• Home
• IT Governance

  IT Governance

  ISO 38500

  Calder Moir

  CobiT & ValIT

  Data Governance

  Architecture Frameworks

  King III

  SOA Governance

  Tools & Services

  Books & pocket guides

  ITG Framework Toolkit

  Training Courses

  Consultancy Services

  Green IT

  Books and Pocket guides

  ISO 14001

  EN 16001/ISO 50001

  Toolkits

  Consultancy Services

  Training Courses

  Other IT Governance

  Capability Maturity Model

  Cloud Computing

  IT Audit

  IT Outsourcing

  Social Media Governance

• Risk Management

  ISO 27001

  ISO 27000 Standards

  Books & Pocket Guides

  Documentation Toolkits

  Training Courses

  Staff Awareness eLearning

  Consultancy Services

  Risk Assessment Tools

  Qualifications

  CISA

  CISM

  CISSP

  IBITGQ

  ISO 31000

  Standards & Guides

  BCM Planning

  BS25999

  Books & Pocket guides

  Documentation Toolkits

  Training Courses

  Consultancy Services

  Penetration Testing

  Penetration Testing Services

  Training Courses Books and Guides

  IT Health Check

  Forensics

  Books

  Training Courses

• Compliance

  Data Protection

  BS10012 PIMS

  Books & Pocket Guides

  Documentation Toolkits

  Training Courses

  Staff Awareness eLearning

  Consultancy Services

  PCI DSS

  Books & Pocket Guides

  Documentation Toolkits

  Training Courses

  Staff Awareness eLearning

  Consultancy Services

  Scanning Services

  Sarbanes Oxley

  Books & Pocket Guides

  Toolkits

  Training Courses

  Training Courses

• ITIL / ITSM

  ITIL

  ISO 20000

  Books & Pocket Guides
  Documentation Toolkits

  Training Courses

  Distance Learning

  Qualification Scheme

• PPPM-Projects

  PRINCE2

  Books & Pocket guides

  Training Courses

  Distance Learning

  PMBOK

  Books & Pocket guides

  Training Courses

  Distance Learning

  MSP

  Books & Pocket guides

  Training Courses

  Distance Learning

  P3O

  Books & Pocket guides

  Training Courses

  Distance Learning

  MOP / MOV

  Books & Pocket guides

  Distance Learning

• Best Practice

  ISO 9001

  ISO 27001

  ISO 14001

  OHSAS 18001

  EN 16001/ISO 50001

  Buy Standards

  OGC Best Practice

  TickITplus

• News
• My Account
• 

Advanced Persistent Threats (APT)

Advanced Persistent Threat (APT) is the description applied to the coordinated cyber activities of sophisticated criminals and state level entities. ATP’s target large corporations and foreign governments, with the objective of stealing information or compromising information systems.

The goal of an APT is not usually to bring down a business, but to stay embedded and extract information at a slow and undetected pace. The successful APT is the one you probably do not know about, because it is already inside your network.

Advanced – Involves groups of attackers working with governments and commercial entities. These groups are able to combine multiple targeting methods, a range of tools, technologies and techniques to reach and compromise and maintain access to a target. Such groups usually have advanced technology skills, state protection, and a wide range of channels through which they can mount their attacks.

Persistent –A "low-and-slow" approach is usually adopted rather than a barrage of constant attacks and malware updates. Long term access to a target can be far more beneficial to the attacker and remaining undetected is crucial to its success.

Threat – Skilled, motivated, organised and well funded, APT attacks are executed by coordinated human actions, rather than by mindless and automated pieces of code.

While APTs are usually targeted on specific government or private sector organisations, cyber attacks at a lower level are more wide spread and are initially automated and indiscriminate – any organisation with an internet presence will be scanned and potentially targeted. Vulnerable targets with potentially interesting or valuable data can then be attacked further.

Effective Cyber Security

In any organisation it is the responsibility of the management to minimise risk and to maximise all business opportunities and return on investment. CEOs in every industry sector should NOT DELAY devoting attention and funding to combat advanced persistent threats and, moreover, to plan and act as though you have already been breached.

Effective cyber security depends on coordinated, integrated preparations for rebuffing, responding to and recovering from, a range of possible attacks. There is no single standalone solution for cybercrime or for APTs; the very nature of an APT is that it is designed to evade standard security controls.

Regular penetration testing involves the simulation of a malicious attack against the security measures under test, often using a combination of methods and tools, and conducted by a certificated, ethical professional tester. The resulting findings provide a basis upon which security measures can be improved. Pen Testing is the only way of establishing that your networks and applications are truly secure.

Find out how IT Governance Penetration Testing Services can help you to keep your organisation secure today!

Cyber Security Standards

Cyber security standards are an important element in building a strong, resilient information and communications infrastructure. ISO/IEC 27001 is the most significant international best practice standard available to any organisation that wants an intelligently organised and structured framework for tackling its cyber risks. ISO27001, as a specification for an Information Security Management System, is clear and precise; it also lists 133 key security controls that should always be at the heart of any organisation’s approach to securing its information assets.

Cyber Resilience

The idea of resilience – that an organisation's systems and processes should be resilient against outside attack or natural disaster – is a key principle underpinning ISO27001. Incident response is one aspect of business resilience and ISO/IEC 27035 is best practice for incidence response.

Business continuity for Information and Communications Systems is even more fundamental to cyber survival, and ISO/IEC 27031 now provides detailed and valuable guidance on how this critical aspect of business resilience should be tackled. Also capable of working within a broader enterprise-wide business continuity management system (such as that specified in the new business continuity management system standard ISO22301), ISO27031 should form part of every organisation's planning for cyber resilience.

The Cyber Resilience Standards Kit is a good place to start. It contains all four Cyber Resilience standards:

1. ISO/IEC 27001:2005 – International information security management systems
2. ISO/IEC 27002:2005 – Code of practice for information security management
3. ISO/IEC 27031:2011 – Guidelines for ICT Readiness for Business Continuity
4. ISO/IEC 27035:2011 – Information Security Incident Management

You could also buy these standards as part of the best selling THE ISO 270001 Cyber Security Toolkit. Use this toolkit to implement ISO/IEC 27001, create an effective ISMS and combat cyber threats!

• Home
• Online Shop
• Best Sellers
• New Products
• About Us
• Contact Us
• Join Us
• Expert Panel
• Shipping
• Links
• Free Resources
• Knowledge Bank
• Newsletter
• Terms/Privacy
• Site Map
• Blog

© 2003- IT Governance Ltd.  | eCommerce by Xanthos