Health and Safety Law Poster (A3 Version)
SI 1885 2011 The Carriage of Dangerous Goods and Use of Transportable Pressure Equipment (Amendment) Regulations 2011
British Pharmacopoeia 2012 - Save £100 off RRP
Security Awareness Training for All Port Facility Personnel, 2011 Edition (Model course 3.25) e-book (PDF Download)
Security Awareness Training for All Port Facility Personnel, 2011 Edition (Model course 3.25)
Security Awareness Training with DSD, 2011 Edition (Model course 3.24) e-book (PDF Download)
Security Awareness Training with DSD, 2011 Edition (Model course 3.24)
ISPS - Company Security Officer, 2011 Edition (Model course 3.20) e-book (PDF Download)
Marine Environmental Awareness, 2011 Edition (Model course 1.38) e-book (PDF Download)
Marine Environmental Awareness, 2011 Edition (Model course 1.38)
IT Governance Publications
 | IT Asset Management: A Pocket Survival Guide £9.95 ISBN: 9781849282925 Author: Martyn Hobbs Publisher: IT Governance Publishing Pages: 58 Format: Softcover Published date: 4 August 2011 IT Asset Management: A Pocket Survival Guide is a quick reference style guide, addressing such serious issues with a fresh and pragmatic approach. Aimed at IT professionals who have been tasked with putting in place Asset Management disciplines, it first provides a commonsense introduction to the key processes outlined in the Information Technology Infrastructure Library (ITIL®), before proceeding to explain the various milestones of an Asset Management project. It will guide the reader through:
|
 | PCI DSS: A Practical Guide to Implementing and Maintaining Compliance, Third edition (Softcover) ISBN: 9781849281867 £39.95 If you’re looking for a concise, easy to follow reference to PCI DSS compliance – you’ve just found it! This newly revised, practical guide, gives you a step by step guide to achieving Payment Card Industry Data Security Standard (PCI DSS) compliance showing you how to create, design and build a PCI compliance framework. The objective of this revised practical guide is to give entities advice and tips on the entire PCI implementation process. It provides a roadmap, helping entities to navigate the broad, and sometimes confusing, PCI DSS v2, and shows them how to build and maintain a sustainable PCI compliance programme. This latest revision also includes increased guidance on how to ensure your compliance programme is ‘sustainable’ and has been based on real-life scenarios, which should help to ensure your PCI compliance programme remains compliant. Benefits to business include: Save time and money with an easy to follow route-map to achieving PCI DSS compliance Understand the fundamental ins and outs of PCI DSS compliance Build your business case for PCI DSS compliance by providing the key information needed There is a huge amount of information on the PCI DSS freely available, but it doesn’t always answer your fundamental questions. Whether you’re a manager, executive or director involved in the PCI compliance process as part of your day to day activities, then this book also functions as a key support reference. |
 | Implementing Service Quality based on ISO/IEC 20000 ISBN: 9781849281928 £19.95 An up-to-date, practical guide for implementation and certification under ISO/IEC 20000 ISO/IEC 20000 is an important international standard for IT service providers. Implementation and certification will improve your business processes and practices. It will reassure your customers that your company is efficient, reliable and trustworthy. Customers will return because they know from experience that your service is second to none. Customer confidence means more business Potential customers will look for suppliers with ISO/IEC 20000 certification, seeking the reassurance it provides. This book will guide you through implementation and certification. Your streamlined management processes will enable you to offer first-class customer service at competitive prices. The impact on your profit margins is clear! Step by step to successful implementation This step-by-step management guide will benefit all who have a role in the implementation and certification process. Written for companies of any size in any location, it: gives a clear and detailed breakdown of the 2011 edition of the Standard identifies the role of ISO/IEC 20000 and other related standards, as well as ITIL and COBIT and the relationship between them explains what is really meant by ‘quality’ establishes the importance of a service management system and gives practical recommendations for its implementation tells you how to prepare for audit, including carrying out a Gap Analysis offers an explanation of the individual processes outlined in the Standard and gives clear guidelines for their implementation. Buy this guide and see how ISO/IEC |
 | Information Security Law: The Emerging Standard for Corporate Compliance ISBN: 9781905356669 £39.95 In today’s business environment, virtually all of a company’s daily transactions and all of its key records are created, used, communicated, and stored in electronic form using networked computer technology. Most business entities are, quite literally, fully dependent upon information technology and an interconnected information infrastructure. Emerging information security compliance requirements. While this reliance on technology provides tremendous economic benefits, it also creates significant potential vulnerabilities that can lead to major harm to a company and its various stakeholders. As a result, public policy concerns regarding these risks are driving the enactment of numerous laws and regulations that require businesses to adequately address the security of their own data. |
 | BS25999: A Pocket Guide ISBN: 9781905356416 £9.95 This new pocket guide provides an easy to read and straightforward introduction to the subjects of business continuity and BS 25999. If your organisation is implementing, or considering implementing, a BS 25999 business continuity management system (BCMS) then you need to read a copy of this pocket guide. This has been written for IT Governance Limited by Tony Drewitt, an experienced business continuity practitioner and a professional member of the Business Continuity Institute. In demand as a consultant in operational risk management and business continuity management, Tony has advised a wide range of small, medium and large organisations on developing business continuity policies, strategies and plans. He has been a guest lecturer for Cranfield University and is currently helping a number of clients to achieve BS25999 certification. |
 | An Introduction to Information Security and ISO27001 ISBN: 9781905356683 £9.95 This new pocket guide will suit both individuals who need an introduction to a topic that they know little about, and also organizations implementing, or considering implementing, some sort of information security management regime, particularly if using ISO/IEC 27001. The guide furnishes readers with an understanding of the basics of information security, including: * A definition of what information security means. * How managing information security can be achieved using an approach recognised world-wide. * The sorts of factors that need to be considered in an information security regime, including how the perimeters of such a scheme can be properly defined. * How an information security management system can ensure it is maximising the effect of any budget it has. * What sort of things resources might be invested in to deliver a consistent level of assurance. * How organizations can demonstrate the degree of assurance they offer with regards to information security, how to interpret claims of adherence to the ISO 27001 standard and exactly what it means. |
 | The Data Governance Imperative ISBN: 9781849280129 £39.95 Attention to corporate information has never been more important than now. The ability to generate accurate business intelligence, accurate financial reports and to understand your business relies on better processes and personal commitment to clean data. Every byte of data that resides inside your company, and some that resides outside its walls, has the potential to make you stronger by giving you the agility, speed and intelligence that none of your competitors yet have. Data governance is the term given to changing the hearts and minds of your company to see the value of such information quality. The Data Governance Imperative is a business person’s view of data governance. This practical book covers both strategies and tactics around managing a data governance initiative. The author, Steve Sarsfield, works for a major enterprise software company and is a leading expert in data quality and data governance, focusing on the business perspectives that are important to data champions, front-office employees, and executives. Steve runs an award-winning and world-recognized blog called the Data Governance and Data Quality Insider, offering practical wisdom |
 | Security Testing Handbook for Banking Applications ISBN: 9781905356829 £39.95 Attackers are increasingly focusing their attention on the application layer; visionary banks have responded by proactively testing their entire suite of applications. It is not enough any more to test only the public facing Internet banking application. The ease with which many attacks can be carried out now requires that all applications, including internal applications, be tested. Security Testing Handbook for Banking Applications is a specialised guide to testing a wide range of banking applications. The book is intended as a companion to security professionals, software developers and QA professionals who work with banking applications. The book is a manual for compliance with current and future regulatory compliance requirements; it may also be seen simply as a practical and comprehensive guide to best practice application security to support every person involved in this field. The authors are all part of a large Application Security team at Paladion; between them they have tested over three hundred banking applications. Within this book the authors share their experiences of using a structured approach to security testing, look at the checklist used for testing, discuss different banking applications and see how these can be tested effectively. |
 | Practical IT Service Management: A Concise Guide for Busy Executives ISBN: 9781905356393 £39.95 Practical IT Service Management is a clear, concise and to the point guide to implementing IT service management (ITSM). It is based on ITIL Version 3, one of the most widely accepted best-practice approaches to ITSM. This book is written by Thejendra BS who is an internationally experienced IT manager based in Bangalore, India. He has over 17 years’ experience of technology roles including disaster recovery planning, business continuity planning, asset management, IT security and IT project implementation. |
 | PCI DSS v1.2: A Practical Guide to Implementation ISBN: 9781849280235 £39.95 The objective of this newly revised practical guide is to offer a straightforward approach to the implementation process. It provides a roadmap, helping organisations to navigate the broad and sometimes confusing PCI DSS v1.2, and shows them how to build and maintain a sustainable PCI compliance programme. This book provides a route-map to achieving Payment Card Industry Data Security Standard (PCI DSS) compliance. The information in this book covers many of the fundamentals of how to create, design and build a PCI compliance framework. It is our top-selling book on PCI DSS compliance. |
 | Just Enough Governance for Notes ISBN: 9781905356591 £39.95 In today’s regulatory climate, companies cannot afford to have applications developed, or data housed, outside the boundaries of corporate oversight. Application failures lead to business process interruptions and lost revenue, and Lotus Notes applications are critical to the business. Their usefulness is reflected in the fact that many Fortune 500 companies have a significant investment in Lotus Notes and Notes applications. The trick is to tame Lotus Notes development, but not to break its spirit – to provide Just Enough IT Governance to protect the company, without discouraging Lotus Notes development altogether. Strike the right balance to provide Just Enough Governance This book provides a set of policies and procedures designed to strike this balance, to provide Just Enough Governance for Lotus Notes. Firstly, it presents an IT governance philosophy for Lotus Notes that can protect the company without stifling developer initiative. Secondly, it gives IT staff and Notes developers a blueprint to implement IT governance processes and principles in the Lotus Notes environment. And finally, it takes a clear-sighted look at the future evolution of Notes and of IT governance. |
 | Application security in the ISO27001 Environment ISBN: 9781905356355 £39.95 Application Security in the ISO27001 Environment demonstrates how to secure software applications within a best practice ISO/IEC 27001 environment, helps organisations protet critical data in line with the requirements of financial, governance and data protection regulations, and supports implementation of the PCI DSS Payment Application Security Standard. Application Security in the ISO27001 Environment is written by Vinod Vasudevan, Anoop Mangla, Firosh Ummer, Sachin Shetty, Sangita Pakala and Siddharth Anbalahan. Together, the authors draw on a wealth of experience in tackling and securing applications in critical environments and make this expertise available to help anyone tackling application security in ISO27001 and PCI environments, risk management and software application development. Secure Development Lifecycles. Over 224 pages, they address a range of essential topics, including: * secure development lifecycles, * threat profiling, * security testing, * secure coding guidelines. They also show how the controls from Annex A of ISO27001/ISO27002 can be used to secure individual applications, and demonstrates how to tackle this issue as part of the development and roll out of an organisation-wide Information Security Management System conforming to the Standard. |
 | IT Governance: Guidelines for Directors ISBN: 9781905356072 £49.95 Order IT Governance: Guidelines for Directors today! This important new book cuts through the hype that surrounds IT governance to provide directors, executives, managers and professional advisers with clear, pragmatic guidelines for ensuring that IT and the business work together to ensure enterprise success in the highly competitive, global information economy. |
 | Data Protection vs. Freedom of Information ISBN: 9781905356720 £19.95 The Freedom of Information Act (FOI) was a milestone in UK legislation and, for the first time, the lid was legally lifted on a lot of what the UK government was doing in the name of the citizens of the country. While the FOI applies only to public sector organisations, it covers a wide range of information. The Data Protection Act, which applies equally in both the public and private sector, had already given individuals the right to find out what information was being held about them, and to insist on having that information kept accurate and up to date. Of course, the Data Protection Act also placed an obligation on organisations to protect the personal data of those people about whom they collected this information and to ensure that this data was not disclosed, either deliberately or accidentally, to anyone not entitled to see it. Clear and practical guidance for data governance professionals Inevitably, information that could and should be disclosed pursuant to a freedom of information enquiry could quite conceivably also contain information that the data controller must protect and herein lies a challenge for those in the public sector. Data management frameworks must be designed with two apparently contradictory objectives in mind: ensuring that information that might have to be disclosed pursuant to an FOI enquiry can quickly be found and provided, while simultaneously ensuring that personal data that has to be protected remains protected. This is a key data governance issue and, until now, there has been little useful guidance on how to tackle this issue for those charged with designing processes and infrastructure that meets these two sets of legal requirements. |
 | Implementing ISO27001 in a Windows ® Environment ISBN: 9781905356782 £47.95 The information security management standard (ISMS), ISO/IEC 27001, provides a significant implementation challenge for all organisations. A significant number of the controls to be applied will, of necessity, be technical and will relate to how IT hardware and software are set up and configured. As a result, there is often a gulf in understanding as to what is required between the ISO27001 ISMS project manager and those responsible for implementing the technical controls. A step-by-step guide through the journey of implementing ISO27001 Implementing ISO27001 in a Windows® Environment does an outstanding job of helping parties on both sides to bridge the gulf. It identifies the recommended technical controls of ISO27001’s Annex A and, for a Microsoft environment, provides guidance on how (if, on the basis of a risk assessment, they are considered necessary) to implement them. This book fills a major hole in the guidance literature for ISO27001 and makes a significant contribution to helping both project managers and IT and security staff get to grips with what controls are appropriate to mitigate identified risks. It is designed as a step-by-step guide through the journey of implementing ISO27001 in a Microsoft® Windows® environment. |
 | Green IT in Practice ISBN: 9781905356614 £29.95 As the planet heats up and oil prices continue to rise, it has become continually more important to reduce CO2 emissions worldwide and look to increase energy efficiency. Green IT in Practice is a practical book to help managers navigate a little more easily through the mass of information surrounding Green IT. Key Green IT initiatives Green IT in Practice contains a variety of ideas for establishing and formalising a Green IT programme within an organisation. The experience of the John Lewis Partnership’s Green IT programme during 2007 and the first half of 2008 is discussed in detail and is a core element. Chapters cover the link between general Corporate Social Responsibility and Green IT, how to go about constructing appropriate policies and metrics, and thoughts on how to engage with employees and suppliers. Individual case studies on key Green IT initiatives are then discussed in turn, before the book ends with a chapter considering how IT can begin to enable carbon footprint reduction in the organisation as a whole. |
 | Disaster Recovery and Business Continuity, 2nd Ed. ISBN: 9780470516386 £35.99 This book is an invaluable resource for anyone undertaking the business continuity/disaster recovery management or planning role within an organisation. This guide demystifies these processes step-by-step. Thus, allowing the reader to gain the key knowledge they need to operate these functions effectively.Additionally, this book provides coverage of many of the leading standards on the topic of business continuity management (BCM). This book does not just cover the IT perspective of BCM, it also covers many of the other areas which affect organisations. These aspects include: environmental, homeland security aspects etc. Key Features: * Comprehensive guide to many of the of the aspects of business continuity/disaster recovery management & planning. * Many of the aspects of BCM and planning are covered in depth, allowing the reader to comprehend the key information. * Details of the latest changes in the BCM and planning fields are distilled. * In-depth coverage of many of the leading standards on BCM and the field in general are included in the book. |
 | CyberWar, CyberTerror, CyberCrime ISBN: 9781905356478 £39.95 ‘CyberTerrorism, CyberCrime and CyberAttacks pose a serious risk to national, individual and corporate security,’ concludes Dr Mehan. ‘The weapons of the CyberTerrorist or CyberCriminal are subtle, insidious, difficult to trace, low cost and easily deployed globally. Vital organizations on which we all depend are potentially vulnerable to this kind of attack, particularly financial, defense, telecommunications and energy networks, and no-one can afford to ignore the level of threat. CyberWar, CyberTerror, CyberCrime is a valuable tool for CIOs and IT professionals in assessing how to utilise the best standards and practices to secure their information systems against attack.’ In the course of 280 pages, CyberWar, CyberTerror, CyberCrime makes a convincing case for the application of international standards and practices as the key counter-measure to the global threat of CyberAttacks. The book also provides a useful glossary of wider reading and current international standards. |
 | Coaching for High Performance ISBN: 9781849280020 £24.95 This series of books aims to provide practical guidance on a range of soft-skills areas for those in IT. They may also be used to good effect by others, including those who deal with IT professionals, in order to facilitate more effective and co-operative working practices. Coaching for High Performance is intended to inspire IT managers with practical advice and tips on how to create a coaching environment in their department. Applying coaching skills in the IT workplace will help create a climate of high performance. Coaching enables people to improve their ability and confidence, as well as enhance the quality of their work. Furthermore, the skill of coaching is readily usable by all. It is a set of behaviours which can be applied during a five- minute chat with a colleague or a direct report, during a one-to-one meeting, a performance review or as part of an IT project meeting. |
 | Changing how you manage and communicate change ISBN: 9781905356942 £24.95 Order today and transform the way you manage and communicate change in your business! How has your organisation changed recently? How did the people in it or associated with it react? Was it in exactly the same way? Do you have more changes coming up? People’s reactions vary depending on a number of factors, including personality types, misconceptions, their personal circumstances and the influences of their work and life experiences. This new book will enable you to recognise and accept these differences, and even harness them for the benefit of the business. ‘Changing How You Manage and Communicate Change’, written by speaker and consultant, Naomi Karten, is specifically for IT professionals and those working closely with IT. However, you will find that the experiences highlighted in this book apply equally to anyone in any industry who needs to lead change. Benefits to business include: * Manage inevitable changes within your organization to their best advantage * Fine tune your management skills by gaining a better understanding of your own reactions to change as well as those of users, customers, suppliers and employees * Find out what’s unique about your business and why a one-size-fits-all change management approach simply doesn’t work * Be better prepared by discovering how to make your change management plan more flexible * Understand how the introduction of change affects productivity and what you can do about it * Learn how to help people to cope with change more positively and effectively |
 | Business Continuity Management: A Managers Guide to BS25999 ISBN: 9781905356515 £39.95 This book is a concise and practical guide to implementing the new benchmark for business continuity management - BS25999. While the number of events that could potentially disrupt the ability of your organisation to continue with its business activities continues to grow, the ramifications are increasingly dramatic. Climate change, terrorism and IT system failure are just some of today's more serious threats - and pressure is growing on all organisations to demonstrate effective, meaningful and dependable emergency preparedness. This guide will help you understand and meet the growing need to demonstrate and provide assurance to partners, customers and stakeholders that, should some significant business disruption occur, you have done everything possible to minimise disruption to the continued supply of the products or services by your organisation. |
 | Building a High-Performance Team ISBN: 9781905356805 £24.95 This series of books aims to provide practical guidance on a range of soft-skills areas for those in IT. They may also be used to good effect by others, including those who deal with IT professionals, in order to facilitate more effective and co-operative working practices. Building a High-Performance Team is intended to provide IT managers with informative and practical advice and tips on how to create a high-performance team. IT managers’ work cannot be achieved without collaboration and teamwork. Whether leading a team, or working as a team member or part of a cross-functional team, the successful implementation of IT projects, depends on effective team working. This book will help you to create a strong team. It is designed to assist you in understanding the characteristics of a high-performance team, to help you assess where your team stacks up and to develop a plan of action for realising team potential. The author, Sarah Cook is the Managing Director of The Stairway Consultancy Ltd. She has 15 years’ consulting experience specialising in team building, leadership and change and a background in industry. Sarah is a Fellow of the Chartered Institute of Personnel and Development, with an MA from Cambridge University and an MBA. She is an accredited user of a wide range of psychometric and personal diagnostic tools. |
 | IT Governance: Implementing Frameworks and Standards for the Corporate Governance of IT £39.95 Corporate governance increasingly provides the context within which twenty-first century organisations have to assess and deal with their investments in, and risks to, their corporate information assets and the Information and Communications Technology (ICT, or just IT) infrastructure within which those information assets are collected, manipulated, stored and deployed. But what is corporate governance, and why is it important to the IT professional? Why is IT governance important to the company director, and what do directors of companies – both quoted and unquoted – need to know? This book aims to do two things; The first is to set out for managers, executives and IT professionals the practical steps necessary to meet today’s corporate and IT governance requirements. The second is to provide practical guidance on how board executives and IT professionals can navigate and deploy to best corporate and commercial advantage the numerous IT management and IT governance frameworks and standards – particularly ISO/IEC 38500 – that have been published over the course of the last 10 years. Each of these standards and frameworks has a potentially valuable role to play in the organisation; the challenge lies in integrating them so that each can deliver what it was designed to do, and do this within the context of an overarching framework (a ‘super framework’, or ‘meta-framework’) that enables each organisation to design IT governance to meet its own needs. |
 | IT Regulatory Compliance in the UK ISBN: 9781905356270 £9.95 his new pocket guide in the Practical IT Governance series, provides initial guidance to all who are concerned with IT regulatory compliance in the UK. Here are the contents of the book. A companion Pocket Guide provides guidance on North American IT regulatory compliance. A key challenge for all IT management teams is to ensure that the organization avoids breaches of any criminal or civil law, as well as any statutory, regulatory or contractual obligations, and of any security requirements. Everyone in the IT organization (and outside it) needs to have an understanding of the legislation that applies to your organization. This Pocket Guide gives handy, easily-understood guidance on the key aspects of all the key regulations. |
 | The Indsider Threat ISBN: 9781849280105 £14.95 Data Loss Prevention is easier and cheaper than cure…. The insider threat poses a significant and increasing problem for organisations. The use of highly connected computers makes controlling information much more difficult than in the past. This is shown by the regular stories of data loss in the media such as the 25 million personal records mailed out by Revenue and Customs in the UK. In addition, we do not know enough about the insider threat, as of course many attacks are unknown to their victims or are not made public. An Insider Attack… This is the execution of a latent threat by an insider to achieve their goals, which usually has a detrimental effect on the organisation. They are often straightforward to perpetrate without detection using their legitimate access or acquiring unauthorised access using their knowledge of system weaknesses to defeat the controls. We need to understand what is valuable to insiders and their likely methods of attack to determine the necessary defensive measures. We believe that the insider threat is a difficult problem that requires systematic analysis to mitigate. This new pocket guide intends to shed light on the key security issues facing organisations from insiders to get them up to speed quickly. |
| The Green Office: A Business Guide £19.95 This guide was written specifically to help cost-conscious, environmentally-minded organisations identify practical and straightforward ways of reducing both the corporate cost base and their carbon footprint. There is a range of views about what, exactly, Green IT is. At the heart of the debate about the environmental role of IT, there is usually an acknowledgement that the world’s information and communications technologies consume a growing amount of power and have a measurably significant carbon footprint; and that more and more people in the industrialised world today actually work in and from offices which, themselves, have a significant carbon footprint. Regardless of one’s individual position or the reality of the argument about the causes of global climate change, there are a number of aspects of modern office practice which contribute to the problem. It is equally clear that changes in these practices can have beneficial commercial impacts as well as contributing to ‘saving the planet’. As consumers become more concerned about the planetary future, green organisations are increasingly better positioned to win market share; an active environmental awareness is also more in tune with the expectations of today’s workforce, many of whom are already accustomed in their daily life to applying the environmental mantra of Reduce, Reuse, Recycle. |
 | The Green Agenda: A Business Guide ISBN: 9781905356980 £19.95 This business guide to Green IT was written to introduce, to a business audience, the opposing groups and the key climate change concepts, to provide an overview of a Green IT strategy and to set out a straightforward, bottom line-orientated Green IT action plan. The fact that this will also enable the organization to comply with the growing range of ecologically-focused range of regulations is an additional benefit! ‘Green’ has become an important business issue. If consumers want to buy from Green organizations, then organizations have to consider their positions, their marketing strategies, their product ranges and their overall operational approach. While there is also a fast-growing market for suppliers of Green products and services, there is a much larger group of organizations that does not yet know how it should respond to the ‘Green business’ challenge, not least because the business benefits of pursuing a Green strategy are not necessarily that well articulated. |
 | The Governance of Green IT ISBN: 9781905356744 £19.95 The economy and environment have combined to create quite a challenge. On one hand, there is a push to reduce capital investment and operating expenses. On the other, organizations are implementing green strategies to reduce the environmental impacts. Within this context, information technology is struggling to provide services that support the organization. To sustain support, IT must implement processes to ensure proper value creation and protection of organizational goals. To this end, this book sets forth a Green IT process that will enable value creation and protection in the areas of data center power and cooling. Today's high-performance high-density computer systems are requiring power and cooling densities that hitherto were unheard of. As a result, not only are some data center facilities challenged to provide the power and cooling needed, but in some cases, the power utility can't even provide additional power without improving the power grid and/or developing additional generation facilities. |
 | Ten Rules of Information Security for the Smaller Business ISBN: 9781905356546 £19.95 Small companies today are just as exposed to computer security breaches (whether loss, fraud, theft, automated hacking attack or sophisticated blended phishing or spam attacks) as larger ones, and with the average cost of a security breach somewhere between £10k and £20k, it’s an exposure that smaller organisations can no longer afford. * Data protection compliance requirements also apply to smaller companies - and fines for non-compliance can be significant; * Smaller companies typically have fewer resources available to support a quick recovery from a computer disaster; * The ‘prevention is better than cure’ imperative is is the only sensible approach to computer security. |
 | Risk Assessment for Asset Owners ISBN: 9781905356263 £7.95 This book is a pocket guide to the ISO27001 risk assessment, and designed to assist asset owners and others who are working within an ISO27001/ISO17799 framework to deliver a qualitative risk assessment. It conforms with the guidance provided in BS7799-3:2006 and NIST SP 800-30. Here are the contents of this book All organizations face risks to information and information assets. Many organizations seek to identify and control those risks, usually as part of a structured approach to information security risk management. Risk assessment is at the heart of risk management, and the two together form the core competences of information security management. ISO27001 specifies a series of steps that must form part of the risk assessment. While a number of people in the organization will have a role to play in respect of risk assessment, these steps include a specific role for what the standard describes as ‘asset owners’. |
 | ISO/IEC 38500: The IT Governance Standard ISBN: 9781905356577 £9.95 In the twenty-first century, IT governance has become a much-discussed topic among IT professionals. It is not well understood by senior managers, company directors, board members and chairmen – which is a pity, because IT governance is a key topic for exactly these people. The emergence of ISO/IEC 38500 – the international standard for the corporate governance of information and communication technology – puts boards around the world in a position from which they can take effective action to apply core governance principles to their information and communication technology. This essential pocket guide will help you to understand both this new standard and the complex area of IT governance. Key features of this pocket guide include: * An overview of the ISO/IEC 38500 standard * Framework for good IT governance * Project governance * The Calder-Moir Framework |
 | PCI DSS A Pocket Guide ISBN: 9781905356645 £9.95 Target dates for compliance with the PCI DSS itself have all long since passed. Many organisations – particularly those that fall below the top tier of payment card transaction volumes – are not yet compliant - and can no longer afford to put off the work required to fall into line with this global standard. This handy pocket guide will provide you with all the information you will need when considering how to approach the PCI DSS, and is an ideal tool for awareness training for your PCI staff. Attacks are highly automated, seeking out website and payment card system vulnerabilities All businesses that accept payment cards are prey for hackers and criminal gangs that seek to steal payment card and individual identity details. Many attacks are highly automated, seeking out website and payment card system vulnerabilities remotely, using increasingly sophisticated tools and techniques. When a vulnerability is discovered, an attack can start – without management or staff of the target company having any awareness of what is going on. PCI DSS is designed to ensure that merchants are effectively protecting cardholder data. It recognises that not all merchants may have the technical understanding to identify for themselves the necessary steps and short-circuits to avoid danger. All merchants, and their service providers, should therefore ensure that they comply with PCI DSS, and that they stay compliant. |
 | Compliance for Green IT: A Pocket Guide ISBN: 9781849280006 £19.95 Green IT will be a critical component of organisational IT and compliance strategies from 2009 onwards. There are many thousands of environmentally-related laws and regulations, only a few of which are of direct importance to the IT professional. It is important that the regulations that are discussed here – the ones that are of most significance in the management of Green IT – are tackled in the context of broader environmental compliance activities. Regulations that are relevant to the IT sector include carbon trading and carbon cap-and-trade schemes, which are used in a voluntary or mandatory capacity to reduce CO2 emissions and offset the impact of the environmental damage caused elsewhere. IT is a significant consumer of power and these schemes, while still very much in their infancy, are of growing importance and relevance for the IT organisation. This pocket guide provides a useful introduction to, and overview of, these schemes. Apart from carbon trading schemes, organisations are increasingly exposed to regulations around the disposal of waste, particularly electronic waste and, again, these regulations have a specific impact on the IT organisation. |
 | Managing IT in a Downturn ISBN: 9781905356768 £19.95 With the world stumbling through an economic downturn, IT managers are under pressure to shave costs from the technology operations that keep organisations running smoothly. Cutbacks abound, staff cuts look likely and new projects are being back-burnered. These are the days in which IT managers really earn their bread and butter. |
 | Data Protection Compliance in the UK ISBN: 9781905356492 £19.95 The recent HMRC data breach - and the large number of other breaches reported since - raise a question about the extent to which those charged with handling personal data have been properly trained. The truth emerged in recent online survey carried out by IT Governance: only roughly half of employees handling personal information have been trained in their Data Protection Act (‘DPA’) responsibilities. IT Governance has therefore published this new pocket guide to help organizations quickly get everyone responsible for data protection up to speed - and ensure that no one has grounds to complain of ignorance of the law! Written by leading data protection experts from international law firm Pinsent Masons LLP, this pocket guide provides everyone involved in the protection and security of personal data with clear guidance on the requirements of the DPA and how these must be met. |
 | IT Regulatory Compliance in North America ISBN: 9781905356287 £9.95 This new pocket guide in the Practical IT Governance series, provides initial guidance to all who are concerned with IT regulatory compliance in North America. A companion Pocket Guide provides guidance on UK IT regulatory compliance. A key challenge for all IT executive teams is to ensure that the organization avoids breaches of any criminal or civil law, as well as any statutory, regulatory or contractual obligations, and of any security requirements. Everyone in the IT organization (and outside it) needs to have an understanding of the legislation that applies to your organization. This Pocket Guide gives handy, easily-understood guidance on the key aspects of all the key regulations. |
 | IT Outsourcing Contracts: A Legal and Practical Guide ISBN: 9781849280297 £19.95 IT Outsourcing - A wide range of industry sectors need IT, and many organisations choose to outsource this (for example, banking, pharmaceuticals, travel and insurance companies). Outsourcing exists in many guises; IT payroll, helpdesk and IT maintenance requirements or the whole IT function. This book identifies some of the benefits and the pitfalls that an organisation may encounter when outsourcing its IT. IT Outsourcing Contracts: A legal and practical guide will provide readers with: · An overview of IT outsourcing, including advantages and disadvantages · Details of what needs to be considered when choosing whether or not to outsource IT · Typical scenarios that can arise when outsourcing IT and information on typical solutions that have been adopted by other organisations · An overview of the IT outsourcing process and useful information about the lifecycle – from choosing a supplier, through to termination · An understanding of legal and practical issues that might arise in an IT outsourcing contract. |
 | IT Governance: A Pocket Guide ISBN: 9781905356256 £9.95 IT Governance recognizes that Information and Information Technology is at the heart of the modern economy - and at the heart of the modern business. It is a critical component of corporate governance and this pocket guide provides an introduction on how to approach this complex subject. This pocket guide describes the drivers for IT governance; why it matters; the relationship between IT governance, risk management, information risk, project governance and compliance risk; lists the symptoms of inadequate IT governance and the benefits that can be won by implementing an IT governance framework, and describes - in principle - how to go about doing this. |
 | ISO27001 Assessments Without Tears ISBN: 9781905356188 £5.95 The audit process can be a daunting one as an auditor can direct questions at any employee within your organisation. Written in a clear plain style, this pocket guide offers a tried and tested briefing, and should be issued to staff in advance of the audit to help them prepare for the experience and be well equipped to answer questions when asked. This pocket book explains what an ISO 27001 assessment is, why organisations bother with them, and what individual staff should do and, perhaps as importantly, not do if an auditor chooses to question them. Here are the contents of this book. The book covers: * What an assessment is * Why information security is important * What happens during an assessment * What to consider when answering an auditor’s questions * What happens when an auditor finds something wrong * Your policies and how to prepare * Further information: who to ask This pocket book is the perfect tool to train everybody inside your organisation to play their part in your ISO 27001 assessment. |
 | Information Security Breaches ISBN: 9781849280273 £19.95 Widen the horizon of your Information Security Knowledge! Although breaches of information security are not a new phenomenon, the methods used to perpetrate such breaches have changed considerably over the years. Leaking information to non-authorised people has always been an issue but, in the computer age, the speed and effectiveness with which breaches of information security can occur, and the amount of harm potentially caused are disturbing. Typically, also, they favour the perpetrator, not the victim. The process outlined This pocket guide outlines a process and its elements for the treatment of severe breaches, and places them in the context of the associated ISO27001 controls. It provides input for decision making and breach classification, and case studies where the reader can check out how other companies were affected and what they did, or did not do, upon becoming the victim of a breach. Intended to serve two purposes... Firstly, this title provides a general discussion of what information security breaches are, how they can be treated, and what ISO27001 offers in that respect, illustrated with details of real-life information security incidents. It aims to serve as a facilitator to widen the horizon of the reader seeking knowledge, or as an introduction for those who are just starting to think about information security. |
 | How to Use Web 2.0 and Social Networking Sites Securely ISBN: 9781905356867 £19.95 At its simplest, Web 2.0 is the term used to describe the second generation of web technologies, including social networking sites, blogs and wikis, all of which enable the Web to be used in a different, more interactive way than before. These technologies also enable users to connect with a very large number of people in a short period of time at low cost. The use of Web 2.0 technologies has also spawned new business models and enabled improved collaboration, knowledge sharing and communication within organisations. At the same time, however, Web 2.0 technologies bring greater security risks for their fast growing universe of users. The number of risks is also growing exponentially. The challenge for businesses, therefore, is to find ways of enabling their users to use Web 2.0 technologies whilst minimising the risks. Given the widespread use of Web 2.0 technologies and their impact in terms of the number and types of incidents and the cost of them, controlling Web 2.0 risks needs to be a high priority for all organisations. This pocket guide provides recommendations for organisations that will help them ensure that their employees are using Web 2.0 sites in a secure manner, and that their personal and confidential corporate data is protected. |
 | Enterprise Architecture: A Pocket Guide ISBN: 9781849280167 £19.95 Enterprise architecture is a key competency for most large organisations of the present day. Its roots reach back some twenty years or more, in early efforts to re-use knowledge about software structure and design to assist in managing a rapid growth in the cost and complexity of IT systems in general. Compliance to a formal enterprise architecture framework is now mandatory in many government and defence contexts, and is increasingly common in larger organisations elsewhere. For most of its history, enterprise architecture has been regarded as belonging under IT governance. Yet at the present time the discipline is evolving once more, and extending its scope to become a literal architecture of the enterprise. This Pocket Guide describes the purpose, role and value of architecture in the enterprise, and the makeup and skillsets of the architecture team in different business contexts. It explores the relationship between architecture, project management, change-management and governance, and summarises the frameworks, methods, standards and toolsets currently in common use. And finally, it provides a brief outline of the typical activities and processes that are used in the development and realisation of an enterprise architecture. This guide is written by Tom Graves who has been an independent consultant for almost three decades, in business transformation, enterprise architecture and knowledge management. His clients in Europe, Australia and the USA cover a broad range of industries, including banking, utilities, logistics, engineering, media, telecoms, research, defence and government. He has a special interest in architecture for non-IT-centric enterprises, and integration between IT-based and non-IT-based services. |
 | Threat 2.0: Security and Complaince for Web 2.0 Sites ISBN: 9781905356843 £19.95 Web 2.0 – a widespread series of developments in the way websites are designed and accessed, and more widely known as ‘social networking sites’ – is a new and exciting way for websites to work. The extent to which Web 2.0 sites (such as Wikipedia, FaceBook, and YouTube) also rely on user-generated content adds to their immediacy, excitement and relevance. Web 2.0 sites do, however, come with their own set of risks – risks to users, to their confidential information, and to associated parties. It is not unusual, when technology is evolving so quickly, and is subject to such rapid take up, for such security risks to be bypassed – to the detriment of users. This book is probably the first book on this subject to be published; it has its origins in the detailed research which we did into Web 2.0: Trends, Benefits and Risks during Autumn 2008 and provides organisations with core guidance on how to ensure that their websites remain secure – and comply with the rapidly evolving regulatory requirements that cover personal data and computer security. Key features of this guide include: * Benefits and risks of Web 2.0 technologies * Making Web 2.0 sites secure * Ensuring Web 2.0 sites are compliant |
 | Mobile Security: A Pocket Guide ISBN: 9781849280204 £19.95 Mobile devices represent an increasingly important proportion of the technology market, with laptops, PDAs and smartphones all offering substantial opportunities to improve personal communications and business flexibility. In addition, removable storage, such as memory sticks, now enables enormous quantities of data to be carried around, making it available to use on demand in any location. However, such undoubted advantages can also bring considerable risks, with devices being physically vulnerable to loss, theft and damage, as well as potentially exposed to various forms of electronic attack. As such, there is a significant and growing need for protection, in order to enable us to get the best out of the kit in an otherwise dangerous digital world. The book provides a concise reference to the key security issues affecting those that deploy and use mobile technologies to support their organisations. It aims to raise awareness of the threats to which mobile devices, users and data are exposed, as well as to provide advice on how to address the problems. The key themes tackled in the chapters are as follows: · the importance of mobile technologies · physical threats in the outside world · dealing with network connectivity · authenticating the user · other mechanisms for protecting mobile data · attacks facing mobile devices and users · the potential limitations of mobile security features. |
ADR 2011 The European Agreement concerning the International Carriage of Dangerous Goods by Road (Books)
IMDG Code 2010/2011 (Book) 2 Vols
Civil Service Yearbook 48th Edition 2011/12
HSE Approved Codes of Practice - Six Pack (6 Pack) Pack of 6 Books
ADR 2011 The European Agreement concerning the International Carriage of Dangerous Goods by Road (Book and CD Pack)
Rules and Guidance for Pharmaceutical Manufacturers and Distributors 2007 -Book
PSA Schedule of Rates for Building Works: Tenth Edition
HSE L144 Managing Health and Safety in Construction
HSE HSG6 Safety in working with lift trucks
