EIN Presswire: Banking Featured Press Releases

Enterprise-level encrypted USB sticks SafeXs help avoid data breaches

Tue, 07 Feb 2012 19:47:00 +0000

/EINPresswire.com/ IT Governance Ltd, the one stop-shop for information security and data protection compliance products, has reported that it now stocks the new generation encrypted USB sticks - SafeXs. For a limited time only customers will receive the SafeConsole Lite free if they purchase the SafeXs FIPS 197 USB Stick Silver Package here: www.itgovernance.co.uk/products/3662 .

Alan Calder, CEO of IT Governance, comments, "A large percentage of the data breaches we witness are caused by human errors. Imagine how many employees transfer data using portable devices and how many USB sticks get lost. In the period May 2010 - November 2011 we carried out an analysis of the data breach cases which led to the UK's Information Commissioner extracting an undertaking from the organisation concerned. From 85 cases, 16 cases accounted for lost unencrypted lap tops (18,8%) and 22 case for lost unencrypted USB sticks (25,9%)." (For further information see Alan's blog www.alancalderitgovernanceblog.com/2011/11/analysis-of-information-commissioner-cases/)

"Non-secure devices should be blocked altogether." continues Calder. "Any company that doesn't do this is in risks of a data breach and can suffer heavy fines as a result. An enterprise-level secure USB stick, such as the SafeXs, by default, should be the only USB stick used within any organisation".

The SafeXs is an enterprise-level secure USB with encryption hardware. It is the preferred government and enterprise USB stick, and the one chosen by the UK's National Health Service (NHS), with over 1 million already in use.(www.itgovernance.co.uk/products/3662)

The SafeXs FIPS 197 USB Stick Silver Package is the ideal solution for small enterprises looking for a secure-USB solution all in one for an effective price. Customers who order the package now will receive a SafeConsoleLite licence for each of the sticks for one year for free, thus saving £150.

Organisations can order the SafeXs FIPS 197 USB Stick Silver Package online here: www.itgovernance.co.uk/products/3662 . Bulk volumes can be purchased directly from the friendly and helpful IT Governance service centre team on telephone number +44 (0)845 070 1750. Larger organisations can make purchases with a purchase order either by telephone, or by e-mail to servicecentre@itgovernance.co.uk.

- Ends -

FOR FURTHER INFORMATION
Desi Aleksandrova Marketing Executive
+44 (0) 845 070 1750
daleksandrova@itgovernance.co.uk
NOTES TO EDITORS

IT Governance Ltd is the one-stop shop for books, tools, training and consultancy for governance, risk management and compliance. It is a leading authority on data security and IT governance for business and the public sector. IT Governance is 'non-geek', approaching IT issues from a non-technology background and talking to management in its own language. Its customer base spans Europe, the Americas, the Middle East and Asia. More information is available at www.itgovernance.co.uk.

CISA, CISM and CGEIT Exam Preparation courses essential for passing the exams in June

Tue, 07 Feb 2012 19:46:54 +0000

/EINPresswire.com/ IT Governance Ltd, the global leader in information security training, is advising delegates taking the CISA, CISM and CGEIT exams in June to hurry and book onto the relevant exam review courses. The CISA, CISM and CGEIT Exam Preparation Courses are designed to ensure that delegates are prepared to pass the examination on their first attempt. In February, there is an early bird discount which means that attendees will receive 15% off the booking price.

The CISA, CISM and CGEIT qualifications are awarded by ISACA. An ISCA qualification is increasingly seen a must have qualification for consultants and practitioners wishing to progress in the broad IT management and governance field.

The CISA, CISM and CGEIT Exam Preparation Courses are ideal for professionals with busy schedules who want to refresh their memory and receive useful tips just before the exam. Each course covers the whole syllabus and takes delegates through it in a systematic and comprehensive way.

One delegate who attended the CISA course commented, "Very knowledgeable facilitator who presented the key parts of the syllabus in a clear, friendly and approachable manner."

The CISA Exam Preparation course is the perfect intensive preparation course for the CISA exam. The CISA exam changes every year, and our course is updated to reflect the latest official guidance on content and exam questions. The next CISA Exam Preparation course takes place on 15th-18th May in London and can be booked online here www.itgovernance.co.uk/products/636.

The CISM Exam Preparation course provides delegates with the core CISM competencies required by information security professionals who plan to sit the CISM exam this year. With a growing demand for professionals possessing Information Security Management skills, CISM has become a leading, individual certification in information security management for individuals and organisations around the world. CISM certification signifies commitment to serving an organisation and the Information Security industry with distinction. The course takes place on 22nd-25th May in London and can be booked online here www.itgovernance.co.uk/products/637.

The CGEIT Exam Preparation course is designed to enable candidates to understand roles and responsibilities, and various focus areas of IT governance. The course is aimed at IT and business professionals who hold substantial positions in management, advisory or assurance related to the governance of enterprise IT. The course takes place on 21st-24th May in London and can be booked online here www.itgovernance.co.uk/products/3310 .

All three courses can be booked online or directly with the friendly, helpful IT Governance service centre team on telephone number +44 (0)845 070 1750. Larger organisations can make CISA, CISM and CGEIT Exam Preparation bookings or purchases of Exam Passports with a Purchase Order either by telephone or by email to servicecentre@itgovernance.co.uk.

- Ends -

FOR FURTHER INFORMATION
Desi Aleksandrova Marketing Executive
+44 (0) 845 070 1750
daleksandrova@itgovernance.co.uk
NOTES TO EDITORS

IT Governance Ltd is the one-stop shop for books, tools, training and consultancy for Governance, Risk Management and Compliance. It is a leading authority on data security and IT governance for business and the public sector. IT Governance is 'non-geek', approaching IT issues from a non-technology background and talking to management in its own language. Its customer base spans Europe, the Americas, the Middle East and Asia. More information is available at www.itgovernance.co.uk.

ISO20000 implementation boosts business by increasing customer satisfaction

Tue, 07 Feb 2012 19:46:47 +0000

/EINPresswire.com/ Those familiar with ISO/IEC 20000, the international IT Service Management standard, will agree that it aims to enable IT organisations to ensure that their IT service management processes are aligned with the needs of the business. Over the last year ISO20000 has gained momentum, with Virgin Media becoming the most recent blue chip company to achieve certification in November 2011.

Alan Calder, CEO of IT Governance, explains, "By going through the process of formal certification organisations automatically demonstrate to their prospective and existing customers a commitment to improved IT service management systems. In the current economic climate, customers are looking to cut costs and they are becoming more selective in terms of their providers. Implementing ISO20000 not only improves the processes and practices within an organisation, but it also reassures customers that the company is efficient, reliable and trustworthy. Organisations that are ISO/IEC 20000 certified can expect to see more repeat business due to improved customer experience."

The growing interest in ISO20000 implementation increases the need for organisations to take on board qualified practitioners who will be immediately effective in any ISO20000 project.

Calder continues, "As an established training provider we have seen a steady demand for ISO20000 Practitioner training in 2011. The driver for this appears to be the need for commercial organisations to ensure that they have implementation managers who fully understand the ISO20000 compliance process. Furthermore, companies are looking for qualifications from recognised examination bodies.

The ISO 20000 Practitioner Certificate Course is ideal for all IT(SM) practitioners who assist organisations in preparing for audit/certification to ISO20000. (www.itgovernance.co.uk/products/2134)

The three-day ISO 20000 Practitioner Certificate Course combines theory and practice in an engaging way. It covers the interpretation and application of the ISO20000 standard and enables delegates to develop the service management capability of an organisation and assess its readiness for certification. Delegates who pass the test at the end of the course are awarded an APMG-accredited ISO 20000 Practitioner Certificate. The next sitting takes place on 27-29 February in London. There are still a few places available at £100 off the standard price.(www.itgovernance.co.uk/products/2134)

Organisations can book delegates onto this course online: www.itgovernance.co.uk/products/2134. Course places can also be booked directly with the friendly, helpful IT Governance service centre team on telephone number +44 (0)845 070 1750. Larger organisations can make bookings or purchases with a purchase order, either by telephone or by e-mail, to servicecentre@itgovernance.co.uk. We welcome overseas delegates on all our courses and can provide guidance on travel and hotel arrangements.
- Ends -

FOR FURTHER INFORMATION
Desi Aleksandrova Marketing Executive
+44 (0) 845 070 1750
daleksandrova@itgovernance.co.uk

NOTES TO EDITORS

IT Governance Ltd is the one-stop shop for books, tools, training and consultancy for governance, risk management and compliance. It is a leading authority on data security and IT governance for business and the public sector. IT Governance is 'non-geek', approaching IT issues from a non-technology background and talking to management in its own language. Its customer base spans Europe, the Americas, the Middle East and Asia. More information is available at www.itgovernance.co.uk.

Knowing the business and legal requirements important for achieving ISO27001 compliance

Tue, 07 Feb 2012 19:46:42 +0000

/EINPresswire.com/ Project managers responsible for implementing an ISO27001-compliant Information Security Management System (ISMS) know that there are five controls in ISO/IEC 27001 Annex A which impose specific requirements. According to these, organisations need to, first, identify and, second, stay up-to-date with statutory and regulatory requirements (Clause 4.2.1 b. 2).

Given that are over 70 information-related laws and statutes in force in the UK fulfilling the above requirements doesn't seem an easy task. IT and compliance managers face the problem of becoming familiar with the laws, identifying the ones they need to comply with and ensuring compliance with them.

IT Governance, the single-source provider for everything related to ISO27001 and information security, offers a product which comfortably addresses the above issues and provides effective and efficient solutions to project managers.

The ISO27001 Compliance Database and Update Service is the only product on the market that holds a repository of all the 71 statutes and regulations relevant to ISO27001. Updated for 2011, the ISO27001 Compliance Database includes 10 new laws and offers regular updates (depending on the subscription period) as and when new laws are published.(www.itgovernance.co.uk/products/3161)

The ISO 27001 Compliance Database and Update Service identifies the specific clauses within each legal instrument that organisations must comply with, providing best-practice guidance on how to comply with that clause. It also enables an ISMS project manager to select appropriate controls at the individual clause level.(www.itgovernance.co.uk/products/3161)

A video demonstrating how the ISO27001 Compliance Database and Update Service works is available online at www.itgovernance.co.uk/products/3161.

Subscriptions to the ISO27001 Compliance Database and Update Service can be made online here: www.itgovernance.co.uk/products/3161, or by contacting IT Governance's friendly service team on +44 (0) 845 070 1750, or via e-mail to servicecentre@itgovernance.co.uk.

- Ends -

FOR FURTHER INFORMATION
Desi Aleksandrova Marketing Executive
+44 (0) 845 070 1750
daleksandrova@itgovernance.co.uk

NOTES TO EDITORS

IT Governance Ltd is the one-stop-shop for books, tools, training and consultancy for governance, risk management and compliance. It is a leading authority on ISO27001, data security and IT governance for business and the public sector. IT Governance is 'non-geek', approaching IT issues from a non-technology background and talking to management in its own language. Its customer base spans Europe, the Americas, the Middle East and Asia. More information is available at www.itgovernance.co.uk.

ISO27001 is the answer to cyber security, says IT Governance's CEO

Tue, 07 Feb 2012 19:46:33 +0000

/EINPresswire.com/ While the European Commission is tightening the data protection requirement and the UK and US Governments are shaping their cyber security strategies, organisations should be taking all the necessary measures to ensure their information is secure.

Alan Calder, CEO of IT Governance, says, "If you want a single solution to cyber security, you have to think ISO27001. ISO27001 is the international information security standard providing guidance for developing an information security management system (ISMS) that takes into account business and legal or regulatory requirements and contractual security obligations. If it is understood and implemented correctly, ISO27001 can serve as the most powerful weapon against cyber crime."

"A cyber breach can lead to a cyber storm of destruction of corporate reputation and regulatory punishment. Shareholders are likely to take action for negligence." continues Calder. "Moreover, organisations will have to reckon with the cost of compensation to customers and everyone else affected. They will have to pay the cost of remediation and put in place the systems that they should have had there in the first place. And if they have had them they wouldn't have to pay the high price for the rest.

"Therefore, ISO27001 certification is increasingly adopted as best-practice information security management by larger organisations and governments around the world. ISO27001-compliance can give organisations and their employees a piece of mind, and it sends a very positive message to their shareholders and customers."

Obtaining an ISO/IEC 27001 certification, like other ISO management system certifications, usually involves a three-stage audit process:

• Stage 1 is a preliminary, informal review of the information system management system (ISMS).
• Stage 2 is a more detailed and formal compliance audit, independently testing the ISMS against the requirements specified in ISO/IEC 27001.
• Stage 3 involves follow-up reviews or audits to confirm that the organisation remains in compliance with the standard.

The ISO/IEC 27001 consultancy service provided by IT Governance (www.itgovernance.co.uk/iso27001_consultancy.aspx) uses methodologies and tools that have been developed and honed over 10 years, ever since the company's CEO Alan Calder and Steve Watkins, Director at IT Governance, led the world's first successful certification to BS7799, the forerunner of ISO 27001. IT Governance has supported in excess of 100 clients from various sectors through successful ISO27001 certification projects.

IT Governance also provides an ISO27001 Feasibility and Gap analysis consultancy service which is essential for anyone considering implementing an ISO 27001 project.(www.itgovernance.co.uk/ISO27001-feasibility-and-gap-analysis-service.aspx)

You can also e-mail IT Governance at servicecentre@itgovernance.co.uk or telephone + 44 845 070 1750 to find out, free of obligation, what would be involved in achieving ISO27001 certification for your organisation.

- Ends -

FOR FURTHER INFORMATION
Desi Aleksandrova Marketing Executive
+44 (0) 845 070 1750
daleksandrova@itgovernance.co.uk

NOTES TO EDITORS

IT Governance Ltd is the one-stop shop for books, tools, training and consultancy for Governance, Risk Management and Compliance. It is a leading authority on data security and IT governance for business and the public sector. IT Governance is 'non-geek', approaching IT issues from a non-technology background and talking to management in its own language. Its customer base spans Europe, the Americas, the Middle East and Asia. More information is available at www.itgovernance.co.uk.

Combined ISO27001 Foundation and Lead Implementer course optimises training time and costs

Tue, 31 Jan 2012 15:38:46 +0000

/EINPresswire.com/ IT Governance Ltd, the global leader in ISO27001 training, standards, books, and tools, has announced that there are a few places available for the February session of the ISO 27001 ISMS Foundation Training Course and the ISO27001 Certified Lead Implementer Masterclass . If they book the courses together delegates will save almost £300. Bookings can be made immediately here: www.itgovernance.co.uk/products/700.

Formal training has become a must for IT professionals who are responsible for developing and maintaining an ISO27001-compliant Information security Management System (ISMS). Companies compliant with ISO27001, the international Information Security Standard, report achieving significant competitive advantage including winning new business, increasing customer confidence and improved organisational efficiency. Moreover, ISO27001 implementation is seen as an effective weapon against cyber crime.

Alan Calder, CEO of IT Governance, says, "Take-up of ISO27001 is rapidly accelerating across all sectors. Organisations that let themselves fall behind can expect a few problems in the future. Not only will they be more vulnerable to data breaches, but they will also lose their competitive edge."

"Developing an ISMS to a high standard requires qualified staff who are familiar with the ISO27001 requirements, and who are able to implement all procedures and controls correctly and efficiently." continues Calder. "It is the Board's responsibility to ensure that they employee people with the right skills. On the other hand, individuals looking to progress their career in information security can benefit a lot from training and an industry recognised certification."

The ISO27001 ISMS Foundation Course is the recognised starting point for anyone involved in, or considering starting, the journey towards development of an information security management system based on ISO/IEC 27001. This course enables delegates to understand the key concepts of ISO27001, including its relationship with ISO27002. Successful candidates will be awarded the ISO27001 ISMS Foundation Certificate, issued by the exam body gasq, and approved by the International Board for IT Governance Qualifications (IBITGQ).

In February delegates can take the ISO27001 Certified Lead Implementer Masterclass immediately after the ISO27001 ISMS Foundation Course, thus optimising their training time and costs (www.itgovernance.co.uk/products/700). The latter will allow them to take their understanding of ISO 27001 to the next level and learn how to implement ISO27001 from a beginner's state through to completion. The ISO27001 Certified Lead Implementer Masterclass is also approved by IBITGQ.

These two ISO27001 training courses together cover all the key steps in preparing for, and achieving, certification first time. They are suitable for information security managers, those writing information security policies or implementing ISO27001.

Organisations can book delegates onto the ISO27001 courses online here: www.itgovernance.co.uk/products/700. Course places can also be booked directly with the friendly, helpful IT Governance service centre team on telephone number +44 (0)845 070 1750. Larger organisations can make bookings or purchases with a purchase order, either by telephone, or by e-mail to servicecentre@itgovernance.co.uk. We also welcome overseas delegates on all our courses and can provide guidance on travel and hotel arrangements.

- Ends -

FOR FURTHER INFORMATION

Desi Aleksandrova Marketing Executive
+44 (0) 845 070 1750
daleksandrova@itgovernance.co.uk
NOTES TO EDITORS

IT Governance Ltd is the one-stop-shop for books, tools, training and consultancy for governance, risk management and compliance. It is a leading authority on data security and IT governance for business and the public sector. IT Governance is 'non-geek', approaching IT issues from a non-technology background and talking to management in its own language. Its customer base spans Europe, the Americas, the Middle East and Asia. More information is available at www.itgovernance.co.uk.

Penetration testing essential for establishing security level and meeting compliance needs

Tue, 31 Jan 2012 15:38:41 +0000

/EINPresswire.com/ In an era of increased cyber crime, the growing attacks on networks and applications are becoming ever more sophisticated. Therefore, the number of organisations which are being hacked is growing exponentially. At the same time the penalties incurred by organisations for failing to protect themselves and their customer's data are becoming ever steeper.

Effective pen testing is a sensible way for companies to establish if their networks and applications are truly secure. Routine penetration testing is also an essential component in any ISO27001 ISMS - from initial development through to ongoing maintenance and continual improvement. It can also help organisations meet the requirements of the PCI DSS standard and comply with the Data protection Act (DPA).

Alan Calder, CEO of IT Governance, says, "With the ever-increasing risk of external attacks to websites, the continual enhancements and upgrades to a system over time, and the continual discovery of new vulnerabilities and security holes, organisations need to conduct external penetration tests at least annually."

IT Governance Ltd, the global leader in ISO 27001 and information security products and services, offers fixed-price penetration testing packages which are are designed to simplify security testing. Organisations can save £1000 if they buy a Penetration Testing Standard Package (www.itgovernance.co.uk/products/3184) or a Web Application Testing Package (www.itgovernance.co.uk/products/3185) before the end of February.

Calder explains, "We have reduced the price of our penetration testing packages in order to encourage more organisations to test their systems. We would like them to understand how vital pen testing is for the protection of their information."

Both the Penetration Testing Standard Package (www.itgovernance.co.uk/products/3184) and the Web Application Testing Package (www.itgovernance.co.uk/products/3185) include a comprehensive report indentifying vulnerabilities and recommended remedial activity. They are suitable for small companies with up to 20 externally facing IP addresses and up to four internal services running in a single organisation. One of the biggest benefits to organisations is that they can agree the scope of testing delivered for known and fixed benefits. The packages are available for a limited time only at the special price of just £1,950 each.

To buy online go to www.itgovernance.co.uk/products/3184 and www.itgovernance.co.uk/products/3185. You can also contact the friendly, helpful IT Governance service centre team on telephone number +44 (0)845 070 1750. Larger organisations can purchase penetration testing packages with a Purchase Order either by telephone or by email to servicecentre@itgovernance.co.uk.

- Ends -

FOR FURTHER INFORMATION

Desi Aleksandrova Marketing Executive
+44 (0) 845 070 1750
daleksandrova@itgovernance.co.uk

NOTES TO EDITORS

IT Governance Ltd is the one-stop shop for books, tools, training and consultancy for Governance, Risk Management and Compliance. It is a leading authority on data security and IT governance for business and the public sector. IT Governance is 'non-geek', approaching IT issues from a non-technology background and talking to management in its own language. Its customer base spans Europe, the Americas, the Middle East and Asia. More information is available at www.itgovernance.co.uk.

IT Governance launches a new CISSP Accelerated Training Programme

Tue, 31 Jan 2012 15:38:03 +0000

/EINPresswire.com/ IT Governance Ltd, the UK's leading ISO27001 Information Security Management consultant and training service provider has announced the launch of its CISSP Accelerated Training Programme (www.itgovernance.co.uk/products/617).

Designed to meet the needs of individuals who are planning to study and prepare for the (ISC)2 CISSP examination, the CISSP Accelerated Training Programme provides a unique 3-phase approach to ensuring that candidates pass the exam at the first attempt (www.itgovernance.co.uk/products/617).

Alan Calder, CEO of IT Governance explains, "CISSP is acknowledged to be the premier certification required for the development of a senior career in information security, audit and IT governance management. This is clearly evident in the many job adverts for infosec managers where CISSP, CISM and experience in ISO27001 always seem to be listed".

"The secret to passing the CISSP exam is to ensure that each candidate has a comprehensive knowledge of the CISSP Common Body of Knowledge (CBK) and a thorough preparation and practice for the examination. While this sounds easy, many find the huge amount of information associated with the 10 CBK Domains and a 6-hour examination a daunting and gruelling process."

"Our Training Development Team started with a 'clean slate', talking to our customers about their CISSP experiences and reviewing the existing CISSP exam preparation books and courses." Calder continues. "They confirmed that candidates who attended a pre-exam training course were more successful, particularly if the course helped them to improve their knowledge in CBK topics which they struggled to understand. As a result, a key feature of our programme is the Pre-course CISSP Knowledge Assessment, which determines the strengths and weakness of the current knowledge of each candidate. Our trainer then uses this assessment to prepare an individual Pre Course Study Plan, which is then factored into a subsequent 5-day classroom training session."

The CISSP Accelerated Training Programme is designed to provide an intensive and complete preparation to ensure that delegates pass the (ISC)2 CISSP examination at the very first attempt (www.itgovernance.co.uk/products/617). Delivered in London over a period of 5-days, this unique 3-Phase intensive study program includes the following:

• Pre-course CISSP Knowledge Assessment
• Classroom Presentation delivered by an experienced CISSP qualified trainer
• Evening Q&A and discussion sessions
• Final Exam Preparation with example exam questions
• (ISC)2 CISSP CBK Official Study Guide Textbook
• Optional Accommodation package

Bookings onto the CISSP Accelerated Training Programme can be made online here: http://www.itgovernance.co.uk/products/617. Course places can also be booked directly with the friendly, helpful IT Governance service centre team on telephone number +44 (0)845 070 1750. Larger organisations can make bookings or purchases with a purchase order, either by telephone, or by e-mail to servicecentre@itgovernance.co.uk. We also welcome overseas delegates on all our courses and can provide guidance on travel and hotel arrangements.

- Ends -

FOR FURTHER INFORMATION
Desi Aleksandrova Marketing Executive
+44 (0) 845 070 1750
daleksandrova@itgovernance.co.uk
NOTES TO EDITORS

IT Governance Ltd is the one-stop shop for books, tools, training and consultancy for Governance, Risk Management and Compliance. It is a leading authority on data security and IT governance for business and the public sector. IT Governance is 'non-geek', approaching IT issues from a non-technology background and talking to management in its own language. Its customer base spans Europe, the Americas, the Middle East and Asia. More information is available at www.itgovernance.co.uk.

IT Governance Publishing launches "An introduction to Hacking and Crimeware: A Pocket Guide"

Wed, 25 Jan 2012 16:43:40 +0000

/EINPresswire.com/Cybercrime is on the rise. Unchecked, it could destroy the entire global cyber infrastructure and wipe out many businesses. We need to defend ourselves against it, and we must fight back. Toolkits to create malware are now readily available to anyone wishing to defraud and do damage. For your business to survive and thrive, it is vital to stay informed about the threats and the risks, and arm yourself against them.

In an Internet environment where a substantial number of initial attacks are automated, all organisations need to take steps to prepare themselves. Any individual using a computer for information processing should also understand the threats and how to protect themselves.

'An Introduction to Hacking and Crimeware: A Pocket Guide', is a concise guide to the most recent and the more serious threats. Knowing about these threats will help you understand how to ensure your computer systems are protected and that your business is safe, enabling you to focus on your core activities (www.itgovernance.co.uk/products/3738). The pocket guide:

• Defines exactly what crimeware is - both intentional and unintentional.
• Explores the increasing use of COTS tools as hacking tools.
• Provides a valuable list of up-to-date, authoritative sources of information, so you can stay abreast of new developments and safeguard your business.

'An Introduction to Hacking and Crimeware: A Pocket Guide', is written by Victoria Loewengart, a partner and co-founder of two organisations: AKOTA Technologies and Technology and Business Insider. She has more than 25 years' experience in cyberspace development, management and exploration and has conducted extensive research in the cybersecurity and intelligence technologies fields, making her the ideal author for this pocket guide (www.itgovernance.co.uk/products/3738).

Victoria comments "I am fascinated with the evolution of cybercrime and with the underground economy which is driving the development and distribution of bots and other malware. The knowledge of this world is confined to information security professionals. I think it is useful for anyone who is using a computer for information processing to understand where the threat is coming from and what/who s is behind it. Understanding the threat is half of the battle against it. I am very pleased and very grateful for ITG publishing my pocket-guide."

Alan Calder, CEO of IT Governance adds, "Cybersecurity is a critical business risk and a cyberbreach can pose significant financial implications. Organisations and individuals alike must be aware of, and protect themselves from, the threats and risks, if they are to win the battle against cybercrime. We are delighted to publish this pocket guide and it is a fantastic addition to our portfolio. It will enable technical and non technical readers to develop their understanding of such risks and threats through its concise, research-based approach, which as Victoria states, is half the battle!"

'An Introduction to Hacking and Crimeware: A Pocket Guide' is available in multiple formats and can be purchased in local currency from the following websites:

International (shipping from UK, GBP currency denominated)

Softcover: www.itgovernance.co.uk/products/3738
eBook: www.itgovernance.co.uk/products/3742

USA (shipping from USA, USD currency denominated)

Softcover: www.itgovernanceusa.com/product/2469.aspx
eBook: www.itgovernanceusa.com/product/2468.aspx

EU (shipping from Netherlands, Euro currency denominated)

Softcover and eBook:
www.itgovernance.eu/p-862.aspx

- Ends -

FOR FURTHER INFORMATION
Desi Aleksandrova Marketing Executive
+44 (0) 845 070 1750
daleksandrova@itgovernance.co.uk

NOTES TO EDITORS

IT Governance Ltd is the one-stop shop for books, tools, training and consultancy for Governance, Risk Management and Compliance. It is a leading authority on data security and IT governance for business and the public sector. IT Governance is 'non-geek', approaching IT issues from a non-technology background and talking to management in its own language. Its customer base spans Europe, the Americas, the Middle East and Asia. More information is available at www.itgovernance.co.uk.

IT Governance launches Cloud Computing Foundation training course

Wed, 25 Jan 2012 16:43:35 +0000

/EINPresswire.com/IT Governance Ltd, the leading expert in information security training, consultancy, books and tools, has today launched the Cloud Computing Foundation training course. This course is based on the EXIN Cloud Computing Foundation syllabus and prepares delegates for the EXIN Cloud Computing Foundation examination which is taken at the end of the second day. The first sitting will be held on 9-10 May and places can be booked immediately here www.itgovernance.co.uk/products/3719.

Alan Calder, CEO of IT Governance, says, "We have launched this new course as we recognise that companies are increasingly shifting to the cloud to eliminate maintenance costs. On the other hand, this tendency increases the demand for human resources who can research, plan or support an implementation of Cloud computing. Our new course is particularly suited for IT Managers who are responsible for the delivery of Cloud services and IT Directors who need to understand and evaluate the business case and performance of Cloud resources."

Cloud computing is the term given to the availability of IT resources usually supplied by an external third party service provider and accessed using the Internet. The 'Cloud' itself is a virtualisation of resources - networks, servers, applications, data storage and services - to which the end user has constant on-demand access. These resources can be provided with minimal user management or service provider interaction.

Calder continues, "Organisations also need to be aware that a major cloud provider is likely to suffer a significant security breach. Organised criminals will increasingly target cloud services. Therefore, it is important that IT managers are familiar with security in the cloud and identity management - a topic covered extensively during our course."

The Cloud Computing Foundation training course is presented by an experienced trainer in a class-room format and includes relevant workshop exercises and discussion sessions (www.itgovernance.co.uk/products/3719).

IT Managers can get an additional understanding of the benefits and risks with Cloud computing, by reading the book 'Above The Clouds: Managing Risk in the World of Cloud Computing' (www.itgovernance.co.uk/products/2826).

Bookings can be made online here: www.itgovernance.co.uk/products/3719. Course places can also be booked directly with the friendly, helpful IT Governance service centre team on telephone number +44 (0)845 070 1750. Larger organisations can make bookings or purchases with a purchase order, either by telephone or by e-mail, to servicecentre@itgovernance.co.uk. We also welcome overseas delegates on all our courses and can provide guidance on travel and hotel arrangements.

- Ends -

FOR FURTHER INFORMATION
Desi Aleksandrova Marketing Executive
+44 (0) 845 070 1750
daleksandrova@itgovernance.co.uk
NOTES TO EDITORS

IT Governance Ltd is the one-stop shop for books, tools, training and consultancy for Governance, Risk Management and Compliance. It is a leading authority on data security and IT governance for business and the public sector. IT Governance is 'non-geek', approaching IT issues from a non-technology background and talking to management in its own language. Its customer base spans Europe, the Americas, the Middle East and Asia. More information is available at www.itgovernance.co.uk.

IT Governance holds a COBIT 5 Update Day in February

Wed, 25 Jan 2012 16:43:30 +0000

/EINPresswire.com/IT Governance Ltd, the leading expert in IT governance and information security training, consultancy, books and tools, will hold the first COBIT 5 Update Day on 23 February in London. The seminar is aimed at IT Service Managers, IT Consultants, IT Auditors, Governance, Risk and Compliance Managers and Business Managers who have an understanding of COBIT 4.1. Places can be booked immediately here: www.itgovernance.co.uk/products/3754.

Alan Calder, CEO of IT Governance, says, "It is vital for anyone who holds the COBIT 4.1 Foundation Certificate or has implemented or audited IT governance using COBIT 4.1 to become familiar with the COBIT 5 key concepts and the differences from COBIT 4.1. We are delighted to deliver the first seminar that is entirely focused on the transition, following confirmation from ISACA, that the COBIT 5 Framework will be published in the next few months. The COBIT 5 Update Day will enable those with an understanding of COBIT 4.1 to readily recognise the enhancements within COBIT 5, and decide upon an approach for migration. We expect a full classroom."

COBIT 5 is considered to be a major strategic improvement providing the next generation of ISACA guidance on the governance and management of enterprise information and technology (IT) assets.

COBIT 5 extends COBIT 4.1 by incorporating the governance activities of ISO 38500 (Corporate Governance of IT), including activities of the complementary ISACA frameworks Val IT, Risk IT, BMIS and ITAF as well as other areas of IT governance developed since COBIT 4.1 was written in 2007.

The benefits of using COBIT 5 include value e-creation through effective governance, management enterprise information and technology (IT) assets; business user satisfaction with IT engagement and services by enabling business objectives as well as compliance with relevant laws, regulations and policies.

The COBIT 5 Update Day is delivered by an experienced ISACA-licensed trainer who has participated in the ISACA team developing the syllabus for the original online COBIT Foundation course launched in 2005 (www.itgovernance.co.uk/products/2295).

Bookings onto the course can be made online here: www.itgovernance.co.uk/products/3754 . Course places can also be booked directly with the friendly, helpful IT Governance service centre team on telephone number +44 (0)845 070 1750. Larger organisations can make bookings or purchases with a purchase order, either by telephone or by e-mail, to servicecentre@itgovernance.co.uk. We also welcome overseas delegates on all our courses and can provide guidance on travel and hotel arrangements.

- Ends -

FOR FURTHER INFORMATION
Desi Aleksandrova Marketing Executive
+44 (0) 845 070 1750
daleksandrova@itgovernance.co.uk
NOTES TO EDITORS

IT Governance Ltd is the one-stop shop for books, tools, training and consultancy for Governance, Risk Management and Compliance. It is a leading authority on data security and IT governance for business and the public sector. IT Governance is 'non-geek', approaching IT issues from a non-technology background and talking to management in its own language. Its customer base spans Europe, the Americas, the Middle East and Asia. More information is available at www.itgovernance.co.uk.

Pre-written documentation ensures speed and quality when implementing an ISO 27001-compliant ISMS

Wed, 25 Jan 2012 16:43:25 +0000

/EINPresswire.com/Organisations are increasingly relying on pre-written documents and policies when implementing an ISO 27001-compliant Information Security Management System (ISMS) from scratch. This approach has proven to be both time and cost-effective whilst allowing companies to focus on other essential parts of the implementation process.

This explains why IT Governance Ltd, a market-leading company in cyber security and ISO 27001-compliance expertise, has seen more than double increase on the sales of their ISMS documentation toolkits with over 1000 copies having been sold worldwide.

Alan Calder, CEO of IT Governance, explains, "The implementation of an ISO 27001-compliant information security system is now a priority number one for many companies. Most of them are under pressure from their clients to align their ISMS to the ISO 27001 standard. The hardest part of achieving certification against any management system standard is the documentation of the management system. It can be a thousand pages plus. That is when documentation toolkits come in handy. Our toolkits have helped thousands of companies implement an ISMS. Our clients trust us because our toolkits are designed by our in-house information security consultants with a wealth of knowledge and experience."

IT Governance has just launched a time-limited unique offer which combines documentation toolkits with information security training - also fundamental to cyber security. Customers, who buy any of the ISMS documentation toolkits before 31 January 2012, will receive 15% off all training courses from IT Governance: www.itgovernance.co.uk/iso27001_toolkits.aspx .

"Increasingly, customers are attending a training course after the purchase of a toolkit." continues Calder. "We are told by organisations that combine their learning with our toolkits, that it is a powerful route to do-it-yourself certification readiness."

IT Governance training courses schedule is available here www.itgovernance.co.uk/itg-training-courses.aspx.

Organisations can purchase any of the ISO 27001 ISMS toolkits here: www.itgovernance.co.uk/iso27001_toolkits.aspx . Orders can also be made directly with the friendly, helpful IT Governance service centre team on telephone number +44 (0)845 070 1750. Larger organisations can make purchases with a purchase order, either by telephone, or by e-mail to servicecentre@itgovernance.co.uk.

- Ends -

FOR FURTHER INFORMATION
Desi Aleksandrova Marketing Executive
+44 (0) 845 070 1750
daleksandrova@itgovernance.co.uk
NOTES TO EDITORS

IT Governance Ltd is the one-stop-shop for books, tools, training and consultancy for governance, risk management and compliance. It is a leading authority on data security and IT governance for business and the public sector. IT Governance is 'non-geek', approaching IT issues from a non-technology background and talking to management in its own language. Its customer base spans Europe, the Americas, the Middle East and Asia. More information is available at www.itgovernance.co.uk.

Professional risk assessment enables balanced expenditure on controls

Tue, 24 Jan 2012 12:36:57 +0000

/EINPresswire.com/ Risk assessment is critical for the cyber security of any organisation's information assets. It plays an essential role ensuring their confidentiality, integrity and availability (CIA). Most organisations know they should conduct a risk assessment, identify the threats to their business and put in place adequate risk management controls. However, many of them are unsure as to how to do it.

Alan Calder, CEO of IT Governance, says "Having consulted many clients on information security issues, we have observed that most of them don't manage risk effectively. They need to develop adequate risk management processes and policies in order to protect themselves from risks. The controls they put in place need to be based on informed assessment and their effectiveness needs to be measured."

"It is important that when risk assessment is being undertaken no risk is left unexplored." continues Calder, "Risk assessment enables expenditure on controls to be balanced against the business harm likely to result from security failures."

IT Governance Ltd, the global leader in information security products and services, has developed a risk assessment tool, vsRisk, that automates and accelerates the risk assessment process (www.itgovernance.co.uk/products/744). It enables project managers to monitor the day-to-day execution and management of the controls as well as generating reports for audit purposes. Customers, who order a copy of vsRisk before 31 January 2012, will receive 15% off all training courses from IT Governance: www.itgovernance.co.uk/iso27001_toolkits.aspx .

Uniquely, vsRisk can assess the confidentiality, integrity and availability for each of the business, legal and contractual aspects of information assets, as required by the ISO 27001 standard. The tool can serve as a day-to-day operational tool, showing at a glance where an organisation stands in its progress towards ISO 27001 compliance. A free trial version can be requested here www.itgovernance.co.uk/iso27001-risk-assessment.aspx.

vsRisk offers an in-built audit trail, comparative history, comprehensive reporting and gap analysis that radically reduces the manual record keeping traditionally associated with risk assessments. The tool minimises the need for specialist knowledge and significantly undercuts the cost of generalist risk management tools, thus, making ISO27001 compliance achievable for a far wider range of organisations and professionals.(www.itgovernance.co.uk/products/744)

As well as supporting ISO/IEC 27001:2005 and ISO/IEC 27002, vsRisk v1.5 complies with BS7799-3:2006, ISO/IEC 27005, NIST SP 800-30 and the UK's Risk Assessment Standard.

vsRisk is produced by Vigilant Software, the specialist software subsidiary of IT Governance and can be purchased online from www.itgovernance.co.uk/products/744.

- Ends -

FOR FURTHER INFORMATION

Desi Aleksandrova Marketing Executive
+44 (0) 845 070 1750
daleksandrova@itgovernance.co.uk
NOTES TO EDITORS

IT Governance Ltd is the one-stop shop for books, tools, training and consultancy for Governance, Risk Management and Compliance. It is a leading authority on data security and IT governance for business and the public sector. IT Governance is 'non-geek', approaching IT issues from a non-technology background and talking to management in its own language. Its customer base spans Europe, the Americas, the Middle East and Asia. More information is available at www.itgovernance.co.uk.

PCI DSS compliance is only the first mandatory step

Tue, 24 Jan 2012 12:36:45 +0000

/EINPresswire.com/ A few days ago the Amazon-owned shopping website Zappos admitted that it has been hacked. Zappos customers were asked to choose new passwords and were warned that some of their personal information might have been exposed in the attack.

Although it is not yet clear how the data was compromised, this incident once again puts the issue of personal data protection and compliance into the spotlight. It also raises concerns about the insider threat that exists in potentially any organization.
According to the news website 'CIO Today', Zappos is PCI compliant, and all transactions are authenticated and encrypted using SSL. On the other hand, this incident shows that PCI-DSS compliance is only the first mandatory step in securing customers' credit cards and account information. With attackers becoming more sophisticated by the day, organizations must adopt more integrated approaches in terms of meeting the PCI DSS requirements on one hand, and educating staff on the other.

Alan Calder, CEO of IT Governance, says, "Companies should regularly educate employees about data breaches risks. This is the only way to minimise the insider threat, which is probably the reason for over 50% of data breaches. Staff should be aware not to install any unauthorised software which may be disguised as malware. They shouldn't be opening emails from unknown sources or be sharing their passwords with others."

"Positive, aware and well trained members of staff are a key part of ensuring that you fully comply with the PCI DSS standard and protect the crucial intellectual assets of your organization, namely your confidential information, relationships and reputation." adds Calder.

In the current economic climate, e-learning brings direct efficiency gains to organizations. Normal training costs for instructors, meeting rooms, travel, accommodation or subsistence have been eradicated with this e-learning course. Additionally, the time staff spend away from their desks when training is minimised.

The PCI DSS Online Staff Awareness course from IT Governance will increase employees' awareness of the PCI DSS requirements, and will provide clear and simple explanations of what companies and individual employees must do to meet the requirements of the PCI DSS (v2.0) standard.(www.itgovernanceusa.com/product/2487.aspx)

The 40-minute PCI DSS Online Staff Awareness course can be taken at the employee's desk, or at home (www.itgovernanceusa.com/product/2487.aspx). The e-learning course includes a test at the end comprising of 20 multiple choice questions. If staff pass, a printable certificate is awarded. However, should they not reach the pass mark first time around, staff have the opportunity to re-take the test until the pass mark is achieved.

Smaller and medium sized US companies which need to comply to PCI DSS will benefit from the PCI DSS v2.0 Compliance Toolkit (www.itgovernanceusa.com/product/157.aspx). It is specifically designed to help card payment-accepting organizations, quickly create all the documentation required to affirmatively answer the requirements of the PCI DSS as set out in the Self Assessment Questionnaire. The toolkit contains a full set of documentation templates for all of the mandatory PCI DSS policies, as well as implementation guidance and ISO 27001 cross-mapping.

Organizations can purchase the PCI DSS v2.0 Compliance Toolkit here www.itgovernanceusa.com/product/157.aspx. Larger organizations can make purchases with a purchase order either by telephone +1 877 317 3454 or by e-mail to servicecenter@itgovernanceusa.com.

- Ends -

FOR FURTHER INFORMATION

Desi Aleksandrova Marketing Executive
+44 (0) 845 070 1750
daleksandrova@itgovernance.co.uk
NOTES TO EDITORS

IT Governance Ltd is the one-stop shop for books, tools, training and consultancy for Governance, Risk Management and Compliance. It is a leading authority on data security and IT governance for business and the public sector. IT Governance is 'non-geek', approaching IT issues from a non-technology background and talking to management in its own language. Its customer base spans Europe, the Americas, the Middle East and Asia. More information is available at www.itgovernance.co.uk.

Information security experts warn 'Data loss can be costly'

Wed, 18 Jan 2012 07:55:16 +0000

/EINPresswire.com/ Amidst fears of another deep recession, the last thing businesses want to do is spend money to rectify human mistakes. This is what is likely to happen if organisations, especially those handling personal data, don't comply with the Data Protection Act (DPA).

Alan Calder, CEO of IT Governance, comments, "No data can be 100% secure especially when there is human involvement. Implementing certain processes to protect personal data, and complying with the DPA in particular, decreases the likelihood of data loss and reputation damage. The misconception of the Data Protection Act is that it is limits the business activities. On the contrary, the DPA is a business enabler, focusing on good practice in information management. It ensures that your customers' data is protected whilst helping you win their trust and loyalty."

"The tendency of organisations loosing personal data should stop and everyone should contribute." continues Calder. "According to the Information Commissioner's Office's (ICO) website £541,000 in fines were issued during 2011 between seven organisations. This figure doesn't include the fines issued by courts following a prosecution. It also means an increase of 238% over the fines issued in 2010. It must be understood that DPA compliance is in the interest of both the customers and the vendors."

Looking at the costs for achieving DPA compliance, it becomes evident that organisations can spend as little as a few hundred pounds and avoid financial losses in the future that could cost them thousands.

The Data Protection Documentation Toolkit is the optimal route for small and medium-sized organisations with more limited budgets to become DPA compliant. It includes all essential documentation templates for achieving compliance whilst providing recommendations and guidance on how to close any gaps that are identified.(www.itgovernance.co.uk/products/2823)

On the other hand, delegates who attend the DPA Foundation course will be able to review and understand the current processes of handling personal data, and ensure that these processes are in line with the latest Data Protection Act compliance requirements. The course is suitable for both new and experienced staff and management - those involved with or responsible for personal data.(www.itgovernance.co.uk/products/2957)

The Data Protection Staff Awareness e-learning course is a quick and effective means of delivering DPA training to non-technical staff. This will improve the DPA awareness within the whole organisation and reduce the likelihood for human errors.(www.itgovernance.co.uk/products/3392)

For more information on DPA resources contact the IT Governance service centre team on telephone number +44 (0)845 070 1750 or by e-mail to servicecentre@itgovernance.co.uk.

- Ends -

FOR FURTHER INFORMATION

Desi Aleksandrova Marketing Executive
+44 (0) 845 070 1750
daleksandrova@itgovernance.co.uk
NOTES TO EDITORS

IT Governance Ltd is the one-stop shop for books, tools, training and consultancy for Governance, Risk Management and Compliance. It is a leading authority on data security and IT governance for business and the public sector. IT Governance is 'non-geek', approaching IT issues from a non-technology background and talking to management in its own language. Its customer base spans Europe, the Americas, the Middle East and Asia. More information is available at www.itgovernance.co.uk.