|
|
Sentinel, our newsletter for IT governance and information security professionals, continues to explore the great range of available resources found for us by editor Dan Swanson.
 Follow us on Twitter!
 Join us on Facebook!
|
|
|
"If someone is going down the wrong road, he doesn't need motivation to speed him up. What he needs is education to turn him around."
- Jim Rohn
"Quality is never an accident; it is always the result of high intention, sincere effort, intelligent direction, and skillful execution; it presents the wise choice of many alternatives. "
- W. Foster
"If you have made mistakes, even serious ones, there is always another chance for you. What we call failure is not the falling down, but the staying down."
- Mary Pickford
>> Pandemic Toolkit - UK Toolkit for Pandemic Swine Flu - Wave Two has began <<
|
This Month's Top "Picks"
|
 
|
|
IT Governance are recruiting for the following roles:
We have various new roles available on our website...
Find out more > >
OECD Principles of Corporate Governance
Good corporate governance is key to the integrity of corporations, financial institutions and markets, and central to the health of our economies and their stability. OECD work on in this area revolves around the OECD Principles of Corporate Governance and their implementation in economies throughout the world.
www.oecd.org/corporate
Corporate Governance is Stretched to Breaking Point - Corporate Risk Management
A review of the link between risk management strategies and remuneration policies, and the role of the board of directors in establishing and monitoring risk management strategies and remuneration policies.
http://randerson-assocs.co.uk/Documents/OECD%20Summary%20Report.pdf
http://randerson-assocs.co.uk/Documents/OECD%20Report%20Doc.pdf
Twenty Critical Controls for Effective Cyber Defense: Consensus Audit Guidelines
This consensus document of 20 crucial controls is designed to begin the process of establishing a prioritized baseline of information security measures and controls. The consensus effort that has produced this document has identified 20 specific technical security controls that are viewed as effective in blocking currently known high-priority attacks, as well as those attack types expected in the near future.
http://www.sans.org/cag/
Affordable PCI DSS Compliance Package For Small Organisations To Meet The October Deadline!
What is PCI? | Why do I have to comply? | What resources do I need? | How can I do it quickly?
If you accept payment cards - Visa, Mastecard, Amex, etc - in your business or on your website, you will be forced to comply with the PCI DSS.
You probably don't have time, energy or resources to devote to this.
You want a simple, reliable and quick solution that let's you get back to running your business.
A full-scale external QSA consultancy project is likely to cost you from at least £5,000 upwards - and that's more than you can afford!
The IT Governance PCI Compliance Service for Smaller Businesses gets you compliance-ready for a fraction of the cost!
|
|
|
Organisational Governance
Ethisphere's Expert Corner and the Ethisphere Magazine
Interviews and articles by various leaders and subject matter experts. In an age of deeper government scrutiny of business operations, increased civil and criminal penalties for compliance failure, and heightened consumer awareness and sophistication, organizations that want to lead realize that there is a direct link between ethics and profits. Ethisphere Magazine was created to illuminate this important correlation. Its mission is to help corporate executives guide their enterprises toward gaining market share and creating sustainable competitive advantage through better business practices and corporate citizenship.
http://ethisphere.com/category/expert/
http://members.ethisphere.com/
Are You Learning From Project to Project?
If you're among the 99 percent of us who fail this simple test—but shouldn't—you could be in a position of weakness, to the detriment of your current and upcoming projects.
http://www.nealwhittengroup.com/articles/pmn3-99.asp
Four stages of competence
In psychology, the four stages of competence, or the "conscious competence" learning model relates to the psychological states involved in the process of progressing from incompetence to competence in a skill.
http://en.wikipedia.org/wiki/Unconscious_incompetence
What Can Managers Learn From College Basketball?
To gain insights into the labor market, consider how basketball coaches move from one job to another.
http://sloanreview.mit.edu/the-magazine/articles/2009/spring/50306/what-can-managers-learn-from-college-basketball/
|
|
|
IT Governance
The Chief Information Officers (CIO) Council The Chief Information Officers (CIO) Council
The CIO Council's existence was codified into law by the U.S. Congress in the E-Government Act of 2002. The CIO Council serves as the principal interagency forum for improving practices in the design, modernization, use, sharing, and performance of Federal Government agency information resources.
http://www.cio.gov/index.cfm?function=documents
Federal Segment Architecture Methodology
The Architecture and Infrastructure Committee released the Federal Segment Architecture Methodology (FSAM) v1.0 in December 2008. The FSAM features easy-to-use templates that expedite architecture development and maximize architecture use. The FSAM includes step by step guidance based on business-driven, results-oriented architecture.
http://www.whitehouse.gov/omb/e-gov/fsam/
Do CIOs Develop Leaders Like NCAA Coaches?
Are there family trees for the Chief Information Officer profession? - Read on…
http://www.ciodashboard.com/application-management/cios-develop-leaders-like-ncaa-coaches/
Enterprise Architecture Assessment Framework (EAAF)
The scope of EAAF Version 3.0 spans planning, investment, and operations activities required to work in concert to improve agency performance through the management and use of information and information technology. EAAF Version 3.0 features extensive use of key performance indicators (KPIs) measuring outcomes across strategic planning, EA, CPIC, and performance data.
http://www.whitehouse.gov/omb/e-gov/eaaf/
|
|
|
Auditing Risk Management is strongly recommended
Some questions to consider: Are the organization's risk management effort appropriate to its needs? Has a risk management program been developed and implemented? How effective are the risk management efforts? Do we need to increase the understanding of our key risks? Has accountability been established (for risk management? What else needs to be done? Have we done everything necessary?
http://www.auditnet.org/articles/DSIA200701.htm
Pandemic Toolkit - UK Toolkit for Pandemic Swine Flu
This comprehensive, downloadable toolkit contains everything required by a UK organisation that wants to prepare and execute an effective business continuity plan that enables it to cope with the impact of pandemic swine flu - or any other pandemic.
http://www.itgovernance.co.uk/products/2604
Teamwork and Creativity Help to Identify Root Causes
In problem-solving methodologies, identifying potential causes is a crucial step between process mapping and data collection and analysis. It involves the best available process knowledge, as well as creativity. Creativity and team management tools, more often employed for solution finding than for root cause finding, can generate deep understanding of the process mechanics and help the team prepare for the distilling and data-based validation of the "essential few" root causes of a problem.
http://www.realinnovation.com/content/c090511a.asp
Dan Swanson: Nobody's Perfect!
While I never met Edwards Deming in person, this quote continues to inspire me: “You have heard the words; you must find the way. It will never be perfect. Perfection is not for this world; it is for some other world. I hope what you have heard here today will haunt you the rest of your life. I have done my best”. Continuous improvement really is a life long journey.
http://blogs.itworldcanada.com/security/2009/01/23/dan-swanson-nobodys-perfect/
Eight Dumb Project Management Beliefs
There is much more to learn within the project management profession than meets the eye of the casual practitioner/observer. This list discloses eight commonly held beliefs that are thought to be true, but are all false.
http://www.nealwhittengroup.com/power/2008/2008%20power%20snippets%20-%20eight%20dumb%20project%20management%20beliefs.pdf
|
|
|
Information Security
Avoiding IS Icebergs
This article explores the audit's assurance role regarding information security and outlines approaches and methodologies. As with all Secure Strategies articles, this feature is targeted to the beginner infosec professional, though more experienced practitioners will also find it useful as an update on what's available and in use today.
http://journals2.iranscience.net:800
CISO Strategies
The collection of the Library & Information Service includes a range of electronic databases, books and journal articles on Computer Security.
http://journals2.iranscience.net:800/
The SABSA Method
SABSA is a proven framework and methodology for Enterprise Security Architecture and Service Management used successfully by numerous organisations around the world. It is used globally to meet a wide variety of Enterprise needs including Risk Management, Information Assurance, Governance, and Continuity Management.
http://www.sabsa.org/the-sabsa-method.aspx
SANS' Information Security Reading Room
Featuring over 1777 original computer security white papers in 73 different categories.
http://www.sans.org/reading_room/
Nevada first State to make PCI DSS Law!
45 States followed California when they introduced "SB1386", the Security Breach Information Act, which has specific and restrictive privacy breach reporting requirements.
Similarly to the SB1386 Law, California, Massachusetts & Texas are already looking at making PCI DSS Law and history tells us that when California moves, everyone else follows!
From the 1st January 2010, ALL businesses that collect or transmit payment card information, will be legally obliged, by Nevada Law, to comply with PCI DSS.
http://www.itgovernanceusa.com/pcidss-law.aspx
|
|
|
ITIL, ITSM & Prince2
ITIL v3 Foundation Training Course
On this 3-day London based course - which has a unique Pass the Course GUARANTEE - you will gain an understanding of the key concepts, processes and functions that your organisation needs to promote successful IT Service Management. This qualification is also the essential initial career qualification for anyone in IT.
http://www.itgovernance.co.uk/products/2129
Implementing ISO20000 (ISO20000 Consultant Certificate) Training Course
This outstanding London training course - delivered by IT Governance's own expert trainers - prepares the IT practitioner or ISO20000 project manager to implement ISO/IEC 20000 in an organisation. It covers the interpretation and application of the ISO/IEC 20000 Standard. It has a wider scope than the Auditor training/Certification and is ideal at IT(SM) consultants who wish to assist organisations preparing for audit/certification.
This course also has a unqique "Pass the Course Guarantee"
http://www.itgovernance.co.uk/products/2134
ITIL Lifecycle Publication Suite (ITILv3 - Complete Library)
Order the Complete ITIL®v3 Service Lifecycle Publication Suite today for immediate worldwide despatch - and save money.
http://www.itgovernance.co.uk/products/793
PRINCE2™ Distance Learning
PRINCE2™ Distance Learning is a cheaper and more flexible route to train for essential PRINCE2 qualifications. We have a whole range of options available to meet your requirements.
http://www.itgovernance.co.uk/catalog/52
BugBox - PRINCE2 software for project teams
BugBox is the best PRINCE2 issue management software in the world. It solves two persistent project management problems:
Controlling ownership, and
Fixing issues.
Take the 15 day free trail to see for yourself!
http://www.BugBox.biz
|
|
Sign up now for SENTINEL - monthly updates on IT govenance issues that matter
|
|
Download our new Training Catalog and find out what we have to offer in 2009!
|
Security Awareness Resources
Information Security Awareness Posters
The posters are designed to be used as part of a general information security education and awareness initiative inside security-conscious organisations, and all organisations pursuing ISO27001 certification (which requires a staff training and awareness plan) or Data Protection Act compliance.
http://www.itgovernance.co.uk/products/1756
Incident Management
An incident management capability is the ability to provide management of computer security events and incidents. It implies end-to-end management for controlling or directing how security events and incidents should be handled. This involves defining a process to follow with supporting policies and procedures in place, assigning roles and responsibilities, having appropriate equipment, infrastructure, tools, and supporting materials ready, and having qualified staff identified and trained to perform the work in a consistent, high-quality, and repeatable way.
https://buildsecurityin.us-cert.gov/daisy/bsi/articles/best-practices/incident/223-BSI.html
Beyond the myth of Anglo-American corporate governance initiaitive
A number of papers have now been published including:
• Emerging Issues (January 2007)
• Pressure Points (December 2005)
• Effective corporate governance frameworks – encouraging enterprise and market confidence (June 2006)
http://www.icaew.com/index.cfm/route/145066
|
|
Sign up now for SENTINEL - monthly updates on IT govenance issues that matter
|
|
IT Governance specialises in governance, risk management, compliance and information security.