Asia
Select regional store:

We're sorry but that page cannot be found

Please use the links above to find what you were looking for.

You may not have been able to visit your page because of:

   1. An out-of-date bookmark/favourite
   2. A search engine that has an out-of-date listing
   3. A mistyped address
   4. You have no access to this page
   5. The requested resource was not found.
   6. An error has occurred while processing your request.

Are you looking for:

EU General Data Protection Regulation (GDPR) - An Implementation and Compliance Guide, Second Edition

An in-depth guide to the changes your organisation needs to make to comply with the EU GDPR.

 

“It’s practical approach to various aspects of the GDPR will be of value to DP practitioners in organisations of all sizes”

Laura Linkomies

Privacy Laws and Business Report, September 2017

 

The Regulation, which came into force on 25 May 2018, applies to all data controllers and processors that handle EU residents’ personal information.

All organisations – wherever they are in the world – that process the personal data of EU residents must comply with the Regulation. Failure to do so could result in fines of up to €20 million or 4% of annual global turnover – whichever is greater.

This book provides a detailed commentary on the GDPR, explains the changes you need to make to your data protection and information security regimes, and tells you exactly what you need to do to avoid severe financial penalties.

Look inside this book here >>

 

Product overview

Now in its second edition, EU GDPR – An Implementation and Compliance Guide is a clear and comprehensive guide to this new data protection law. It explains the Regulation and sets out the obligations of data processors and controllers in terms you can understand.

Topics covered include:

  • The data protection officer (DPO) role, including whether you need one and what they should do;
  • Risk management and data protection impact assessments (DPIAs), including how, when and why to conduct one;
  • Data subjects’ rights, including consent and the withdrawal of consent, subject access requests (SARs) and how to handle them, and data controllers and processors’ obligations;
  • International data transfers to ‘third countries’, including guidance on adequacy decisions and appropriate safeguards, the EU-US Privacy Shield, international organisations, limited transfers and Cloud providers;
  • How to adjust your data protection processes to comply with the GDPR, and the best way of demonstrating that compliance; and
  • A full index of the Regulation to help you find the articles and stipulations relevant to your organisation.

New in the second edition are:

  • Additional definitions;
  • Further guidance on the DPO role;
  • Greater clarification on data subjects’ rights;
  • Extra guidance on DPIAs;
  • More detailed information on SARs;
  • Clarification of consent and alternative lawful bases for processing personal data; and
  • An implementation FAQ appendix.

The GDPR will have a significant impact on organisations’ data protection regimes around the world. EU GDPR – An Implementation and Compliance Guide shows you what you need to do to comply with the new law.

 

About the authors

IT Governance is a leading global provider of IT governance, risk management and compliance expertise. We pride ourselves on delivering a broad range of integrated, high-quality solutions that meet the real-world needs of our international client base.

Our privacy team, led by Alan Calder, has substantial experience in privacy, data protection, compliance and information security. This practical experience, our understanding of the background and drivers for the GDPR, and the input of our fast-growing team of consultants and trainers are combined in this manual to provide the world’s first guide to implementing the new data protection regulation.

 

Above the Clouds - Managing Risk in the World of Cloud Computing

If you are interested in ways to make your business more efficient, then cloud computing may be just what you have been looking for. Cloud computing can enable you to drive down the costs of your IT function. In cloud computing, data is no longer stored in-house and software applications will no longer be owned by your company.

Instead, computing is shifted to a shared service provider. Once you adopt cloud computing, you will then be charged for use of software applications and data storage in the same way you are currently charged for electricity. In an era of tight budgets, the opportunity to make financial savings means that cloud computing looks especially attractive.

If you have a Gmail account, you will already be using a form of cloud computing. Your emails are stored externally, and you can read them anywhere on your laptop or on your Blackberry. NetBooks are another instance of cloud computing. These devices are simple, with limited functionality, and the only apps are in the cloud.

Learn how to manage risk in the cloud

For cloud computing to be a viable option, you need to be confident that your business information will be secure and that the service you offer to your customers will still be reliable. So if you want to adopt a cloud computing strategy, you need to make sure you carry out due diligence on the service provider before you entrust this firm with your vital data.

However, the author challenges the assumption that cloud computing will offer less protection to your data than relying on an in-house server. Cloud computing not only allows you to make economies of scale, it can also offer you the increased security that comes from sharing the resource. The author argues that moving over to cloud computing can actually help to defend your organization from threats such as denial of service attacks, viruses, and worms.

Making the right decision

Cloud service providers will tell you that cloud computing is bound to be better, faster, and cheaper. The reality is that before switching over to cloud computing, you need to think carefully about whether it will really work for your business. This book shows you what you need to do to ensure that with cloud computing you will continue to give the standard of service your customers require. It also offers you some valuable tips on how to choose your provider of cloud services.

Benefits to business

  • Reduce operating costs. On average, in-house data centers use only around 10 to 15 per cent of available capacity. Because cloud computing allows users to share resources, the idle capacity is regained. As a result, you could succeed in cutting your operating costs by as much as 80 per cent.

  • Focus on your core business. There are some tasks that your IT people will only have to perform occasionally. These jobs will be unfamiliar and therefore take more time to get done. When you move these extraneous operations over to the cloud, your IT team can concentrate on the jobs that they do best and thus operate more efficiently.

  • Save energy. Running a data center normally requires heavy investment in power supply, generators, and uninterruptible power supplies. By consolidating workloads on high-performance processors, cloud computing reduces power consumption and can therefore help you to cut your energy bills.

  • Use software that is up to date. With cloud computing, software is rented in a package for all users of the service. This means that when new software suites are released, such as new versions of Microsoft Office, everyone in the cloud will be able to use them from the word go.

  • As the author comments, “The concept of shifting computing to a shared service provider is not new. What may be new is that the cost of cloud computing is falling so dramatically that considering outsourcing to the cloud is no longer rare, and it is now accessible enough that any individual or organisation can use it to their advantage."

Reviews

"A Solid primer on the cloud computing issues of today. Provides a good starting point for considering the issues of risk, security, governance, and how organizations can begin to think about moving appropriate workloads to the cloud."
Ray DePena
Competitive Innovation Industry Consultant.




"… This book is well organized and offers a quick way to get up to speed on a very expansive topic. I found this book very helpful in dispelling a few misconceptions I had about cloud computing. My organization is moving toward a Cloud environment and I have recommended this book to work [colleagues] who would like to learn more about it."
(Amazon.com review)




"Above the Clouds provides a comprehensive introduction to the benefits and risks associated with transitioning to cloud computing…"
Ruth Fisher (Amazon.com review)




"… Above the Clouds provides an excellent survey of the risks and rewards inherent to any cloud computing transition'.
Kevin L Jackson
IT Strategist and Writer




"I will be giving copies of Above the Clouds to my clients that need a baseline understanding of all-things-cloud…"
(Amazon.com review)




"Kevin McDonald's discussion of the benefits of cloud computing is lively and comprehensive… Very useful book for evaluating this type of data management."




About the author

Kevin T. McDonald is a Senior Information Technology Analyst and Cloud Strategist for ICF International Inc., a consulting firm in Washington, DC. A member of the Tech America Cloud Computing Committee, the Cloud Computing Group for the Industry Advisory Council, and the Cloud Security Alliance, Kevin has over 25 years’ experience in IT, choosing to specialize in cybersecurity, infrastructure protection, and business continuity.

 

             

To hear about new books and exclusive offers from IT Governance Publishing, sign up and select 'Books' from the New Products options.

An Introduction to Information Security and ISO 27001 (2013) A Pocket Guide, Second Edition

The ideal primer for anyone implementing an Information Security Management System (ISMS)

Written by an acknowledged expert on the new ISO27001 Standard, An Introduction to Information Security and ISO27001:2013 is the ideal resource for anyone wanting a clear, concise, and easy-to-read primer on information security. It will ensure the systems you put in place are effective, reliable, and auditable.

This pocket guide will help you to:

  • Make informed decisions
    Using this guide will enable the key people in your organization to make better decisions before embarking on an information security project.
  • Ensure everyone is up to speed
    Use this guide to give the non-specialists on the project board and in the project team a clearer understanding of what the project involves.
  • Raise awareness among staff
    Use this guide to make sure your people know what is at stake with regard to information security and understand what is expected of them.
  • Enhance your competitiveness
    Use this guide to let your customers know that the information you hold about them is managed and protected appropriately.

Buy this pocket guide and learn how you can keep your information assets secure.

Contact us if you are looking for the ISO27001:2005 edition.

About the Author

Steve G. Watkins managed the world’s first successful BS7799 (the forerunner of ISO27001) implementation project and leads the consultancy and training services of IT Governance Ltd. He is Chair of the ISO/IEC 27001 User Group, the UK Chapter of the ISMS International User Group, and an ISMS Technical Assessor for UKAS, advising on their assessments of certification bodies offering accredited certification. He has over 20 years’ experience managing integrated management systems, including maintenance of Information Security, Quality, Environmental and Investor in People certifications. His experience includes senior management positions in both the public and private sectors.

             



To hear about new books and exclusive offers from IT Governance Publishing, sign up and select 'Books' from the New Products options.

An Introduction to PRINCE2 - Managing and Directing Successful Projects - 2009 Edition

There are two core PRINCE2® 2009 books:

An Introduction to PRINCE2®: Managing and Directing Successful Projects, 2009 edition provides a high-level introduction to the updated PRINCE2® method, and covers both the Managing and Directing PRINCE2® publications.

An Introduction to PRINCE2®: Managing and Directing Successful Projects, 2009 edition:

  • Introduces the principles, processes and key themes of PRINCE2®.
  • Gives practical examples of applying the PRINCE2® method in practice.
  • Details the Project Board’s duties and expected behaviours.
  • Explains how to tailor PRINCE2® to the project environment.
  • Provides appendices for project descriptions, a glossary of terms, and further information.

Click to expand full contents »

1. Introduction







1.1 Purpose of this guide







1.2 Where do projects fit in?







1.3 What is a project?







1.4 What is project management?







1.5 What is PRINCE2?







1.6 PRINCE2 in context







1.7 Structure of this guide







1.8 Related OGC guidance







2. The PRINCE2 principles







2.1 Continued business justification







2.2 Learn from experience







2.3 Defined roles and responsibilities







2.4 Manage by stages







2.5 Manage by exception







2.6 Focus on products







2.7 Tailor to suit the project environment







3. Themes







3.1 Business Case







3.2 Organization







3.3 Quality







3.4 Plans







3.5 Risk







3.6 Change







3.7 Progress







4. Processes







4.1 The PRINCE2 journey







4.2 Starting up a Project







4.3 Initiating a Project







4.4 Controlling a Stage/Managing Product Delivery







4.5 Managing a Stage Boundary







4.6 Closing a Project







5. Project Board duties and behaviours







5.1 The role of senior management in PRINCE2







5.2 Be accountable for the project







5.3 Provide unified direction







5.4 Delegate effectively







5.5 Facilitate cross-functional integration







5.6 Commit resources







5.7 Ensure effective decision making







5.8 Support the Project Manager







5.9 Ensure effective communication







6. Tailoring PRINCE2 to the project environment







6.1 Tailoring PRINCE2 for projects in a programme environment







6.2 Tailoring PRINCE2 according to project scale







Appendix A: Product Description outlines







A.1 Benefits Review Plan







A.2 Business Case







A.3 Checkpoint Report







A.8 End Project Report







A.9 End Stage Report







A.10 Exception Report







A.11 Highlight Report







A.13 Issue Report







A.15 Lessons Report







A.16 Plan







A.17 Product Description







A.19 Project Brief







A.20 Project Initiation Documentation







A.21 Project Product Description







A.26 Work Package







Further information







Glossary







Index

Please note

We also offer The Official PRINCE2®:2009 Book Bundle, which enables you to purchase the core official PRINCE2®:2009 books together at a reduced price.

Application Security in the ISO 27001 2013 Environment - Second edition

Web application security as part of an ISO 27001-compliant information security management system

Web application vulnerabilities are a common point of intrusion for cyber criminals. As cybersecurity threats proliferate and attacks escalate, and as applications play an increasingly critical role in business, organizations urgently need to focus on web application security to protect their customers, their interests, and their assets.

Although awareness of the need for web application security is increasing, security levels are nowhere near enough: according to the 2015 Trustwave Global Security Report, 98% of tested web applications were vulnerable to attack.

SMEs in particular should be very concerned about web application security: many use common, off-the-shelf applications and plugins—such as Internet Explorer, Java, Silverlight, and Adobe Reader and Flash Player—which often contain exploitable vulnerabilities.

Application Security in the ISO 27001:2013 Environment explains how organizations can implement and maintain effective security practices to protect their web applications—and the servers on which they reside—as part of a wider information security management system by following the guidance set out in the international standard for information security management, ISO 27001.

The book describes the methods used by criminal hackers to attack organizations via their web applications and provides a detailed explanation of how you can combat such attacks by employing the guidance and controls set out in ISO 27001.

 

Product overview

  • Second edition, updated to reflect ISO 27001:2013 as well as best practices relating to cryptography, including the PCI SSC’s denigration of SSL in favour of TLS.
  • Provides a full introduction to ISO 27001 and information security management systems, including implementation guidance.
  • Describes risk assessment, management, and treatment approaches.
  • Examines common types of web app security attack, including injection attacks, cross-site scripting, and attacks on authentication and session management, explaining how each can compromise ISO 27001 control objectives and showing how to test for each attack type.
  • Discusses the ISO 27001 controls relevant to application security.
  • Lists useful web app security metrics and their relevance to ISO 27001 controls.
  • Provides a four-step approach to threat profiling and describes application security review and testing approaches.
  • Sets out guidelines and the ISO 27001 controls relevant to them, covering:
    • input validation
    • authentication
    • authorization
    • sensitive data handling and the use of TLS rather than SSL
    • session management
    • error handling and logging
  • Describes the importance of security as part of the web app development process

 

Order Application Security in the ISO27001 Environment to secure your web applications today.



About the Authors

Vinod Vasudevan, CISSP, is the chief technology officer (CTO) at Paladion. Before co-founding Paladion, Vinod worked with Microsoft. He wrote the chapter "Application Security and ISO27001."

Anoop Mangla is a risk specialist in banking and finance an expert on the effectiveness of security technologies in organizations’ security. He wrote the chapter "Introduction to Application Security Threats."

Firosh Ummer, CISA, ISO27001 LA, CBCP, BS15000 LA, is co-founder of Paladion and head of the ISO 27001 consulting practice. Firosh wrote the chapter "Threat Profiling and Security Testing."

Sachin Shetty, CISSP, is a senior application security engineer with Paladion. He wrote the chapter "Attacks on Applications."

Sangita Pakala, GCIH, is Head of Application Security Projects at Paladion. She wrote the chapter "Secure Development Lifecycle."

Siddharth Anbalahan is a senior application security engineer. He has developed anti-phishing toolkits to enable banks to detect phishing attacks in real time. Siddharth wrote the chapter "Secure Coding Guidelines."

This website uses cookies. View our cookie policy
Loading...