:2015 accreditation. Sample documents to help you understand how to record and monitor your organisation's environmental management processes. New for the second edition: Updated for ISO 14001:2015, including terms, definitions and references; Revised approach to take into account requirements to address "risks and opportunities". Your practical guide to implementing an EMS that complies with ISO 14001:2015 - buy this book today to get the help and guidance you need!

In the world as we know it, you can be attacked both physically and virtually. For today's organisations, which rely so heavily on technology - particularly the Internet - to do business, the latter is the far more threatening of the two. The cyber threat landscape is complex and constantly changing. For every vulnerability fixed, another pops up, ripe for exploitation. This book is a comprehensive cyber security implementation manual which gives practical guidance on the individual activities identified in the IT Governance Cyber Resilience Framework (CRF) that can help organisations become cyber resilient and combat the cyber threat landscape. Suitable for senior directors (CEO, CISO, CIO), compliance managers, privacy managers, IT managers, security analysts and others, the book is divided into six parts: Part 1: Introduction. The world of cyber security and the approach taken in this book. Part 2: Threats and vulnerabilities. A discussion of a range of threats organisations face, organised by threat category, to help you understand what you are defending yourself against before you start thinking about your actual defences. Part 3: The CRF processes. Detailed discussions of each of the 24 CRF processes, explaining a wide range of security areas by process category and offering guidance on how to implement each. Part 4: Eight steps to implementing cyber security. Our eight-step approach to implementing the cyber security processes you need and maintaining them. Part 5: Reference frameworks. An explanation of how standards and frameworks work, along with their benefits. It also presents ten framework options, introducing you to some of the best-known standards and giving you an idea of the range available. Part 6: Conclusion and appendices. The appendices include a glossary of all the acronyms and abbreviations used in this book. Whether you are just starting out on the road to cyber security or looking to enhance and improve your existing cyber resilience programme, it should be clear that cyber security is no longer optional in today's information age; it is an essential component of business success. Make sure you understand the threats and vulnerabilities your organisation faces and how the Cyber Resilience Framework can help you tackle them. Start your journey to cyber security now - buy this book today!

The Universal Service Desk (USD) - Implementing, controlling and improving service delivery defines what a USD is, why it is valuable to an organisation and how to build and implement one. It also discusses the evolution of the USD as part of integrated workplace management. Understand the essentials of any USD - buy this book today!

Securing Cloud Services - A pragmatic guide gives an overview of security architecture processes and explains how they may be used to derive an appropriate set of security controls to manage the risks associated with working in the Cloud. Manage the risks associated with Cloud computing - buy this book today!

Cyber Security - Essential principles to secure your organisation takes you through the fundamentals of cyber security, the principles that underpin it, vulnerabilities and threats, and how to defend against attacks. Organisations large and small experience attacks every day, from simple phishing emails to intricate, detailed operations masterminded by criminal gangs, and for every vulnerability fixed, another pops up, ripe for exploitation. Cyber security doesn't have to cost vast amounts of money or take a short ice age to implement. No matter the size of your organisation, improving cyber security helps protect your data and that of your clients, improving business relations and opening the door to new opportunities. This pocket guide will take you through the essentials of cyber security - the principles that underpin it, vulnerabilities and threats and the attackers who use them, and how to defend against them - so you can confidently develop a cyber security programme. Cyber Security - Essential principles to secure your organisation Covers the key differences between cyber and information security; Explains how cyber security is increasingly mandatory and how this ties into data protection, e.g. the Data Protection Act 2018 and the GDPR (General Data Protection Regulation); Focuses on the nature of the problem, looking at technical, physical and human threats and vulnerabilities; Explores the importance of security by design; Gives guidance on why security should be balanced and centralised; and Introduces the concept of using standards and frameworks to manage cyber security. No matter the size of your organisation, cyber security is no longer optional - it is an essential component of business success and a critical defence against the risks of the information age. The only questions left are to decide when and where your journey will begin. Start that journey now - buy this book today!

ISO/IEC 27701:2019: An introduction to privacy information management offers a concise introduction to the Standard, aiding those organisations looking to improve their privacy information management regime, particularly where ISO/IEC 27701:2019 is involved.

Summary Explains in easy-to-understand terms what executives and senior managers need to know and do about the ever-changing cyber threat landscape. Gives strategic, business-focused guidance and advice relevant to C-suite executives. Provides an effective and efficient framework for managing cyber governance, risk and compliance. Explains what is required to implement an effective cyber security strategy. Description With high-profile cyber attacks, data breaches and fines for GDPR (General Data Protection Regulation) non-compliance hitting the headlines daily, businesses must protect themselves and their reputations, while reassuring stakeholders they take cyber security seriously. Cyber attacks are becoming more sophisticated and prevalent, and the cost of data breaches is soaring. In addition, new regulations and reporting requirements make cyber security a critical business issue. Board members and senior management must understand the threat landscape and the strategies they can employ to establish, implement and maintain effective cyber resilience throughout their organisation. How Cyber Security Can Protect your Business - A guide for all stakeholders provides an effective and efficient framework for managing cyber governance, risk and compliance, which organisations can adapt to meet their own risk appetite and synchronise with their people, processes and technology. It explains what is meant by governance, risk and compliance, how it applies to cyber security and what is required to implement an effective cyber security strategy. The pocket guide: Gives readers a greater understanding of cyber governance, risk and compliance; Explains what executives, senior managers and their advisors need to know and do about the ever-changing cyber threat landscape; Provides context as to why stakeholders need to be aware of and in control of their organisation's cyber risk management and cyber incident response; Gives guidance on building an appropriate and efficient governance framework that enables organisations to demonstrate their cyber approach in a non-technical, strategic, business-focused way; Details an overview process to enable risk assessment, assess existing defence mitigations and provide a framework for developing suitable controls; and Includes a checklist to help readers focus on their higher-priority cyber areas. Suitable for all managers and executives, this pocket guide will be of interest to non-cyber specialists, including non-executive directors, who may be required to review cyber arrangements. For cyber specialists, it provides an approach for explaining cyber issues in non-jargonistic, business-based language. Kick-start your journey to becoming cyber secure - buy this pocket guide today!

ISO 50001 - A strategic guide to establishing an energy management system provides a practical but strategic overview for leadership teams of what an EnMS (energy management system) is and how implementing one can bring added value to an organisation.

This useful pocket guide is an ideal introduction for those wanting to understand more about ISO 38500. It describes the scope, application and objectives of the Standard and outlines its six core principles.

This pocket guide is perfect as a quick reference for PCI professionals, or as a handy introduction for new staff. It explains the fundamental concepts of the latest iteration of the PCI DSS, v3.2.1, making it an ideal training resource. It will teach you how to protect your customers' cardholder data with best practice from the Standard.

Achieving certification to multiple ISO standards can be time consuming and costly, but an IMS incorporates all of an organisation's processes and systems so that they are working under - and towards - one set of policies and objectives. With an IMS, risks and opportunities are no longer managed in silos within the organisation, but with one unified or integrated approach from the leadership team. This guide discusses the benefits of an IMS, and the strategies you should consider before implementing one. It references a vast number of standards that can be integrated but stresses the need for senior management to lead the implementation by deciding upon objectives and which standards to include. Ideal for the c-suite, directors, compliance managers, auditors and trainers, this pocket guide will explain: -What an IMS is - even if you have no prior knowledge, this book will help you envisage what an IMS is and how it works; -How to develop a strategy for IMS implementation - this guide emphasises the importance of effectively planning your IMS implementation by having objectives set by senior management to encourage a unified approach; and -The benefits of an IMS - information on how an IMS can benefit your organisation, e.g. avoiding duplication of effort as management systems are no longer working in silos, reducing the number of audits required, and making more effective use of senior management time. Key features: -An easy-to-follow introduction to an IMS, and advice on IMS implementation strategies. -Discusses the challenges you may face during implementation and how to prepare for and overcome them. -Advice on audits and IMS certification.

Succeed as a PRINCE2(R) practitioner with this concise overview. PRINCE2 is the leading model for effective project management methodology. PRINCE2 certification will help you implement projects across your organisation efficiently, creating a controlled and manageable environment for employees. This guide explains the fundamental principles of PRINCE2 2017, enabling you to review essential themes before taking your PRINCE2 Foundation exam. Following accreditation, it serves as a reference guide to help you manage ongoing PRINCE2 projects within your organisation. Ideal for anyone involved with implementing a new project that uses the PRINCE2 framework, whether you are a student, project board member or team manager, this guide will help you: Prepare for your PRINCE2 2017 Foundation exam; Implement PRINCE2-aligned projects; and Enhance your skills as a PRINCE2 practitioner. Key features: Concise summary of the fundamental principles and themes of PRINCE2 2017. Clear and comprehensible format. Serves as a reference guide while you manage ongoing PRINCE2 projects. New for the third edition: Updated to align with PRINCE2 2017. New diagrams to aid understanding of the framework. A succinct reference guide that summarises the key elements of PRINCE2 2017 - buy this book today to get the help and guidance you need!

This pocket guide is an introduction to the EU's NIS Directive (Directive on security of network and information systems). It outlines the key requirements, details which digital service providers are within scope, and explains how the security objectives from ENISA's Technical Guidelines and international standards can help DSPs achieve compliance. This pocket guide is a primer for any DSP that needs to comply with the NIS Directive. The pocket guide helps DSPs: Gain insight into the NIS Directive and who is regulating it; Identify if they are within the scope of the Directive; Understand the key requirements; and Understand how guidance from international standards and ENISA can help them comply. Your essential guide to understanding the EU's NIS Directive - buy this book today and get the help and guidance you need.

This pocket guide is a primer for any OES (operators of essential services) that needs to comply with the NIS Regulations, and explores who they are, and why the NIS Regulations are different for them. An introduction to the new NIS Regulations 2018 that bring the EU's NIS Directive and Implementing Regulation into UK law. This guide outlines the requirements for operators of essential services based on the Cyber Assessment Framework established by the National Cyber Security Centre (NCSC), including an explanation of the objectives, principles and indicators of good practice, and offers implementation guidance. This guide will help you: Understand how to comply with NIS Regulations, and avoid penalties associated with non-compliance Unravel the key definitions, authorities and points of contact Learn the benefits of a good Cyber Resilience plan Interpret and ensure compliance with the Cyber Assessment Framework Establish the NCSC's cyber security objectives, principles and indicators of good practice Your essential guide to understanding the NIS Regulations - buy this book today and get the help and guidance you need.

This pocket guide is a primer for any DSPs (digital service providers) that needs to comply with the NIS Regulations, and explores who they are, and why the NIS Regulations are different for them. An introduction to the new NIS Regulations 2018 that bring the EU's NIS Directive and Implementing Regulation into UK law. This guide outlines the key requirements, details exactly which digital service providers are within scope, and explains how the security objectives from ENISA's Technical Guidelines and international standards can help DSPs achieve compliance. This guide will help you: Clarify how to identify if you are within the scope of the NIS Regulations Gain an insight into the NIS Directive Unravel the key definitions, authorities and points of contact Understand the benefits of a good cyber resilience plan Your essential guide to understanding the NIS Regulations - buy this book today and get the help and guidance you need

This adapted version of CBSD for the Fundamentals Series explores the characteristics of IT-driven business services, their requirements and how to gather the right requirements to improve the service lifecycle throughout design, development and maintenance until decommissioning. By understanding IT-driven business services and anchoring them in a service design statement (SDS), you will be able to accelerate the translation of the needs of the business to the delivery of IT-intensive business services. Product overview CBSD supports portfolio, programme and project management by identifying key questions and structuring the creative process of designing services. Insight into the CBSD approach to deriving an SDS is therefore a practical and powerful tool to help you: - Promote a coherent design so that fundamental issues and requirements of needs are mapped, based on different perspectives between demand and supply; - Gain insight into the dynamics between stakeholders within an enterprise; - Reflect on and formulate a practical and realistic roadmap; and - Guide the development, build, programme management and maintenance of IT-driven business services. CBSD complements existing frameworks such as TOGAF(R), IT4IT, BiSL(R) Next and ITIL(R) by focusing on business architecture, a subject rarely discussed before designing an IT-intensive, complex business service. Who should read this book This book is intended for anyone responsible for designing and implementing IT-driven services or involved in their operation. This includes: - Internal and external service providers, such as service managers, contract managers, bid managers, lead architects and requirement analysts; - Business, financial, sales, marketing and operations managers who are responsible for output and outcome; - Sales and product managers who need to present and improve service offerings; - Developers who need to develop new and improved services; - Contract managers and those responsible for purchasing; and - Consultants, strategists, business managers, business process owners, business architects, business information managers, chief information officers, information systems owners and information architects. Collaborative Business Design: The Fundamentals is part of the Fundamentals Series. Authors Brian Johnson has published more than 30 books, including a dozen official titles in the IT Infrastructure Library (ITIL), all of which are used worldwide. He designed and led the programme for ITIL version 2. He has fulfilled many roles during his career, including vice president, chief architect, senior director and executive consultant. One of his current roles is chief architect at the ASL BiSL Foundation, which provides guidance on business information management to a wide range of public and private-sector businesses in the Benelux region. Brian is chief architect for the redesign of all guidance and is the author of new strategic publications. Leon-Paul de Rouw studied technical management and organisation sociology. He worked for several years as a consultant and researcher in the private sector. Since 2003, he has been a programme manager with the central government in the Netherlands. He is responsible for all types of projects and programmes that focus on business enabled by IT.

Ensure the success of your security programme by understanding users' motivations"This book cuts to the heart of many of the challenges in risk management, providing advice and tips from interviews as well as models that can be employed easily. Leron manages to do this without being patronising or prescriptive, making it an easy read with some very real practical takeaways."Thom Langford, Chief Information Security Officer at Publicis Groupe"Based on real world examples the book provides valuable insights into the relationship of information security, compliance, business economics and decision theory. Drawing on interdisciplinary studies, commentary from the field and his own research Leron gives the reader the necessary background and practical tools to drive improvements in their own information security program."Daniel Schatz, Director for Threat & Vulnerability Management at Thomson Reuters In today's corporations, information security professionals have a lot on their plate. In the face of constantly evolving cyber threats they must comply with numerous laws and regulations, protect their company's assets and mitigate risks to the furthest extent possible.Security professionals can often be ignorant of the impact that implementing security policies in a vacuum can have on the end users' core business activities. These end users are, in turn, often unaware of the risk they are exposing the organisation to. They may even feel justified in finding workarounds because they believe that the organisation values productivity over security. The end result is a conflict between the security team and the rest of the business, and increased, rather than reduced, risk.This can be addressed by factoring in an individual's perspective, knowledge and awareness, and a modern, flexible and adaptable information security approach. The aim of the security practice should be to correct employee misconceptions by understanding their motivations and working with the users rather than against them - after all, people are a company's best assets.Product descriptionBased on insights gained from academic research as well as interviews with UK-based security professionals from various sectors, The Psychology of Information Security - Resolving conflicts between security compliance and human behaviour explains the importance of careful risk management and how to align a security programme with wider business objectives, providing methods and techniques to engage stakeholders and encourage buy-in.The Psychology of Information Security redresses the balance by considering information security from both viewpoints in order to gain insight into security issues relating to human behaviour , helping security professionals understand how a security culture that puts risk into context promotes compliance. About the authorLeron Zinatullin (zinatullin.com) is an experienced risk consultant specialising in cyber security strategy, management and delivery. He has led large-scale, global, high-value security transformation projects with a view to improve cost performance and support business strategy.He has extensive knowledge and practical experience in solving information security, privacy and architectural issues across multiple industry sectors.He has an MSc in information security from University College London, where he focused on the human aspects of information security. His research was related to modelling conflicts between security compliance and human behaviour.Series informationThe Psychology of Information Security is part of the Fundamentals Series, co-published by IT Governance Publishing and Information Security Buzz.Ensure the success of your security programmes by understanding the psychology of information security. Buy this book today.

Co-written by a PCI QSA (Qualified Security Assessor) and updated to cover PCI DSS version 3.2, this handy pocket guide provides all the information you need to consider as you approach the PCI DSS. It is also an ideal training resource for anyone in your organisation involved with payment card processing.

PRINCE2 Agile: An Implementation Pocket Guide is an official AXELOS-licensed guide that explains the PRINCE2 Agile framework in clear business language with practical guidance on how to implement this framework for any project in your organisation.

Information technology plays a fundamental role in the operations of any modern business. While the confidentiality and integrity of your organisation's information have to be protected, a business still needs to have this information readily available in order to be able to function from day to day. If you are an information security practitioner, you need to be able to sell complex and often technical solutions to boards and management teams. Persuading the board to invest in information security measures requires sales skills. As an information security professional, you are a scientific and technical specialist; and yet you need to get your message across to people whose primary interests lie elsewhere, in turnover and overall performance. In other words, you need to develop sales and marketing skills. This pocket guide will help you with the essential sales skills that persuade company directors to commit money and resources to your information security initiatives. How this book can help information security professionals: Understand basic sales techniques Find out what to do to capture the attention of management and win them over Understand how to present yourself Present yourself so that management takes you seriously, and ensure your proposal receives a proper hearing. Find out how to earn management's trust This guide shows you how to persuade management that you are the kind of information security professional who is interested in supporting, rather than impeding, business success. Learn how to craft a successful proposal This guide offers you invaluable tips on how to write a proposal that will communicate your ideas effectively to senior executives. Improve your powers of persuasion with the board ... Buy this pocket guide today! About the author Alan Calder is the CEO and founder of IT Governance Ltd. He has written widely on IT governance and information security management. This pocket guide is the first in a suite of products to focus on the important subject of making sure you can convince management of information security's importance. A book, a podcast, and more will follow shortly.