Asia
Select regional store:

We're sorry but that page cannot be found

Please use the links above to find what you were looking for.

You may not have been able to visit your page because of:

   1. An out-of-date bookmark/favourite
   2. A search engine that has an out-of-date listing
   3. A mistyped address
   4. You have no access to this page
   5. The requested resource was not found.
   6. An error has occurred while processing your request.

Are you looking for:

Bundle - Procuring Penetration Testing Services and Penetration Testing Services Procurement Guide TOGETHER

Organisations like yours have the evolving task of securing complex IT environments whilst delivering their business and brand objectives.

The threat to key systems is ever increasing and the probability of a security weakness being accidentally exposed or maliciously exploited needs to be continually assessed – such as via a penetration test – to ensure that the level of risk is at an acceptable level to the business.

A penetration test involves the use of a variety of manual and automated techniques to simulate an attack on an organisation’s information security arrangements – either from malicious outsiders or your own staff. Undertaking a series of penetration tests will help test your security arrangements and identify improvements. When carried out and reported properly, a penetration test can give you knowledge of nearly all of your technical security weaknesses and provide you with the information and support required to remove or reduce those vulnerabilities. Research has shown that there are also other significant benefits to your organisation through effective penetration testing, which can include:

  • A reduction in your ICT costs over the long term
  • Improvements in the technical environment, reducing support calls
  • Greater levels of confidence in the security of your IT environments
  • Increased awareness of the need for appropriate technical controls

Buy this guide and get the Penetration Testing Services Procurement Guide for free!

The Psychology of Information Security - Resolving conflicts between security compliance and human behaviour

Security programmes cannot succeed without considering people

 

Augusta University’s Cyber Institute adopted the book “The Psychology of Information Security” as part of our Master’s in Information Security Management program because we feel that the human factor plays an important role in securing and defending an organization…We want our students to not only understand technical and managerial aspects of security, but psychological aspects as well.”

Director of Graduate Studies in Information Security Management

Augusta University

 

When implementing security polices, information security professionals are constantly faced with a conflict between the security team and the rest of the business. They must ensure that their organisation is adequately addressing information security risks, whilst also communicating the value of security appropriately.

David Ferbrache, Technical Director at KPMG UK, says “No approach can ever succeed without considering people – and as a profession we need to look beyond our computers to understand the business, the culture of the organisations, and, most of all, how we can create a security environment which helps people feel free to actually do their job.”

By gaining an understanding of the psychology of information security, you can ensure your security programme is a success.

 

Understand human behaviour and users’ motivations

Based on insights gained from academic research and interviews with security professionals from various sectors, this essential guide explains the importance of careful risk management and reveals how to align a security programme with wider business objectives, providing methods and techniques to engage stakeholders and encourage buy-in.

The Psychology of Information Security redresses the balance by considering information security from both end users’ and security professionals’ perspectives, and helps you to understand how a security culture, that puts risk into context, promotes compliance.

Look inside this book >>

 

Contents

  • Introduction to information security
  • Risk management
  • The complexity of risk management
  • Stakeholders and communication
  • Information security governance
  • Problems with policies
  • How security managers make decisions
  • How users make decisions
  • Security and usability
  • Security culture
  • The psychology of compliance
  • Conclusion – Changing the approach to security
  • Appendix: Analogies

 

Series information

The Psychology of Information Security is part of the Fundamentals Series, co-published by IT Governance Publishing and Information Security Buzz.

Ensure the success of your security programme by understanding the psychology of information security with this indispensable guide >>

 

About the Author

Leron Zinatullin (zinatullin.com) is an experienced risk consultant specialising in cyber security strategy, management and delivery. He has led large-scale, global, high-value security transformation projects with a view to improve cost performance and support business strategy.

He has extensive knowledge and practical experience in solving information security, privacy and architectural issues across multiple industry sectors.

He has an MSc in information security from University College London, where he focused on the human aspects of information security. His research was related to modelling conflicts between security compliance and human behaviour.

Certified EU General Data Protection Regulation (GDPR) Foundation and Practitioner Combination Online Course

Learn from the experts how to achieve full compliance with the EU General Data Protection Regulation

The Certified EU General Data Protection Regulation (GDPR) Foundation and Practitioner Combination online course consists of the Certified EU GDPR Foundation (one-day) and Practitioner (four-day) training courses. This unique training programme provides a comprehensive introduction to the requirements of the GDPR, and a practical guide to planning, implementing and maintaining a GDPR compliance programme. It also enables attendees to fulfil the role of DPO.

Delivered by an experienced data protection consultant, this training session is built on the foundations of our extensive practical experience gained advising on the implementation and compliance with data privacy laws and related information security standards such as ISO 27001.


Accredited qualification

The course also supports professional development: attendees who pass the included online exams are awarded the ISO 17024-certificated EU GDPR Foundation (EU GDPR F) and EU GDPR Practitioner (EU GDPR P) qualifications by IBITGQ. It is also accredited by the Institute of Information Security Professionals (IISP) and satisfies the IISP Skills Framework requirements at Level 1: A1, A2, A3, A4, A5, A6, A7, B1 and C2.


The Certified EU GDPR Foundation and Practitioner Combination online course includes:

Certified EU GDPR Foundation Online Certified EU Practitioner Online
This Foundation-level course provides a complete introduction to the GDPR, and an overview of the key implementation and compliance activities. This Practitioner-level course is focused on equipping attendees with the knowledge and skills to implement and manage an effective privacy and information security compliance programme under the GDPR, and fulfil the role of the role of DPO.
Learn more Learn more

What does this course include?

  • Comprehensive course material
  • EU GDPR Foundation (EU GDPR F) online exam
  • EU GDPR Practitioner (EU GDPR P) online exam
  • Data protection impact assessment tool
  • GDPR compliance gap assessment tool
  • Certificate of attendance

The tools are included free of charge for all attendees to use in the workplace.


IBITGQ examinations

Attendees take the EU GDPR Foundation (EU GDPR F) and Practitioner (EU GDPR P) online examinations: a 60-minute and a 90-minute multiple-choice exam, both certificated by IBITGQ. There is no extra charge for these exams. These course also support continued professional development programmes by qualifying attendees for 35 CPD/CPE credits.

 

Who should attend this course?

  • Business directors or managers who want to understand how the requirements of the GDPR will affect their organisation.
  • Managers involved in or responsible for GDPR compliance, such as:
    • Privacy managers;
    • Data protection managers;
    • Information security managers;
    • IT managers;
    • Project managers;
    • Corporate governance managers;
    • Risk and compliance managers;
    • General or privacy counsels; and
    • Finance, HR or marketing managers.
  • Individuals with a basic knowledge of data protection regulation and practices, and looking to develop their career with a professional qualification.

Are there entry requirements?

There are no formal entry requirements.

Please note that attendees must pass the EU GDPR Foundation (EU GDPR F) exam before they can be awarded the EU GDPR Practitioner (EU GDPR P) qualification.


Online access requirements

Please note that this course is delivered as a WebEx Live Online session at fixed times and on fixed dates throughout the year.

Attendees booked on this course are expected to have a reliable Internet connection at their home or office. We will check and confirm that you have the WebEx application installed, and that you can correctly log on to our WebEx training centre before the course.

On the last day of the course, you will be invited to take the EU GDPR Foundation (EU GDPR F) and Practitioner (EU GDPR P) exams. To sit the online exam, you will need:

  • Internet Explorer 9 (or later) or Mozilla Firefox version 16 (or later)
  • Internet access for the duration of the exam.
  • To deactivate the pop-up blocker
  • A working webcam on the machine you are sitting your exam from
  • A Skype account

SIAM-MSI – An Introduction to Service Integration and Management-Multi-Sourcing Integration for IT Service Management

A handy pocket guide to SIAM

In today’s competitive marketplace, many organisations rely on the support of outsourced IT services that were historically performed by internal IT personnel.

This pocket guide explores the various characteristics of this IT operating model.

 

"Very good reading material! So good, that I am considering creating this role within my org."

Silvia Prickel, United Airlines

 

Product overview

In order for multi-sourcing to be successful, organisations must be capable of integrating their service providers into a single, cohesive unit.

SIAM/MSI – An Introduction to Service Integration and Management/Multi-Sourcing Integration for IT Service Management explains:

  • The merits of a multi-sourced approach to outsourcing service towers.
  • The benefits of multi-sourcing contracts with service providers for specified towers.
  • How to align multi-sourced services.
  • The challenges of using a multi-sourced model.
  • How to determine the IT operating model (with reference to the international standards ISO 38500, ISO 38501 and ISO 38502).
  • The different types of service integration models (ISI, ESI and ETSI), and the benefits and challenges of each.
  • Aggregating service-level performance.
  • A multi-sourcing RFP approach, taking into account structural, operational and governance requirements.

If you’re thinking of moving from a single-source to a multi-source outsourcing model, this pocket guide has the answers to all of your questions.

Get best-practice guidance on outsourcing your IT service. Buy now >>

 

About the author

 

David Clifford is a director of Pace Harmon, an international advisory firm headquartered in the USA. He has contributed to a number of publications about IT service management, writing about ITIL®, service agreements and international standards. He also initiated and contributed to the development, and assisted with the promotion, of EXIN’s IT Service Management qualification program based on ISO/IEC 20000. He is currently Chair of the BSi committee on IT governance (ISO/IEC 38500) and contributes to the development of the IT service management standard ISO/IEC 20000 and BPO for IT enabled services (ISO/IEC 30105).

This website uses cookies. View our cookie policy
Loading...