Breaking down the learning curve in security and governance

Getting to grips with best practice information security and governance often involves a steep learning curve, and this is a challenge facing more and more people: as infosecurity and governance become increasingly mainstream topics, so a wider range of professionals are being drawn into their ambit.

To help break the journey down into more manageable steps we are launching a new series of pocket book books under the headings Practical Information Security and Practical Governance. The range will ultimately include 13 titles and we have begun by launching three infosecurity guides that complement each other very well:

‘ISO 27001 – A Pocket Guide’ is ideal for organisations that are contemplating an information security management system, about to embark on an implementation, or simply wish to raise awareness of infosecurity among their employees. It succinctly covers the basics, including:

* An explanation of information security and how it can be managed using a globally recognised approach
* The factors that need to be considered in designing an information security regime
* What investments might be necessary to deliver a consistent level of assurance and how to gain maximum value from the available budget
* How to pursue and demonstrate compliance with the ISO 27001 standard

The book is written by my colleague Steve Watkins, a leading author, educator and consultant on information security management. Priced at £7.95/US$15.73/€11.82 it is available in softcover and e-book formats here.

‘A Dictionary of Information Security Terms, Abbreviations and Acronyms’ is a new book that Steve and I have written together. It is an invaluable resource for people grappling with security terminology for the first time. Rather than a dry technical dictionary, it is written in an accessible style that enables managers and novices to quickly grasp the meaning of terms such as ‘bluesnarfing’, ‘DDoS’, ‘pharming’ and ‘zombie’. The Dictionary is priced at £9.95/US$19.68/€14.79 and available in softcover and e-book formats here.

‘ISO 27001 Assessments Without Tears’ provides a helpful primer for organisations preparing to have their infosecurity regime independently assessed. It describes the assessment process, gives guidance on preparation and how to work with the auditor, and, if needed, advises on what to do if the auditor finds fault with any aspect of a system. Written by Steve Watkins, the book is priced at £5.95/US$11.77/€8.84 and available in softcover and e-book formats here.

Further pocket books will be introduced over coming months in the Practical Governance series and will address the following topics:

* Information Security Governance
* A Directors’ Guide to the UK Combined Code and Turnbull Report
* Sarbanes-Oxley
* Regulatory Compliance
* The Integrated Management System
* IT Governance
* Information Governance
* Project Governance
* Enterprise Risk Management

Watch this space!