Alan Calder – författare

Faced with the compliance requirements of increasingly punitive information and privacy-related regulation, as well as the proliferation of complex threats to information security, there is an urgent need for organizations to adopt IT governance best practice. IT Governance is a key international resource for managers in organizations of all sizes and across industries, and deals with the strategic and operational aspects of information security. Now in its seventh edition, the bestselling IT Governance provides guidance for companies looking to protect and enhance their information security management systems (ISMS) and protect themselves against cyber threats. The new edition covers changes in global regulation, particularly GDPR, and updates to standards in the ISO/IEC 27000 family, BS 7799-3:2017 (information security risk management) plus the latest standards on auditing. It also includes advice on the development and implementation of an ISMS that will meet the ISO 27001 specification and how sector-specific standards can and should be factored in. With information on risk assessments, compliance, equipment and operations security, controls against malware and asset management, IT Governance is the definitive guide to implementing an effective information security management and governance system.

This pocket guide is a primer for any DSPs (digital service providers) that needs to comply with the NIS Regulations, and explores who they are, and why the NIS Regulations are different for them.An introduction to the new NIS Regulations 2018 that bring the EU’s NIS Directive and Implementing Regulation into UK law.  This guide outlines the key requirements, details exactly which digital service providers are within scope, and explains how the security objectives from ENISA’s Technical Guidelines and international standards can help DSPs achieve compliance.This guide will help you:Clarify how to identify if you are within the scope of the NIS RegulationsGain an insight into the NIS DirectiveUnravel the key definitions, authorities and points of contactUnderstand the benefits of a good cyber resilience planYour essential guide to understanding the NIS Regulations – buy this book today and get the help and guidance you need.

This pocket guide is a primer for any OES (operators of essential services) that needs to comply with the NIS Regulations, and explores who they are, and why the NIS Regulations are different for them.An introduction to the new NIS Regulations 2018 that bring the EU’s NIS Directive and Implementing Regulation into UK law.This guide outlines the requirements for operators of essential services based on the Cyber Assessment Framework established by the National Cyber Security Centre (NCSC), including an explanation of the objectives, principles and indicators of good practice, and offers implementation guidance.This guide will help you:Understand how to comply with NIS Regulations, and avoid penalties associated with non-complianceUnravel the key definitions, authorities and points of contactLearn the benefits of a good Cyber Resilience planInterpret and ensure compliance with the Cyber Assessment FrameworkEstablish the NCSC’s cyber security objectives, principles and indicators of good practiceYour essential guide to understanding the NIS Regulations – buy this book today and get the help and guidance you need.

This concise guide is essential reading for EU organisations wanting an easy to follow overview of the new regulation and the compliance obligations for handling data of EU citizens.The EU General Data Protection Regulation (GDPR) will unify data protection and simplify the use of personal data across the EU, and automatically supersedes member states domestic data protection laws.It will also apply to every organisation in the world that processes personal information of EU residents.The Regulation introduces a number of key changes for all organisations that process EU residents’ personal data.EU GDPR: A Pocket Guide provides an essential introduction to this new data protection law, explaining the Regulation and setting out the compliance obligations for EU organisations.This second edition has been updated with improved guidance around related laws such as the NIS Directive and the future ePrivacy Regulation.EU GDPR – A Pocket Guide sets out:A brief history of data protection and national data protection laws in the EU (such as the German BDSG, French LIL and UK DPA).The terms and definitions used in the GDPR, including explanations.The key requirements of the GDPR, including: Which fines apply to which Articles;The six principles that should be applied to any collection and processing of personal data;The Regulation’s applicability;Data subjects’ rights;Data protection impact assessments (DPIAs);The role of the data protection officer (DPO) and whether you need one;Data breaches, and the notification of supervisory authorities and data subjects;Obligations for international data transfers.How to comply with the Regulation, including: Understanding your data, and where and how it is used (e.g. Cloud suppliers, physical records);The documentation you need to maintain (such as statements of the information you collect and process, records of data subject consent, processes for protecting personal data);The “appropriate technical and organisational measures” you need to take to ensure your compliance with the Regulation.A full index of the Regulation, enabling you to find relevant Articles quickly and easily.Buy your copy today.

This pocket guide is an introduction to the EU’s NIS Directive (Directive on security of network and information systems). It outlines the key requirements, details which digital service providers are within scope, and explains how the security objectives from ENISA’s Technical Guidelines and international standards can help DSPs achieve compliance. This pocket guide is a primer for any DSP that needs to comply with the NIS Directive.The pocket guide helps DSPs:Gain insight into the NIS Directive and who is regulating it;Identify if they are within the scope of the Directive;Understand the key requirements; andUnderstand how guidance from international standards and ENISA can help them comply.Your essential guide to understanding the EU’s NIS Directive – buy this book today and get the help and guidance you need.

Protect your information assets with effective risk managementIn today’s information economy, the development, exploitation and protection of information and associated assets are key to the long-term competitiveness and survival of corporations and entire economies. The protection of information and associated assets – information security – is therefore overtaking physical asset protection as a fundamental corporate governance responsibility. Information security management system requirementsISO 27000, which provides an overview for the family of international standards for information security, states that “An organisation needs to undertake the following steps in establishing, monitoring, maintaining and improving its ISMS […] assess information security risks and treat information security risks”. The requirements for an ISMS are specified in ISO 27001. Under this standard, a risk assessment must be carried out to inform the selection of security controls, making risk assessment the core competence of information security management and a critical corporate discipline.Plan and carry out a risk assessment to protect your informationInformation Security Risk Management for ISO 27001 / ISO 27002:Provides information security and risk management teams with detailed, practical guidance on how to develop and implement a risk assessment in line with the requirements of ISO 27001.Draws on national and international best practice around risk assessment, including BS 7799-3:2017 (BS 7799-3).Covers key topics such as risk assessment methodologies, risk management objectives, information security policy and scoping, threats and vulnerabilities, risk treatment and selection of controls.Includes advice on choosing risk assessment software.Ideal for risk managers, information security managers, lead implementers, compliance managers and consultants, as well as providing useful background material for auditors, this book will enable readers to develop an ISO 27001-compliant risk assessment framework for their organisation and deliver real, bottom-line business benefits.Buy your copy today!About the authorsAlan Calder is the Group CEO of GRC International Group plc, the AIM-listed company that owns IT Governance Ltd. Alan is an acknowledged international cyber security guru and a leading author on information security and IT governance issues. He has been involved in the development of a wide range of information security management training courses that have been accredited by IBITGQ (International Board for IT Governance Qualifications). Alan has consulted for clients in the UK and abroad, and is a regular media commentator and speaker. Steve Watkins is an executive director at GRC International Group plc. He is a contracted technical assessor for UKAS – advising on its assessments of certification bodies offering ISMS/ISO 27001 and ITSMS/ISO 20000-1 accredited certification. He is a member of ISO/IEC JTC 1/SC 27, the international technical committee responsible for information security, cyber security and privacy standards, and chairs the UK National Standards Body’s technical committee IST/33 (information security, cyber security and privacy protection) that mirrors it. Steve was an active member of IST/33/-/6, which developed BS 7799-3.

Understand ISO 38500: the standard for the corporate governance of ITIn the 21st century, IT governance has become a much-discussed topic among IT professionals. An IT governance framework serves to close the gap between the importance of IT and the understanding of IT, helping to improve your organisation’s competitive position.ISO/IEC 38500 is the international standard for the corporate governance of information and communication technology. The purpose of the standard is to create a framework to ensure that the board is appropriately involved, and it sets out guiding principles for governing bodies on how to ensure the effective, efficient and acceptable use of IT within their company.This useful pocket guide is an ideal introduction for those wanting to understand more about ISO 38500. It describes the scope, application and objectives of the Standard and outlines its six core principles. It covers:What is ISO/IEC 38500?The corporate governance contextScope, application and objectivesPrinciples and model for good governance of itImplementing the six IT governance principlesISO/IEC 38500 and the IT steering committeeProject governanceOther IT governance standards and frameworksIntegrated frameworksImplement an IT governance framework to improve your organisation’s competitive position. Buy this pocket guide today!About the authorAlan Calder is a leading author on IT governance and information security issues. He is Group CEO of GRC International Group plc, the AIM-listed company that owns IT Governance Ltd. Alan is a frequent media commentator on IT governance and information security issues, and has contributed articles and expert comment to a wide range of trade, national and online news outlets.

Cyber Security – Essential principles to secure your organisation takes you through the fundamentals of cyber security, the principles that underpin it, vulnerabilities and threats, and how to defend against attacks.Organisations large and small experience attacks every day, from simple phishing emails to intricate, detailed operations masterminded by criminal gangs, and for every vulnerability fixed, another pops up, ripe for exploitation.Cyber security doesn’t have to cost vast amounts of money or take a short ice age to implement. No matter the size of your organisation, improving cyber security helps protect your data and that of your clients, improving business relations and opening the door to new opportunities.This pocket guide will take you through the essentials of cyber security – the principles that underpin it, vulnerabilities and threats and the attackers who use them, and how to defend against them – so you can confidently develop a cyber security programme.Cyber Security – Essential principles to secure your organisation:Covers the key differences between cyber and information security;Explains how cyber security is increasingly mandatory and how this ties into data protection, e.g. the Data Protection Act 2018 and the GDPR (General Data Protection Regulation);Focuses on the nature of the problem, looking at technical, physical and human threats and vulnerabilities;Explores the importance of security by design;Gives guidance on why security should be balanced and centralised; andIntroduces the concept of using standards and frameworks to manage cyber security.No matter the size of your organisation, cyber security is no longer optional – it is an essential component of business success and a critical defence against the risks of the information age. The only questions left are to decide when and where your journey will begin.Start that journey now – buy this book today!

In an increasingly volatile world, exemplified by the 2020 COVID-19 pandemic, organisations are looking at business continuity with a fresh perspective. While most organisations believe they are prepared for disruption, COVID-19 has proved otherwise. The need for business continuity has never been clearer.If you were hit by a cyber attack and lost the use of your IT systems, would you be able to carry on? If your business premises were forced to close, what would you do? If you were affected by unexpected staff absence, how could you reassure your customers that you can still offer them the service they expect?Being unprepared can lead to financial and reputational damage, which could prove disastrous. You could fail to keep up with customer demand or lose important business, or your customers could go elsewhere. Without a proper risk assessment strategy, your company directors could even face prosecution if a major incident occurs and results in loss or injury.An introduction to ISO 22301To minimise the impact of a disaster on your business, and to continue to provide essential services to your customers, you need to put in place a BCMS (business continuity management system). This pocket guide will help you understand the basics of business continuity and ISO 22301:2019, the international standard that describes the specification for a BCMS.It covers:What business continuity is;Key terms and definitions;A brief history of business continuity management;The BCMS;ISO 22301 BCMS requirements; andCertificationISO 22301:2019 - An introduction to a business continuity management system (BCMS) provides an easy-to-read and straightforward introduction to a BCMS that business continuity managers, compliance managers, C-suites and disaster recovery planners – or any organisation implementing, or considering implementing, an ISO 22301 BCMS – will find valuable.

A clear, concise primer on the GDPRThe GDPR aims to unify data protection and ease the flow of personal data across the EU. It applies to every organisation in the world that handles EU residents’ personal data.While the GDPR is not law in countries outside the EU, it is effectively part of the legislative environment for organisations that do business with the EU. This is enforced through a combination of international trade law and business pressure – after all, a partner in the EU is unlikely to want to risk engaging with a company in the US, Australia or Singapore (or anywhere else) that will put them at risk.EU GDPR – An international guide to compliance is the ideal resource for anyone wanting a clear primer on the principles of data protection and their obligations under the GDPR.A concise pocket guide, it will help you understand:The terms and definitions used in the GDPR, including explanations;The key requirements of the GDPR, including:Which fines apply to which Articles;The principles that should be applied to any collection and processing of personal data;The Regulation’s applicability;Data subjects’ rights;Data protection impact assessments;The data protection officer role and whether you need one;Data breaches, and notifying supervisory authorities and data subjects; andObligations for international data transfers.How to comply with the Regulation, including:Understanding your data, and where and how it is used (e.g. Cloud suppliers, physical records);The documentation you must maintain (such as statements of the information you collect and process, records of data subject consent, processes for protecting personal data); andThe “appropriate technical and organisational measures” you need to take to ensure compliance with the Regulation.A full index of the Regulation, enabling you to find relevant Articles quickly and easily.Supplemental material While most of the EU GDPR’s requirements are broadly unchanged in the UK GDPR, the context is quite different and will have knock-on effects. You may need to update contracts regarding EU–UK data transfers, incorporate standard contractual clauses into existing agreements, and update your policies, processes and procedural documentation as a result of these changes.  We have published a supplement that sets out specific extra or amended information for this pocket guide. Click here to download the supplement. About the authorAlan Calder is the Group CEO of GRC International Group plc, the AIM-listed company that owns IT Governance Ltd. He is an internationally acknowledged cyber security expert, and a leading author on information security and IT governance issues. He co-wrote the definitive compliance guide IT Governance: An International Guide to Data Security and ISO27001/ISO27002, which is the basis for the Open University’s postgraduate course on information security, and has been involved in the development of a wide range of information security management training courses that have been accredited by IBITGQ (International Board for IT Governance Qualifications). Alan has consulted on data security for numerous clients in the UK and abroad, and is a regular media commentator and speaker.

In the world as we know it, you can be attacked both physically and virtually. For today’s organisations, which rely so heavily on technology – particularly the Internet – to do business, the latter is the far more threatening of the two. The cyber threat landscape is complex and constantly changing. For every vulnerability fixed, another pops up, ripe for exploitation.This book is a comprehensive cyber security implementation manual which gives practical guidance on the individual activities identified in the IT Governance Cyber Resilience Framework (CRF) that can help organisations become cyber resilient and combat the cyber threat landscape.Suitable for senior directors (CEO, CISO, CIO), compliance managers, privacy managers, IT managers, security analysts and others, the book is divided into six parts:Part 1: Introduction. The world of cyber security and the approach taken in this book.Part 2: Threats and vulnerabilities. A discussion of a range of threats organisations face, organised by threat category, to help you understand what you are defending yourself against before you start thinking about your actual defences.Part 3: The CRF processes. Detailed discussions of each of the 24 CRF processes, explaining a wide range of security areas by process category and offering guidance on how to implement each.Part 4: Eight steps to implementing cyber security. Our eight-step approach to implementing the cyber security processes you need and maintaining them.Part 5: Reference frameworks. An explanation of how standards and frameworks work, along with their benefits. It also presents ten framework options, introducing you to some of the best-known standards and giving you an idea of the range available.Part 6: Conclusion and appendices. The appendices include a glossary of all the acronyms and abbreviations used in this book.Whether you are just starting out on the road to cyber security or looking to enhance and improve your existing cyber resilience programme, it should be clear that cyber security is no longer optional in today’s information age; it is an essential component of business success.Make sure you understand the threats and vulnerabilities your organisation faces and how the Cyber Resilience Framework can help you tackle them. Start your journey to cyber security now – buy this book today!

The fastest-growing malware in the worldThe core functionality of ransomware is two-fold: to encrypt data and deliver the ransom message. This encryption can be relatively basic or maddeningly complex, and it might affect only a single device or a whole network.Ransomware is the fastest-growing malware in the world. In 2015, it cost companies around the world $325 million, which rose to $5 billion by 2017 and is set to hit $20 billion in 2021. The threat of ransomware is not going to disappear, and while the number of ransomware attacks remains steady, the damage they cause is significantly increasing.  It is the duty of all business leaders to protect their organisations and the data they rely on by doing whatever is reasonably possible to mitigate the risk posed by ransomware. To do that, though, they first need to understand the threats they are facing.The Ransomware Threat LandscapeThis book sets out clearly how ransomware works, to help business leaders better understand the strategic risks, and explores measures that can be put in place to protect the organisation. These measures are structured so that any organisation can approach them. Those with more resources and more complex environments can build them into a comprehensive system to minimise risks, while smaller organisations can secure their profiles with simpler, more straightforward implementation.Suitable for senior directors, compliance managers, privacy managers, privacy officers, IT staff, security analysts and admin staff – in fact, all staff who use their organisation’s network/online systems to perform their role – The Ransomware Threat Landscape: Prepare for, recognise and survive ransomware attacks will help readers understand the ransomware threat they face.From basic cyber hygiene to more advanced controls, the book gives practical guidance on individual activities, introduces implementation steps organisations can take to increase their cyber resilience, and explores why cyber security is imperative. Topics covered include:IntroductionAbout ransomwareBasic measuresAn anti-ransomwareThe control frameworkRisk managementControlsMaturityBasic controlsAdditional controls for larger organiationsAdvanced controlsDon’t delay – start protecting your organisation from ransomware and buy this book today!About the authorAlan Calder is the Group CEO of GRC International Group plc, the AIM-listed company that owns IT Governance Ltd. Alan is an acknowledged international cyber security guru, and a leading author on information security and IT governance issues. He has been involved in the development of a wide range of information security management training courses that have been accredited by IBITGQ (International Board for IT Governance Qualifications).Alan has consulted for clients across the globe and is a regular media commentator and speaker.

Safeguard your organisation’s future with business continuity managementBusiness continuity – planning for, protecting against and ensuring recovery from disruptive events – is more important than ever.In an increasingly volatile world – exemplified by the COVID-19 pandemic – organisations are looking at business continuity from a fresh perspective. The illusion of business as a rampart against which the waves of the world break harmlessly is shattered; it is no longer possible to pretend that an organisation can weather all storms equally, or that the limited contingencies organisations develop are sufficient to protect them.As a result, more and more organisations are looking to ISO 22301 – the international standard that defines the requirements for a BCMS – to safeguard their future.ISO 22301 requirements and business continuity best practiceISO 22301:2019 and business continuity management – Understand how to plan, implement and enhance a business continuity management system (BCMS) walks you through the requirements of ISO 22301:2019, explaining what they mean and how your organisation can achieve compliance. Whether you are seeking certification against the Standard or are simply looking to benefit from business continuity concepts and practices without developing a formal system, this book contains all you need to know.It is an essential companion guide for those working in business continuity who are looking to introduce or optimise a BCMS aligned with ISO 22301. The book provides a comprehensive introduction to business continuity best practice, including:Using ISO 22301Context, interested parties and scopeLeadership, policy and responsibilitiesPlanningSupportOperationBusiness continuity strategies and solutionsBusiness continuity plans and proceduresPerformance evaluationImprovementCertificationSuitable for business continuity managers, risk managers, compliance officers, senior managers, operations managers, project managers and consultants, this practical guide to ISO 22301 will show you how to develop and implement a BCMS so you can minimise the impact of a disaster on your business and continue to provide essential services to your customers, while reassuring all stakeholders that you take business continuity best practice seriously.Minimise the impact of a disaster on your business with ISO 22301 – buy this book About the authorAlan Calder is the Group CEO of GRC International Group plc, the AIM-listed company that owns IT Governance Ltd. Alan is an acknowledged international cyber security guru, and a leading author on information security and IT governance issues. He has been involved in the development of a wide range of information security management training courses that have been accredited by IBITGQ (International Board for IT Governance Qualifications). Alan has consulted for clients across the globe and is a regular media commentator and speaker.

Formally founded in 2017, the EU Data Protection Code of Conduct for Cloud Service Providers (otherwise known as the EU Cloud Code of Conduct; the Code) is a voluntary code of conduct created specifically to support GDPR compliance within the B2B (business-to-business) Cloud industry. The EU Commission, the Article 29 Working Party (now the EDPB (European Data Protection Board)), the EU Directorate-General for Justice and Consumers, and Cloud-industry leaders have all contributed to its development, resulting in a robust framework that recognises the unique requirements of the Cloud industry.Cloud providers must ensure that their services – which by design involve accessing and transferring data across the Internet, exposing it to far greater risk than data stored and processed within an organisation’s internal network – meet or exceed the GDPR’s requirements in order to provide the security and privacy that the market expects. Organisations can achieve this via compliance with the EU Cloud Code of Conduct.The Code has already been adopted by major Cloud service organisations, including:MicrosoftOracleSalesforceIBMGoogle CloudDropboxAlibaba CloudPublic and business focus on information security and data protection continues to increase in the face of a constantly changing threat landscape and ever more stringent regulation, and compliance with initiatives such as the EU Cloud Code of Conduct demonstrates to current and potential customers that your organisation is taking data privacy seriously. It also strengthens your organisation’s approach to information security management, and defences against data breaches.   The EU Data Protection Code of Conduct for Cloud Service Providers provides guidance on how to implement the Code. It explores the Code’s objectives, and how compliance can be achieved with or without an ISMS (information security management system).Begin your journey to EU Cloud Code of Conduct implementation with our compliance guide – buy this book today! About the authorAlan Calder founded IT Governance Ltd in 2002 and began working full time for the organisation in 2007. He is Group CEO of GRC International Group PLC, the AIM-listed company that owns IT Governance Ltd. Alan has held a number of roles, including CEO of Business Link London City Partners (a government agency focused on helping growing businesses to develop) from 1995 to 1998, CEO of Focus Central London (a training and enterprise council) from 1998 to 2001, and CEO of Wide Learning (a supplier of e-learning) from 2001 to 2003 and the Outsourced Training Company (2005). He was also chairman of CEME (a public–private-sector skills partnership) from 2006 to 2011.Alan is an acknowledged international cyber security guru and a leading author on information security and IT governance issues. He has been involved in the development of a wide range of information security management training courses that have been accredited by IBITGQ (International Board for IT Governance Qualifications). Alan has consulted for clients in the UK and abroad, and is a regular media commentator and speaker.For information on Alan’s other publications, visit www.itgovernancepublishing.co.uk/author/alan-calder.

Cyber Essentials – A guide to Cyber Essentials and Cyber Essentials Plus certificationsCyber attacks are a fact of life in the information age. For any organisation that connects to the Internet, the issue is not if an attack will come, but when. Most cyber attacks are performed by relatively unskilled criminals using tools available online. These attacks are often opportunistic: looking for easy targets rather than rich pickings.The Cyber Essentials scheme is a UK government-backed effort to encourage UK-based organisations to improve their cyber security by adopting measures (called controls) that defend against common, less-sophisticated cyber attacks. The scheme recommends practical defences that should be within the capability of any organisation.The Cyber Essentials scheme has two levels:The basic Cyber Essentials; andCyber Essentials Plus.This first part of this book will examine the various threats that are most significant in the modern digital environment, their targets and their impacts. It will help you to understand whether your organisation is ready for Cyber Essentials or Cyber Essentials Plus certification.The second part of the book presents a selection of additional resources that are available to help you implement the controls or become certified.

We live in a world where technology and vast quantities of data play a considerable role in everyday life, both personal and professional.For the foreseeable future (and perhaps beyond), the growth and prominence of data in business shows no signs of slowing down, even if the technology in question will likely change in ways perhaps unimaginable today. Naturally, all this innovation brings huge opportunities and benefits to organisations and people alike. However, these come at more than just a financial cost.In the world as we know it, you can be attacked both physically and virtually. For today’s organisations, which rely so heavily on technology – particularly the Internet – to do business, the latter attack is the far more threatening of the two. The cyber threat landscape is complex and constantly changing. For every vulnerability fixed, another pops up, ripe for exploitation. Worse, when a vulnerability is identified, a tool that can exploit it is often developed and used within hours – faster than the time it normally takes for the vendor to release a patch, and certainly quicker than the time many organisations take to install that patch.This book has been divided into two parts:Part 1: Security principles.Part 2: Reference controls.Part 1 is designed to give you a concise but solid grounding in the principles of good security, covering key terms, risk management, different aspects of security, defence in depth, implementation tips, and more. This part is best read from beginning to end.Part 2 is intended as a useful reference, discussing a wide range of good-practice controls (in alphabetical order) you may want to consider implementing. Each control is discussed at a high level, focusing on the broader principles, concepts and points to consider, rather than specific solutions. Each control has also been written as a stand-alone chapter, so you can just read the controls that interest you, in an order that suits you.

ISO 27001/ISO 27002 – A guide to information security management systemsISO 27001 is one of the leading information security standards. It offers an internationally recognised route for organisations of all sizes and industries to adopt and demonstrate effective, independently verified information security.Information is the lifeblood of the modern world. It is at the heart of our personal and working lives, yet all too often control of that information is in the hands of organisations, not individuals. As a result, there is ever-increasing pressure on those organisations to ensure the information they hold is adequately protected.Demonstrating that an organisation is a responsible custodian of information is not simply a matter of complying with the law – it has become a defining factor in an organisation’s success or failure. The negative publicity and loss of trust associated with data breaches and cyber attacks can seriously impact customer retention and future business opportunities, while an increasing number of tender opportunities are only open to those with independently certified information security measures.Understand how information security standards can improve your organisation’s security and set it apart from competitors with this introduction to the 2022 updates of ISO 27001 and ISO 27002.

Essential guidance for anyone tackling ISO 27001:2022 implementation for the first time.ISO/IEC 27001:2022 is the blueprint for managing information security in line with an organisation’s business, contractual and regulatory requirements, and its risk appetite.Nine Steps to Success has been updated to reflect the 2022 version of ISO 27001. This must-have guide from expert Alan Calder will help you get to grips with the requirements of the Standard and make your ISO 27001 implementation project a success. The guide:Details the key steps of an ISO 27001 project from inception to certification;Explains each element of the ISO 27001 project in simple, non-technical language; andIs ideal for anyone tackling ISO 27001 implementation for the first time.To be resilient against cyber attacks, organisations must do more than just erect digital defences; a significant percentage of successful attacks originate in the physical world or are aided and exacerbated by environmental vulnerabilities. Effective cyber security therefore requires a comprehensive, systematic and robust ISMS (information security management system), with boards, customers and regulators all seeking assurance that information risks have been identified and are being managed.Successfully implement ISO 27001 with this must-have guide.

Faced with the compliance requirements of increasingly punitive information and privacy-related regulation, as well as the proliferation of complex threats to information security, there is an urgent need for organizations to adopt IT governance best practice. IT Governance is a key international resource for managers in organizations of all sizes and across industries, and deals with the strategic and operational aspects of information security. Now in its seventh edition, the bestselling IT Governance provides guidance for companies looking to protect and enhance their information security management systems (ISMS) and protect themselves against cyber threats. The new edition covers changes in global regulation, particularly GDPR, and updates to standards in the ISO/IEC 27000 family, BS 7799-3:2017 (information security risk management) plus the latest standards on auditing. It also includes advice on the development and implementation of an ISMS that will meet the ISO 27001 specification and how sector-specific standards can and should be factored in. With information on risk assessments, compliance, equipment and operations security, controls against malware and asset management, IT Governance is the definitive guide to implementing an effective information security management and governance system.

Information is one of your organisation’s most important resources. Keeping that information secure is therefore vital to your business. This handy pocket guide is an essential overview of two key information security standards that cover the formal requirements (ISO27001:2013) for creating an Information Security Management System (ISMS), and the best-practice recommendations (ISO27002:2013) for those responsible for initiating, implementing or maintaining it.

Information technology plays a fundamental role in the operations of any modern business. While the confidentiality and integrity of your organisation's information have to be protected, a business still needs to have this information readily available in order to be able to function from day to day. If you are an information security practitioner, you need to be able to sell complex and often technical solutions to boards and management teams.Persuading the board to invest in information security measures requires sales skills. As an information security professional, you are a scientific and technical specialist; and yet you need to get your message across to people whose primary interests lie elsewhere, in turnover and overall performance. In other words, you need to develop sales and marketing skills.This pocket guide will help you with the essential sales skills that persuade company directors to commit money and resources to your information security initiatives.

A concise introduction to the EU GDPRThe EU General Data Protection Regulation (GDPR) will unify data protection and simplify the use of personal data across the EU, and automatically supersede member states domestic data protection laws.It will also apply to every organisation in the world that processes personal information of EU residents.The Regulation introduces a number of key changes for all organisations that process EU residents’ personal data.EU GDPR: A Pocket Guide provides an essentiall introduction to this new data protection law, explaining the Regulation and setting out the compliance obligations for EU organisations. Product overviewEU GDPR – A Pocket Guide sets out:A brief history of data protection and national data protection laws in the EU (such as the German BDSG, French LIL and UK DPA).The terms and definitions used in the GDPR, including explanations.The key requirements of the GDPR, including:Which fines apply to which Articles;The six principles that should be applied to any collection and processing of personal data;The Regulation’s applicability;Data subjects’ rights;Data protection impact assessments (DPIAs);The role of the data protection officer (DPO) and whether you need one;Data breaches, and the notification of supervisory authorities and data subjects;Obligations for international data transfers.How to comply with the Regulation, including:Understanding your data, and where and how it is used (e.g. Cloud suppliers, physical records);The documentation you need to maintain (such as statements of the information you collect and process, records of data subject consent, processes for protecting personal data);The “appropriate technical and organisational measures” you need to take to ensure your compliance with the Regulation.A full index of the Regulation, enabling you to find relevant Articles quickly and easily. About the authorAlan Calder, the founder and executive chairman of IT Governance Ltd, is an internationally acknowledged cyber security expert, and a leading author on information security and IT governance issues. He co-wrote the definitive compliance guide IT Governance: An International Guide to Data Security and ISO27001/ISO27002, which is the basis for the Open University’s postgraduate course on information security, and has been involved in the development of a wide range of information security management training courses that have been accredited by the International Board for IT Governance Qualifications (IBITGQ). Alan has consulted on data security for numerous clients in the UK and abroad, and is a regular media commentator and speaker.Quickly understand your organisation’s new obligations under the EU GDPR, and learn the essential compliance steps needed to avoid costly fines.