Skip to Main Content
Learn for less: Save 25% on high-quality instructor-led and self-paced foundation training. Find out more

Sorry, the page you're looking for cannot be found

 You may not have been able to visit your page because of:

   1. An out-of-date bookmark/favourite
   2. A search engine that has an out-of-date listing
   3. A mistyped address
   4. You don't have access to this page
   5. The requested resource was not found
   6. An error has occurred whilst processing your request

Are you looking for:

Assessing Information Security - Strategies, Tactics, Logic and Framework, 2nd Edition
Overview

Build a strategic response to cyber attacks

The activities of the cyber criminal are both deliberate and hostile, and they can be compared to military operations. Many people in business understand that the insights from the classics of military strategy are as relevant to modern commerce as they are to war.

It is clear that organisations need to develop a view of cybersecurity that goes beyond technology: all staff in the organisation have a role to play, and it is the senior managers who must ensure, like generals marshalling their forces, that all staff know the cyber security policies that explain what to do when under attack.


Cyber crime… cyber war?

With this in mind, the authors have drawn on the work of Clausewitz and Sun Tzu, and applied it to the understanding of information security that they have built up through their extensive experience in the field. The result is expert guidance on information security, underpinned by a profound understanding of human conflict.

Building on the success of the first edition, this new edition covers the most recent developments in the threat landscape and the best-practice advice available in the latest version of ISO 27001:2103.


Contents

  1. Information Security Auditing and Strategy
  2. Security Auditing, Governance, Policies and Compliance
  3. Security Assessments Classification
  4. Advanced Pre-Assessment Planning
  5. Security Audit Strategies and Tactics
  6. Synthetic Evaluation of Risks
  7. Presenting the Outcome and Follow-Up Acts
  8. Reviewing Security Assessment Failures and Auditor Management Strategies 

Click here to view a sample of the book

About the author

Dr Andrew Vladimirov

Dr Andrew Vladimirov is a security researcher. His fields of expertise include network security and applied cryptography, and he has extensive experience of performing information security assessments. He and his fellow authors are the founders of Arhont Ltd, a leading information security consultancy.

Konstantin Gavrilenko

Konstantin Gavrilenko has over 15 years of experience in IT and security. As a researcher, information security is his speciality, and he has a particular interest in wireless security. He holds a BSc in management science from De Montfort University and an MSc in management from Lancaster University.

Andriej Michajlowski

Andriej Michajlowski is an expert on network security. His research interests include user and device authentication mechanisms, and wireless networking security. He has extensive experience carrying out internal and external information security assessments. He is a graduate of the University of Kent at Canterbury and he holds an MBA.

Information Security Breaches - Avoidance and Treatment based on ISO27001, Second Edition
Overview

What if you suffer an information security breach?

Many titles explain how to reduce the risk of information security breaches. Nevertheless breaches do occur, even to organisations that have taken all reasonable precautions.

Information Security Breaches - Avoidance and treatment based on ISO 27001:2013 helps you to manage this threat by detailing what to do as soon as you discover a breach.


Be prepared, be prompt, be decisive

When your organisation’s security is compromised, you cannot afford to waste time deciding how to resolve the issue. You must be ready to take prompt and decisive action. Updated to cover ISO 27001:2013, this second edition gives you clear guidance on how to treat an information security breach and tells you the plans and procedures you have to put in place to minimise damage and return to business as usual.


A recovery plan will help you to:

  • Recover, and resume normal operations, more quickly
  • Preserve customer confidence by quickly resolving service disruption
  • Secure evidence to help with any criminal investigation and improve your chances of catching those responsible. 

About the author

Michael Krausz

Michael Krausz is an IT expert and experienced professional investigator. He has investigated over a hundred cases of information security breaches.

Many of these cases have concerned forms of white-collar crime. Michael Krausz studied physics, computer science and law at the University of Technology in Vienna, and at Vienna and Webster universities. He has delivered over 5000 hours of professional and academic training and has provided services in eleven countries to date.

IT Governance - An International Guide to Data Security and ISO27001/ISO27002, 7th Edition
Overview

Expert information security management and governance guidance based on international best practice

As global threats to information security increase in frequency and severity, and organisations of all sizes, types and sectors face increased exposure to fast-evolving cyber threats, there has never been a greater need to implement a robust information security management system (ISMS) that complies with the international standard, ISO 27001.

IT Governance: An International Guide to Data Security and ISO27001/ISO27002 provides best-practice guidance from ISO 27001 experts, Alan Calder and Steve Watkins, to help you successfully implement an ISO 27001-compliant ISMS.


Defend your organisation against cyber threats

Now in its seventh edition, this bestselling guide is ideal for information security professionals and organisations that are looking to enhance their ISMS and protect against information security threats.

IT Governance: An International Guide to Data Security and ISO27001/ISO27002 is the definitive compliance guide, covering all aspects of data protection and information security, including viruses, criminal hackers, online fraud, privacy regulations, computer misuse and investigatory powers.

Take a look inside this book


This book will help you understand:

  • How information technology decisions should be made and monitored, and how to deal with risks;
  • The issues and responsibilities associated with risk;
  • The importance of information-related legislation and regulation;
  • How an organisation’s commercial viability and profitability increasingly depends on the security, confidentiality and integrity of information and information assets;
  • The new, global threats and vulnerabilities, particularly in cyberspace; and
  • How ISO 27001 compliance should enable organisations to demonstrate a proper response to all the challenges listed above.

IT Governance: An International Guide to Data Security and ISO27001/ISO27002 is the recommended textbook for the Open University’s postgraduate information security course and the recommended text for all IBITGQ ISO 27001 courses.

About the author

Alan Calder

Alan Calder knows ISO 27001 inside out. He led the implementation of the first management system to achieve accredited certification to BS 7799 – the forerunner to ISO 27001 – and has been working with the Standard and its successors ever since. He is the founder and executive chairman of IT Governance.

Steve Watkins

Steve Watkins is an executive director at IT Governance and holds high-profile roles in the world of cyber security standards and certification, including Chair of the UK ISO 27001 User Group and Chair of the ISO/IEC JTC 1/SC 27, the international technical committee responsible for the ISO 27k family of standards. He is also involved with UK standard technical committees.

IT Governance - Implementing Frameworks and Standards for the Corporate Governance of IT
Overview

An Introduction for Directors and IT professionals

The modern organisation is increasingly working within the context of corporate governance. The subject dictates their day-to-day and strategic activities, especially corporate information asset risk management and investment, and the ICT infrastructure within which those information assets are collected, manipulated, stored and deployed.

But what is corporate governance, and why is it important to the IT professional? Why is IT governance important to the company director, and what do directors of companies - both quoted and unquoted - need to know?


The Calder-Moir Framework

The book also explains how to integrate each standard and framework using The Calder-Moir Framework which was developed specifically to help organisations manage and govern their IT operations more effectively, and to coordinate the sometimes wide range of overlapping and competing frameworks and standards.

It also specifically supports implementation of ISO/IEC 38500, the international standard for best practice IT governance.


Practical IT Governance guidance

Board executives and IT professionals can learn to maximise their use of the numerous IT management and IT governance frameworks and standards - particularly ISO/IEC 38500 - to best corporate and commercial advantage.


Build an IT Governance Framework

Within a 'super framework', or 'meta -framework', you can integrate each of these standards and frameworks whilst making sure that each can deliver what it was designed to do. Developing an overarching framework will enable your organisation to design IT governance to meet your own needs.

About the author

Alan Calder

Alan Calder, the founder and executive chairman of IT Governance Ltd, is an internationally acknowledged cyber security expert, and a leading author on information security and IT governance issues.

He co-wrote the definitive compliance guide IT Governance: An International Guide to Data Security and ISO 27001/ISO 27002, which is the basis for the Open University’s postgraduate course on information security, and has been involved in the development of a wide range of information security management training courses that have been accredited by the International Board for IT Governance Qualifications (IBITGQ).

Alan has consulted on data security for numerous clients in the UK and abroad, and is a regular media commentator and speaker.

Once more unto the Breach - Managing information security in an uncertain world, 2nd Edition
Overview

Essential advice for information security managers

Speaking directly to information security managers, this book offers essential advice to help you understand:

  • How to pull a team together and kick-start your project
  • Key activities you should be spearheading to ensure the organisation is appropriately secure
  • How to ensure compliance runs throughout the whole organisation, including ideas to keep it alive
  • Physical security issues that can cause you difficulties
  • The scope of activities that can be expected of you

Overcoming information security challenges

The challenges you face as an information security manager (ISM) are enormous; billions of people have been affected by data breaches, and countless companies have fallen victim to cyber attacks. It’s your duty to ensure that your organisation isn’t next.

The ISM’s responsibilities now cover all aspects of the organisation and its operations, and relate to the security of information in all forms, locations and transactions across the organisation – and beyond.

With what may seem like the world upon your shoulders, how you approach your role, your responsibilities and the way you communicate with the rest of the organisation can have a huge impact on your delivery.


Insider view of effective management

This book speaks directly to information security managers, providing an insider’s view of the role and offers priceless gems from the author’s extensive experience. It walks you through a typical ISM’s year, and highlights the challenges and pitfalls of an information security programme.

About the author

Andrea C Simmons

Andrea C Simmons is an information governance specialist with extensive experience in the private and public sectors. She has made significant contributions to the development of standards and industry research, and is currently working on a PhD in information assurance. She writes articles and blogs, and presents at conferences, seminars and workshops. Andrea is a member of many professional bodies and has just been awarded Senior Member status by the Information Systems Security Association (ISSA).

This website uses cookies. View our cookie policy
SAVE 25% ON
FOUNDATION TRAINING
Loading...