|
Showing 1 - 25 of
86 matches in All Departments
An ideal introduction and a quick reference to PCI DSS version 3.1
All businesses that accept payment cards are prey for hackers and
criminal gangs trying to steal financial information and commit
identity fraud. The PCI DSS (Payment Card Industry Data Security
Standard) exists to ensure that businesses process credit and debit
card orders in a way that protects cardholder data effectively. All
organisations that accept, store, transmit or process cardholder
data must comply with the Standard; failure to do so can have
serious consequences for their ability to process card payments.
Product overview Co-written by a PCI QSA (Qualified Security
Assessor) and updated to cover PCI DSS version 3.1, this handy
pocket guide provides all the information you need to consider as
you approach the PCI DSS. It is also an ideal training resource for
anyone in your organisation who deals with payment card processing.
Coverage includes: An overview of Payment Card Industry Data
Security Standard v3.1. A PCI self-assessment questionnaire (SAQ).
Procedures and qualifications. An overview of the Payment
Application Data Security Standard. Contents 1.What is the Payment
Card Industry Data Security Standard (PCI DSS)? 2.What is the Scope
of the PCI DSS? 3.Compliance and Compliance Programmes
4.Consequences of a Breach 5.How do you Comply with the
Requirements of the Standard? 6.Maintaining Compliance 7.PCI DSS -
The Standard 8.Aspects of PCI DSS Compliance 9.The PCI
Self-Assessment Questionnaire 10.Procedures and Qualifications
11.The PCI DSS and ISO/IEC 27001 12.The Payment Application Data
Security Standard (PA-DSS) 13.PIN Transaction Security (PTS) About
the authors Alan Calder is the founder and executive chairman of IT
Governance Ltd, an information, advice and consultancy firm that
helps company boards tackle IT governance, risk management,
compliance and information security issues. He has many years of
senior management experience in the private and public sectors.
Geraint Williams is a knowledgeable and experienced senior
information security consultant and PCI QSA, with a strong
technical background and experience of the PCI DSS and security
testing. Geraint has provided consultancy on implementation of the
PCI DSS, and conducted audits with a wide range of merchants and
service providers. He has performed penetration testing and
vulnerability assessments for various clients. Geraint leads the IT
Governance CISSP Accelerated Training Programme, as well as the PCI
Foundation and Implementer training courses. He has broad technical
knowledge of security and IT infrastructure, including high
performance computing, and Cloud computing. His certifications
include CISSP, PCI QSA, CREST Registered Tester, CEH and CHFI."
When is a gift not a gift? When it's a bribe. For many, corporate
hospitality oils the wheels of commerce. But where do you draw the
line? Bribes, incentives and inducements are not just a matter of
used banknotes stuffed in brown envelopes. Expenses, corporate
settlement of personal bills, gifts and hospitality can all be used
to influence business partners, clients and contractors. Can you
afford unlimited fines? Under the Bribery Act 2010, a maximum of
ten years' imprisonment and an unlimited fine may be imposed for
offering, promising, giving, requesting, agreeing, receiving or
accepting bribes. With such strict penalties, it's astonishing that
so few companies have few or no measures in place to ensure that
they are not liable for prosecution. This is especially astonishing
as the Ministry of Justice's Quick start guide to the Bribery Act
makes it clear that "There is a full defence if you can show you
had adequate procedures in place to prevent bribery." Such
procedures can be found in BS 10500:2010, the British Standard for
anti-bribery management systems (ABMSs). How to implement an ABMS
An Introduction to Anti-Bribery Management Systems (BS 10500)
explains how to implement an ABMS that meets the requirements of BS
10500, from initial gap analysis to due diligence management: * An
introduction to BS 10500 * An explanation of an ABMS * Management
processes within an ABMS * Implementing an ABMS * Risk assessment
in due diligence * Whistleblowing and bribery investigations *
Internal auditing and corrective action * Certification to BS 10500
It provides helpful guidance on the importance of clearly defining
policies; logging gifts and hospitality in auditable records;
ensuring a consistent approach across the organisation; controls
for contractors; facilitation payments; charitable and political
donations; risk assessment in due diligence; whistle-blowing and
bribery investigations; and internal auditing and corrective
action. Meet the stringent requirements of the Bribery Act Not only
will a BS 10500-compliant ABMS help your organisation prove its
probity by meeting the stringent requirements of the Bribery Act,
it can also be adapted to most legal or compliance systems. An
ethical approach to business is not just a legal obligation but a
way to protect your reputation. About the author Alan Field, MA,
LL.B (Hons), PgC, MCQI CQP, MIIRSM, AIEMA, GIFireE, GradIOSH is a
Chartered Quality Professional, an IRCA Registered Lead Auditor and
member of the Society of Authors. Alan has particular expertise in
auditing and assessing anti-bribery management systems to BS 10500
and public-sector counter-fraud systems to ISO9001. Alan has many
years' experience with quality and integrated management systems in
the legal, financial, property services and project management
sectors in auditing, assessment and gap analysis roles. Your
company's integrity is important. An Introduction to Anti-Bribery
Management Systems (BS 10500) shows you how to maintain and prove
it.
Ensure the success of your security programme by understanding
users' motivations"This book cuts to the heart of many of the
challenges in risk management, providing advice and tips from
interviews as well as models that can be employed easily. Leron
manages to do this without being patronising or prescriptive,
making it an easy read with some very real practical
takeaways."Thom Langford, Chief Information Security Officer at
Publicis Groupe"Based on real world examples the book provides
valuable insights into the relationship of information security,
compliance, business economics and decision theory. Drawing on
interdisciplinary studies, commentary from the field and his own
research Leron gives the reader the necessary background and
practical tools to drive improvements in their own information
security program."Daniel Schatz, Director for Threat &
Vulnerability Management at Thomson Reuters In today's
corporations, information security professionals have a lot on
their plate. In the face of constantly evolving cyber threats they
must comply with numerous laws and regulations, protect their
company's assets and mitigate risks to the furthest extent
possible.Security professionals can often be ignorant of the impact
that implementing security policies in a vacuum can have on the end
users' core business activities. These end users are, in turn,
often unaware of the risk they are exposing the organisation to.
They may even feel justified in finding workarounds because they
believe that the organisation values productivity over security.
The end result is a conflict between the security team and the rest
of the business, and increased, rather than reduced, risk.This can
be addressed by factoring in an individual's perspective, knowledge
and awareness, and a modern, flexible and adaptable information
security approach. The aim of the security practice should be to
correct employee misconceptions by understanding their motivations
and working with the users rather than against them - after all,
people are a company's best assets.Product descriptionBased on
insights gained from academic research as well as interviews with
UK-based security professionals from various sectors, The
Psychology of Information Security - Resolving conflicts between
security compliance and human behaviour explains the importance of
careful risk management and how to align a security programme with
wider business objectives, providing methods and techniques to
engage stakeholders and encourage buy-in.The Psychology of
Information Security redresses the balance by considering
information security from both viewpoints in order to gain insight
into security issues relating to human behaviour , helping security
professionals understand how a security culture that puts risk into
context promotes compliance. About the authorLeron Zinatullin
(zinatullin.com) is an experienced risk consultant specialising in
cyber security strategy, management and delivery. He has led
large-scale, global, high-value security transformation projects
with a view to improve cost performance and support business
strategy.He has extensive knowledge and practical experience in
solving information security, privacy and architectural issues
across multiple industry sectors.He has an MSc in information
security from University College London, where he focused on the
human aspects of information security. His research was related to
modelling conflicts between security compliance and human
behaviour.Series informationThe Psychology of Information Security
is part of the Fundamentals Series, co-published by IT Governance
Publishing and Information Security Buzz.Ensure the success of your
security programmes by understanding the psychology of information
security. Buy this book today.
Considering the pandemic threat in a business continuity context I
thoroughly enjoyed reading Clark's book which is written in a style
that makes it easy for anyone to understand without requiring a
background in medicine or business. I have been involved in
disaster management planning for the past ten years and yet I still
found this book both enlightening and extremely informative. Dr
Tanya Melillo MD, MSc(Dist), PhD This informative book is written
in an easy going and conversational manner, but the message it
brings to the table is critical to understanding the meaning of any
forthcoming pandemic threat and considerations of how to mitigate
the effects, where possible, to you and your organisation Owen
Gregory MSc BA (Hons) MBCI MBCS The increase in commercial aviation
and international travel means that pandemics now spread faster
than ever before. Seasonal flu pandemics, zoonotic contagions such
as Ebola, swine flu and avian flu (e.g. H5N1 and H7N9), and
respiratory syndromes such as SARS and MERS have affected millions
worldwide. Add the ever-present threat of terrorism and biological
warfare, and the possibility of large proportions of your workforce
being incapacitated is a lot stronger than you might think. You may
well have prepared for limited business interruptions, but how
would your business fare if 50% or more of your employees,
including those you rely on to execute your business continuity
plan, were afflicted by illness - or worse? Although nothing can be
done to prevent pandemics, their impact can be significantly
mitigated. Business Continuity and the Pandemic Threat explains
how. Product overview The book is divided into two parts, which
examine the pandemic threat and explain how businesses can address
it: Part I: Understanding the Threat The first, shorter, part
provides the reader with a detailed overview of the challenge that
pandemic threats can present. It uses historical examples (such as
the 1918-19 Spanish Flu outbreak, which killed 50 million) to
illustrate how pandemics can have devastating effects not only on
the global population but also on critical infrastructure, the
global economy and society. Part II: Preparing for the Inevitable
The second part of the book considers the actions that can be taken
at a global, national, corporate and individual level to mitigate
the risk and limit the damage of pandemic incidents. It provides
guidance on creating and validating a pandemic plan, and explains
how it integrates with a business continuity plan. Comprehensive
case studies are provided throughout. Topics covered include: The
World Health Organisation (WHO)'s pandemic phases and the Centre
for Disease Control (CDC)'s Pandemic Severity Index Preventive
control measures Crisis management and the composition of a crisis
management team Dealing with cash-flow, staff absenteeism, home
working and supply chain management Communications and media plans
Pandemic issues for HR The threat to critical national
infrastructure Health service contingency plans and first
responders' business continuity plans The provision of vaccines and
antiviral medicines, including relevant ethical issues Take your
business continuity plan to the next level: ensure your
organisation survives a pandemic with a substantially depleted
workforce. Buy Business Continuity and the Pandemic Threat today.
About the author A Fellow of the Institute of Business Continuity
Management and Member of the Business Continuity Institute, Robert
A. Clark is also a Fellow of the British Computer Society and a
Member of the Security Institute. His career includes 15 years with
IBM and 11 years with Fujitsu Services working with clients on BCM
related assignments. He is now a freelance business continuity
consultant at www.bcm-consultancy.com.
Information technology plays a fundamental role in the operations
of any modern business. While the confidentiality and integrity of
your organisation's information have to be protected, a business
still needs to have this information readily available in order to
be able to function from day to day. If you are an information
security practitioner, you need to be able to sell complex and
often technical solutions to boards and management teams.
Persuading the board to invest in information security measures
requires sales skills. As an information security professional, you
are a scientific and technical specialist; and yet you need to get
your message across to people whose primary interests lie
elsewhere, in turnover and overall performance. In other words, you
need to develop sales and marketing skills. This pocket guide will
help you with the essential sales skills that persuade company
directors to commit money and resources to your information
security initiatives. How this book can help information security
professionals: Understand basic sales techniques Find out what to
do to capture the attention of management and win them over
Understand how to present yourself Present yourself so that
management takes you seriously, and ensure your proposal receives a
proper hearing. Find out how to earn management's trust This guide
shows you how to persuade management that you are the kind of
information security professional who is interested in supporting,
rather than impeding, business success. Learn how to craft a
successful proposal This guide offers you invaluable tips on how to
write a proposal that will communicate your ideas effectively to
senior executives. Improve your powers of persuasion with the board
... Buy this pocket guide today! About the author Alan Calder is
the CEO and founder of IT Governance Ltd. He has written widely on
IT governance and information security management. This pocket
guide is the first in a suite of products to focus on the important
subject of making sure you can convince management of information
security's importance. A book, a podcast, and more will follow
shortly.
The true power of Agile methodologies is not technology; it is
business value generation. Use Agile methodologies to turn your IT
solution challenges into high business-value returns All too often,
IT solutions are plagued by budget overruns, missed deadlines,
low-quality outputs and dissatisfied users. Agile methodologies are
proven, common-sense methods for substantially increasing the
relevance, flexibility and bottom-line business value of your
software solutions. Quantify and measure the benefits that Agile
methodologies can deliver to your organisation. Agile
methodologies, such as Scrum, DSDM, FDD, Lean, XP and Kanban, are
proven approaches for applying the finite resources of an
organisation to deliver high business-value software solutions on
time and within allocated budgets. These methodologies protect
organisations from wasting their IT budgets by replacing large
upfront financial commitments with incremental investment based on
the ongoing business value of delivered software. They encourage
collaboration with key stakeholders, empower staff to regularly
deliver bottom-line value, and ensure that IT solutions are
responsive to ongoing organisational and market changes. Read this
guide and ... Understand the 10 core business benefits of Agile. At
the heart of Agile methodologies are 10 core business benefits that
enable organisations to maximise their IT investments, including:
Better risk management, ongoing control of budget expenditure,
better alignment with business requirements, and substantially
higher quality IT solutions. Agile: An Executive Guide details each
of these benefits from a strategic senior management perspective.
Identify which Agile methodologies align with the specific needs of
your organisation. Agile: An Executive Guide provides you with
tools to assess your organisational culture, structure and dynamic
in order to determine whether Agile methodologies are suitable to
your specific needs, and to select those Agile methodologies that
are the best fit for your organisation. Get the essential
information you need to implement Agile within your organisation.
Agile: An Executive Guide is full of practical advice, including
detailed guidelines to help you: Choose the right kick-off point
for Agile within your organisation; avoid common traps; monitor and
measure your investment; and broaden the use of Agile methodologies
into other areas of your organisation. It includes step-by-step
guidelines, interactive tools and targeted questionnaires to help
you and your staff successfully implement these methodologies.
Agile: An Executive Guide describes Agile methodologies in clear
business language specifically written for business professionals.
It will help you make realistic business-driven decisions on
whether Agile methodologies are appropriate for your organisation;
whether you are looking to consolidate your IT overheads, to
provide better software solutions to your clients, or to have more
control over your IT expenditures. This guide provides practical,
proven ways to introduce, incorporate and leverage Agile
methodologies to maximise your business returns.
Protect your organisation from information security risks For any
modern business to thrive, it must assess, control and audit the
risks it faces in a manner appropriate to its risk appetite. As
information-based risks and threats continue to proliferate, it is
essential that they are addressed as an integral component of your
enterprise's risk management strategy, not in isolation. They must
be identified, documented, assessed and managed, and assigned to
risk owners so that they can be mitigated and audited. Fundamentals
of Information Risk Management Auditing provides insight and
guidance on this practice for those considering a career in
information risk management, and an introduction for
non-specialists, such as those managing technical specialists.
Product overview Fundamentals of Information Risk Management
Auditing - An Introduction for Managers and Auditors has four main
parts: What is risk and why is it important? An introduction to
general risk management and information risk. Introduction to
general IS and management risks An overview of general information
security controls, and controls over the operation and management
of information security, plus risks and controls for the
confidentiality, integrity and availability of information.
Introduction to application controls An introduction to application
controls, the controls built into systems to ensure that they
process data accurately and completely. Life as an information risk
management specialist/auditor A guide for those considering, or
undergoing, a career in information risk management. Each chapter
contains an overview of the risks and controls that you may
encounter when performing an audit of information risk, together
with suggested mitigation approaches based on those risks and
controls. Chapter summaries provide an overview of the salient
points for easy reference, and case studies illustrate how those
points are relevant to businesses. The book concludes with an
examination of the skills and qualifications necessary for an
information risk management auditor, an overview of typical job
responsibilities, and an examination of the professional and
ethical standards that an information risk auditor should adhere
to. Topics covered Fundamentals of Information Risk Management
Auditing covers, among other subjects, the three lines of defence;
change management; service management; disaster planning;
frameworks and approaches, including Agile, COBIT(R)5, CRAMM,
PRINCE2(R), ITIL(R) and PMBOK; international standards, including
ISO 31000, ISO 27001, ISO 22301 and ISO 38500; the UK Government's
Cyber Essentials scheme; IT security controls; and application
controls. About the author Christopher Wright is a qualified
accountant, Certified Information Systems Auditor and Certified
ScrumMaster(TM) with over 30 years' experience providing financial
and IT advisory and risk management services. For 16 years, he
worked at KPMG, where he was head of information risk training in
the UK and also ran training courses overseas, including in India
and throughout mainland Europe. He managed a number of major IS
audit and risk assignments, including project risk and business
control reviews. He has worked in a wide range of industry sectors
including oil and gas, the public sector, aviation, and travel. For
the past eight years, he has been an independent consultant
specialising in financial, SOX and operational controls for major
ERP implementations, mainly at oil and gas/utilities enterprises.
He is an international speaker and trainer on Agile audit and
governance, and is the author of two other titles, also published
by ITGP: Agile Governance and Audit and Reviewing IT in Due
Diligence.
75% of companies without a business continuity plan fail within
three years. Disruptive incidents can affect any organisation and
occur at any moment. ICT outages, cyber attacks, natural disasters,
terrorist attacks, pandemics, supply chain failures and other
unexpected events can all affect productivity and in many cases
place a company's survival in serious jeopardy. Business continuity
planning is essential to overcoming business disruptions, but too
many companies prepare business continuity plans and then shelve
them, only for those plans to fail when they're actually needed.
80% of companies that have not recovered from a disaster within one
month go out of business. A business continuity plan that isn't
validated isn't a plan at all - it's merely a strategy. Indeed, in
some cases an untested plan is worse than no plan at all. In spite
of this, only 30% of businesses actually validate their business
continuity plans. Product overview Business continuity planning is
a process of continual improvement, not a matter of writing a plan
and then putting your feet up. Attempting to validate every aspect
of your plan, however - particularly in a live rehearsal situation
- could create a disaster of your own making.Validating Your
Business Continuity Plan examines the three essential components of
validating a business continuity plan - exercising, maintenance and
review - and outlines a controlled and systematic approach to BCP
validation while considering each component, covering methods and
techniques such as table-top reviews, workshops and live
rehearsals. The book also takes account of industry standards and
guidelines to help steer the reader through the validation process,
including the international standard ISO 22301 and the Business
Continuity Institute's Good Practice Guidelines. In addition, it
provides a number of case studies based on the author's
considerable experience - some of them successful, others less so -
to highlight common pitfalls and problems associated with the
validation process. Contents Introduction Standards and guidelines
Business continuity begins at home Defining your exercise programme
Selected scenarios Live rehearsal case studies It could happen to
anyone, couldn't it? Maintaining your BCMS Reviewing your BCMS
Performance appraisal Using consultants to help you exercise
Training and education Additional reference material About the
author Robert A Clark is a fellow of the Institute of Business
Continuity Management, a fellow of the British Computer Society, a
member of the Business Continuity Institute and an Approved BCI
Instructor. He was employed by IBM for 15 years and Fujitsu for 11,
working with clients on BCM-related assignments. He is now a
freelance business continuity consultant at
www.bcm-consultancy.com. Since 2014, he has been a part-time
associate lecturer at Manchester Metropolitan University, where he
has delivered BCM courses to both undergraduate and postgraduate
students. Move your employees' BCP awareness from 'unconscious
incompetence' to 'unconscious competence'. Order Validating Your
Business Continuity Plan today.
A comprehensive reference guide to IT project assessments, from
planning to presentation Companies invest billions in technology
projects each year, yet their success rates remain surprisingly
low. Industry benchmarks suggest that only 15-20% of projects are
completed on time and on budget. Project failures can impair an
organization's capability as well as having significant commercial,
compliance, and security ramifications, which in turn could cause
reputational damage and long-term financial losses. It is therefore
critical that projects meet their objectives. One way of ensuring
that they do is to conduct assessments or audits at key points
during their lifecycle. Product overview Assessing IT Projects to
Ensure Successful Outcomes is a comprehensive reference guide that
focuses on the assessment of IT projects. Organised into five main
sections (Approach, Plan, Collect Information, Assess and
Recommend, Package and Present), interspersed with case studies
based on the author's extensive experience delivering projects, the
book provides exhaustive guidance on structuring and conducting an
IT project assessment, from planning to presentation. Assessing IT
Projects to Ensure Successful Outcomes includes guidance on: Types
of assessments and project approaches, including the difference
between a project and program assessment. Determining a suitable
assessment approach, developing a plan, preparing inventories, and
planning for logistics. Information collection and assessment,
including identifying and addressing challenges and gaps. Project
scoping, change management, schedule management, and cost
management. Key roles and focus areas, including team
responsibilities and necessary documents, for each project stage.
Communication strategies to ensure all stakeholders are kept
appropriately informed of a project's progress. RAID (risks,
actions, issues, decisions) management to address risks and issues
that arise, actions that must be performed, and decisions that need
to be made throughout the project's lifecycle. Compliance with
standard frameworks. Intangibles, such as adapting to company
cultures and reacting to cultural conflicts, resource and team
dynamics, perception and reputations, and morale. How to package
and present an assessment's findings and recommendations in a
suitable manner. It also features a detailed summary section
containing checklists for assessing all stages of projects -
including typical roles on a project team, details of interview
responsibilities by role, and a list of necessary project
documents. This information can be used either reactively as an
easy reference to assess projects, or proactively as a checklist of
the considerations and activities required to plan and manage a
project. Although principally aimed at professionals who are
assessing projects - such as internal auditors, framework auditors,
project assessors, or external consultants - Assessing IT Projects
to Ensure Successful Outcomes can also be used by project managers
looking for a comprehensive view of approaches for managing
projects, or as a means of preparing for an assessment of their
project. About the author Kerry Wills is a consultant and a project
manager who has worked on multi-million dollar technology projects
for Fortune 500 companies since 1995, gaining essential experience
as program manager, project manager, architect, developer, business
analyst, and tester. This breadth of experience gives him a deep
understanding of all facets of IT projects. He has planned and
executed several large programs, as well as assessed and remediated
several troubled programs . Kerry Wills is also the author of
Essential Project Management Skills and Applying Guiding Principles
of Effective Program Delivery.
The Internet has become the defining medium for information
exchange in the modern world, and the unprecedented success of new
web publishing platforms such as those associated with social media
has confirmed its dominance as the main information exchange
platform for the foreseeable future. But how do you conduct an
online investigation when so much of the Internet isn't even
indexed by search engines? Accessing and using the information
that's freely available online is about more than just relying on
the first page of Google results. Open source intelligence (OSINT)
is intelligence gathered from publically available sources and is
the key to unlocking this domain for the purposes of investigation.
Product overview The Tao of Open Source Intelligence provides a
comprehensive guide to OSINT techniques, for the investigator: It
catalogues and explains the tools and investigative approaches that
are required when conducting research within the surface, deep and
dark webs. It explains how to scrutinise criminal activity without
compromising your anonymity - and your investigation. It examines
the relevance of cyber geography and how to get around its
limitations. It describes useful add-ons for common search engines,
as well as considering metasearch engines (including Dogpile,
Zuula, PolyMeta, iSeek, Cluuz and Carrot2) that collate search data
from single-source intelligence platforms such as Google. It
considers deep-web social media platforms and platform-specific
search tools, detailing such concepts as concept mapping, entity
extraction tools and specialist search syntax (Google kung fu). It
gives comprehensive guidance on Internet security for the smart
investigator, and how to strike a balance between security, ease of
use and functionality, giving tips on counterintelligence, safe
practices and debunking myths about online privacy. OSINT is a
rapidly evolving approach to intelligence collection, and its wide
application makes it a useful methodology for numerous practices,
including within the criminal investigation community. The Tao of
Open Source Intelligence is your guide to the cutting edge of this
information collection capability. About the author Stewart K.
Bertram is a career intelligence analyst who has spent over a
decade working across the fields of counterterrorism, cyber
security, corporate investigations and geopolitical analysis. The
holder of a master's degree in computing and a master of letters in
terrorism studies, Stewart is uniquely placed at the cutting edge
of intelligence and investigation, where technology and established
tradecraft combine. Stewart fuses his academic knowledge with
significant professional experience, having used open source
intelligence on such diverse real-world topics as the terrorist use
of social media in Sub-Saharan Africa and threat assessment at the
London Olympic Games. Stewart teaches courses on open source
intelligence as well as practising what he preaches in his role as
a cyber threat intelligence manager for some of the world's leading
private-sector intelligence and security agencies.
Passwords are not enough A password is a single authentication
factor - anyone who has it can use it. No matter how strong it is,
if it's lost or stolen, it's entirely useless at keeping
information private. To secure your data properly, you also need to
use a separate, secondary authentication factor. Data breaches are
now commonplace In recent years, large-scale data breaches have
increased dramatically in both severity and number, and the loss of
personal information - including password data - has become
commonplace. Furthermore, the fact that rapidly evolving
password-cracking technology and the habitual use - and reuse - of
weak passwords has rendered the security of username and password
combinations negligible, and you have a very strong argument for
more robust identity authentication. Consumers are beginning to
realise just how exposed their personal and financial information
is, and are demanding better security from the organisations that
collect, process and store it. This has led to a rise in the
adoption of two-factor authentication (TFA or 2FA). In the field of
authentication security, the method of proving identity can be
broken down into three characteristics - roughly summarised as
'what you have', 'what you are' and 'what you know'. Two-factor
authentication relies on the combination of two of these factors.
Product overview TFA is nothing new. It's mandated by requirement
8.3 of the Payment Card Industry Data Security Standard (PCI DSS)
and banks have been using it for years, combining payment cards
('what you have') and PINs ('what you know'). If you use online
banking you'll probably also have a chip authentication programme
(CAP) keypad, which generates a one-time password (OTP). What is
new is TFA's rising adoption beyond the financial sector.
Two-Factor Authentication provides a comprehensive evaluation of
popular secondary authentication methods, such as: Hardware-based
OTP generation SMS-based OTP delivery Phone call-based mechanisms
Geolocation-aware authentication Push notification-based
authentication Biometric authentication factors Smart card
verification As well as examining MFA (multi-factor
authentication), 2SV (two-step verification) and strong
authentication (authentication that goes beyond passwords, using
security questions or layered security), the book also discusses
the wider application of TFA for the average consumer, for example
at such organisations as Google, Amazon and Facebook. It also
considers the future of multi-factor authentication, including its
application to the Internet of Things (IoT). Increasing your
password strength will do absolutely nothing to protect you from
online hacking, phishing attacks or corporate data breaches. If
you're concerned about the security of your personal and financial
data, you need to read this book. About the author Mark Stanislav
is an information technology professional with over a decade's
varied experience in systems administration, web application
development and information security. He is currently a senior
security consultant for the Strategic Services team at Rapid7. Mark
has spoken internationally at nearly 100 events, including RSA, DEF
CON, SecTor, SOURCE Boston, ShmooCon and THOTCON. News outlets such
as the Wall Street Journal, Al Jazeera America, Fox Business,
MarketWatch, CNN Money, Yahoo Finance, Marketplace and The Register
have featured Mark's research, initiatives and insights on
information security.
Protect your organisation by building a security-minded culture
"With this book, Kai Roer has taken his many years of cyber
experience and provided those with a vested interest in cyber
security a firm basis on which to build an effective cyber security
training programme." Dr. Jane LeClair Chief Operating Officer
National Cybersecurity Institute, Washington, D.C. Human nature -
easy prey for hackers? Human behaviour is complex and inconsistent,
making it a rich hunting ground for would-be hackers and a
significant risk to the security of your organisation . An
effective way to address this risk is to create a culture of
security. Using the psychology of group behaviour and explaining
how and why people follow social and cultural norms, the author
highlights the underlying cause for many successful and easily
preventable attacks. An effective framework for behavioural
security In this book Kai Roer presents his Security Culture
Framework, and addresses the human and cultural factors in
organisational security. The author uses clear, everyday examples
and analogies to reveal social and cultural triggers that drive
human behaviour . He explains how to manage these threats by
implementing an effective framework for an organisational culture,
ensuring that your organisation is set up to repel malicious
intrusions and threats based on common human vulnerabilities.
Contents What is security culture? The Elements of security culture
How does security culture relate to security awareness? Asking for
help raises your chances of success The psychology of groups and
how to use it to your benefit Measuring culture Building security
culture About the author Kai Roer is a management and security
consultant and trainer with extensive international experience from
more than 30 countries around the world. He is a guest lecturer at
several universities, and the founder of The Roer Group, a European
management consulting group focusing on security culture. Kai has
authored a number of books on leadership and cyber security , has
been published extensively in print and online, has appeared on
radio and television, and has featured in printed media. He is a
columnist at Help Net Security and has been the Cloud Security
Alliance Norway chapter president since 2012. Kai is a passionate
public speaker who engages his audience with his entertaining style
and deep knowledge of human behaviours , psychology and cyber
security . He is a Fellow of the National Cybersecurity Institute
and runs a blog on information security and culture (roer.com). Kai
is the host of Security Culture TV, a monthly video and podcast.
Series information Build a Security Culture is part of the
Fundamentals Series, co-published by IT Governance Publishing and
Information Security Buzz.
An expert introductionMore than 85% of businesses now take
advantage of Cloud computing, but Cloud computing does not sit
easily with the DPA. Data Protection and the Cloud addresses that
issue, providing an expert introduction to the legal and practical
data protection risks involved in using Cloud services. Data
Protection and the Cloud highlights the risks an organisation's use
of the Cloud might generate, and offers the kind of remedial
measures that might be taken to mitigate those risks.Topics covered
include:Protecting the confidentiality, integrity and accessibility
of personal dataData protection responsibilitiesThe data
controller/data processor relationshipHow to choose Cloud
providersCloud security - including two-factor authentication, data
classification and segmentationThe increased vulnerability of data
in transitThe problem of BYOD (bring your own device)Data transfer
abroad, US Safe Harbor and EU legislationRelevant legislation,
frameworks and guidance, including:the EU General Data Protection
RegulationCloud computing standardsthe international information
security standard, ISO 27001the UK Government's Cyber Essentials
scheme and security frameworkCESG's Cloud security management
principlesguidance from the Information Commissioner's Office and
the Open Web Application Security Project (OWASP)Mitigate the
security risksMitigating security risks requires a range of
combined measures to be used to provide end-to-end security. Moving
to the Cloud does not solve security problems, it just adds another
element that must be addressed. Data Protection and the Cloud
provides information on how to do so while meeting the DPA's eight
principles.
Accessible and professional advice on how to implement an ISO14001
environmental management system In the 21st century, business has
to take sustainability seriously. As public opinion becomes
increasingly concerned about climate change, governments are
imposing ever tighter environmental regulations on both industry
and the retail sector. By putting in place an environmental
management system (EMS), you can ensure you are disposing of your
waste in a responsible manner and making the most efficient use of
raw materials. This will help you to lower carbon emissions and
keep the negative impact of your business on the environment to a
minimum. ISO14001 The International Standard The international
standard for an EMS is ISO14001. With an EMS certified to ISO14001,
you can improve the safety and efficiency of your business
operations, and, at the same time, boost customer confidence and
reassure your stakeholders. An invaluable step-by-step guide This
pocket guide, intended to help you put in place an EMS, is
specifically focused on ISO14001. It is designed to enable industry
managers, who may be lacking in specialist knowledge, to achieve
compliance with the Standard. A step-by-step approach makes the
guide easy to follow. The authors, two experienced auditors, are
acknowledged experts on environmental management systems, and they
have drawn on material from the UK's Environment Agency. The pocket
guide will prove invaluable, not only for auditors and trainers,
but also for managers across many sectors of industry. Read this
guide and learn how to ...*Achieve compliance with ISO14001 Instead
of just telling you, in bureaucratic fashion, what is specified
under ISO14001, this user-friendly guide looks at the active steps
you can take in order to ensure compliance with the Standard. It
discusses the factors you need to consider when defining the
objectives of the EMS, such as financial viability and available
technology, and offers suggestions for measuring and monitoring the
effectiveness of your environmental policy. *Manage environmental
risks The Deepwater Horizon oil spill is an example of the
financial and reputational risks associated with environmental
pollution. This pocket guide contains sound advice on the types of
operational controls you need to put in place to manage
environmental risks and help avoid incidents. *Prepare to deal with
an emergency The pocket guide offers suggestions on how to plan for
an emergency, such as a spillage or a gas leak, ensuring you have
procedures in place to minimise the environmental impact. *Improve
the image of your brand Ultimately, organisations aim to operate in
a way that shows respect for the environment. Certification to
ISO14001 is a recognised measure of that commitment. It is in the
interests of your business to be well regarded by the public and,
if you use this guide to help secure compliance with ISO14001, you
can improve public perception of your organisation. Investing in
ISO14001 certification can contribute to enhanced brand equity.
Take your organisation step by step towards successful ISO14001
certification! Order this pocket guide today!
This pocket guide provides you with an insider s detailed
description of Accenture s IT governance policy and details its
governance structure. It will show how effective IT governance
links IT strategy and IT decisions to Accenture s business strategy
and business priorities. Following the best practices approach set
out in this pocket guide will serve as an excellent starting point
for any organisation with ambitions to achieve high performance.
Benefits to business include: * Boost productivity How hard do you
work in other areas of your business to cut costs and improve
efficiency? In testing economic times, is the absence of a clear
strategy for your business s IT governance still a realistic
option? Learning from Accenture s proven approach will enable you
to increase your organisation s competitiveness over the longer
term. * Coordinate your operations To ensure effective
decision-making and align your IT function with your broader
business goals, you need to make the structure of your IT
governance fit your overall corporate governance structure. That
way, you can make your IT work for your business. * Manage change
effectively IT is crucial for realising the changes you want your
business to make. For this reason, you cannot afford to have these
changes treated merely as IT projects that have been foisted on the
company by the IT department. By bringing top management on board,
and giving business leaders a formal role in the IT governance of
your organisation, you will make the success of any project with an
IT component much more likely. * Keep a grip on budgets The costs
of IT projects are notoriously prone to overrun, while some IT
development programmes have promised more than they ever delivered.
The Accenture way of doing business is different. Following the
Accenture approach means ensuring that your IT investment is backed
by a solid business case, and measuring the return on investment
following project completion. High performance Chief executives now
put high performance IT among their top strategic objectives. So,
if you are looking to improve IT governance in your own
organisation, finding out what Robert E. Kress has to say is as
good a starting point as any. This book will show you his company s
best practice approach to the subject. Whatever business you are
in, there is nearly always a clear link between the performance of
your IT function and your company s overall results. The bottom
line Robert E. Kress, the writer of this pocket guide, is someone
who gets things done. As Executive Director of Business Operations
for Accenture s IT organisation, he manages a $700 million IT
operation for a company with employees in 52 countries. IT is
critical to Accenture s success as a management consultancy and
technology services provider. IT governance matters to the bottom
line, so Accenture insists on clear accountability for IT decisions
and delivery. The capacity of Accenture s IT function to stay
focussed on the needs of the business is one reason why Accenture
has succeeded in doubling its revenue and racking up profits.
Between 2001 and 2009, Accenture s operating profits nearly trebled
to reach $2.6 billion.
ITIL 4 is the latest evolution of the leading best-practice
framework for ITSM (IT service management). It has been
significantly updated from ITIL v3 and addresses new ITSM
challenges, includes new technologies and incorporates new ways of
working. ITIL Foundation Essentials - ITIL 4 Edition* is the
ultimate revision guide for candidates preparing for the ITIL 4
Foundation exam. It is fully aligned with the Foundation course
syllabus and gives a clear and concise overview of the facts. You
can use it in place of writing revision notes, giving you more time
to focus on learning the information you need to pass the exam.
Whether you are taking an ITIL 4 Foundation training course or are
a self-study candidate, new to the framework or looking to upgrade
your ITIL 2011 certification, this guide is the essential
companion. It: -Provides definitions of the key terms and concepts
used in ITIL 4; -Presents detailed information in clear,
user-friendly and easy-to-follow ways through tables, bullet points
and diagrams; and -Explains the key figures and diagrams in the
ITIL syllabus. New for the ITIL 4 Edition: -Fully updated to
reflect the changes introduced in ITIL 4. -New sections on the
guiding principles of ITIL and the four dimensions of service
management. -Updated overview of the ITIL Foundation exam.
The EU General Data Protection Regulation (GDPR) will supersede the
1995 EU Data Protection Directive (DPD) and all EU member states'
national laws based on it - including the UK Data Protection Act
1998 - in May 2018. All organizations - wherever they are in the
world - that process the personally identifiable information (PII)
of EU residents must comply with the Regulation. Failure to do so
could cost them up to 20 million, or 4% of annual global turnover
in fines. US organizations that process EU residents' PII can
comply with the GDPR via the EU-US Privacy Shield, which replaced
the EU-US Safe Harbor framework in 2016. The Privacy Shield is
based on the DPD, and will likely be updated once the GDPR is
applied in May 2018. This book provides a detailed commentary on
the GDPR, explains the changes you need to make to your data
protection and information security regimes, and tells you exactly
what you need to do to avoid severe financial penalties. Product
overview EU GDPR - An Implementation and Compliance Guide is a
clear and comprehensive guide to this new data protection law,
explaining the Regulation, and setting out the obligations of data
processors and controllers in terms you can understand. Topics
covered include: *The role of the data protection officer (DPO) -
including whether you need one and what they should do. *Risk
management and data protection impact assessments (DPIAs),
including how, when and why to conduct a DPIA. *Data subjects'
rights, including consent and the withdrawal of consent; subject
access requests and how to handle them; and data controllers' and
processors' obligations. *International data transfers to "third
countries" - including guidance on adequacy decisions and
appropriate safeguards; the EU-US Privacy Shield; international
organizations; limited transfers; and Cloud providers. *How to
adjust your data protection processes to transition to GDPR
compliance, and the best way of demonstrating that compliance. *A
full index of the Regulation to help you find the recitals and
articles relevant to your organization. * The GDPR will have a
significant impact on organizations' data protection regimes around
the world. EU GDPR - An Implementation and Compliance Manual shows
you exactly what you need to do to comply with the new law. About
the authors
A clear, concise primer on the EU GDPR The EU General Data
Protection Regulation (GDPR) is a key piece of legislation that
provides a single, harmonised privacy law for the European Union,
improving the promotion and regulation of data privacy. With the
Regulation now formally approved by the European Parliament, all
companies that operate in Europe have until 26 April 2018 to comply
with the new law, or potentially face fines of up to 4% of annual
turnover or 20 million. This pocket guide is the perfect
introduction for organisations that need to get to grips with the
key principles of data privacy and the EU General Data Protection
Regulation.
Deploying releases into production is fraught with difficulty With
so many interested constituencies, processes can go wrong in more
ways than they can go right. The problems start when requirements
are gathered and, if unmanaged, can flow unchecked through the
entire process, potentially delivering something that's bound to
fail while, paradoxically, exactly meeting the specification. In
Release and Deployment: An ITSM Narrative Account, we follow the
story of the release & deployment process in fictional form.
Product overview Chris has got a new job as a release manager - but
he's struggling. Parachuted into a large company to fix its release
& deployment process after the catastrophic failure of its new
app, Asgard, he finds himself battling an array of insular
department heads who are all determined that whatever has gone
wrong must be another team's fault. They all want the finger of
blame pointed elsewhere, and Chris seems to be the perfect target -
so they shout down his questions and suggestions as
insubordination. How can he pacify his new colleagues, avoid
getting fired and get the job done? Lessons from real projects in a
narrative format This latest ITSM narrative from Daniel Mclean
explains the common pitfalls of release & deployment in
fictional form, with each chapter describing a difficult meeting
with a different department head and featuring a set of pointers
that our hero would have found beneficial. Based on the real-life
experience of the author and other ITSM practitioners, Release and
Deployment: An ITSM Narrative Account exposes the potential
pitfalls and explores how to handle the issues that come with such
projects, all in the face of shifting organisational structures and
changing management objectives. Contents Winning The Job Where Did
My Job Go? Finance - Wisdom or Indifference? Bad Beginnings
Requirements - Voice of the Business Sales - Heart of the Business
Application Development Infrastructure - Physical Clouds QA -
Guardians of the Gates Management Intervention Change Management -
Short Circuit Release - Let Slip the Dogs of War Deploy - The End
of the Beginning About the author Daniel McLean is an ITSM
consultant with over 20 years' experience in IT. He has spent the
last ten years designing, implementing and operating processes
supporting ITSM. He was also a peer reviewer during development of
the OGC ITIL v3 Service Strategy Best Practice. Daniel McLean's
other ITSM narrative accounts are also available from IT
Governance.
A compendium of essential information for the modern security
entrepreneur and practitioner The modern security practitioner has
shifted from a predominantly protective site and assets manager to
a leading contributor to overall organizational resilience.
Accordingly, The Security Consultant's Handbook sets out a holistic
overview of the essential core knowledge, emerging opportunities,
and approaches to corporate thinking that are increasingly demanded
by employers and buyers in the security market. This book provides
essential direction for those who want to succeed in security,
either individually or as part of a team. It also aims to stimulate
some fresh ideas and provide new market routes for security
professionals who may feel that they are underappreciated and
overexerted in traditional business domains. Product overview
Distilling the author's fifteen years' experience as a security
practitioner, and incorporating the results of some fifty
interviews with leading security practitioners and a review of a
wide range of supporting business literature, The Security
Consultant's Handbook provides a wealth of knowledge for the modern
security practitioner, covering: Entrepreneurial practice
(including business intelligence, intellectual property rights,
emerging markets, business funding, and business networking)
Management practice (including the security function's move from
basement to boardroom, fitting security into the wider context of
organizational resilience, security management leadership, adding
value, and professional proficiency) Legislation and regulation
(including relevant UK and international laws such as the Human
Rights Act 1998, the Data Protection Act 1998 and the Geneva
Conventions) Private investigations (including surveillance
techniques, tracing missing people, witness statements and
evidence, and surveillance and the law) Information and
cybersecurity (including why information needs protection,
intelligence and espionage, cybersecurity threats, and mitigation
approaches such as the ISO 27001 standard for information security
management) Protective security (including risk assessment methods,
person-focused threat assessments, protective security roles,
piracy, and firearms) Safer business travel (including government
assistance, safety tips, responding to crime, kidnapping,
protective approaches to travel security and corporate liability)
Personal and organizational resilience (including workplace
initiatives, crisis management, and international standards such as
ISO 22320, ISO 22301 and PAS 200) Featuring case studies,
checklists, and helpful chapter summaries, The Security
Consultant's Handbook aims to be a practical and enabling guide for
security officers and contractors. Its purpose is to plug
information gaps or provoke new ideas, and provide a real-world
support tool for those who want to offer their clients safe,
proportionate, and value-driven security services. About the author
Richard Bingley is a senior lecturer in security and organizational
resilience at Buckinghamshire New University, and co-founder of
CSARN, the popular business security advisory network. He has more
than fifteen years' experience in a range of high-profile security
and communications roles, including as a close protection operative
at London's 2012 Olympics and in Russia for the 2014 Winter Olympic
Games. He is a licensed close protection operative in the UK, and
holds a postgraduate certificate in teaching and learning in higher
education. Richard is the author of two previous books: Arms Trade:
Just the Facts (2003) and Terrorism: Just the Facts (2004).
How do you engage with your peers when they think you're there to
stop them working? Corporate information security is often hindered
by a lack of adequate communication between the security team and
the rest of the organisation . Information security affects the
whole company and is a responsibility shared by all staff, so
failing to obtain wider acceptance can endanger the security of the
entire organisation . Many consider information security a block,
not a benefit, however, and view security professionals with
suspicion if not outright hostility. As a security professional,
how can you get broader buy-in from your colleagues? Information
Security: A Practical Guide addresses that issue by providing an
overview of basic information security practices that will enable
your security team to better engage with their peers to address the
threats facing the organisation as a whole. Product overview
Covering everything from your first day at work as an information
security professional to developing and implementing
enterprise-wide information security processes, Information
Security: A Practical Guide explains the basics of information
security, and how to explain them to management and others so that
security risks can be appropriately addressed. Topics covered
include: How to understand the security culture of the organisation
Getting to know the organisation and building relationships with
key personnel How to identify gaps in the organisation's security
set-up The impact of compromise on the organisation Identifying,
categorising and prioritising risks The five levels of risk
appetite and how to apply risk treatments via security controls
Understanding the threats facing your organisation and how to
communicate them How to raise security awareness and engage with
specific peer groups System mapping and documentation (including
control boundaries and where risks exist) The importance of
conducting regular penetration testing and what to do with the
results Information security policies and processes A
standards-based approach to information security If you're starting
a new job as an information security professional, Information
Security: A Practical Guide contains all you need to know. About
the author Tom Mooney has over ten years' IT experience working
with sensitive information. His current role is as a security risk
advisor for the UK Government, where he works with project teams
and the wider organisation to deliver key business systems
securely. His key responsibility is to act as an intermediary
between management and IT teams to ensure appropriate security
controls are put in place. His extensive experience has led him to
develop many skills and techniques to converse with people who are
not technical or information security experts. Many of these skills
and techniques are found in this book. He has a BSc (Hons) in
information and computer security, and is also a CESG certified
professional.
Mergers and acquisitions - are you getting an IT asset or
liability? "I found this book very interesting. Due diligence is
one of those functions that happens way before us 'IT'ers' get
involved and so this is a useful insight into the work that happens
up front and the evidence we can obtain for our work even if we
were not involved in the initial due diligence." Chris Evans, ITSM
Specialist "Being new to this subject I found the guidance solid
and presented in an excellent style. I found it an excellent and
informative read." Brian Johnson, CA When you merge with or acquire
another business, you also gain their IT and data. In an ideal
world this integration would be seamless and easy. In reality,
however, this is often not the case. Mergers can, for example, lead
to the loss of sales systems or to badly configured data. The
problems don't stop in the computer room, either - they affect the
whole of the business and the success of the merger/acquisition.
Don't make a risky mistake Businesses and investors use due
diligence reviews to ensure such deals do not have nasty hidden
surprises. Many overlook the IT systems and services of the
businesses they are acquiring, however, and push information risk
management (IRM) professionals to the sidelines in the due
diligence process. In a world of increasing cyber attacks and
information security threats, this can be a very risky mistake to
make. Product overview Reviewing IT in Due Diligence provides an
introduction to IRM in due diligence, and outlines some of the key
IT issues to consider as part of the due diligence process. For
those new to the process, it explains how to conduct an IT due
diligence review, from scoping to reporting, and includes
information on post-merger integration to realise business benefits
from the deal. For more experienced practitioners, Reviewing IT in
Due Diligence provides fresh insight into the process, highlighting
issues that need to be addressed, and provides a business case for
IRM involvement in the due diligence process. Topics covered
include: Why IT is important to due diligence The importance of IT
security System reviews and data reviews Reviewing projects and
changes in progress IT service provision value for money IT due
diligence reporting Post-merger integration Comprehensive case
studies are included throughout the book. About the authors Bryan
Altimas has over 32 years' experience of technology risk
management, having led teams performing technology due diligence,
and having advised organisations in numerous business sectors,
locations and circumstances on the effectiveness of their
technology strategy in delivering business objectives. He is a
qualified accountant, Certified Information Systems Auditor (CISA)
and Certified in Risk and Information Systems Control (CRISC). He
left KPMG in 2014 after 17 years, having contributed to their IT
due diligence methodology. Chris Wright is a qualified accountant
and Certified Information Systems Auditor (CISA) with over 30
years' experience providing financial and IT advisory and risk
management services. He worked for 16 years at KPMG, where he
managed a number of IT due diligence reviews and was head of
information risk training in the UK. He has also worked in a wide
range of industry sectors including oil and gas, small and medium
enterprises, public sector, aviation and travel. He is the author
of Agile Governance and Audit, which is also available from ITGP.
Understand the key IT issues that need to be considered in the due
diligence process - buy this book now.
Understand Metrics and KPIs for IT Service Management When
companies look to identify opportunities for improvement, they
often turn to Key Performance Indicators (KPIs) to measure their
current performance in achieving business strategies and
objectives. There is a common misconception, however, that KPIs are
simple measurements that are easy to create, and that the mere act
of this measurement will cause people to change their behaviour and
improve their performance without additional intervention. Learn to
implement an ITSM KPI management system Integrated Measurement -
KPIs and Metrics for ITSM is the third title in a series designed
to explain, at an operational level, how to implement new processes
within an organisation, and how to facilitate the necessary changes
to people's behaviour, in order to make that implementation a
success. Real-world KPI experience Through an engaging narrative
story, this volume in the series looks at the implementation of a
KPI management system. Through the central character, readers
witness (and learn from) real-world conversations and situations
that are commonplace in an everyday business environment. The
characters are fictitious, but the story comes from the author's
own experience and real accounts. Each chapter ends with valuable
lessons and conclusions drawn from events in the narrative, giving
the reader a wealth of real-world, practical advice on what works,
what fails, and the common traps and pitfalls to anticipate and
avoid during an implementation project. People with little or no
ITIL(R) experience, or even a limited IT background, will find this
book interesting, entertaining and, above all, extremely useful in
understanding the means to a successful implementation of a KPI
management system. "I really enjoyed it. I couldn't put it down
once I had started!" Dave Jones, Pink Elephant Written by an ITIL /
ITSM Expert Daniel McLean is an ITIL consultant with over 20 years'
experience in IT. He has spent the last 10 years designing,
implementing and operating processes supporting ITSM. He was also a
peer reviewer during development of the OGC ITIL v3 Service
Strategy Best Practice. Daniel has been involved in the development
and delivery of company-focused ITSM courseware, and he is the
author of several other titles, including The ITSM Iron Triangle:
Incidents, Changes and Problems and No One of Us Is As Strong As
All of Us: Services, Catalogs and Portfolios.
A global perspective on AI This book will provide a global
perspective on AI and the challenges it represents, and will focus
on the digital ethics surrounding AI technology.
|
You may like...
Shelf Love
Yotam Ottolenghi, Noor Murad, …
Paperback
R595
R475
Discovery Miles 4 750
|