ISO27001 is an essential tool for anybody in IT. Here’s why: ‘information overload’ and ‘data insecurity’ today are commonplace complaints. Computers are ubiquitous, communication can be globally instantaneous, and someone else can get a credit ...

A high-level understanding of key project management approaches and methodologies is helpful to anyone understand the different possible levels with which IT and business projects can be approached; the success or failure of projects will, to a large exte...

The ITILv3 Chief Examiner and the ITIL Qualifications Board released their final guidance on the new ITILv3 qualification scheme in November 2007. Since then, some there have been some 26,000 people sit the ITILv3 Foundation Certificate exam, which is tho...

The Payment Card Industry Data Security Standard (PCI DSS) looks as though it is a single, international data security standard and, on the face of it, that’s exactly what it is. The truth, however, is in the detail of implementation and surveillance: i...

Executives who claim that their organizations comply with ISO 27001 but that they see no need to go through the bureaucracy of getting the ‘badge on the wall’ are only deceiving themselves. The reality, I suspect, is...

After twelve months of increasingly dramatic press headlines about failures to safeguard personal data records, it’s time to assess the size of the issue and identify best practice steps for reducing the incidence of, and damage caused by, these data br...

In today’s business and legal climate the topic of Electronic Discovery is top of many organizational agendas, as ignorance in this particular subject is no longer bliss. Electronic discovery (also called e-discovery) refers to any process in which elec...

After twelve months of increasingly dramatic press headlines about failures to safeguard personal data records, it’s time to assess the size of the issue and identify best practice steps for reducing the incidence of, and damage caused by, these data br...

In today’s high technology environment, organizations are becoming increasingly dependant upon their information systems. Information is widely regarded as the life blood of the modern enterprise. And, consequently, the security controls surrounding the...

Risk assessment is a core competence of information security management. A recent question and answer exchange goes to the nub of how risk appetite and an organization’s risk acceptance criteria should be approached. The question was: ‘ISO27001 ...

'ITIL' is a term that is fast gaining currency around the IT world. It is often wrongly described as 'IT governance' – in fact, on its own, it certainly isn't this. ITIL is a collection of best practices that helps companies implement an IT Service Manag...