Understand ISO 38500: the standard for the corporate governance of ITIn the 21st century, IT governance has become a much-discussed topic among IT professionals. An IT governance framework serves to close the gap between the importance of IT and the understanding of IT, helping to improve your organisation’s competitive position.ISO/IEC 38500 is the international standard for the corporate governance of information and communication technology. The purpose ...

ISO 27001/ISO 27002 – A guide to information security management systemsISO 27001 is one of the leading information security standards. It offers an internationally recognised route for organisations of all sizes and industries to adopt and demonstrate effective, independently verified information security.Information is the lifeblood of the modern world. It is at the heart of our personal and working lives, yet all too often control of that info...

We live in a world where technology and vast quantities of data play a considerable role in everyday life, both personal and professional.For the foreseeable future (and perhaps beyond), the growth and prominence of data in business shows no signs of slowing down, even if the technology in question will likely change in ways perhaps unimaginable today. Naturally, all this innovation brings huge opportunities and benefits to organisations and people alike. However, these come at m...

Cyber Security – Essential principles to secure your organisation takes you through the fundamentals of cyber security, the principles that underpin it, vulnerabilities and threats, and how to defend against attacks.Organisations large and small experience attacks every day, from simple phishing emails to intricate, detailed operations masterminded by criminal gangs, and for every vulnerability fixed, another pops up, ripe for exploitation.Cyber security doesn’t ha...

In an increasingly volatile world, exemplified by the 2020 COVID-19 pandemic, organisations are looking at business continuity with a fresh perspective. While most organisations believe they are prepared for disruption, COVID-19 has proved otherwise. The need for business continuity has never been clearer.If you were hit by a cyber attack and lost the use of your IT systems, would you be able to carry on? If your business premises were forced to close, what would you do? If you wer...

This guide outlines the key drivers for IT governance in the modern global economy, with particular reference to corporate governance requirements and the need for companies to protect their information assets.

Essential guidance for anyone tackling ISO 27001:2022 implementation for the first time.ISO/IEC 27001:2022 is the blueprint for managing information security in line with an organisation’s business, contractual and regulatory requirements, and its risk appetite.Nine Steps to Success has been updated to reflect the 2022 version of ISO 27001. This must-have guide from expert Alan Calder will help you get to grips with the requirements of the Standard and make your ...

Recommended textbook for the Open University’s postgraduate information security course and the recommended text for all IBITGQ ISO 27001 coursesIn this updated edition, renowned ISO 27001/27002 experts Alan Calder and Steve Watkins:Discuss the ISO 27001/27002:2022 updates;Provide guidance on how to establish a strong IT governance system and an ISMS (information security management system) that complies with ISO 27001 and ISO 27002;...

In the world as we know it, you can be attacked both physically and virtually. For today’s organisations, which rely so heavily on technology – particularly the Internet – to do business, the latter is the far more threatening of the two. The cyber threat landscape is complex and constantly changing. For every vulnerability fixed, another pops up, ripe for exploitation.This book is a comprehensive cyber security implementation manual which gives practical guidance on the individual...

A clear, concise primer on the GDPRThe GDPR aims to unify data protection and ease the flow of personal data across the EU. It applies to every organisation in the world that handles EU residents’ personal data.While the GDPR is not law in countries outside the EU, it is effectively part of the legislative environment for organisations that do business with the EU. This is enforced through a combination of international trade law and business pressure – a...

The fastest-growing malware in the worldThe core functionality of ransomware is two-fold: to encrypt data and deliver the ransom message. This encryption can be relatively basic or maddeningly complex, and it might affect only a single device or a whole network.Ransomware is the fastest-growing malware in the world. In 2015, it cost companies around the world $325 million, which rose to $5 billion by 2017 and is set to hit $20 billion in 2021. The threat of...

Formally founded in 2017, the EU Data Protection Code of Conduct for Cloud Service Providers (otherwise known as the EU Cloud Code of Conduct; the Code) is a voluntary code of conduct created specifically to support GDPR compliance within the B2B (business-to-business) Cloud industry. The EU Commission, the Article 29 Working Party (now the EDPB (European Data Protection Board)), the EU Directorate-General for Justice and Consumers, and Cloud-industry leaders have all contributed to its de...