Böcker utgivna av IT Governance Publishing

Understand the basics of business continuity and ISO 22301:2019 with this concise pocket guide, which will help you ensure your organisation can continue to operate in the event of a disruption.

Improve employee safety, reduce workplace incidents and create better, safer working conditionsAccording to a reportfrom the ILO (International Labour Organization), there are more than 2.78 million deaths and 374 million non-fatal injuries and illnesses per year as a result of occupational accidents or work-related diseases. The ILO estimates that the annual cost to the global economy is $3 trillion (about trillion), and in the UK alone it's estimated that 30.7 million working days were lost in 2017/2018 as a result of work-related illness and injury. Can your organisation afford to contribute to these statistics?How can ISO 45001 help?ISO 45001:2018, Occupational health and safety management systems - Requirements with guidance for use, is the international standard for creating and maintaining an OHSMS (occupational health and safety management system). The Standard provides guidance and an effective set of processes for improving worker safety and is designed to help organisations of all sizes and anywhere in the world reduce workplace injuries and illnesses.Creating and maintaining an OHSMS demonstrates employer due diligence and reasonable care, reduces workplace incidents, improves employee health, reduces absenteeism, increases productivity and creates a safer working environment for employees.Establishing an OHSMS based on ISO 45001This book provides a comprehensive explanation of the detailed requirements of ISO 45001. The author draws out key parts of the Standard, which can often be confusing for non-experts or newcomers to ISO standards, and explains what they mean and how to comply.Professionals involved in any aspect of an OHSMS, including development, documentation, implementation, training, supervision or auditing, will find the book useful. Equally, those with no background in the subject will find it a valuable resource. The book:Follows a hands-on and step-by-step approach to building an OHSMS;Explains the purpose and the requirements of each clause of ISO 45001;Describes how the requirements can be fulfilled by an organisation;Provides definitions of the roles and responsibilities of leadership; andIncludes numerous examples, suggestions, sample forms and procedures.Suitable for HSQE professionals, project managers, lead implementers and senior management, this book demystifies the ISO 45001 Standard by presenting its contents and implementation methodology in a simple, user-friendly and easily understandable manner. Consultants, trainers and auditors will also find it a useful reference guide.Successfully establish an OHSMS and proactively reduce injury and ill-health in your organisation - buy this book today.About the authorNaeem Sadiq holds a BSc in Aerospace and a Master's in Manufacturing Engineering. He is a certified lead auditor, an ASQ-certified manager and a quality systems auditor. Naeem's experience in engineering and management includes 25 years as an independent consultant, auditor and trainer for the ISO 9001, ISO 14001 and OHSAS 18001 standards.Naeem has presented a number of papers at national conferences on management system standards, and has provided consultancy, training and auditing support to more than 100 organisations. As a freelance writer, he is a regular contributor to national newspapers reporting on safety, environmental and social issues. He is also the author of two books: OHSAS 18001 Step by Step - A practical guide and ISO 14001 Step by Step - A practical guide.

Understand the CCPA (California Consumer Privacy Act) and how to implement strategies to comply with this privacy regulation.Established in June 2018, the CCPA was created to remedy the lack of comprehensive privacy regulation in the state of California. The CCPA came into effect on January 1, 2020, and gives California residents the right to:Learn what personal data a business has collected about themUnderstand who this data has been disclosed toFind out whether their personal data has been sold to third parties, and who these third parties areOpt out of such data transactions, or request that the data be deleted.Many organizations that do business in the state of California must align to the provisions of the CCPA. Much like the EU's GDPR (General Data Protection Regulation), businesses that fail to comply with the CCPA will face economic penalties.Achieve CCPA compliance with our implementation guide that:Provides the reader with a comprehensive understanding of the legislation by explaining key termsExplains how a business can implement strategies to comply with the CCPADiscusses potential developments of the CCPA to further aid complianceYour guide to understanding the CCPA and how you can implement a strategy to comply with this legislation - buy this book today to get the guidance you need!About the authorPreston Bukaty is an attorney and consultant. He specializes in data privacy GRC projects, from data inventory audits to gap analyses, contract management, and remediation planning. His compliance background and experience operationalizing compliance in a variety of industries give him a strong understanding of the legal issues presented by international regulatory frameworks. Having conducted more than 3,000 data mapping audits, he also understands the practical realities of project management in operationalizing compliance initiatives.Preston's legal experience andenthusiasmfor technology make him uniquely suited to understanding the business impact of privacy regulations such as theGeneral Data Protection Regulation (GDPR)andthe California Consumer Privacy Act (CCPA).He has advised more than 250 organizations engaged in businesses as varied as SaaS platforms, mobile geolocation applications, GNSS/telematics tools, financial institutions, fleet management software, architectural/engineering design systems, and web hosting. He also teaches certification courses on GDPR compliance and ISO 27001implementation, andwrites on data privacy law topics.Preston lives in Denver, Colorado. Prior to working as a data privacy consultant, he worked for an international GPS software company, advising business areas on compliance issues across 140 countries. Preston holds a juris doctorate from the University of Kansas School of Law, along with a basketball signed by Hall of Fame coach Bill Self.

Deliver exceptional results from your IT department using Agile approaches.Everything you want to know about Agile comprehensively addresses the issues that IT departments face when they try to implement Agile approaches within the constraints of their traditional organizations, including existing project frameworks, budgeting structures, contracts and corporate reporting. It is an essential resource for IT departments that want to deliver successful Agile results, even in the most challenging environments.Making Agile work in your organization:The book is written specifically to address the challenges of implementing Agile within the unique structures, constraints and culture of your organization. It describes Agile methodologies in clear business language specifically written for business professionals, providing you with the information that you need to:assess whether Agile is right for your departmentselect the Agile methodologies and practices that are best suited to your worksuccessfully implement these approaches in your department, andmonitor and measure the outcomes.Most importantly, this book gives you a range of strategies for aligning Agile work within the reporting, budgeting, staffing and governance constraints of your organization, which is arguably the biggest challenge.Written for IT decision makers (and those who want to influence them):Everything you want to know about Agile is written for executives, IT department managers and other senior decision makers, yet is equally valuable for IT project managers, team leaders and management consultants who want to deliver successful Agile results.If you are an IT professional already familiar with the benefits of Agile, this book can also help you to address management concerns that Agile approaches may not work within the traditional business practices and constraints of your organization.Agile methodologies and practices have been proven over the past two decades to increase the relevance, quality, flexibility and business value of software solutions. The IT departments of many large and successful organizations (including Google, Microsoft, Yahoo! and BT) have all delivered productivity gains through the adoption of Agile approaches. It worked for them, but will it work for you?Read this book and start delivering results right away.

A quick guide to better IT Service ManagementMany organisations rely on a mishmash of different technologies and ad hoc working practices to deliver products and services. This makes it very difficult to make changes, measure effectiveness and improve service levels.Better for you, better for your customersEmploying a structured IT Service Management system will enable your organisation to identify how to improve the service you deliver to your customers. The international standard for IT Service management is ISO/IEC 20000. Achieving compliance with this standard brings real operational benefits and shows new and potential customers that your organisation is efficient, reliable and trustworthy.The ISO/IEC 20000 standardThis pocket guide is a handy reference to the key information on ISO/IEC 20000. It features an overview of the purpose of the standard and shows how to use it. It explains qualification programmes, certification schemes and the interrelationship of ISO20000 with other standards, such as ISO27001. The overall emphasis of the guide is on ISO20000's customer-driven approach to ensure your IT service management processes align with the needs of your business.Specific benefits of ISO/IEC 20000Improve supplier relationships and establish a stronger supply chain capable of delivering on your commitments.Develop better employee coordination, and foster team spirit leading to more efficient and effective service delivery.Demonstrate the quality and reliability of your service management capability to existing and potential customers.Win new business with customer-focused organisations that make ISO/ IEC 20000 certification a requirement when awarding contracts.Ensure your IT service management processes align with the needs of your business and ultimately grow your business by improving your bottom line.This pocket guide introduces the ISO/IEC 20000 standard and explains what your organisation needs to do to achieve compliance.Make your IT service management work for your business with ISO20000

Agile Productivity Unleashed: Proven approaches for achieving real productivity gains in any organization introduces every industry sector to the Agile approaches that have dramatically improved the IT, product development and manufacturing sectors over the past two decades. Agile Productivity Unleashed clearly explains how the key principles of Agile approaches can be used to significantly increase productivity, quality and customer satisfaction in any organization. Written in non-technical language specifically for business professionals, this book is an essential tool for anyone whose job it is to deliver high-quality results on time and on budget.

Take control of your data for a more intelligent, responsive businessProactive management of your corporate information has never been more important. Data governance isn't a challenge solely for the IT team - it's every inch a business issue.Seamless processes and a personal commitment to clean data give you the ability to generate accurate business intelligence and financial reports, and gain an instant snap shot of the health of your business. Most importantly, they also help you run a more intelligent, agile, fast-moving business than your competitors.The Data Governance Imperative is written from a business person's view of data governance. This practical book covers both strategies and tactics around managing a data governance initiative.Benefits to business include:Retain your competitive edge when data governance becomes a matter-of-fact component of corporate stewardshipComply with worldwide corporate lawsGenerate accurate business intelligence and financial reportsUnderstand your business at a deeper levelDelight your customers by gaining a better understanding of their needsHandle support issues more smoothlyDeliver better 'green' programsLearn how to become a 'change agent' and break through corporate barriers

This pocket guide is a primer for any OES (operators of essential services) that needs to comply with the NIS Regulations, and explores who they are, and why the NIS Regulations are different for them.An introduction to the new NIS Regulations 2018 that bring the EU's NIS Directive and Implementing Regulation into UK law.This guide outlines the requirements for operators of essential services based on the Cyber Assessment Framework established by the National Cyber Security Centre (NCSC), including an explanation of the objectives, principles and indicators of good practice, and offers implementation guidance.This guide will help you:Understand how to comply with NIS Regulations, and avoid penalties associated with non-complianceUnravel the key definitions, authorities and points of contactLearn the benefits of a good Cyber Resilience planInterpret and ensure compliance with the Cyber Assessment FrameworkEstablish the NCSC's cyber security objectives, principles and indicators of good practiceYour essential guide to understanding the NIS Regulations - buy this book today and get the help and guidance you need.

This pocket guide is a primer for any DSPs (digital service providers) that needs to comply with the NIS Regulations, and explores who they are, and why the NIS Regulations are different for them.An introduction to the new NIS Regulations 2018 that bring the EU's NIS Directive and Implementing Regulation into UK law. This guide outlines the key requirements, details exactly which digital service providers are within scope, and explains how the security objectives from ENISA's Technical Guidelines and international standards can help DSPs achieve compliance.This guide will help you:Clarify how to identify if you are within the scope of the NIS RegulationsGain an insight into the NIS DirectiveUnravel the key definitions, authorities and points of contactUnderstand the benefits of a good cyber resilience planYour essential guide to understanding the NIS Regulations - buy this book today and get the help and guidance you need.

With a view to helping managers ask the right questions, Data Protection and the Cloud explains how you can effectively manage the risks associated with the Cloud and meet regulatory requirements. This book discusses:The controller-processor relationship and what you should pay attention to;How to mitigate security risks in the Cloud to comply with Article 32 of the EU GDPR (General Data Protection Regulation);How to comply with Chapter V of the GDPR when transferring data to third countries; andThe implications of the NIS Directive (Directive on security of network and information systems) for Cloud providers.One of the most dramatic recent developments in computing has been the rapid adoption of Cloud applications. According to the Bitglass Cloud Adoption Report, more than 81% of organisations have now adopted the Cloud in some form, compared with only 24% in 2014. And there are no signs that this is slowing down.The GDPR was enforced on 25 May 2018, superseding the 1995 Data Protection Directive and all local implementations. Bringing data protection into the 21st century, the Regulation expands the rights of individuals, but also introduces new, stricter requirements for organisations. This pocket guide discusses the GDPR requirements relating to Cloud sourcing and the risks involved.With a view to helping managers ask the right questions, Data Protection and the Cloud explains how you can effectively manage the risks associated with the Cloud and meet regulatory requirements. This book discusses:The controller-processor relationship and what you should pay attention to;How to mitigate security risks in the Cloud to comply with Article 32 of the EU GDPR (General Data Protection Regulation);How to comply with Chapter V of the GDPR when transferring data to third countries; andThe implications of the NIS Directive (Directive on security of network and information systems) for Cloud providers.One of the most dramatic recent developments in computing has been the rapid adoption of Cloud applications. According to the Bitglass Cloud Adoption Report, more than 81% of organisations have now adopted the Cloud in some form, compared with only 24% in 2014. And there are no signs that this is slowing down.The GDPR was enforced on 25 May 2018, superseding the 1995 Data Protection Directive and all local implementations. Bringing data protection into the 21st century, the Regulation expands the rights of individuals, but also introduces new, stricter requirements for organisations. This pocket guide discusses the GDPR requirements relating to Cloud sourcing and the risks involved.Buy today and learn how to meet your data protection obligations when using Cloud services.

Use an IT Governance strategy to reduce riskAn Introduction for Directors and IT professionalsThe modern organisation is increasingly working within the context of corporate governance. The subject dictates their day-to-day and strategic activities, especially corporate information asset risk management and investment, and the ICT infrastructure within which those information assets are collected, manipulated, stored and deployed.But what is corporate governance, and why is it important to the IT professional? Why is IT governance important to the company director, and what do directors of companies - both quoted and unquoted - need to know?The Calder-Moir FrameworkThe book also explains how to integrate each standard and framework using The Calder-Moir Framework (download for free from www.itgovernance.co.uk/calder_moir.aspx), which was developed specifically to help organisations manage and govern their IT operations more effectively, and to coordinate the sometimes wide range of overlapping and competing frameworks and standards. It also specifically supports implementation of ISO/IEC 38500, the international standard for best practice IT governance.Practical IT Governance guidanceBoard executives and IT professionals can learn to maximise their use of the numerous IT management and IT governance frameworks and standards - particularly ISO/IEC 38500 - to best corporate and commercial advantage.Build an IT Governance FrameworkWithin a 'super framework', or 'meta -framework', you can integrate each of these standards and frameworks whilst making sure that each can deliver what it was designed to do. Developing an overarching framework will enable your organisation to design IT governance to meet your own needs.

Ensure the success of your security programme by understanding users' motivations"e;This book cuts to the heart of many of the challenges in risk management, providing advice and tips from interviews as well as models that can be employed easily. Leron manages to do this without being patronising or prescriptive, making it an easy read with some very real practical takeaways."e;Thom Langford, Chief Information Security Officer at Publicis Groupe"e;Based on real world examples the book provides valuable insights into the relationship of information security, compliance, business economics and decision theory. Drawing on interdisciplinary studies, commentary from the field and his own research Leron gives the reader the necessary background and practical tools to drive improvements in their own information security program."e;Daniel Schatz, Director for Threat & Vulnerability Management at Thomson ReutersIn today's corporations, information security professionals have a lot on their plate. In the face of constantly evolving cyber threats they must comply with numerous laws and regulations, protect their company's assets and mitigate risks to the furthest extent possible.Security professionals can often be ignorant of the impact that implementing security policies in a vacuum can have on the end users' core business activities. These end users are, in turn, often unaware of the risk they are exposing the organisation to. They may even feel justified in finding workarounds because they believe that the organisation values productivity over security. The end result is a conflict between the security team and the rest of the business, and increased, rather than reduced, risk.This can be addressed by factoring in an individual's perspective, knowledge and awareness, and a modern, flexible and adaptable information security approach. The aim of the security practice should be to correct employee misconceptions by understanding their motivations and working with the users rather than against them - after all, people are a company's best assets.Product descriptionBased on insights gained from academic research as well as interviews with UK-based security professionals from various sectors,The Psychology of Information Security - Resolving conflicts between security compliance and human behaviourexplains the importance of careful risk management and how to align a security programme with wider business objectives, providing methods and techniques to engage stakeholders and encourage buy-in.The Psychology of Information Securityredresses the balance by considering information security from both viewpoints in order to gain insight into security issues relating to human behaviour , helping security professionals understand how a security culture that puts risk into context promotes compliance.ContentsChapter 1: Introduction to information securityChapter 2: Risk managementChapter 3: The complexity of risk managementChapter 4: Stakeholders and communicationChapter 5: Information security governanceChapter 6: Problems with policiesChapter 7: How security managers make decisionsChapter 8: How users make decisionsChapter 9: Security and usabilityChapter 10: Security cultureChapter 11: The psychology of complianceChapter 12: Conclusion - Changing the approach to securityAppendix: AnalogiesAbout the authorLeron Zinatullin (zinatullin.com) is an experienced risk consultant specialising in cyber security strategy, management and delivery. He has led large-scale, global, high-value security transformation projects with a view to improve cost performance and support business strategy.He has extensive knowledge and practical experience in solving information security, privacy and architectural issues across multiple industry sectors.He has an MSc in information security from University College London, where he focused on the human aspects of information security. His research was related to modelling conflicts between security compliance and human behaviour.

Passwords are not enoughA password is a single authentication factor - anyone who has it can use it. No matter how strong it is, if it's lost or stolen it's entirely useless at keeping private information private. To secure your data properly, you also need to use a separate, secondary authentication factor.Data breaches are now commonplaceIn recent years, large-scale data breaches have increased dramatically in both severity and number, and the loss of personal information - including password data - has become commonplace. Add to this the fact that rapidly evolving password-cracking technology and the habitual use - and reuse - of weak passwords has rendered the security of username and password combinations negligible, and you have a very strong argument for more robust identity authentication methods. Consumers are beginning to realise just how exposed their personal and financial information is, and are demanding better security from the organisations that collect, process and store it, which in turn has led to a rise in the uptake of two-factor authentication (TFA or 2FA). In the field of authentication security, the method of proving identity can be broken down into three factor classes - roughly summarised as 'what you have', 'what you are', and 'what you know'. Two-factor authentication relies on the combination of two of these factors.Product overviewTFA is nothing new. It's mandated by requirement 8.3 of the Payment Card Industry Data Security Standard (PCI DSS) and banks have been using it for years, combining paymentcards ('what you have') and PINs ('what you know'). If you use online banking you'll probably also have a chip authentication programme (CAP) keypad, which generates a one-time password (OTP).What is new is TFA's rising uptake beyond the financial sector.Two-Factor Authentication provides a comprehensive evaluation of popular secondary authentication methods, such as:* Hardware-based OTP generation* SMS-based OTP delivery* Phone call-based mechanisms* Geolocation-aware authentication* Push notification-based authentication* Biometric authentication factors* Smart card verificationas well as examining MFA (multi-factor authentication), 2SV (two-step verification) and strong authentication (authentication that goes beyond passwords, using security questions or layered security).The book also discusses the wider application of TFA for the average consumer, for example at such organisations as Google, Amazon and Facebook, as well as considering the future of multi-factor authentication, including its application to the Internet of Things (IoT). Increasing your password strength will do absolutely nothing to protect you from online hacking, phishing attacks or corporate data breaches. If you're concerned about the security of your personal and financial data, you need to read this book.

Protect your organisation by building a security-minded culture"e;With this book, Kai Roer has taken his many years of cyber experience and provided those with a vested interest in cyber security a firm basis on which to build an effective cyber security training programme."e;Dr. Jane LeClair Chief Operating Officer National Cybersecurity Institute, Washington, D.C.Human nature - easy prey for hackers?Human behaviour is complex and inconsistent, making it a rich hunting ground for would-be hackers and a significant risk to the security of your organisation . An effective way to address this risk is to create a culture of security. Using the psychology of group behaviour and explaining how and why people follow social and cultural norms, the author highlights the underlying cause for many successful and easily preventable attacks.An effective framework for behavioural securityIn this book Kai Roer presents his Security Culture Framework, and addresses the human and cultural factors in organisational security. The author uses clear, everyday examples and analogies to reveal social and cultural triggers that drive human behaviour . He explains how to manage these threats by implementing an effective framework for an organisational culture, ensuring that your organisation is set up to repel malicious intrusions and threats based on common human vulnerabilities.ContentsWhat is security culture?The Elements of security cultureHow does security culture relate to security awareness?Asking for help raises your chances of successThe psychology of groups and how to use it to your benefitMeasuring cultureBuilding security cultureAbout the authorKai Roer is a management and security consultant and trainer with extensive international experience from more than 30 countries around the world. He is a guest lecturer at several universities, and the founder of The Roer Group, a European management consulting group focusing on security culture.Kai has authored a number of books on leadership and cyber security , has been published extensively in print and online, has appeared on radio and television, and has featured in printed media. He is a columnist at Help Net Security and has been the Cloud Security Alliance Norway chapter president since 2012.Kai is a passionate public speaker who engages his audience with his entertaining style and deep knowledge of human behaviours , psychology and cyber security . He is a Fellow of the National Cybersecurity Institute and runs a blog on information security and culture (roer.com). Kai is the host of Security Culture TV, a monthly video and podcast.Series informationBuild a Security Culture is part of theFundamentals Series, co-published by IT Governance Publishing and Information Security Buzz.

Applying the Data Protection Act to the CloudThe UK's Data Protection Act 1998 (DPA) applies to the whole lifecycle of information, from its original collection to its final destruction. Failure to comply with the DPA's eight principles could lead to claims for compensation from affected individuals and financial penalties of up to 000 from the Information Commissioner's Office, not to mention negative publicity and reputational damage.An expert introductionMore than 85% of businesses now take advantage of Cloud computing, but Cloud computing does not sit easily with the DPA. Data Protection and the Cloud addresses that issue, providing an expert introduction to the legal and practical data protection risks involved in using Cloud services. Data Protection and the Cloud highlights the risks an organisation's use of the Cloud might generate, and offers the kind of remedial measures that might be taken to mitigate those risks.Topics covered include:Protecting the confidentiality, integrity and accessibility of personal dataData protection responsibilitiesThe data controller/data processor relationshipHow to choose Cloud providersCloud security - including two-factor authentication, data classification and segmentationThe increased vulnerability of data in transitThe problem of BYOD (bring your own device)Data transfer abroad, US Safe Harbor and EU legislationRelevant legislation, frameworks and guidance, including:- the EU General Data Protection Regulation- Cloud computing standards- the international information security standard, ISO 27001- the UK Government's Cyber Essentials scheme and security framework- CESG's Cloud security management principles- guidance from the Information Commissioner's Office and the Open Web Application Security Project (OWASP)Mitigate the security risksMitigating security risks requires a range of combined measures to be used to provide end-to-end security. Moving to the Cloud does not solve security problems, it just adds another element that must be addressed. Data Protection and the Cloud provides information on how to do so while meeting the DPA's eight principles.

Build a strategic response to cyber attacksThe activities of the cyber criminal are both deliberate and hostile, and they can be compared to military operations. Many people in business understand that the insights from the classics of military strategy are as relevant to modern commerce as they are to war. It is clear that organisations need to develop a view of cybersecurity that goes beyond technology: all staff in the organisation have a role to play, and it is the senior managers who must ensure, like generals marshalling their forces, that all staff know the cyber security policies that explain what to do when under attack.Cyber crime cyber war?With this in mind, the authors have drawn on the work of Clausewitz and Sun Tzu, and applied it to the understanding of information security that they have built up through their extensive experience in the field. The result is expert guidance on information security, underpinned by a profound understanding of human conflict.Building on the success of the first edition, this new edition covers the most recent developments in the threat landscape and the best-practice advice available in the latest version of ISO 27001:2103.About the authorsDr Andrew Vladimirovis a security researcher. His fields of expertise include network security and applied cryptography, and he has extensive experience of performing information security assessments. He and his fellow authors are the founders of Arhont Ltd, a leading information security consultancy.Konstantin Gavrilenkohas over 15 years of experience in IT and security. As a researcher, information security is his speciality, and he has a particular interest in wireless security. He holds a BSc in management science from De Montfort University and an MSc in management from Lancaster University.Andriej Michajlowskiis an expert on network security. His research interests include user and device authentication mechanisms, and wireless networking security. He has extensive experience carrying out internal and external information security assessments. He is a graduate of the University of Kent at Canterbury and he holds an MBA.Buy today, in any format. We'll send you a download link right away, or dispatch today for fast delivery to your selected destination.

The Agile auditing challengeMany auditors are now encountering Agile management methodologies for the first time. In some cases, this can cause problems for the audit process because the methodology is very different from traditional approaches. Aside from the difficulties faced by the auditor, an ineffective audit can have a negative effect on an Agile project by giving a false impression of its progress. It might even harm the final project outcome.Bridging the gap between Agile teams and AuditorsWritten for auditors and Agile managers, Agile Governance and Audit bridges the gap between traditional auditing approaches and the requirements of Agile methodologies. It provides an overview of Agile for auditors and other risk professionals who have not encountered the approach before. The book also tells Agile teams what auditors and risk professionals need, and the sort of questions they are likely to ask.Essential reading for anyone involved in an Agile auditEach chapter includes hints and tips for auditors, and a selection of case studies is included to illustrate the practical issues involved in auditing Agile projects. This makes it an ideal book for any auditor encountering the Agile methodology, and any Agile teams preparing for a management audit.This book will enable you to:understand the principles of Agileappreciate how it might be effectively auditedimprove communication between the auditor and the Agile team.Read this book to understand how to get the most out of Agile audits, whatever your role.

What if you suffer an information security breach?Many titles explain how to reduce the risk of information security breaches. Nevertheless breaches do occur, even to organisations that have taken all reasonable precautions. Information Security Breaches - Avoidance and treatment based on ISO27001:2013 helps you to manage this threat by detailing what to do as soon as you discover a breach.Be prepared, be prompt, be decisiveWhen your organisation's security is compromised, you cannot afford to waste time deciding how to resolve the issue. You must be ready to take prompt and decisive action. Updated to cover ISO27001:2013, this second edition gives you clear guidance on how to treat an information security breach and tells you the plans and procedures you have to put in place to minimise damage and return to business as usual.A recovery plan will help you to:recover, and resume normal operations, more quicklypreserve customer confidence by quickly resolving service disruptionsecure evidence to help with any criminal investigation and improve your chances of catching those responsible.Read this guide and find out how to manage in the face of a data breach.

Are your internal audits adding value? Organizations hoping to comply with any of the International Standards for management systems (e.g. ISO9001, ISO27001) must carry out internal audits. However, the requirements set down by accreditation bodies for auditor courses make little distinction between internal and external audit programs. As a result, many organizations instruct their internal auditors using resources designed for external auditors. Such internal audit programs often fail to develop beyond simple compliance monitoring, and risk becoming 'box-ticking' exercises, adding little value to the organization. This book provides a model for the management and implementation of internal audits that moves beyond simple compliance to ISO requirements and turns the internal audit into a transformational tool that the organization can use to assist with the management of risk, and implement improvements to management systems. It shows you how you can transform your internal auditing process to become a tool for development and continual improvement in your management systems. Buy this book and start adding value to your internal auditing program.

The truth about integrating Cloud services and ITSM Cloud functionality increases flexibility and capacity in IT systems, but it also adds complexity and requires a combination of business, financial and technical expertise to make it work effectively. Moreover, organizations often confuse availability with capacity, and assume incorrectly that using cloud services reduces the need to manage these factors.Lessons from real projects in a narrative format In Availability and Capacity Management in the Cloud: An ITSM narrative, Daniel McLean's fictional IT service management practitioner, Chris, faces the challenge of integrating cloud services into an ITSM structure. Based on the real-life experience of the author and other ITSM practitioners, this book tells the story of a cloud services implementation, exposing potential pitfalls and exploring how to handle issues that come with such projects.Tips to help you through your own project The end-of-chapter pointers give useful advice on dealing with the challenges organizations face when considering cloud services. Read this book and see how Chris meets the challenge of integrating cloud services with ITSM, and how you can do the same. Learn from the successes. Avoid the mistakes

How can you ensure that IT problems do not damage your business?IT is integral to modern organisations, and the way you manage it can make or break your business.IT service management - not just for the IT directorIt is not enough for the IT manager to understand the latest technical developments. For your company to succeed, everyone in the IT department must also understand their role in achieving overall business goals.IT service management questions answeredWritten in a friendly question-and-answer format, Practical ITSM explains how to set up a technical service management structure, using the best practice framework established by the latest version of the IT Infrastructure Library (ITIL 2011).ITIL framework for structured ITSMThe ITIL system is the most widely adopted approach to technical IT service management worldwide. It shows technical support staff how to provide the efficient IT services that are vital to your company's success. Learn how ITIL can help you to:Protect your company's reputation If you system goes down for any length of time, you might not be able to process an order or honour a contract. ITSM helps your business meet customer deadlines and expectations.Safeguard vital information and recover from IT setbacks Without adequate IT service management you could risk losing vital information, like payroll, billing and sales data.Retain momentum With a structured IT service management in place, routine maintenance issues can be quickly resolved, minimising delays and improving productivity.Read this book to see how ITIL can help your IT function support business goals.

Practical guidance on COBIT(R)5 implementation COBIT (Control Objectives for Information and related Technology) is the latest release of the popular framework for the governance of enterprise IT. It links controls, technical issues and business risks, enabling managers to manage the risks associated with business goals.Covers all key concepts of COBITWritten for IT service managers, consultants and other practitioners in IT governance, risk and compliance, this practical book discusses all the key concepts of COBIT, and explains how to direct the governance of enterprise IT (GEIT) using the COBIT framework. The book also covers the main frameworks and standards supporting GEIT, discusses the ideas of enterprise and governance, and shows the path from corporate governance to the governance of enterprise IT.Drawing on more than 30 years of experience in the IT sector, the author explains crucial concepts, including:the key elements of COBIT, the 5 principles, 7 enablers and the goals cascadethe structure of the 37 COBIT processesthe implementation of GEIT using COBIT and an implementation lifecyclethe COBIT Process Assessment Model (PAM) - the approach to process assessment of COBIT processes based on International Standard ISO/IEC 15504.Prepare for the COBIT Foundation examFor those studying for the COBIT qualifications,Governance of Enterprise IT based on COBITcovers all the material needed for the COBIT Foundation course, making it invaluable to anyone planning to take the exam.Read this book and get to grips with COBIT today.

If the goal of an Agile project is to deliver the highest business value solution possible, why is the business user the least supported member of the Agile team?It's good to be an Agile developer. The Agile community provides Agile developers with countless supporting resources including books, websites, forums, and conferences where Agile development issues can be raised, discussed, and jointly addressed by the group. The interesting thing is that, where Agile approaches go to great lengths to provide developers with the foundation they need to deliver high-value software solutions, there is relatively little equivalent support provided for the business users.In most Agile methods, the business user is solely responsible for the identification, requirements gathering, clarification, and assignment of priorities for their requested system capabilities. Agile development teams rely on business users having sufficient knowledge, vision, objectivity, and time to ensure that these capabilities provide the best possible solution.The Power of the Agile Business Analyst: 30 surprising ways a business analyst can add value to your Agile development team challenges whether Agile projects are truly positioned to deliver the highest-value business solutions without offering business users the equivalent level of support, validation, and collaboration that is provided for the Agile development team. To address this challenge, The Power of the Agile Business Analyst proposes including an Agile business analyst on the development team to provide business users with the support they need, as well as a valuable resource to assist the Agile developers in their analysis, design, testing, and implementation work throughout the project.30 ways an Agile Business Analyst can help your teamDrawing on more than 20 years' experience as a senior business analyst and international solutions consultant, Jamie Lynn Cooke details 30 achievable ways in which Agile business analysts can increase the relevance, quality, and overall business value of your Agile projects. Read this book and learn how to:Maximize the business value of your Agile solutions.Leverage the skills, experience, and opportunities an Agile business analyst can bring to your project.Find the most qualified Agile business analyst to complement your team.Identify how an Agile business analyst can help you address the most critical challenges on your Agile project.Use the strengths of an Agile business analyst to position your projects for ongoing funding and executive support.The Power of the Agile Business Analyst also provides guidance for business analysts who want to transition their skills to work most effectively in Agile environments.Bridge the gap between the business users and the Agile development teamThe Power of the Agile Business Analyst explains how having a skilled business analyst on the Agile team provides business users with peer support for their most critical business requirements, and provides the Agile development team with a business-knowledgeable resource who is available to work hands-on with them throughout the project. These are only some of the ways in which Agile business analysts empower development teams to deliver the most successful Agile solutions.Read this book and discover how an Agile business analyst can significantly increase the value of your solution.

Understand Metrics and KPIs for IT Service ManagementWhen companies look to identify opportunities for improvement, they often turn to Key Performance Indicators (KPIs) to measure their current performance in achieving business strategies and objectives.There is a common misconception, however, that KPIs are simple measurements that are easy to create, and that the mere act of this measurement will cause people to change their behaviour and improve their performance without additional intervention.Learn to implement an ITSM KPI management system Integrated Measurement - KPIs and Metrics for ITSM is the third title in a series designed to explain, at an operational level, how to implement new processes within an organisation, and how to facilitate the necessary changes to people's behaviour, in order to make that implementation a success.Real-world KPI experience Through an engaging narrative story, this volume in the series looks at the implementation of a KPI management system. Through the central character, readers witness (and learn from) real-world conversations and situations that are commonplace in an everyday business environment. The characters are fictitious, but the story comes from the author's own experience and real accounts.Each chapter ends with valuable lessons and conclusions drawn from events in the narrative, giving the reader a wealth of real-world, practical advice on what works, what fails, and the common traps and pitfalls to anticipate and avoid during an implementation project.People with little or no ITIL experience, or even a limited IT background, will find this book interesting, entertaining and, above all, extremely useful in understanding the means to a successful implementation of a KPI management system.

A wealth of material has been written to describe the underlying mechanics of ITSM, but very little practical advice is available on how to implement ITSM best practices to achieve an organization's business objectives.The official ITIL volumes explain what service management is, how the processes work and fit together, and why IT functions should adopt the practice, but they are notoriously vague on how to design and implement an ITSM model in a real organization. This challenge is best understood by those with experience of transforming ineffective and expensive IT, yet most ITSM guides are authored from a purely academic standpoint.Real-world IT Service ManagementThis book provides guidance on implementing ITSM Best Practices in an organization based on the authors' real-world experiences. Advice is delivered through a Ten-Step approach, with each step building upon the successes of its predecessors.Subjects covered include:Documenting objectives, identifying current and future demands, analyzing service financials.High-level design, negotiating development priorities, creating an execution plan and roadmap, agreeing roles and responsibilities.Detailed design, building, testing, deploying.Monitoring and continual improvement.Each step includes summary lists of key questions to ask and specific actions to take, and a useful business case template is included as an appendix.A practical guide to ITSMAs organizations seek to boost revenue, cut costs and increase efficiency, they increasingly look to IT as a strategic partner in achieving these objectives.Ten Steps to ITSM Success helps IT to prepare for this role by providing a detailed and practical guide to implementing ITSM best practices. It is aimed at ITSM practitioners and consultants, but will also be of interest to IT Directors and C-suite executives looking to transform the role of IT into a value-creating business partner, to establish a service management culture, and to drive improvements in their respective organizations.

Deliver your projects on time and to budgetThe use of Agile methods to implement SAP is a relatively new approach and one that has proven to be very successful. Agile techniques can greatly improve your SAP implementations, reduce risks, and help you bring your projects in on schedule and within budget.Invaluable practical adviceMany SAP projects use waterfall methodologies, but these often run into budgeting and scheduling problems. In this unique book, Sean Robson presents ways of improving SAP implementations and offers practical advice on the most effective way to see a project through from beginning to end. Basing his strategies on the twelve principles of the Agile Manifesto, and drawing on his vast experience, he particularly focuses on the use of Scrum and Kanban and their suitability for certain types of projects, enabling you to select the most appropriate method for the task in hand.Apply it to your projectsAs you read this book, you will understand how to:Bring your SAP projects in on time and within budgetBuild more flexibility and transparency in to your implementations, enabling you to adapt more quickly to your clients' needsRealize cost savings as you analyze your expenditure, reduce waste and increase efficiencies in the delivery cycleIncrease customer loyalty as you adopt 'best practice' in order to maintain consistently high standardsWork more effectively as you increase collaboration within the company and reduce the stress that so often accompanies large-scale projectsImprove clarity of requirements and eliminate unnecessary paperwork.Buy this book and bring your SAP projects in on time and on budget

The ultimate reference guide to IT Service MetricsCo-published by IT Governance Publishing and itSMF USAIT service metrics: Manage them. Measure them. Make them work for you.Measuring success is crucial, but how do we do it? How can we be sure that the IT services we offer are adding real value to our business?Used just as they are, the metrics in this book will bring many benefits to both the IT department and the business as a whole. Details of the attributes of each metric are given, enabling you to make the right choices for your business. You may prefer and are encouraged to design and create your own metrics to bring even more value to your business - this book will show you how to do this, too.How to measure the effectiveness of your IT service provisionMetrics are an invaluable tool for measuring the effectiveness of IT service provision. Used effectively, metrics enable businesses to:Ensure economical use of resources through greater understanding of current performanceIdentify areas for improvementJustify (or otherwise) and manage expenditureInform the decision-making process and drive change within the organizationSave money by reducing waste (resource, time, money, etc.)Fine-tune the services offered, thereby strengthening customer loyalty.Based on ITIL and other service management frameworks and standardsUp-to-date, based on the ITIL framework, as well as COBIT, PMI, ISO/IEC 20000 and ISO/IEC 27000, The Definitive Guide to IT Service Metrics will show you:How to integrate metrics into your businessWhat to consider when gathering and reporting informationHow to maximize the usage of metrics in order to ensure value for money from the systemHow to secure and protect your company's metrics.

IT as we know it is dead.Forces are at work that are reshaping the very fabric of the IT organisation. Driven by our own history, changing perceptions of how technology should work and newfound, but very real, competition, IT organisations are struggling to evolve - but into what?Keep your IT ahead of the competitionIn The Quantum Age of IT, Charles Araujo examines what has led us to this point and what it means to the future of IT organisations. With a broad perspective on the fundamental changes affecting the industry, he offers practical guidance that every IT professional needs to compete in this new era of IT.Whether you are an IT executive, or just beginning your career, this book will offer you the key insights you need to understand what is happening and what is coming.Understanding that future, Araujo blends a wide range of research and case studies to help you discover the skills you must develop in order to succeed and thrive in The Quantum Age of IT.Understand the future of ITAs you read this book, you will be able to:Understand how and why your IT function has changed and define its future roleCompete in this new age by embracing the five traits that will define the IT organisation of The Quantum AgeRemain effective and relevant as you understand and implement fundamental changes to future-proof your IT functionMaintain and develop excellent customer relations by better understanding your clients and their requirementsMeet the unique needs of all your customers, as you adopt the five key skills that all IT professionals will have to haveLearn from the past and look forward to a bright future!Read the author's article in CIO Insight on The Rise of the Quantum Age of ITListen to Tom Cagley's interview with Charles Araujo.(mp3 download, 30MB)Read this book and your organisation will not simply survive, it will thrive Order your copy today!

An essential guide to OHSAS 18001In this easy-to-understand and timely pocket guide, Naeem Sadiq, examines the practical and managerial issues an organisation faces as it gears up to meet OHSAS 18001 standards of occupational health and safety.Real-world scenariosUsing a wide variety of fictional 'real world' scenarios, Sadiq demonstrates the hazards that might be present in a workplace, how to assess risk, how to manage OHSAS 18001 implementation and how to communicate its implementation through all levels of management.Sadiq takes the complex, and often impenetrable, concepts that surround health and safety and presents them with absolute precision and clarity.A sound understanding of OHSAS 18001OHSAS 18001: Step by Step is more than a primer. Besides giving the reader a sound understanding of OHSAS 18001, the pocket guide can be used as a step-by-step instructional manual for anyone tasked with implementing operational health and safety standards in the workplace.This pocket guide gives its readers:A comprehensive explanation of OHSAS 18001 and its implicationsAn understanding of how OHSAS 18001 can be implemented through the PDCI (Plan-Do-Check-Improve) management principleA 'how-to' guide for establishing an Occupational Health and Safety (OH&S) PolicyA 'how-to' guide for identifying risks and controls within the organisationAn understanding of the law; the legislative and contractual OH&S requirements to which an organisation subscribesAn explanation of how OH&S objectives can be determined and established, and how to apportion responsibility and accountability throughout the organisationClear understanding of OH&S accountability and the need for diligent record-keepingA 'how-to' guide for setting up a training, competence and awareness regimeUnderstanding of how OHSAS 18001 protects not just colleagues, but customers and contractors who enter your workplaceExpert guidance on how to deal with emergencies.Protect your workforce with OHSAS 18001

Do you trust the Cloud? Should you trust the Cloud?'Cloud Computing' are the words on everyone's lips - it's the latest technology, the way forward. But how safe is it? Is it reliable? How secure will your information be?Questions ...Cloud Computing: Assessing the risks answers these questions and many more. Using jargon-free language and relevant examples, analogies and diagrams, it is an up-to-date, clear and comprehensive guide the security, governance, risk, and compliance elements of Cloud Computing.Written by three internationally renowned experts, this book discusses the primary concerns of most businesses leaders - the security and risk elements of the Cloud. But 'security and risk' are just two elements of Cloud Computing, and this book focuses on all the critical components of a successful cloud programme including - compliance, risk, reliability, availability, areas of responsibility, Cloud Computing borders, legalities, digital forensics and business continuity. This book covers them all.... and answersThis book will enable you to:understand the different types of Cloud and know which is the right one for your businesshave realistic expectations of what a Cloud service can give you, and enable you to manage it in the way that suits your businessminimise potential disruption by successfully managing the risks and threatsmake appropriate changes to your business in order to seize opportunities offered by Cloudset up an effective governance system and benefit from the consequential cost savings and reductions in expenditureunderstand the legal implications of international data protection and privacy laws, and protect your business against falling foul of such lawsappreciate how the Cloud can benefit your business continuity and disaster recovery planning.