Alan Calder – författare
829 kr
Skickas inom 5-8 vardagar
978 kr
Läs direkt efter köp
Faced with the compliance requirements of increasingly punitive information and privacy-related regulation, as well as the proliferation of complex threats to information security, there is an urgent need for organizations to adopt IT governance best practice. IT Governance is a key international resource for managers in organizations of all sizes and across industries, and deals with the strategic and operational aspects of information security. Now in its seventh edition, the bestselling IT Governance provides guidance for companies looking to protect and enhance their information security management systems (ISMS) and protect themselves against cyber threats. The new edition covers changes in global regulation, particularly GDPR, and updates to standards in the ISO/IEC 27000 family, BS 7799-3:2017 (information security risk management) plus the latest standards on auditing. It also includes advice on the development and implementation of an ISMS that will meet the ISO 27001 specification and how sector-specific standards can and should be factored in. With information on risk assessments, compliance, equipment and operations security, controls against malware and asset management, IT Governance is the definitive guide to implementing an effective information security management and governance system.
213 kr
Skickas inom 5-8 vardagar
142 kr
Läs direkt efter köp
This pocket guide serves as an introduction to the National Institute of Standards and Technology (NIST) and to its Cybersecurity Framework (CSF).
Now more than ever, organizations need to have a strong and flexible cybersecurity strategy in place in order to both protect themselves and be able to continue business in the event of a successful attack.
The NIST CSF is a framework for organizations to manage and mitigate cybersecurity risk based on existing standards, guidelines, and practices.
With this pocket guide you can:
Adapt the CSF for organizations of any size to implementEstablish an entirely new cybersecurity program, improve an existing one, or simply provide an opportunity to review your cybersecurity practicesBreak down the CSF and understand how other frameworks, such as ISO 27001 and ISO 22301, can integrate into your cybersecurity frameworkBy implementing the CSF in accordance with their needs, organizations can manage cybersecurity risks in the most cost-effective way possible, maximizing the return on investment in the organization’s security. This pocket guide also aims to help you take a structured, sensible, risk-based approach to cybersecurity.
137 kr
Läs direkt efter köp
This pocket guide serves as an introduction to the National Institute of Standards and Technology (NIST) and to its Cybersecurity Framework (CSF).
Now more than ever, organizations need to have a strong and flexible cybersecurity strategy in place in order to both protect themselves and be able to continue business in the event of a successful attack.
The NIST CSF is a framework for organizations to manage and mitigate cybersecurity risk based on existing standards, guidelines, and practices.
With this pocket guide you can:
Adapt the CSF for organizations of any size to implementEstablish an entirely new cybersecurity program, improve an existing one, or simply provide an opportunity to review your cybersecurity practicesBreak down the CSF and understand how other frameworks, such as ISO 27001 and ISO 22301, can integrate into your cybersecurity frameworkBy implementing the CSF in accordance with their needs, organizations can manage cybersecurity risks in the most cost-effective way possible, maximizing the return on investment in the organization’s security. This pocket guide also aims to help you take a structured, sensible, risk-based approach to cybersecurity.
193 kr
Skickas inom 5-8 vardagar
137 kr
Läs direkt efter köp
This pocket guide is a primer for any DSPs (digital service providers) that needs to comply with the NIS Regulations, and explores who they are, and why the NIS Regulations are different for them.
An introduction to the new NIS Regulations 2018 that bring the EU’s NIS Directive and Implementing Regulation into UK law.
This guide outlines the key requirements, details exactly which digital service providers are within scope, and explains how the security objectives from ENISA’s Technical Guidelines and international standards can help DSPs achieve compliance.
This guide will help you:
Clarify how to identify if you are within the scope of the NIS RegulationsGain an insight into the NIS DirectiveUnravel the key definitions, authorities and points of contactUnderstand the benefits of a good cyber resilience planYour essential guide to understanding the NIS Regulations – buy this book today and get the help and guidance you need.
142 kr
Läs direkt efter köp
This pocket guide is a primer for any DSPs (digital service providers) that needs to comply with the NIS Regulations, and explores who they are, and why the NIS Regulations are different for them.
An introduction to the new NIS Regulations 2018 that bring the EU’s NIS Directive and Implementing Regulation into UK law.
This guide outlines the key requirements, details exactly which digital service providers are within scope, and explains how the security objectives from ENISA’s Technical Guidelines and international standards can help DSPs achieve compliance.
This guide will help you:
Clarify how to identify if you are within the scope of the NIS RegulationsGain an insight into the NIS DirectiveUnravel the key definitions, authorities and points of contactUnderstand the benefits of a good cyber resilience planYour essential guide to understanding the NIS Regulations – buy this book today and get the help and guidance you need.
193 kr
Skickas inom 5-8 vardagar
142 kr
Läs direkt efter köp
This pocket guide is a primer for any OES (operators of essential services) that needs to comply with the NIS Regulations, and explores who they are, and why the NIS Regulations are different for them.
An introduction to the new NIS Regulations 2018 that bring the EU’s NIS Directive and Implementing Regulation into UK law.
This guide outlines the requirements for operators of essential services based on the Cyber Assessment Framework established by the National Cyber Security Centre (NCSC), including an explanation of the objectives, principles and indicators of good practice, and offers implementation guidance.
This guide will help you:
Understand how to comply with NIS Regulations, and avoid penalties associated with non-complianceUnravel the key definitions, authorities and points of contactLearn the benefits of a good Cyber Resilience planInterpret and ensure compliance with the Cyber Assessment FrameworkEstablish the NCSC’s cyber security objectives, principles and indicators of good practiceYour essential guide to understanding the NIS Regulations – buy this book today and get the help and guidance you need.
142 kr
Läs direkt efter köp
This pocket guide is a primer for any OES (operators of essential services) that needs to comply with the NIS Regulations, and explores who they are, and why the NIS Regulations are different for them.
An introduction to the new NIS Regulations 2018 that bring the EU’s NIS Directive and Implementing Regulation into UK law.
This guide outlines the requirements for operators of essential services based on the Cyber Assessment Framework established by the National Cyber Security Centre (NCSC), including an explanation of the objectives, principles and indicators of good practice, and offers implementation guidance.
This guide will help you:
Understand how to comply with NIS Regulations, and avoid penalties associated with non-complianceUnravel the key definitions, authorities and points of contactLearn the benefits of a good Cyber Resilience planInterpret and ensure compliance with the Cyber Assessment FrameworkEstablish the NCSC’s cyber security objectives, principles and indicators of good practiceYour essential guide to understanding the NIS Regulations – buy this book today and get the help and guidance you need.
136 kr
Skickas inom 5-8 vardagar
193 kr
Skickas inom 5-8 vardagar
127 kr
Läs direkt efter köp
This pocket guide is an introduction to the EU’s NIS Directive (Directive on security of network and information systems). It outlines the key requirements, details which digital service providers are within scope, and explains how the security objectives from ENISA’s Technical Guidelines and international standards can help DSPs achieve compliance. This pocket guide is a primer for any DSP that needs to comply with the NIS Directive.
The pocket guide helps DSPs:
Gain insight into the NIS Directive and who is regulating it;Identify if they are within the scope of the Directive;Understand the key requirements; andUnderstand how guidance from international standards and ENISA can help them comply.Your essential guide to understanding the EU’s NIS Directive – buy this book today and get the help and guidance you need.
127 kr
Läs direkt efter köp
This pocket guide is an introduction to the EU’s NIS Directive (Directive on security of network and information systems). It outlines the key requirements, details which digital service providers are within scope, and explains how the security objectives from ENISA’s Technical Guidelines and international standards can help DSPs achieve compliance. This pocket guide is a primer for any DSP that needs to comply with the NIS Directive.
The pocket guide helps DSPs:
Gain insight into the NIS Directive and who is regulating it;Identify if they are within the scope of the Directive;Understand the key requirements; andUnderstand how guidance from international standards and ENISA can help them comply.Your essential guide to understanding the EU’s NIS Directive – buy this book today and get the help and guidance you need.
556 kr
Skickas inom 5-8 vardagar
427 kr
Läs direkt efter köp
Protect your information assets with effective risk management
In today’s information economy, the development, exploitation and protection of information and associated assets are key to the long-term competitiveness and survival of corporations and entire economies. The protection of information and associated assets – information security – is therefore overtaking physical asset protection as a fundamental corporate governance responsibility.
Information security management system requirements
ISO 27000, which provides an overview for the family of international standards for information security, states that “An organisation needs to undertake the following steps in establishing, monitoring, maintaining and improving its ISMS […] assess information security risks and treat information security risks”. The requirements for an ISMS are specified in ISO 27001. Under this standard, a risk assessment must be carried out to inform the selection of security controls, making risk assessment the core competence of information security management and a critical corporate discipline.
Plan and carry out a risk assessment to protect your information
Information Security Risk Management for ISO 27001 / ISO 27002:
Provides information security and risk management teams with detailed, practical guidance on how to develop and implement a risk assessment in line with the requirements of ISO 27001.Draws on national and international best practice around risk assessment, including BS 7799-3:2017 (BS 7799-3).Covers key topics such as risk assessment methodologies, risk management objectives, information security policy and scoping, threats and vulnerabilities, risk treatment and selection of controls.Includes advice on choosing risk assessment software.Ideal for risk managers, information security managers, lead implementers, compliance managers and consultants, as well as providing useful background material for auditors, this book will enable readers to develop an ISO 27001-compliant risk assessment framework for their organisation and deliver real, bottom-line business benefits.
Buy your copy today!
About the authors
Alan Calder is the Group CEO of GRC International Group plc, the AIM-listed company that owns IT Governance Ltd. Alan is an acknowledged international cyber security guru and a leading author on information security and IT governance issues. He has been involved in the development of a wide range of information security management training courses that have been accredited by IBITGQ (International Board for IT Governance Qualifications). Alan has consulted for clients in the UK and abroad, and is a regular media commentator and speaker.
Steve Watkins is an executive director at GRC International Group plc. He is a contracted technical assessor for UKAS – advising on its assessments of certification bodies offering ISMS/ISO 27001 and ITSMS/ISO 20000-1 accredited certification. He is a member of ISO/IEC JTC 1/SC 27, the international technical committee responsible for information security, cyber security and privacy standards, and chairs the UK National Standards Body’s technical committee IST/33 (information security, cyber security and privacy protection) that mirrors it. Steve was an active member of IST/33/-/6, which developed BS 7799-3.
412 kr
Läs direkt efter köp
Protect your information assets with effective risk management
In today’s information economy, the development, exploitation and protection of information and associated assets are key to the long-term competitiveness and survival of corporations and entire economies. The protection of information and associated assets – information security – is therefore overtaking physical asset protection as a fundamental corporate governance responsibility.
Information security management system requirements
ISO 27000, which provides an overview for the family of international standards for information security, states that “An organisation needs to undertake the following steps in establishing, monitoring, maintaining and improving its ISMS […] assess information security risks and treat information security risks”. The requirements for an ISMS are specified in ISO 27001. Under this standard, a risk assessment must be carried out to inform the selection of security controls, making risk assessment the core competence of information security management and a critical corporate discipline.
Plan and carry out a risk assessment to protect your information
Information Security Risk Management for ISO 27001 / ISO 27002:
Provides information security and risk management teams with detailed, practical guidance on how to develop and implement a risk assessment in line with the requirements of ISO 27001.Draws on national and international best practice around risk assessment, including BS 7799-3:2017 (BS 7799-3).Covers key topics such as risk assessment methodologies, risk management objectives, information security policy and scoping, threats and vulnerabilities, risk treatment and selection of controls.Includes advice on choosing risk assessment software.Ideal for risk managers, information security managers, lead implementers, compliance managers and consultants, as well as providing useful background material for auditors, this book will enable readers to develop an ISO 27001-compliant risk assessment framework for their organisation and deliver real, bottom-line business benefits.
Buy your copy today!
About the authors
Alan Calder is the Group CEO of GRC International Group plc, the AIM-listed company that owns IT Governance Ltd. Alan is an acknowledged international cyber security guru and a leading author on information security and IT governance issues. He has been involved in the development of a wide range of information security management training courses that have been accredited by IBITGQ (International Board for IT Governance Qualifications). Alan has consulted for clients in the UK and abroad, and is a regular media commentator and speaker.
Steve Watkins is an executive director at GRC International Group plc. He is a contracted technical assessor for UKAS – advising on its assessments of certification bodies offering ISMS/ISO 27001 and ITSMS/ISO 20000-1 accredited certification. He is a member of ISO/IEC JTC 1/SC 27, the international technical committee responsible for information security, cyber security and privacy standards, and chairs the UK National Standards Body’s technical committee IST/33 (information security, cyber security and privacy protection) that mirrors it. Steve was an active member of IST/33/-/6, which developed BS 7799-3.
137 kr
Läs direkt efter köp
An ideal introduction to PCI DSS v3.2.1
All businesses that accept payment cards are prey for criminal hackers trying to steal financial information and commit identity fraud. The PCI DSS (Payment Card Industry Data Security Standard) exists to ensure that businesses process credit and debit card payments in a way that effectively protects cardholder data.
All organisations that accept, store, transmit or process cardholder data must comply with the Standard; failure to do so can have serious consequences and expensive repercussions. These range from customer desertion and brand damage to significant financial penalties and operating restrictions imposed by their acquiring bank.
Covering PCI DSS v3.2.1, this handy pocket guide provides all the information you need to consider as you approach the Standard. It is also an ideal training resource for those in your organisation involved with payment card processing. Topics include:
An overview of PCI DSS v3.2.1How to comply with the requirements of the StandardMaintaining complianceThe PCI SAQ (self-assessment questionnaire)The PCI DSS and ISO 27001Procedures and qualificationsAn overview of the PA-DSS (Payment Application Data Security Standard)PTS (PIN Transaction Security)Software-based PIN entryBuy your copy of this quick-reference guide to PCI DSS v3.2.1 today!
About the authors
Alan Calder is a leading author on IT governance and information security issues. He is the CEO of GRC International Group plc, the AIM-listed company that owns IT Governance Ltd.
Alan is an acknowledged international cyber security guru. He is a frequent media commentator on information security and IT governance issues, and has contributed articles and expert comment to a wide range of trade, national and online news outlets.
Geraint Williams is the CISO for the GRC International Group of companies, and a knowledgeable and experienced senior information security consultant and former PCI QSA, with a strong technical background and experience in the PCI DSS and security testing.
Geraint has provided consultancy on implementing the PCI DSS, and has conducted audits for a wide range of merchants and service providers as well as penetration testing and vulnerability assessments for clients. He has broad technical knowledge of security and IT infrastructure, including high-performance computing and Cloud computing. His certifications include CISSP® and PCIP.
137 kr
Läs direkt efter köp
An ideal introduction to PCI DSS v3.2.1
All businesses that accept payment cards are prey for criminal hackers trying to steal financial information and commit identity fraud. The PCI DSS (Payment Card Industry Data Security Standard) exists to ensure that businesses process credit and debit card payments in a way that effectively protects cardholder data.
All organisations that accept, store, transmit or process cardholder data must comply with the Standard; failure to do so can have serious consequences and expensive repercussions. These range from customer desertion and brand damage to significant financial penalties and operating restrictions imposed by their acquiring bank.
Covering PCI DSS v3.2.1, this handy pocket guide provides all the information you need to consider as you approach the Standard. It is also an ideal training resource for those in your organisation involved with payment card processing. Topics include:
An overview of PCI DSS v3.2.1How to comply with the requirements of the StandardMaintaining complianceThe PCI SAQ (self-assessment questionnaire)The PCI DSS and ISO 27001Procedures and qualificationsAn overview of the PA-DSS (Payment Application Data Security Standard)PTS (PIN Transaction Security)Software-based PIN entryBuy your copy of this quick-reference guide to PCI DSS v3.2.1 today!
About the authors
Alan Calder is a leading author on IT governance and information security issues. He is the CEO of GRC International Group plc, the AIM-listed company that owns IT Governance Ltd.
Alan is an acknowledged international cyber security guru. He is a frequent media commentator on information security and IT governance issues, and has contributed articles and expert comment to a wide range of trade, national and online news outlets.
Geraint Williams is the CISO for the GRC International Group of companies, and a knowledgeable and experienced senior information security consultant and former PCI QSA, with a strong technical background and experience in the PCI DSS and security testing.
Geraint has provided consultancy on implementing the PCI DSS, and has conducted audits for a wide range of merchants and service providers as well as penetration testing and vulnerability assessments for clients. He has broad technical knowledge of security and IT infrastructure, including high-performance computing and Cloud computing. His certifications include CISSP® and PCIP.
200 kr
Skickas inom 5-8 vardagar
142 kr
Läs direkt efter köp
Understand ISO 38500: the standard for the corporate governance of IT
In the 21st century, IT governance has become a much-discussed topic among IT professionals. An IT governance framework serves to close the gap between the importance of IT and the understanding of IT, helping to improve your organisation’s competitive position.
ISO/IEC 38500 is the international standard for the corporate governance of information and communication technology. The purpose of the standard is to create a framework to ensure that the board is appropriately involved, and it sets out guiding principles for governing bodies on how to ensure the effective, efficient and acceptable use of IT within their company.
This useful pocket guide is an ideal introduction for those wanting to understand more about ISO 38500. It describes the scope, application and objectives of the Standard and outlines its six core principles. It covers:
What is ISO/IEC 38500?The corporate governance contextScope, application and objectivesPrinciples and model for good governance of itImplementing the six IT governance principlesISO/IEC 38500 and the IT steering committeeProject governanceOther IT governance standards and frameworksIntegrated frameworksImplement an IT governance framework to improve your organisation’s competitive position. Buy this pocket guide today!
About the author
Alan Calder is a leading author on IT governance and information security issues. He is Group CEO of GRC International Group plc, the AIM-listed company that owns IT Governance Ltd. Alan is a frequent media commentator on IT governance and information security issues, and has contributed articles and expert comment to a wide range of trade, national and online news outlets.
137 kr
Läs direkt efter köp
Understand ISO 38500: the standard for the corporate governance of IT
In the 21st century, IT governance has become a much-discussed topic among IT professionals. An IT governance framework serves to close the gap between the importance of IT and the understanding of IT, helping to improve your organisation’s competitive position.
ISO/IEC 38500 is the international standard for the corporate governance of information and communication technology. The purpose of the standard is to create a framework to ensure that the board is appropriately involved, and it sets out guiding principles for governing bodies on how to ensure the effective, efficient and acceptable use of IT within their company.
This useful pocket guide is an ideal introduction for those wanting to understand more about ISO 38500. It describes the scope, application and objectives of the Standard and outlines its six core principles. It covers:
What is ISO/IEC 38500?The corporate governance contextScope, application and objectivesPrinciples and model for good governance of itImplementing the six IT governance principlesISO/IEC 38500 and the IT steering committeeProject governanceOther IT governance standards and frameworksIntegrated frameworksImplement an IT governance framework to improve your organisation’s competitive position. Buy this pocket guide today!
About the author
Alan Calder is a leading author on IT governance and information security issues. He is Group CEO of GRC International Group plc, the AIM-listed company that owns IT Governance Ltd. Alan is a frequent media commentator on IT governance and information security issues, and has contributed articles and expert comment to a wide range of trade, national and online news outlets.
200 kr
Skickas inom 5-8 vardagar
142 kr
Läs direkt efter köp
Cyber Security – Essential principles to secure your organisation takes you through the fundamentals of cyber security, the principles that underpin it, vulnerabilities and threats, and how to defend against attacks.
Organisations large and small experience attacks every day, from simple phishing emails to intricate, detailed operations masterminded by criminal gangs, and for every vulnerability fixed, another pops up, ripe for exploitation.
Cyber security doesn’t have to cost vast amounts of money or take a short ice age to implement. No matter the size of your organisation, improving cyber security helps protect your data and that of your clients, improving business relations and opening the door to new opportunities.
This pocket guide will take you through the essentials of cyber security – the principles that underpin it, vulnerabilities and threats and the attackers who use them, and how to defend against them – so you can confidently develop a cyber security programme.
Cyber Security – Essential principles to secure your organisation:
Covers the key differences between cyber and information security;Explains how cyber security is increasingly mandatory and how this ties into data protection, e.g. the Data Protection Act 2018 and the GDPR (General Data Protection Regulation);Focuses on the nature of the problem, looking at technical, physical and human threats and vulnerabilities;Explores the importance of security by design;Gives guidance on why security should be balanced and centralised; andIntroduces the concept of using standards and frameworks to manage cyber security.No matter the size of your organisation, cyber security is no longer optional – it is an essential component of business success and a critical defence against the risks of the information age. The only questions left are to decide when and where your journey will begin.
Start that journey now – buy this book today!
137 kr
Läs direkt efter köp
Cyber Security – Essential principles to secure your organisation takes you through the fundamentals of cyber security, the principles that underpin it, vulnerabilities and threats, and how to defend against attacks.
Organisations large and small experience attacks every day, from simple phishing emails to intricate, detailed operations masterminded by criminal gangs, and for every vulnerability fixed, another pops up, ripe for exploitation.
Cyber security doesn’t have to cost vast amounts of money or take a short ice age to implement. No matter the size of your organisation, improving cyber security helps protect your data and that of your clients, improving business relations and opening the door to new opportunities.
This pocket guide will take you through the essentials of cyber security – the principles that underpin it, vulnerabilities and threats and the attackers who use them, and how to defend against them – so you can confidently develop a cyber security programme.
Cyber Security – Essential principles to secure your organisation:
Covers the key differences between cyber and information security;Explains how cyber security is increasingly mandatory and how this ties into data protection, e.g. the Data Protection Act 2018 and the GDPR (General Data Protection Regulation);Focuses on the nature of the problem, looking at technical, physical and human threats and vulnerabilities;Explores the importance of security by design;Gives guidance on why security should be balanced and centralised; andIntroduces the concept of using standards and frameworks to manage cyber security.No matter the size of your organisation, cyber security is no longer optional – it is an essential component of business success and a critical defence against the risks of the information age. The only questions left are to decide when and where your journey will begin.
Start that journey now – buy this book today!
193 kr
Skickas inom 5-8 vardagar
138 kr
Läs direkt efter köp
In an increasingly volatile world, exemplified by the 2020 COVID-19 pandemic, organisations are looking at business continuity with a fresh perspective. While most organisations believe they are prepared for disruption, COVID-19 has proved otherwise. The need for business continuity has never been clearer.
If you were hit by a cyber attack and lost the use of your IT systems, would you be able to carry on? If your business premises were forced to close, what would you do? If you were affected by unexpected staff absence, how could you reassure your customers that you can still offer them the service they expect?
Being unprepared can lead to financial and reputational damage, which could prove disastrous. You could fail to keep up with customer demand or lose important business, or your customers could go elsewhere. Without a proper risk assessment strategy, your company directors could even face prosecution if a major incident occurs and results in loss or injury.
An introduction to ISO 22301
To minimise the impact of a disaster on your business, and to continue to provide essential services to your customers, you need to put in place a BCMS (business continuity management system). This pocket guide will help you understand the basics of business continuity and ISO 22301:2019, the international standard that describes the specification for a BCMS.
It covers:
What business continuity is;Key terms and definitions;A brief history of business continuity management;The BCMS;ISO 22301 BCMS requirements; andCertificationISO 22301:2019 - An introduction to a business continuity management system (BCMS) provides an easy-to-read and straightforward introduction to a BCMS that business continuity managers, compliance managers, C-suites and disaster recovery planners – or any organisation implementing, or considering implementing, an ISO 22301 BCMS – will find valuable.
138 kr
Läs direkt efter köp
In an increasingly volatile world, exemplified by the 2020 COVID-19 pandemic, organisations are looking at business continuity with a fresh perspective. While most organisations believe they are prepared for disruption, COVID-19 has proved otherwise. The need for business continuity has never been clearer.
If you were hit by a cyber attack and lost the use of your IT systems, would you be able to carry on? If your business premises were forced to close, what would you do? If you were affected by unexpected staff absence, how could you reassure your customers that you can still offer them the service they expect?
Being unprepared can lead to financial and reputational damage, which could prove disastrous. You could fail to keep up with customer demand or lose important business, or your customers could go elsewhere. Without a proper risk assessment strategy, your company directors could even face prosecution if a major incident occurs and results in loss or injury.
An introduction to ISO 22301
To minimise the impact of a disaster on your business, and to continue to provide essential services to your customers, you need to put in place a BCMS (business continuity management system). This pocket guide will help you understand the basics of business continuity and ISO 22301:2019, the international standard that describes the specification for a BCMS.
It covers:
What business continuity is;Key terms and definitions;A brief history of business continuity management;The BCMS;ISO 22301 BCMS requirements; andCertificationISO 22301:2019 - An introduction to a business continuity management system (BCMS) provides an easy-to-read and straightforward introduction to a BCMS that business continuity managers, compliance managers, C-suites and disaster recovery planners – or any organisation implementing, or considering implementing, an ISO 22301 BCMS – will find valuable.
179 kr
Skickas inom 5-8 vardagar