Steve Watkins – författare

Faced with the compliance requirements of increasingly punitive information and privacy-related regulation, as well as the proliferation of complex threats to information security, there is an urgent need for organizations to adopt IT governance best practice. IT Governance is a key international resource for managers in organizations of all sizes and across industries, and deals with the strategic and operational aspects of information security. Now in its seventh edition, the bestselling IT Governance provides guidance for companies looking to protect and enhance their information security management systems (ISMS) and protect themselves against cyber threats. The new edition covers changes in global regulation, particularly GDPR, and updates to standards in the ISO/IEC 27000 family, BS 7799-3:2017 (information security risk management) plus the latest standards on auditing. It also includes advice on the development and implementation of an ISMS that will meet the ISO 27001 specification and how sector-specific standards can and should be factored in. With information on risk assessments, compliance, equipment and operations security, controls against malware and asset management, IT Governance is the definitive guide to implementing an effective information security management and governance system.

In 1988 several white managers of the Shoney’s restaurant chain protested against the company’s discriminatory hiring practices, including an order to blacken the “O” in “Shoney’s” on minorities’ job applications so that the marked forms could be discarded. When the managers refused to comply, they lost their jobs but not their resolve—they sued the company. Their case grew into the largest racial job discrimination class action lawsuit of its time. Shoney’s eventually offered to settle out of court, and the nearly 21,000 claimants divided a $132.5 million settlement, bringing to an abrupt end a landmark case that changed corporate attitudes nationwide.The Black O is a fascinating, behind-the-scenes story populated with many unforgettable characters, including civil rights lawyer Tommy Warren, the former college football star and convicted felon who took the case; Ray Danner, the ironfisted former CEO who developed the Shoney’s concept; and Justice Clarence Thomas, former head of the Equal Employment Opportunity Commission, which sat idly by for years while complaints mounted against Shoney’s. The Black O speaks to an issue that continues to have great urgency, serving as a stark refutation that the civil rights movement eliminated systemic discrimination from the workplace.

Who can forget the famous 'Freezer Bowl' AFC championship victory over the San Diego Chargers or the heart-stopping Super Bowl classic against the San Francisco 49ers and Joe Montana? Watkins and Maloney set the stage for these and other memorable games, detailing the big plays, stunning comebacks, and fantastic finishes and painting a picture that makes fans feel as though they were there.Classic Bengals: The 50 Greatest Games in Cincinnati Bengals History includes a list of the 50 greatest games by opponent, 'near misses' that almost made the list, stats on each game, and an insightful foreword from 'Mr. Bengal', Dave Lapham, who has played or broadcast games for the team in 42 of its 50 seasons.

Protect your information assets with effective risk managementIn today’s information economy, the development, exploitation and protection of information and associated assets are key to the long-term competitiveness and survival of corporations and entire economies. The protection of information and associated assets – information security – is therefore overtaking physical asset protection as a fundamental corporate governance responsibility. Information security management system requirementsISO 27000, which provides an overview for the family of international standards for information security, states that “An organisation needs to undertake the following steps in establishing, monitoring, maintaining and improving its ISMS […] assess information security risks and treat information security risks”. The requirements for an ISMS are specified in ISO 27001. Under this standard, a risk assessment must be carried out to inform the selection of security controls, making risk assessment the core competence of information security management and a critical corporate discipline.Plan and carry out a risk assessment to protect your informationInformation Security Risk Management for ISO 27001 / ISO 27002:Provides information security and risk management teams with detailed, practical guidance on how to develop and implement a risk assessment in line with the requirements of ISO 27001.Draws on national and international best practice around risk assessment, including BS 7799-3:2017 (BS 7799-3).Covers key topics such as risk assessment methodologies, risk management objectives, information security policy and scoping, threats and vulnerabilities, risk treatment and selection of controls.Includes advice on choosing risk assessment software.Ideal for risk managers, information security managers, lead implementers, compliance managers and consultants, as well as providing useful background material for auditors, this book will enable readers to develop an ISO 27001-compliant risk assessment framework for their organisation and deliver real, bottom-line business benefits.Buy your copy today!About the authorsAlan Calder is the Group CEO of GRC International Group plc, the AIM-listed company that owns IT Governance Ltd. Alan is an acknowledged international cyber security guru and a leading author on information security and IT governance issues. He has been involved in the development of a wide range of information security management training courses that have been accredited by IBITGQ (International Board for IT Governance Qualifications). Alan has consulted for clients in the UK and abroad, and is a regular media commentator and speaker. Steve Watkins is an executive director at GRC International Group plc. He is a contracted technical assessor for UKAS – advising on its assessments of certification bodies offering ISMS/ISO 27001 and ITSMS/ISO 20000-1 accredited certification. He is a member of ISO/IEC JTC 1/SC 27, the international technical committee responsible for information security, cyber security and privacy standards, and chairs the UK National Standards Body’s technical committee IST/33 (information security, cyber security and privacy protection) that mirrors it. Steve was an active member of IST/33/-/6, which developed BS 7799-3.

An ideal primer for anyone implementing a PIMS based on ISO/IEC 27701ISO/IEC 27701:2019 is a privacy extension to the international information security management standard, ISO/IEC 27001. It has been designed to integrate with ISO 27001 to extend an existing ISMS (information security management system) with additional requirements, enabling an organisation to establish, implement, maintain and continually improve its PIMS.ISO 27701 provides guidance on the protection of privacy, including how organisations should manage personal information, and helps demonstrate compliance with privacy regulations around the world, such as the GDPR (General Data Protection Regulation).ISO/IEC 27701:2019: An introduction to privacy information management offers a concise introduction to the Standard, aiding those organisations looking to improve their privacy information management regime, particularly where ISO/IEC 27701:2019 is involved. It is intended for:Individuals looking for general information about privacy information management; andOrganisations implementing, or considering improving, a PIMS, particularly where the use of ISO/IEC 27701:2019 is being considered.It will enable you to understand the basics of privacy information management, including:What privacy information management means;How to manage privacy information successfully using a PIMS aligned to ISO/IEC 27701;Key areas of investment for a business-focused PIMS; andHow your organisation can demonstrate the degree of assurance it offers with regard to privacy information management.This guide will prove useful throughout a number of stages in any privacy information management project – buy your copy today!

Written by an acknowledged expert on the ISO/IEC 27001 Standard, ISO 27001:2022 – An Introduction to information security and the ISMS standard is an ideal primer for anyone implementing an information security management system aligned to ISO 27001:2022.The guide is a must-have resource giving a clear, concise and easy-to-read introduction to information security, providing guidance to ensure the management systems you put in place are effective, reliable and auditable.This pocket guide will help you to:Make informed decisionsUsing this guide will enable the key employees in your organisation to make better decisions before embarking on an information security project.Ensure everyone is up to speedThis guide will give the non-specialists on the project board and in the project team a clearer understanding of what an information security management system involves, reflecting the ISO 27001:2022 version of the Standard.Raise awareness among staffEnsure that your staff know what is at stake with regard to information security and understand what is expected of them with this pocket guide.Enhance your competitivenessUse this guide to begin your ISO 27001:2022 implementation journey and let your customers know that the information you hold about them is managed and protected appropriately.Get up to speed with the ISO 27001:2022 updates and keep your information secureAbout the author:Steve is a Director of Kinsnall Consulting Ltd, providing board-level advice on cyber security and related standards.Steve is an active member of SC 27, the international committee responsible for cyber security, information security and privacy protection standards, including the ISO 27001 family. He Chairs the UK national committee (IST 33) that mirrors SC 27 and is the Chair of the UK ISO/IEC 27001 User Group.He is also a contracted ISMS and ITSMS Technical Assessor for UKAS, supporting the assessment of certification bodies offering accredited certification to ISO/IEC 27001 and ISO/IEC 20000-1.TOC:IntroductionChapter 1: Information security – What’s that?Chapter 2: It’s not ITChapter 3: ISO 27001 and the management system requirementsChapter 4: Legal, regulatory and contractual requirements and business riskChapter 5: Information security controlsChapter 6: CertificationChapter 7: SignpostingFurther reading

Take the complexity out of privacy management with this guide to ISO 27701:2025 – the go-to resource for anyone who needs a fast, reliable understanding of privacy information management.The book explains how the 2025 revision separates ISO/IEC 27701 from ISO/IEC 27001, giving privacy professionals a dedicated framework to manage personal data effectively and prove compliance.Written in a clear, no-nonsense style, it helps you:Understand what privacy information management really means.Build or enhance a PIMS aligned with ISO/IEC 27701:2025.Identify the key investment areas for a business-focused approach.Show customers, partners and regulators your commitment to privacy and trust.Whether you’re new to privacy management or preparing your organisation for certification, this compact guide provides the clarity and confidence you need. It’s ideal at every stage of your journey - from making the business case and launching a project to raising awareness and training your teams. Practical, authoritative and accessible.This ISO/IEC 27701:2025 book turns a complex standard into a clear roadmap for improving privacy information management. Perfect for:Privacy and compliance professionalsProject managers and information security teamsOrganisations preparing for or maintaining ISO/IEC 27701 certification Your essential companion to implementing and improving a PIMS – buy today!

Faced with the compliance requirements of increasingly punitive information and privacy-related regulation, as well as the proliferation of complex threats to information security, there is an urgent need for organizations to adopt IT governance best practice. IT Governance is a key international resource for managers in organizations of all sizes and across industries, and deals with the strategic and operational aspects of information security. Now in its seventh edition, the bestselling IT Governance provides guidance for companies looking to protect and enhance their information security management systems (ISMS) and protect themselves against cyber threats. The new edition covers changes in global regulation, particularly GDPR, and updates to standards in the ISO/IEC 27000 family, BS 7799-3:2017 (information security risk management) plus the latest standards on auditing. It also includes advice on the development and implementation of an ISMS that will meet the ISO 27001 specification and how sector-specific standards can and should be factored in. With information on risk assessments, compliance, equipment and operations security, controls against malware and asset management, IT Governance is the definitive guide to implementing an effective information security management and governance system.

The main international standard that deals with information security is ISO27001. If your organisation is looking to raise employee awareness of information security, then you will find this book especially useful. The pocket guide explains the concept of information security management within the framework of ISO27001.