Evifa-Portal

1

Online Resource

Keeping up with security and compliance on IBM Z (2023)

White, Bill [VerfasserIn] ; Andre, Didier [VerfasserIn] ; Baer, Lindsay [VerfasserIn] ; [et al.]

[Place of publication not identified] : IBM Redbooks

add to mindlist on the mindlist

Details

ISBN: 9780738461175 , 0738461172

Language: English

Pages: 1 online resource (136 pages) , illustrations (some color)

Edition: First edition.

DDC: 005.8

Keywords: Information technology Security measures ; Computer security Management ; Computer networks Security measures ; Data protection ; Computer networks ; Security measures ; Computer security ; Management ; Data protection ; Information technology ; Security measures

Abstract: Non-compliance can lead to increasing costs. Regulatory violations involving data protection and privacy can have severe and unintended consequences. In addition, companies must keep pace with changes that arise from numerous legislative and regulatory bodies. Global organizations have the added liability of dealing with national and international-specific regulations. Proving that you are compliant entails compiling and organizing data from multiple sources to satisfy auditor's requests. Preparing for compliance audits can be a major time drain, and maintaining, updating, and adding new processes for compliance can be a costly effort. How do you keep constant changes to regulations and your security posture in check? It starts with establishing a baseline: knowing and understanding your current security posture, comparing it with IBM Z℗ʼ security capabilities, and knowing the latest standards and regulations that are relevant to your organization. IBM Z Security and Compliance Center can help take the complexity out of your compliance workflow and the ambiguity out of audits while optimizing your audit process to reduce time and effort. This IBM Redbooks℗ʼ publication helps you make the best use of IBM Z Security and Compliance Center and aid in mapping all the necessary IBM Z security capabilities to meet compliance and improve your security posture. It also shows how to regularly collect and validate compliance data, and identify which data is essential for auditors. After reading this document, you will understand how your organization can use IBM Z Security and Compliance Center to enhance and simplify your security and compliance processes and postures for IBM z/OS℗ʼ systems. This publication is for IT managers and architects, system and security administrators.

URL: lizenzpflichtig

Permalink

Library	Location	Call Number	Volume/Issue/Year	Availability

Others were also interested in ...

Online Resource

MPI Ethno. Forsch.

2

Online Resource

EU Code of Conduct for Cloud Service Providers - A guide to compliance (2021)

Calder, Alan [VerfasserIn]

[Erscheinungsort nicht ermittelbar] : IT Governance Publishing | Boston, MA : Safari

add to mindlist on the mindlist

Details

ISBN: 9781787783447

Language: English

Pages: 1 online resource (54 pages)

Edition: 1st edition

Keywords: Electronic books

Abstract: The EU Data Protection Code of Conduct for Cloud Service Providers provides guidance on how to implement the Code within your organisation, exploring the objectives of the Code and how compliance can be achieved with or without a pre-existing ISMS (information security management system) within the organisation.

Note: Online resource; Title from title page (viewed November 2, 2021) , Mode of access: World Wide Web.

URL: lizenzpflichtig

Permalink

Library	Location	Call Number	Volume/Issue/Year	Availability

Others were also interested in ...

Online Resource

MPI Ethno. Forsch.

3

Online Resource

Compliance in der IT-Sicherheit : ISO 2700x-Standard und DSGVO (2018)

Harich, Thomas W. [VerfasserIn]

[Frechen] : mitp Verlags GmbH & Co. KG

add to mindlist on the mindlist

Details

ISBN: 9783958450882 , 3958450881

Language: German

Pages: 1 online resource (1 volume) , illustrations

Edition: 2. Auflage.

Keywords: Information technology ; Security measures ; Computer security ; Management ; Privacy, Right of ; Europe ; Electronic books ; Electronic books ; local

Abstract: Die IT-Compliance gibt vor, welche Tätigkeiten innerhalb der IT-Abteilung aufgrund gesetzlicher, normativer oder internen Vorschriften und Vorgaben durchzuführen sind. Das können z.B. Vorgaben zur Vorratsdatenspeicherung sein oder Vorschriften über die sichere, elektronische Ablage von Buchungsbelegen. Eine zu beachtende Vorschrift ist z.B. die neue EU-DSGVO, auf die der Autor explizit eingeht. Dieses mitp bit hilt Ihnen, die Antworten auf die folgenden Fragen zu finden: Liegt der Ausrichtung des IT-Security-Managements eine interne oder externe Vorgabe oder eine Norm zugrunde? Sind die internen und externen Vorgaben, die für das IT-Security-Management von Relevanz sind, identifiziert worden? Ist die Zusammenarbeit des Managers IT-Security mit dem Datenschutzbeauftragten abgestimmt? Ist geregelt, wie der Manager IT-Security in die Unternehmens-Compliance eingebunden ist?

Note: Place of publication from publisher's website. - Description based on online resource; title from title page (Safari, viewed January 21, 2019)

URL: lizenzpflichtig

Permalink

Library	Location	Call Number	Volume/Issue/Year	Availability

Others were also interested in ...

Online Resource

MPI Ethno. Forsch.

4

Online Resource

Technische IT-Security für IT Security Manager : Von Cloud Computing über WLAN bis zu Penetrationstests (2018)

Harich, Thomas W. [VerfasserIn]

[Frechen] : mitp Verlags GmbH & Co. KG

add to mindlist on the mindlist

Details

ISBN: 9783958454439 , 3958454437

Language: German

Pages: 1 online resource (1 volume) , illustrations

Edition: 2. Auflage.

Keywords: Information technology ; Management ; Information technology ; Security measures ; Penetration testing (Computer security) ; Computer security ; Management ; Cloud computing ; Electronic books ; Electronic books ; local

Abstract: IT-Security hat immer auch etwas mit IT-technischen Fragestellungen zu tun. Das trifft selbst dann zu, wenn die IT-Security-Organisation der Unternehmensleitung berichtet und wenn deren definierte Hauptaufgabe in der Richtlinienkompetenz und der Überprüfung von Vorgaben liegt. Wissen über die IT-Infrastruktur und die IT-Prozesse ist wichtig, um passende und praktikable Vorgaben festlegen zu können. Nur wenn der Manager IT-Security weiß, wie die Datenströme aussehen und welche IT-Systeme eine maßgebliche Rolle spielen, kann er Risiken zutreffend einschätzen und zielgerichtete Maßnahmen definieren. Dazu kommt, dass er in der Zusammenarbeit mit dem Datenschutzbeauftragten, der internen Revisionsabteilung und häufig auch mit dem IT-Leiter den Part einer beratenden Stelle einnimmt. Um diese Aufgabe adäquat leisten zu können, muss er sich intensiv mit der zugrunde liegenden Thematik auseinandergesetzt haben. Dieses mitp bit hilt Ihnen, die Antworten auf die folgenden Fragen zu finden: Werden Entscheidungen dokumentiert, die der Manager IT-Security im Rahmen seiner Aufgaben trifft? Dazu gehören alle Maßnahmen und Ausnahmeregelungen und die jeweiligen Randbedingungen. Ein Beispiel wäre die Akzeptanz einer Ausnahmeregelung bezüglich der Installation einer ansonsten durch Richtlinien untersagten Software auf einem Arbeitsplatzrechner oder die Freigabe eines ungesicherten Downloads aus dem Internet. Sind für die einzelnen technischen Aufgabenfelder entsprechende Richtlinien vorhanden? Ist der Umgang der Mitarbeiter mit den Medien E-Mail und Internet geregelt? Ist ein Prozess beschrieben, der dann greift, wenn ein Mitarbeiter ausscheidet und ein Zugriff auf seine E-Mail-Daten und anderen (persönlichen) Daten erforderlich wird? Werden exponierte IT-Systeme regelmäßig in Bezug auf sicheres Betriebssystem, sichere Software und sichere Schnittstellen geprüft? Das betrifft im Besonderen alle IT-Systeme in einer »Demilitarisierten Zone« (DMZ), also Systeme, auf die aus dem Internet heraus zugegriffen wird.

Note: Place of publication from publisher's website. - Description based on online resource; title from title page (Safari, viewed January 21, 2019)

URL: lizenzpflichtig

Permalink

Library	Location	Call Number	Volume/Issue/Year	Availability

Others were also interested in ...

Online Resource

MPI Ethno. Forsch.

5

Online Resource

IT-Risikomanagement : Richtlinien, Dokumentation, Massnahmen (2018)

Harich, Thomas W. [VerfasserIn]

[Frechen] : mitp Verlags GmbH & Co. KG

add to mindlist on the mindlist

Details

ISBN: 9783958454422 , 3958454429

Language: German

Pages: 1 online resource (1 volume) , illustrations

Edition: 2. Auflage.

Keywords: Information technology ; Risk management ; Information technology ; Security measures ; Computer security ; Management ; Electronic books ; Electronic books ; local

Abstract: Das IT-Risikomanagement bildet den Überbau über den Gesamtkomplex IT-Security-Management. Es handelt sich dabei um keine abgegrenzte Einzelaufgabe, sondern um eine Methodik, die in vielen Prozessen immer wieder auftaucht. Der Einfluss und die Methoden des IT-Risikomanagements durchziehen alle Teilbereiche des IT-Security-Managements. Für das Business Continuity Management sowie für die tägliche Arbeit und die implementierten Sicherheitsprozesse stellt es zudem eine entscheidende Grundlage dar. Dieses mitp bit hilt Ihnen, die Antworten auf die folgenden Fragen zu finden: Existiert eine Richtlinie zum IT-Risikomanagement? Wurde die dort beschriebene Vorgehensweise mit den Methoden des Unternehmensrisikomanagements abgestimmt? Liegen Aufzeichnungen und Dokumentationen vor, die die wichtigsten IT-Risiken für den Geschäftsbetrieb darstellen? Ist das erforderliche Handwerkszeug für ein IT-Risikomanagement vorhanden? Liegt eine Klassifizierungsrichtlinie vor und sind die Mitarbeiter damit vertraut? Wurden Bedrohungslisten erstellt und entsprechende Maßnahmenvorschläge vorbereitet? Werden zumindest die wichtigsten Unternehmenswerte anhand der Klassifizierungsrichtlinie klassifiziert? Werden IT-Prozesse auch über den Faktor Risikomanagement gesteuert?

Note: Place of publication from publisher's website. - Description based on online resource; title from title page (Safari, viewed January 21, 2019)

URL: lizenzpflichtig

Permalink

Library	Location	Call Number	Volume/Issue/Year	Availability

Others were also interested in ...

Online Resource

MPI Ethno. Forsch.

6

Online Resource

Neun Schritte zum Erfolg : Ein Überblick zur Implementierung der Norm ISO 27001:2013 (2017)

Calder, Alan [VerfasserIn] 1957-

Ely, Cambridgeshire, United Kingdom : IT Governance Publishing

add to mindlist on the mindlist

Details

ISBN: 9781849288699

Language: German

Pages: 1 online resource (1 volume)

Keywords: Data protection ; Standards ; Data protection ; Evaluation ; Electronic books ; Electronic books ; local

Abstract: Schritt-für-Schritt-Anleitung für eine erfolgreiche ISO 27001-Implementierung In sinnvoller, nicht technischer Sprache führt Sie dieser Leitfaden durch die wichtigsten Schritte eines ISO 27001-Projekts, um Ihnen den Erfolg desselben zu garantieren - von der Einführung bis hin zur Zertifizierung: Projektmandat Projektanbahnung Initiierung eines ISMS Management-Framework Grundlegende Sicherheitskriterien Risikomanagement Implementierung Maßnahme, Überwachung und Überprüfung Zertifizierung In dieser dritten Auflage und ausgerichtet auf ISO 27001: 2013 eignet sich das Handbuch ideal für alle jene, die sich zum ersten Mal mit der Norm beschäftigen. "Es ist als hätten Sie einen $ 300 / h-Berater an Ihrer Seite, wenn Sie die Aspekte der Gewinnung von Management-Unterstützung, Planung, Problembestimmung (Scoping), Kommunikation etc. betrachten." Thomas F. Witwicki Mit Hilfe dieses Buches erfahren Sie wie Sie: Unterstützung im Management und die Aufmerksamkeit des Vorstands erhalten; Erstellen Sie ein Management-Framework und eine Gap-Analyse, um klar zu verstehen, was Sie bereits unter Kontrolle haben und worauf ihre Bemühungen abzielen sollen; Strukturieren Sie Ihr Projekt und statten Sie es mit Ressourcen aus - einschließlich der Festlegung, ob Sie einen Berater verwenden werden oder die Tätigkeit selbst durchführen sowie der Überprüfung der vorhandenen Mittel und Ressourcen, die ihre Arbeit erleichtern werden; Führen Sie eine fünfstufige Risikobewertung durch und erstellen Sie eine Aussage zur Anwendbarkeit sowie einen Risikoplan; Integrieren Sie Ihr ISO 27001 ISMS mit einem ISO 9001 QMS und anderem Managementsystem; Adressieren Sie die Dokumentationsherausforderungen, denen Sie im Rahmen der Erstellung von Geschäftsgrundsätzen, Verfahren, Arbeitsanweisungen und Datensätzen begegnen - einschließlich realisierbarer Alternativen zum kostspieligen Trial- und Error Ansatz Kontinuierliche Verbesserung Ihres ISMS, einschließlich interner Prüfungen und Tests sowie Kontrollen durch das Management; Dieses Buch liefert Ihnen die nötige Anleitung zum Verständnis der Anforderungen der Norm und zur Gewährleistung, dass ihr Implementierungsprojekt ein Erfolg wird. Dabei werden sechs Geheimtipps für den Erfolg gegeben. Background Die Erlangung und Aufrechterhaltung der akkreditierten Zertifizierung nach der internationalen Norm für Informationssicherheit-Management - ISO 27001 - kann ein kompliziertes Vorhaben darstellen, besonders dann, wenn die Norm...

Note: Includes bibliographical references. - Description based on online resource; title from title page (viewed March 16, 2017)

URL: lizenzpflichtig

Permalink

Library	Location	Call Number	Volume/Issue/Year	Availability

Others were also interested in ...

Online Resource

MPI Ethno. Forsch.

7

Online Resource

EU-DSGVO : Eine Kurzanleitung (2017)

Calder, Alan [VerfasserIn] 1957-

Ely, Cambridgeshire, United Kingdom : IT Governance Publishing

add to mindlist on the mindlist

Details

ISBN: 9781849288651

Language: German

Pages: 1 online resource (1 volume) , illustrations

Keywords: Data protection ; Law and legislation ; European Union countries ; Privacy, Right of ; European Union countries ; Computer security ; Law and legislation ; Electronic books ; Electronic books ; local

Abstract: Eine klare, prägnante Einführung zur EU-Datenschutz-Grundverordnung (DSGVO) Die EU-Datenschutzrichtlinie wird den Datenschutz vereinheitlichen und den Datenverkehr in der gesamten EU vereinfachen, wenn sie im Mai 2018 in Kraft tritt und für jede Organisation auf der Welt, die mit EU-Bürgern geschäftlich zu tun hat, zur Anwendung gelangen. Die Verordnung hat eine Reihe wichtiger Änderungen für Organisationen eingeführt. EU-DSG-VO - Eine Kurzanleitung bietet eine Übersicht über die Änderungen, welche Sie in ihrer Organisation vorzunehmen haben, um den neuen Vorschriften zu entsprechen. Produktübersicht EU-DSG-VO - Eine Kurzanleitung, liefert: Eine kurze Geschichte des Datenschutzes und der nationalen Datenschutzgesetze in der EU (wie die britische DPA, deutsche BDSG und französische LIL). In der Datenschutz-Grundverordnung DSG-VO [General Data Proetection Regulation, GDPR] verwendeten Begriffe und Definitionen einschließlich Erklärungen. Die wichtigsten Anforderungen der DSG-VO, unter anderem: Welche Geldbußen gelten für welche Artikel; Die sechs Grundsätze, die für die Erhebung und Verarbeitung personenbezogener Daten gelten sollten; Die Anwendbarkeit der Verordnung; Rechte der betroffenen Personen; Datenschutz-Folgenabschätzung (DPIA); Die Aufgabe des Datenschutzbeauftragten (DPO) und ob Sie einen solchen benötigen; Datenschutzverletzungen und Benachrichtigung der Aufsichtsbehörden sowie betroffenen Personen; Verpflichtungen für internationale Datenübertragungen. Wie die Verordnungsvorschriften eingehalten werden können, einschließlich: - Verständnis Ihrer Daten sowie wo und wie diese verwendet werden (z.B. Cloud-Anbieter, physische Datensätze); Verständnis Ihrer Daten sowie wo und wie diese verwendet werden (z.B. Cloud-Anbieter, physische Datensätze); Die Dokumente, die Sie verwalten müssen (z. B. Aussagen über die gesammelten und verarbeiteten Informationen, Aufzeichnungen über die Zustimmung der betroffenen Personen, Verfahren für den Schutz personenbezogener Daten); Die "geeigneten technischen und organisatorischen Maßnahmen", die Sie ergreifen müssen, um die Einhaltung der Verordnung zu gewährleisten. Ein vollständiges Verzeichnis der Verordnung für ein einfaches Auffinden der entsprechenden Artikel. Über den Autor Alan Calder, Gründer und Vorstandsvorsitzender der IT Governance Ltd, ist ein international anerkannter Cyber-Security-Experte und führender Autor auf dem Gebiet Informationssicherheit und IT-Governance. Er schrieb den endg...

Note: Includes bibliographical references. - Description based on online resource; title from title page (viewed March 16, 2017)

URL: lizenzpflichtig

Permalink

Library	Location	Call Number	Volume/Issue/Year	Availability

Others were also interested in ...

Online Resource

MPI Ethno. Forsch.

8

Online Resource

Nine steps to success : an ISO 27001:2013 implementation overview (2017)

Calder, Alan [VerfasserIn] 1957-

Ely, Cambridgeshire, United Kingdom : IT Governance Publishing

add to mindlist on the mindlist

Details

ISBN: 9781849289511 , 1849289514

Language: English

Pages: 1 online resource (1 volume)

Edition: North American edition.

Keywords: Computer security ; Management ; Computer security ; Standards ; Data protection ; Standards ; Electronic books ; Electronic books ; local

Abstract: Step-by-step guidance on a successful ISO 27001 implementation from an industry leader Resilience to cyber attacks requires an organization to defend itself across all of its attack surface: people, processes, and technology. ISO 27001 is the international standard that sets out the requirements of an information security management system (ISMS) - a holistic approach to information security that encompasses people, processes, and technology. Accredited certification to the Standard is recognized worldwide as the hallmark of best-practice information security management. Achieving and maintaining accredited certification to ISO 27001 can be complicated, especially for those who are new to the Standard. Author of Nine Steps to Success - An ISO 27001 Implementation Overview, Alan Calder is the founder and executive chairman of IT Governance. He led the world's first implementation of a management system certified to BS 7799, the forerunner to ISO 27001, and has been working with the Standard ever since. Hundreds of organizations around the world have achieved accredited certification to ISO 27001 with IT Governance's guidance, which is distilled in this book. Successfully implement ISO 27001 with this must-have guide Aligned with the latest iteration of ISO 27001:2013, the North American edition of Nine Steps to Success - An ISO 27001 Implementation Overview is ideal for anyone tackling ISO 27001 for the first time. In nine critical steps, the guide covers each element of the ISO 27001 project in simple, non-technical language. There is a special focus on how US organizations can tackle this governance. This book offers guidance throughout implementation: Getting management support and keeping the board's attention. Creating a management framework and performing a gap analysis so that you can clearly understand the controls you already have in place, and identify where you need to focus. Structuring and resourcing your project, including advice on whether to use a consultant or do it yourself, and examining the tools and resources that will make your job easier. Conducting a five-step risk assessment, and creating a Statement of Applicability (SoA) and risk treatment plan (RTP). Guidance on integrating your ISO 27001 ISMS with an ISO 9001 quality management system (QMS) and other management systems. Addressing the documentation challenges you'll face as you create business policies, procedures, work instructions, and records - includin...

Note: Includes bibliographical references. - Description based on online resource; title from title page (Safari, viewed May 1, 2018)

URL: https://learning.oreilly.com/library/view/-/9781849289511/?ar

Permalink

Library	Location	Call Number	Volume/Issue/Year	Availability

Others were also interested in ...

Online Resource

MPI Ethno. Forsch.

9

Online Resource

ISO27001/ISO27002 : Una guía de bolsillo (2017)

Calder, Alan [VerfasserIn]

[Erscheinungsort nicht ermittelbar] : IT Governance Publishing | Boston, MA : Safari

add to mindlist on the mindlist

Details

ISBN: 9781849289184

Language: English , Spanish

Pages: 1 online resource (83 pages)

Edition: 1st edition

Parallel Title: Erscheint auch als

Keywords: Data protection Standards ; Data protection Evaluation ; Electronic books ; local ; Protection de l'information (Informatique) ; Normes ; Protection de l'information (Informatique) ; Évaluation ; COMPUTERS ; Security ; General ; Data protection ; Standards ; Electronic books ; Electronic books ; Electronic books

Abstract: Proteja la información de su organización con la ISO27001:2013 La información es uno de los recursos más importantes de su organización y mantener esa información segura es vital para su negocio. Esta guía de bolsillo útil es una visión de conjunto esencial sobre las dos normas de la seguridad de la información clave que cubren los requisitos formales (ISO27001:2013) para crear un Sistema de Gestión de la Seguridad de la Información (SGSI) y las recomendaciones de mejores prácticas (ISO27002:2013) para aquellos responsables de iniciar, implementar o mantenerlo. Un SGSI basado en la ISO27001/ISO27002 ofrece un sinfín de beneficios: Eficacia mejorada implantando procedimientos y sistemas de seguridad de la información, que le permiten concentrarse en su actividad empresarial principal. Protege sus activos de información de un amplio abanico de ciberamenazas, actividad criminal, compromiso de información privilegiada y fallo del sistema. Gestione sus riesgos sistemáticamente y establezca planes para eliminar o reducir las ciberamenazas. Permite la detección temprana de amenazas o errores de procesamiento y una solicuón más rápida ¿Siguiente paso para la certificación? Puede organizar una auditoría independiente de su SGSI frente a las especificaciones de la ISO27001 y, si su SGSI se ajusta, finalmente logra la certificación acreditada. Publicamos una variedad de libros y herramientas de documentación del SGSI (como Nueve pasos para el éxito) para ayudarle a lograr esto. Índice La familia de normas de la seguridad de la información ISO-/IEC 27000; Historia de las Normas; Especificación frente al Código de Prácticas; Proceso de certificación; El SGSI y la ISO27001; Visión de conjunto de la ISO/IEC 27001:2013; Visión de conjunto de la ISO/IEC 27002:2013; Documentación y registros; Responsabilidad de la gestión; Enfoque del proceso y el ciclo PDCA; Contexto, política y alcance; Evaluación del riesgo; La declaración de aplicabilidad (SoA); Implementación; 15. Verificar y actuar; Revisión gerencial; ISO27001; Anexo A Acerca del autor Alan Calder es el fundador y presidente ejecutivo de IT Governance Ltd, una empresa de información, asesoramiento y consultoría que ayuda a los consejos de administración de empresas a abordar problemas de gobierno de TI, gestión del riesgo, cumplimiento y seguridad de la información. Tiene muchos años de experiencia en alta gerencia en los sectores públicos y privados. Una guía de bolsillo que proporciona una visi...

Note: Online resource; Title from title page (viewed June 1, 2017) , Mode of access: World Wide Web.

URL: lizenzpflichtig

Permalink

Library	Location	Call Number	Volume/Issue/Year	Availability

Others were also interested in ...

Online Resource

MPI Ethno. Forsch.

10

Online Resource

Nine steps to success : an ISO 27001:2013 implementation overview (2016)

Calder, Alan [VerfasserIn] 1957-

Ely, Cambridgeshire, United Kingdom : IT Governance Publishing

add to mindlist on the mindlist

Details

Language: English

Pages: 1 online resource (1 volume)

Edition: Third edition.

Keywords: Data protection ; Computer security ; Business enterprises ; Computer networks ; Security measures ; Electronic books ; Electronic books ; local

Abstract: In Nine Steps to Success - An ISO 27001 Implementation Overview, Alan provides a comprehensive overview of how to lead a successful ISO 27001-compliant ISMS implementation in just nine steps.

Note: Previous edition: 2013. - Includes bibliographical references. - Description based on online resource; title from title page (Safari, viewed May 18, 2016)

URL: https://learning.oreilly.com/library/view/-/9781849288255/?ar

Permalink

Library	Location	Call Number	Volume/Issue/Year	Availability

Others were also interested in ...

Online Resource

MPI Ethno. Forsch.

11

Online Resource

Selling information security to the board : a primer (2016)

Calder, Alan [VerfasserIn] 1957-

Ely, United Kingdom : IT Governance Publishing

add to mindlist on the mindlist

Details

Language: English

Pages: 1 online resource (1 volume) , illustrations

Edition: Second edition.

Keywords: Business enterprises ; Computer networks ; Security measures ; Selling ; Computer security ; Information technology ; Electronic books ; Electronic books ; local

Abstract: This pocket guide will help you with the essential sales skills that, persuade company directors to commit money and resources to your information security initiatives.

Note: Previous edition: 2010. - Includes bibliographical references. - Description based on online resource; title from title page (Safari, viewed May 20, 2016)

URL: https://learning.oreilly.com/library/view/-/9781849288019/?ar

Permalink

Library	Location	Call Number	Volume/Issue/Year	Availability

Others were also interested in ...

Online Resource

MPI Ethno. Forsch.

12

Online Resource

EU GDPR : a pocket guide (2016)

Calder, Alan [VerfasserIn] 1957-

Ely, Cambridgeshire, United Kingdom : IT Governance Publishing

add to mindlist on the mindlist

Details

Language: English

Pages: 1 online resource (1 volume)

Keywords: Data protection ; Law and legislation ; European Union countries ; Privacy, Right of ; European Union countries ; Computer security ; Law and legislation ; Electronic books ; Electronic books ; local

Abstract: EU GDPR - A Pocket Guide, second edition provides an accessible overview of the changes you need to make in your organisation to comply with the new law. The EU General Data Protection Regulation unifies data protection across the EU. It applies to every organisation in the world that does business with EU residents. The Regulation introduces a number of key changes for organisations - and the change from DPA compliance to GDPR compliance is a complex one. New for the second edition: Updated to take into account the latest guidance from WP29 and ICO. Improved guidance around related laws such as the NIS Directive and the future ePrivacy Regulation. This pocket guide also sets out: A brief history of data protection and national data protection laws in the EU (such as the UK DPA, German BDSG and French LIL). The terms and definitions used in the GDPR, including explanations. The key requirements of the GDPR How to comply with the Regulation A full index of the Regulation, enabling you to find relevant Articles quickly and easily. This guide is the ideal resource for anyone wanting a clear, concise primer on the EU GDPR.

Note: Description based on online resource; title from title page (Safari, viewed August 26, 2016)

URL: https://learning.oreilly.com/library/view/-/9781849288330/?ar

Permalink

Library	Location	Call Number	Volume/Issue/Year	Availability

Others were also interested in ...

Online Resource

MPI Ethno. Forsch.

13

Online Resource

Reglamento General de Protección de Datos (RGPD) de la UE : Una guía de bolsillo (2016)

Calder, Alan [VerfasserIn] 1957-

Ely, Cambridgeshire, United Kingdom : IT Governance Publishing

add to mindlist on the mindlist

Details

ISBN: 9781849288859

Language: Spanish

Pages: 1 online resource (1 volume) , illustrations

Keywords: Data protection ; Law and legislation ; European Union countries ; Privacy, Right of ; European Union countries ; Computer security ; Law and legislation ; Electronic books ; Electronic books ; local

Abstract: Una cartilla clara y concisa sobre el RGPD El Reglamento General de Protección de Datos de la UE (RGPD) unificará la protección de datos y facilitará el flujo de datos personales en toda la UE a partir del 25 de mayo de 2018, cuando sustituirá automáticamente a las leyes nacionales de protección de datos de los estados miembros de la UE. La ley también se aplicará a todas las organizaciones en el mundo que hacen negocios con residentes de la UE. El Reglamento introduce una serie de cambios clave para todas las organizaciones que procesan los datos personales de los residentes de la UE. Reglamento General de Protección de Datos (RGPD) de la UE Una guía de bolsillo proporciona una visión general accesible de los cambios que necesitas hacer en tu organización para cumplir la nueva ley. Reglamento General de Protección de Datos (RGPD) de la UE Una guía de bolsillo establece: Una introducción a la protección de datos y leyes nacionales de protección de datos en la UE (como el BDSG en Alemania, LIL en Francia y DPA en el Reino Unido). Los términos y definiciones utilizados en el RGPD Los principales requisitos del RGPD; Multas aplicadas a cada artículo Seis principios a seguir para cada recopilación y tratamiento de datos personales; Aplicabilidad del Reglamento; Derechos de los interesados; Evaluación del impacto de la protección de datos Papel del responsable del tratamiento Infracciones y notificación a las autoridades de supervisión y a los interesados Obligaciones para transferencias internacionales de datos Cómo cumplir el Reglamento: Entender los datos de la organización: dónde están y cómo se utilizan Documentación para completar Medidas técnicas a seguir para cumplir el Reglamento Índice del Reglamento Alan Calder, fundador y presidente ejecutivo de IT Governance Ltd, es un experto en seguridad cibernética reconocido internacionalmente y un autor en temas de seguridad de la información y gobernanza de TI. Alan es coautor de IT Governance: An International Guide to Data Security and ISO27001/ISO27002, el manual elegido por la Open University para el curso de posgrado en seguridad de la información. Ha participado en el desarrollo de una amplia gama de cursos de formación en gestión de la seguridad de la información, acreditados por la International Board for IT Governance Qualifications (IBITGQ). Alan ha consultado sobre seguridad de datos para numerosos clientes en el Reino Unido y en el extranjero.

Note: Includes bibliographical references. - Description based on online resource; title from title page (viewed March 16, 2017)

URL: lizenzpflichtig

Permalink

Library	Location	Call Number	Volume/Issue/Year	Availability

Others were also interested in ...

Online Resource

MPI Ethno. Forsch.

14

Online Resource

EU GDPR & EU-US Privacy Shield : a pocket guide (2016)

Calder, Alan [VerfasserIn] 1957-

Ely, Cambridgeshire, United Kingdom : IT Governance Publishing

add to mindlist on the mindlist

Details

ISBN: 9781849288736

Language: English

Pages: 1 online resource (1 volume) , illustrations

Keywords: Data protection ; Law and legislation ; European Union countries ; Privacy, Right of ; European Union countries ; Computer security ; Law and legislation ; European Union countries ; Electronic books ; Electronic books ; local

Abstract: A concise introduction to EU GDPR and EU-US Privacy Shield The EU General Data Protection Regulation will unify data protection and simplify the use of personal data across the EU when it comes into force in May 2018. It will also apply to every organization in the world that processes personal information of EU residents. US organizations that process EU residents' personal data will be able to comply with the GDPR via the EU-US Privacy Shield (the successor to the Safe Harbor framework), which permits international data transfers of EU data to US organizations that self-certify that they have met a number of requirements. EU GDPR & EU-US Privacy Shield - A Pocket Guide provides an essential introduction to this new data protection law, explaining the Regulation and setting out the compliance obligations for US organizations in handling data of EU citizens, including guidance on the EU-US Privacy Shield. Product overview EU GDPR & EU-US Privacy Shield - A Pocket Guide sets out: A brief history of data protection and national data protection laws in the EU (such as the UK DPA, German BDSG and French LIL). The terms and definitions used in the GDPR, including explanations. The key requirements of the GDPR, including: Which fines apply to which Articles; The six principles that should be applied to any collection and processing of personal data; The Regulation's applicability; Data subjects' rights; Data protection impact assessments (DPIAs); The role of the data protection officer (DPO) and whether you need one; Data breaches, and the notification of supervisory authorities and data subjects; Obligations for international data transfers. How to comply with the Regulation, including: Understanding your data, and where and how it is used (e.g. Cloud suppliers, physical records); The documentation you need to maintain (such as statements of the information you collect and process, records of data subject consent, processes for protecting personal data); The "appropriate technical and organizational measures" you need to take to ensure your compliance with the Regulation. The history and principles of the EU-US Privacy Shield, and an overview of what organizations must do to comply. A full index of the Regulation, enabling you to find relevant Articles quickly and easily.

Note: Includes bibliographical references and index. - Description based on online resource; title from title page (Safari, viewed July 26, 2017)

URL: lizenzpflichtig

Permalink

Library	Location	Call Number	Volume/Issue/Year	Availability

Others were also interested in ...

Online Resource

MPI Ethno. Forsch.

15

Online Resource

PCI DSS : a pocket guide (2015)

Calder, Alan [VerfasserIn] 1957- ; Williams, Geraint [MitwirkendeR]

Ely, Cambridgeshire, United Kingdom : IT Governance Publishing

add to mindlist on the mindlist

Details

Language: English

Pages: 1 online resource (1 volume)

Edition: Fifth edition.

Keywords: Data protection ; Standards ; Electronic commerce ; Security measures ; Computer networks ; Security measures ; Liability for credit information ; Credit cards ; Electronic books ; Electronic books ; local

Abstract: An ideal introduction and a quick reference to PCI DSS version 3.2 All businesses that accept payment cards are prey for hackers and criminal gangs trying to steal financial information and commit identity fraud. The PCI DSS (Payment Card Industry Data Security Standard) exists to ensure that businesses process credit and debit card orders in a way that effectively protects cardholder data. All organisations that accept, store, transmit or process cardholder data must comply with the Standard; failure to do so can have serious consequences for their ability to process card payments. Product overview Co-written by a PCI QSA (Qualified Security Assessor) and updated to cover PCI DSS version 3.2, this handy pocket guide provides all the information you need to consider as you approach the PCI DSS. It is also an ideal training resource for anyone in your organisation involved with payment card processing. Coverage includes: An overview of PCI DSS v3.2. A PCI self-assessment questionnaire (SAQ). Procedures and qualifications. An overview of the Payment Application Data Security Standard (PA-DSS). Contents What is the Payment Card Industry Data Security Standard (PCI DSS)? What is the scope of the PCI DSS? Compliance and compliance programmes Consequences of a breach How do you comply with the requirements of the Standard? Maintaining compliance PCI DSS - The Standard Aspects of PCI DSS compliance The PCI self-assessment questionnaire Procedures and qualifications The PCI DSS and ISO/IEC 27001 The Payment Application Data Security Standard (PA-DSS) PIN transaction security (PTS) About the authors Alan Calder is the founder and executive chairman of IT Governance Ltd, an information, advice and consultancy firm that helps company boards tackle IT governance, risk management, compliance and information security issues. He has many years of senior management experience in the private and public sectors. Geraint Williams is a knowledgeable and experienced senior information security consultant and PCI QSA, with a strong technical background and experience of the PCI DSS and security testing. He leads the IT Governance CISSP Accelerated Training Programme, as well as the PCI Foundation and Implementer training courses. He has broad technical knowledge of security and IT infrastructure, including high performance computing and Cloud computing. His certifications include CISSP, PCI QSA, CREST Registered Tester, CEH and CHFI.

Note: "Compliance series"--Cover. - Description based on online resource; title from title page (Safari, viewed August 26, 2016)

URL: https://learning.oreilly.com/library/view/-/9781849288446/?ar

Permalink

Library	Location	Call Number	Volume/Issue/Year	Availability

Others were also interested in ...

Online Resource

MPI Ethno. Forsch.

16

Online Resource

PCI DSS : a pocket guide (2015)

Calder, Alan [VerfasserIn] 1957- ; Williams, Geraint [MitwirkendeR]

Ely, Cambridgeshire, United Kingdom : IT Governance Publishing

add to mindlist on the mindlist

Details

Language: English

Pages: 1 online resource (1 volume)

Edition: Fourth edition.

Keywords: Data protection ; Standards ; Electronic commerce ; Security measures ; Computer networks ; Security measures ; Liability for credit information ; Credit cards ; Electronic books ; Electronic books ; local

Abstract: An ideal introduction and a quick reference to PCI DSS version 3.1 All businesses that accept payment cards are prey for hackers and criminal gangs trying to steal financial information and commit identity fraud. The PCI DSS (Payment Card Industry Data Security Standard) exists to ensure that businesses process credit and debit card orders in a way that effectively protects cardholder data. All organizations that accept, store, transmit, or process cardholder data must comply with the Standard; failure to do so can have serious consequences for their ability to process card payments. Product overview Co-written by a PCI QSA (Qualified Security Assessor) and updated to cover PCI DSS version 3.1, this handy pocket guide provides all the information you need to consider as you approach the PCI DSS. It is also an ideal training resource for anyone in your organization involved with payment card processing. Coverage includes: An overview of PCI DSS v3.1. A PCI self-assessment questionnaire (SAQ). Procedures and qualifications. An overview of the Payment Application Data Security Standard (PA-DSS). Contents What is the Payment Card Industry Data Security Standard (PCI DSS)? What is the scope of the PCI DSS? Compliance and compliance programmes Consequences of a breach How do you comply with the requirements of the Standard? Maintaining compliance PCI DSS - The Standard Aspects of PCI DSS compliance The PCI self-assessment questionnaire Procedures and qualifications The PCI DSS and ISO/IEC 27001 The Payment Application Data Security Standard (PA-DSS) PIN transaction security (PTS) About the authors Alan Calder is the founder and executive chairman of IT Governance Ltd, an information, advice and consultancy firm that helps company boards tackle IT governance, risk management, compliance, and information security issues. He has many years of senior management experience in the private and public sectors. Geraint Williams is a knowledgeable and experienced senior information security consultant and PCI QSA, with a strong technical background and experience of the PCI DSS and security testing. He leads the IT Governance CISSP Accelerated Training Programme, as well as the PCI Foundation and Implementer training courses. He has broad technical knowledge of security and IT infrastructure, including high performance computing and Cloud computing. His certifications include CISSP, PCI QSA, CREST Registered Tester, CEH, and CHFI.

Note: "Compliance series"--Cover. - Includes bibliographical references. - Description based on online resource; title from title page (Safari, viewed June 10, 2016)

URL: https://learning.oreilly.com/library/view/-/9781849287838/?ar

Permalink

Library	Location	Call Number	Volume/Issue/Year	Availability

Others were also interested in ...

Online Resource

MPI Ethno. Forsch.

17

Online Resource

IT-Sicherheit im Unternehmen (2015)

Harich, Thomas W. [VerfasserIn]

[Germany] : mitp-Verlags

add to mindlist on the mindlist

Details

ISBN: 9783958451285

Language: German

Pages: 1 online resource (1 volume) , illustrations

Edition: 1. Auflage.

Keywords: Information technology ; Security measures ; Business enterprises ; Security measures ; Computer security ; Management ; Data protection ; Electronic books ; Electronic books ; local

Abstract: Mithilfe eines klar umrissenen Projekts ein akzeptables Sicherheitsniveau erreichen Die Nutzung international anerkannter Standards und deren Übersetzung in die Unternehmenswirklichkeit Strukturierte Vorgehensweise anhand konkreter Aufgaben: Transparenz schaffen, Regeln einführen und Audits durchführen Gerade in der heutigen vernetzten Welt ist IT-Sicherheit unverzichtbar: Kein Unternehmen arbeitet mehr autark, alle sind miteinander durch Netzwerke, regen Datenaustausch oder Mailverkehr verbunden. Das Thema ist komplex und insbesondere kleine und mittelständische Betriebe fürchten sich vor einer zu großen Herausforderung - zu Unrecht. Thomas W. Harich zeigt Ihnen, wie Sie mit den Mitteln und dem Vokabular alltäglicher Projekte auch die Sicherheit Ihrer IT erfolgreich angehen können - mit Ihren unternehmenseigenen »Bordmitteln«. Das IT-Sicherheitsprojekt hat dabei einen definierten Anfang und ein definiertes Ende - somit sind Aufwand und Nutzen gut kalkulierbar. Der Autor teilt das Projekt übersichtlich in die drei großen Bereiche »Transparenz schaffen«, »Regeln einführen« und »Audits durchführen«. Sie lernen die Grundbegriffe der IT-Sicherheit kennen und werden Schritt für Schritt durch das Projekt geführt. Detaillierte Aufgaben und Arbeitspakete zeigen Ihnen strukturiert, was wann wie zu tun ist. Dabei unterscheidet Thomas W. Harich immer zwischen den Zielen der »Basissicherheit« und der »Erweiterten IT-Sicherheit«. Grundlage sind international anerkannte Normen der ISO-2700x-Reihe, die Vorgaben des Bundesamtes für Sicherheit in der Informationstechnik (BSI) sowie Erfahrungen aus der Praxis. So können Sie mithilfe dieses Buches und der in der Praxis erprobten Vorgehensweise IT-Sicherheit in Ihrem Unternehmen flächendeckend umsetzen und ein hohes Sicherheitsniveau erreichen.

Note: Description based on online resource; title from title page (Safari, viewed September 18, 2015)

URL: lizenzpflichtig

Permalink

Library	Location	Call Number	Volume/Issue/Year	Availability

Others were also interested in ...

Online Resource

MPI Ethno. Forsch.

18

Online Resource

PCI DSS : a pocket guide (2013)

Calder, Alan [VerfasserIn] 1957- ; Williams, Geraint [MitwirkendeR]

Ely, Cambridgeshire, U.K. : IT Governance Pub.

add to mindlist on the mindlist

Details

ISBN: 9781849285551 , 1849285551

Language: English

Pages: 1 online resource (1 v.)

Edition: 3rd ed.

Keywords: Data protection ; Standards ; Electronic commerce ; Security measures ; Computer networks ; Security measures ; Liability for credit information ; Credit cards ; Electronic books ; Electronic books ; local

Abstract: Get started with PCI DSS Protect your customers' card data All businesses that accept payment cards are prey for hackers and criminal gangs trying to steal payment card details and commit identity fraud. The PCI DSS (Payment Card Industry Data Security Standard) exists to ensure that businesses process credit and debit card orders in a way that effectively protects cardholder data. Failing to comply with the standard can have serious consequences for your ability to process card payments. An ideal introduction and a quick reference to PCI DSS, including version 3.0 Co-written by a PCI QSA (Qualified Security Assessor) and updated to also cover PCI DSS version 3.0, this handy pocket guide provides all the information you need to consider as you approach the PCI DSS. It is also an ideal training resource for anyone in your organisation who deals with payment card processing. Coverage includes: an overview of Payment Card Industry Data Security Standard V3.0 the consequences of a breach how to comply with the standard a PCI self-assessment questionnaire (SAQ) procedures and qualifications an overview of the Payment Application Data Security Standard Buy this pocket guide and get to grips with PCI DSS, including version 3.0 This title is part of The ITGP Compliance Series , a suite of essential guides to regulatory and legal compliance. Designed to help organisations in their efforts to address issues such as PCI DSS, anti-bribery policy management and data protection, this series is indispensable for anyone seeking to align their policies and procedures with laws and regulations. The guides also provide a quick, cost-effective way to raise awareness of key issues among staff, partners and external customers. About the Authors Alan Calder is the Founder and Executive Chairman of IT Governance Ltd, an information, advice and consultancy firm that helps company boards tackle IT governance, risk management, compliance and information security issues. He has many years of senior management experience in the private and public sectors. Geraint Williams is a knowledgeable and experienced senior information security consultant and PCI QSA, with a strong technical background and experience of the PCI DSS and security testing. Geraint has provided consultancy on implementation of the PCI DSS and conducted audits with a wide range of merchants and service providers. He has performed penetration testing and vulnerability assessments for various clients. Gera...

Note: "Compliance series"--Cover. - Description based on online resource; title from title page (Safari, viewed Apr. 8, 2014)

URL: https://learning.oreilly.com/library/view/-/9781849285551/?ar

Permalink

Library	Location	Call Number	Volume/Issue/Year	Availability

Others were also interested in ...

Online Resource

MPI Ethno. Forsch.

19

Online Resource

ISO27001/ISO27002 : a pocket guide (2013)

Calder, Alan [VerfasserIn] 1957-

Ely, Cambridgeshire, United Kingdom : IT Governance Publishing

add to mindlist on the mindlist

Details

Language: English

Pages: 1 online resource (1 volume)

Edition: Second edition.

Keywords: Computer security ; Standards ; Data protection ; Electronic books ; Electronic books ; local

Abstract: Information is one of your organisation's most important resources and keeping that information secure is vital to your business. An information security management system (ISMS) based on ISO27001/ISO27002 offers a host of benefits: Improved efficiency by having information security systems and procedures in place, enabling you to focus more on your core business. Protects your information assets from a wide range of cyber threats, criminal activity, insider compromise and system failure. Manage your risks systematically and establish plans to eliminate or reduce cyber threats. Enables earlier detection of threats or processing errors, and faster resolution. This handy pocket guide is an essential overview of two key information security standards that cover the formal requirements (ISO27001:2013) for creating an information security management system (ISMS), and the best-practice recommendations (ISO27002:2013) for those responsible for initiating, implementing or maintaining it.

Note: Previous edition: 2008. - Includes bibliographical references. - Description based on online resource; title from title page (Safari, viewed June 10, 2016)

URL: https://learning.oreilly.com/library/view/-/9781849285247/?ar

Permalink

Library	Location	Call Number	Volume/Issue/Year	Availability

Others were also interested in ...

Online Resource

MPI Ethno. Forsch.

20

Online Resource

ISO27000 and information security : a combined glossary (2010)

Calder, Alan [VerfasserIn] 1957- ; Watkins, Steve G [MitwirkendeR]

Ely, Cambridgeshire, U.K. : IT Governance Pub.

add to mindlist on the mindlist

Details

Language: English

Pages: 1 online resource (1 v.)

Parallel Title: Erscheint auch als

Keywords: Computer security ; Dictionaries ; Computer security ; Terminology ; Business enterprises ; Computer networks ; Security measures ; Auditing ; Dictionaries ; Computer security ; Management ; Standards ; Dictionaries ; Data protection ; Management ; Standards ; Dictionaries ; Information technology ; Standards ; Dictionaries ; Confidential business information ; Dictionaries ; Electronic books ; Electronic books ; local

Abstract: Get to grips with key ISO27000 and information security vocabulary with this indispensable, concise pocket guide! Information security is of crucial importance to your business. If you don't know the difference between a cookie and a worm, or between war-chalking and digital watermarking, you are sure to find this guide enlightening. The strength of the book is that it is a combined glossary, enabling you to find explanations of geek slang, procedural language and acronyms all in one place. The combined glossary is a revised edition of the popular A Dictionary of Information Security Terms , and this new edition has been able to draw on the definitions provided in ISO/IEC 27000:2009 - Security Techniques - Information security management systems - Overview and vocabulary . What's new? Further definitions are sourced from ISO/IEC Guide 73:2002 to provide you with authoritative explanations of those information security terms that are used across the ISO framework. The combined glossary has taken account of an important change on the information security scene, and contains some new acronyms and definitions from the Payment Card Industry Data Security Standard (PCI DSS). Benefits to business include: Understand what everyone else is talking about The fact that you're reading this suggests you take an interest in information security. Whether you work in business or in the public sector, it's an issue that's likely to come up. If you're given a position paper to read on information security, or have to attend a briefing, you will want to form your own opinion, particularly when the discussion directly affects your company. Meekly accepting arguments you don't understand is never a good idea, especially not when large sums of money are involved. With the clear, reliable definitions contained in this combined glossary, you can finally get to grips with the problem. Understand what you're talking about Any modern organisation relies on its IT systems. Although IT may not be your speciality, cybercrime affects all of us. So, wherever you work, if you are in a position of responsibility, then at some point, you will need to form a view on information security and put your point across. You can use this combined glossary to bring your arguments into sharper focus. The pocket guide will prove invaluable not only to business executives but also to civil servants and lawyers, as well as to people working in financial services and the media. Assist ISO im...

Note: "First published in the United Kingdom in 2007 (as A Dictionary of Information Security Terms, Abbreviations and Acronyms)"--T.p. verso. - Description based on print version record

URL: https://learning.oreilly.com/library/view/-/9781849281652/?ar

Permalink

Library	Location	Call Number	Volume/Issue/Year	Availability

Others were also interested in ...

Online Resource

MPI Ethno. Forsch.

21

Online Resource

Information security risk management for ISO27001/ISO27002 (2010)

Calder, Alan [VerfasserIn] 1957- ; Watkins, Steve G [MitwirkendeR]

[Ely, UK?] : IT Governance

add to mindlist on the mindlist

Details

Language: English

Pages: 1 online resource (1 v.) , ill.

Keywords: Computer networks ; Security measures ; Risk management ; Electronic books ; Electronic books ; local

Abstract: Plan and carry out a risk assessment to protect your business information. In the knowledge economy, organisations have to be able to protect their information assets. Information security management has, therefore, become a critical corporate discipline. The international code of practice for an information security management system (ISMS) is ISO27002. As the code of practice explains, information security management enables organisations to 'ensure business continuity, minimise business risk, and maximise return on investments and business opportunities'. Information Security Management System requirements The requirements for an ISMS are specified in ISO27001. Under ISO27001, a risk assessment has to be carried out before any controls can be selected and implemented, making risk assessment the core competence of information security management. This book provides information security and risk management teams with detailed, practical guidance on how to develop and implement a risk assessment in line with the requirements of ISO27001. International best practice Drawing on international best practice, including ISO/IEC 27005, NIST SP800-30 and BS7799-3, the book explains in practical detail how to carry out an information security risk assessment. It covers key topics, such as risk scales, threats and vulnerabilities, selection of controls, and roles and responsibilities, and includes advice on choosing risk assessment software. Benefits of a risk assessment Stop the hacker . With a proper risk assessment, you can select appropriate controls to protect your organisation from hackers, worms and viruses, and other threats that could potentially cripple your business. Achieve optimum ROI. Failure to invest sufficiently in information security controls is 'penny wise, pound foolish', since, for a relatively low outlay, it is possible to minimise your organisation's exposure to potentially devastating losses. However, having too many safeguards in place will make information security system expensive and bureaucratic; so without accurate planning your investment in information security controls can become unproductive. With the aid of a methodical risk assessment, you can select and implement your information security controls to ensure that your resources will be allocated to countering the major risks to your organisation. In this way, you will optimise your return on investment. Build customer confidence. Protecting your information security ...

Note: Publication information taken from resource description page (Safari, viewed August 19, 2013). - Includes bibliographical references. - Description based on online resource; title from cover

URL: https://learning.oreilly.com/library/view/-/9781849281492/?ar

Permalink

Library	Location	Call Number	Volume/Issue/Year	Availability

Others were also interested in ...

Online Resource

MPI Ethno. Forsch.

22

Online Resource

The green agenda : a business guide (2009)

Calder, Alan [VerfasserIn] 1957-

[Erscheinungsort nicht ermittelbar] : IT Governance Pub.

add to mindlist on the mindlist

Details

Language: English

Pages: 1 online resource (1 v.)

Parallel Title: Erscheint auch als

Keywords: Information technology ; Environmental aspects ; Business enterprises ; Environmental aspects ; Social responsibility of business ; Business ethics ; Environmental protection ; Global warming ; Electronic books ; Electronic books ; local

Abstract: Reap the rewards of a Green IT Strategy with this essential guide Climate change can be an emotive issue. This book takes a cool look at the subject and shows you what makes it relevant to your business. A big part of the answer is energy. Computers consume a lot of energy, and energy costs money. The cost of powering and cooling data servers over three years is currently 1.5 times the cost of purchasing the server hardware. Over the next two decades, global demand for energy is predicted to rise by 50%, which means that your long-term energy costs are also likely to increase. In the end, if your organisation's energy costs are high, it makes sense for you to focus on ways to reduce energy consumption. Improving the efficiency of data centre power supplies and reducing IT power requirements in the office are examples of how Green IT can yield a substantial return on investment. This business guide to Green IT was written to introduce, to a business audience, the opposing groups and the key climate change concepts, to provide an overview of a Green IT strategy and to set out a straightforward, bottom-line orientated Green IT action plan. Benefits to business of a Green IT strategy: Cut costs A Green IT strategy, including such measures as switching off PCs at night, or introducing Cloud Computing, will enable you to reduce the amount of energy that your organisation consumes and, therefore, to cut costs. Improve sales Products that can demonstrate their green credentials are more attractive to consumers. As organisations pursue more ambitious environmental objectives, they are putting their suppliers under increasing pressure to improve their own environmental record. Meanwhile, the public sector has adopted rigorous standards for Green procurement. With Green IT you can help your company to reach more customers and to win new business. Enhance your organisation's reputation The environment is an emotional issue, and environmental concerns affect the way your company is perceived by consumers. Green IT will support your company's Corporate Social Responsibility (CSR) strategy by reducing the environmental impact of your operations. The evidence suggests that the market rewards companies whose practices are environmentally responsible. Conform to regulations and standards New regulations, such as the Waste Electrical and Electronic Equipment (WEEE) Directive, aim to reduce the effects on the environment resulting from the use and disposal of I...

Note: Includes bibliographical references. - Description based on print version record

URL: https://learning.oreilly.com/library/view/-/9781849281348/?ar

Permalink

Library	Location	Call Number	Volume/Issue/Year	Availability

Others were also interested in ...

Online Resource

MPI Ethno. Forsch.

23

Online Resource

IT governance : implementing frameworks and standards for the corporate governance of IT (2009)

Calder, Alan [VerfasserIn] 1957- ; Moir, Steve [MitwirkendeR]

[Erscheinungsort nicht ermittelbar] : IT Governance Pub.

add to mindlist on the mindlist

Details

Language: English

Pages: 1 online resource (1 v.) , ill.

Parallel Title: Erscheint auch als

Keywords: Information technology ; Management ; Business enterprises ; Computer networks ; Information technology ; Evaluation ; Auditing ; Standards ; Electronic books ; Electronic books ; local

Abstract: Use an IT Governance strategy to reduce risk An Introduction for Directors and IT professionals The modern organisation is increasingly working within the context of corporate governance. The subject dictates their day-to-day and strategic activities, especially corporate information asset risk management and investment, and the ICT infrastructure within which those information assets are collected, manipulated, stored and deployed. But what is corporate governance, and why is it important to the IT professional? Why is IT governance important to the company director, and what do directors of companies - both quoted and unquoted - need to know? The Calder-Moir Framework The book also explains how to integrate each standard and framework using The Calder-Moir Framework (download for free from www.itgovernance.co.uk/calder_moir.aspx ), which was developed specifically to help organisations manage and govern their IT operations more effectively, and to coordinate the sometimes wide range of overlapping and competing frameworks and standards. It also specifically supports implementation of ISO/IEC 38500, the international standard for best practice IT governance. Practical IT Governance guidance Board executives and IT professionals can learn to maximise their use of the numerous IT management and IT governance frameworks and standards - particularly ISO/IEC 38500 - to best corporate and commercial advantage. Build an IT Governance Framework Within a 'super framework', or 'meta -framework', you can integrate each of these standards and frameworks whilst making sure that each can deliver what it was designed to do. Developing an overarching framework will enable your organisation to design IT governance to meet your own needs.

Note: Includes bibliographical references. - Description based on print version record

URL: https://learning.oreilly.com/library/view/-/9781849281287/?ar

Permalink

Library	Location	Call Number	Volume/Issue/Year	Availability

Others were also interested in ...

Online Resource

MPI Ethno. Forsch.

24

Online Resource

Compliance for green IT : a pocket guide (2009)

Calder, Alan [VerfasserIn] 1957-

Ely : IT Governance

add to mindlist on the mindlist

Details

ISBN: 9781849280013 , 1849280010 , 1849280002 , 9781849280006 , 9781849280006

Language: English

Pages: 1 online resource (xii, 64 pages) , illustrations

Parallel Title: Erscheint auch als

DDC: 658.4/03/801/1

Keywords: Computer systems Environmental aspects ; Information technology Management ; Green technology ; Carbon offsetting ; COMPUTERS ; Management Information Systems ; BUSINESS & ECONOMICS ; Green Business ; Information technology ; Environmental aspects ; Social responsibility of business ; Business ; Environmental aspects ; Environmental responsibility ; Carbon offsetting ; Green technology ; Information technology ; Management ; Electronic books ; Electronic books

Abstract: Annotation

Note: Includes bibliographical references. - Print version record

URL: lizenzpflichtig

Permalink

Library	Location	Call Number	Volume/Issue/Year	Availability

Others were also interested in ...

Online Resource

MPI Ethno. Forsch.

25

Online Resource

Business continuity and BS25999 : a combined glossary (2008)

Calder, Alan [VerfasserIn] 1957-

Cambridgeshire, UK : IT Governance Pub.

add to mindlist on the mindlist

Details

Language: English

Pages: 1 online resource (1 v.) , ill.

Keywords: Business planning ; Operational risk ; Emergency management ; Information technology ; Electronic books ; Electronic books ; local

Abstract: The first glossary to present the full range of terms relating to business continuity BS25999 is the formal standard for business continuity management. This invaluable pocket guide will help you to understand the language of business continuity. It contains definitions both of the key words in BS25999 and of the relevant terms found in the information security standard, ISO27001. Other definitions provided in the glossary have been taken from the earlier glossaries published by the Business Continuity Institute and the DRI (Institute for Continuity Management), from the IT service management standard, ISO20000, and from the IT Infrastructure Library (ITILv3). Created to facilitate the adoption of BS25999, the combined glossary sets out the most common business continuity terms and offers an authoritative explanation of what they mean. It will therefore enable business continuity to be discussed clearly and consistently throughout the English-speaking world. Benefits to business include: Improve communication and cooperation Business continuity management requires commitment at boardroom level, and involves many different people within a given organisation. The purpose of this glossary is to facilitate communication and thereby make it easier for IT managers, business continuity professionals and senior executives to cooperate Find a glossary that is comprehensive Just as business continuity affects many different functions within the organisation, so it also touches upon other standards besides BS25999. This glossary combines definitions of words from BS25999 with terms both from other information security standards and from the IT Infrastructure Library. As the first truly comprehensive glossary of business continuity terms, this pocket guide is the only book where you can find an explanation of all the relevant business continuity terms in one place Stay in the loop If your organisation is setting up a business continuity management plan, you have a choice. Either you get involved in the process, or the key decisions will be taken without your input. If you want to be kept in the loop on business continuity planning, this guide can help you to understand what people are talking about and how it relates to your area of responsibility Help your staff to plan for an emergency Business continuity planning is a vital imperative for those public sector organisations that are responsible for frontline services. Under the UK Civil Contingencies Act...

Note: Description based on online resource; title from title page (Safari, viewed Dec. 18, 2013)

URL: https://learning.oreilly.com/library/view/-/9781849281591/?ar

Permalink

Library	Location	Call Number	Volume/Issue/Year	Availability

Others were also interested in ...

Online Resource

MPI Ethno. Forsch.

26

Online Resource

ISO27001 : ISO27002 (2008)

Calder, Alan [VerfasserIn] 1957-

Ely, U.K. : IT Governance Pub.

add to mindlist on the mindlist

Details

Language: English

Pages: 1 online resource (1 v.)

Keywords: Information technology ; Security measures ; Computer networks ; Security measures ; Data protection ; Risk management ; Electronic books ; Electronic books ; local

Abstract: Use ISO27001 to protect your organisation's information assets This helpful, handy ISO27001/ISO27002 pocket guide gives a useful overview of these two important information security standards. Read this pocket guide to learn about: The ISO/IEC 27000 Family of Information Security Standards Background to the Standards Certification process The ISMS and ISO27001 Overview of ISO/IEC 27001:2005 Specification vs Code of Practice Documentation Records Management Responsibility Policy Scope Risk Assessment Implementation. Confidentiality, Integrity and Availability In order to ensure the availability, confidentiality and integrity of your business information, you will need to put in place an information security management system (ISMS). ISO27001 is the international standard that offers a framework for an ISMS. If your organisation's ISMS conforms to the specification of ISO27001, you can arrange for an independent audit of the ISMS against that specification and eventually achieve certification. Why does ISO27001/27002 matter? Improve efficiency - An ISO27001 compliant ISMS will enable your organisation to move beyond the ad hoc approach to information security. An unsystematic approach to the subject tends to mean that a lot of people's time is wasted ""putting out bush fires"": fixing bugs in software and reacting to incidents as they arise. However, the structured, coherent approach of the ISMS will make your organisation less likely to be crippled by minor setbacks and will, therefore, enable it to function more effectively Protect your information assets - Information assets face a wide range of threats, ranging from criminal activity, such as fraud, to user error or system failure. Putting in place an ISMS, will enable you to improve the level of information security within your organisation Manage risk - The systematic approach to information security required under ISO27001, means your organisation needs to put in place a risk treatment plan. Once you have identified the main threats to your business information, and the most likely ways in which they could do damage to your company, you can work out how best to eliminate or reduce these risks. In addition, there are some risks you can manage by ensuring they remain at an acceptable level Prepare for the worst - Supposing that, in spite of the precautions you had taken, your company did suffer a major security breach. If something like that happened, how well prepared would your company th...

Note: Description based on online resource; title from title page (Safari, viewed August 19, 2013)

URL: https://learning.oreilly.com/library/view/-/9781849281669/?ar

Permalink

Library	Location	Call Number	Volume/Issue/Year	Availability

Others were also interested in ...

Online Resource

MPI Ethno. Forsch.

27

Online Resource

IT regulatory compliance in the UK (2007)

Calder, Alan [VerfasserIn] 1957-

[Ely, UK?] : IT Governance

add to mindlist on the mindlist

Details

Language: English

Pages: 1 online resource (1 v.)

Keywords: Information technology ; Law and legislation ; Great Britain ; Technology and law ; Great Britain ; Information technology ; Great Britain ; Management ; Electronic books ; Electronic books ; local

Abstract: In today's computer-driven world, every modern business depends on its information technology. This means that IT systems have to be protected and regulated. If you run a company that is based in or has a presence in Britain, you need to be familiar with the UK laws and standards that relate to IT governance. This pocket guide provides you with a concise and accessible guide to the relevant UK legislation, including the Data Protection Act 1998, the Freedom of Information Act 2000 and the Regulation of Investigatory Powers Act 2000. It explains the importance of keeping and preserving records, and outlines the type of records your organisation is obliged to retain. IT compliance represents a key challenge for information professionals. By offering you a bird's eye view of the IT compliance landscape, this pocket guide makes that challenge easier to overcome. Benefits to business include: Avoid breaches of criminal or civil law This pocket guide covers the key IT compliance issues for organisations operating in the UK. Find out what is required of IT systems under the Combined Code The pocket guide summarises the requirements of the UK's corporate governance regime in relation to information risk, referring both to the Combined Code and to the Turnbull Guidance. Learn about the UK's distance selling regulations This pocket guide discusses the Privacy and Electronic Communications Regulations 2003. These regulations cover unsolicited direct marketing activity by e-mail. The pocket guide also looks at distance selling regulations such as the Electronic Commerce Regulations (2002). Understand the requirements of copyright law The pocket guide explains the implications of the Copyright Designs and Patents Act 1988 for your use of computer software, with particular reference to user licences. The guide also looks at how you can use steganography (digital watermarking) to protect your ownership of digital information. This pocket guide includes coverage of key UK IT and information-related regulation, such as: FSA Regulations Basel2 MiFID Data Protection Act 1998 Privacy and Electronic Communications Regulations 2003 Freedom of Information Act 2000 Computer Misuse Act 1990 (as updated in 2006) Copyright, Designs and Patents Act 1998 Electronic Communications Act 2000 Regulation of Investigatory Powers Act 2000 Human Rights Act 2000 Disability Discrimination Act 1995 Safeguarding of organizational resources Make sure your IT systems comply with the r...

Note: Publication information taken from resource description page (Safari, viewed August 19, 2013). - Description based on online resource; title from cover

URL: https://learning.oreilly.com/library/view/-/9781849281676/?ar

Permalink

Library	Location	Call Number	Volume/Issue/Year	Availability

Others were also interested in ...

Online Resource

MPI Ethno. Forsch.

28

Online Resource

IT governance : a pocket guide (2007)

Calder, Alan [VerfasserIn] 1957-

Ely, Cambridgeshire, U.K. : IT Governance Pub.

add to mindlist on the mindlist

Details

Language: English

Pages: 1 online resource (1 v.) , ill.

Keywords: Information technology ; Management ; Electronic books ; Electronic books ; local

Abstract: An Introduction to IT Governance If you are unsure what IT governance is, or how it is relevant to your business, this pocket guide is for you. It outlines the key drivers for IT governance in the modern global economy, with particular reference to corporate governance requirements and the need for companies to protect their information assets. IT Governance for "Non-geeks" The guide examines the role of IT governance in the management of strategic and operational risk. It also looks at the most important considerations when setting up an IT governance framework, and introduces you to the Calder-Moir IT Governance Framework that the author helped to create. The approach throughout is resolutely non-geek, avoiding technical jargon and with the emphasis on business opportunities and needs. Find out about something that matters for your organisation's survival If you want your business to succeed, you have to make effective use of information technology. Otherwise you will be outpaced by your competitors. This pocket guide is about how to create a framework to ensure that your organisation's IT will support its overall objectives. Understand a crucial aspect of corporate governance Companies are regulated in order to protect the interests of shareholders from fraudulent or reckless activity on the part of the directors. For US-listed companies, compliance with the Sarbanes-Oxley Act (SOX) of 2002 is mandatory. The requirements of SOX and the UK's Combined Code can only be met if you have an effective IT governance framework already in place. Understand a crucial aspect of risk management Those running a company have a responsibility to manage risk. An IT governance framework will help you to stop hackers, fight cybercrime and minimise the disruption to your operations in the event of an accident. Cut costs and boost profits While businesses often need to spend money on upgrades to their computer systems and software, this issue has many pitfalls. This pocket guide shows how IT governance can help you to make better investment decisions. An IT governance framework also enhances your overall competitiveness and thus increases profitability.

Note: Includes bibliographical references. - Description based on print version record

URL: https://learning.oreilly.com/library/view/-/9781849281171/?ar

Permalink

Library	Location	Call Number	Volume/Issue/Year	Availability

Others were also interested in ...

Online Resource

MPI Ethno. Forsch.

29

Online Resource

Risk assessment for asset owners : a pocket guide (2007)

Calder, Alan [VerfasserIn] 1957- ; Watkins, Steve G [MitwirkendeR]

[Ely, UK?] : IT Governance

add to mindlist on the mindlist

Details

Language: English

Pages: 1 online resource (1 v.) , ill.

Series Statement: Pocket guides: practical information security

Keywords: Data protection ; Evaluation ; Data protection ; Standards ; Risk management ; Electronic books ; Electronic books ; local

Abstract: Understand ISO 38500: the standard for the corporate governance of IT ISO/IEC38500 is the international standard for the corporate governance of information and communication technology. The purpose of the standard is to create a framework to ensure that the Board is appropriately involved in the governance of the organisation's IT. The standard sets out guiding principles for directors on how to ensure the effective, efficient and acceptable use of IT within their company. This useful pocket guide provides an account of the scope and objectives of the standard. It outlines the standard's six core principles, sets out the three major tasks that the standard assigns to directors regarding IT, and explains the interrelationship between the two. The guide also offers advice on how to set up and implement the IT governance framework. Business benefits of ISO/IEC 38500 (ISO38500) include: Manage the organisation's investment in IT responsibly The pocket guide shows how the standard can be used to ensure that your decision making about IT investment remains clear and transparent, and that the associated risks are clearly understood. Meet compliance requirements ISO/IEC38500 requires directors to verify that their IT systems are in compliance with all applicable regulations. As this pocket guide explains, following the procedures set out in ISO/IEC38500 will help company directors both to achieve and demonstrate compliance. Improve the performance of the organisation On average, investment in IT represents more than 50 per cent of every organisation's annual capital investment. Both private and public sector organisations need to maintain a high standard of service while at the same time keeping costs low. The pocket guide looks at how following the guidance contained in ISO/IEC38500 can enable directors to retain a grip on costs and obtain better value for money from IT equipment. Introduce effective project governance This pocket guide describes how ISO/IEC38500 can help company directors to identify problems in an IT project at an early stage. In this way, the standard promotes effective management of the risks associated with major IT projects, enables the board to keep a grip on budgets and militates against project failure. Implement ISO38500, the international standard for corporate governance of IT An IT governance framework serves to close the gap between the importance of IT and the understanding of IT. For this reason, you can use an IT go...

Note: Publication information taken from resource description page (Safari, viewed August 19, 2013). - Includes bibliographical references. - Description based on online resource; title from cover

URL: https://learning.oreilly.com/library/view/-/9781849281232/?ar

Permalink

Library	Location	Call Number	Volume/Issue/Year	Availability

Others were also interested in ...

Online Resource

MPI Ethno. Forsch.

30

Online Resource

IT regulatory compliance in North America (2007)

Calder, Alan [VerfasserIn] 1957-

[Ely, UK?] : IT Governance

add to mindlist on the mindlist

Details

Language: English

Pages: 1 online resource (1 v.)

Keywords: Information technology ; Law and legislation ; United States ; Technology and law ; United States ; Information technology ; United States ; Management ; Electronic books ; Electronic books ; local

Abstract: A clear and concise introduction to the rules for IT in North America In today's computer-driven world, every modern business depends on its information technology. This means that IT systems have to be protected and regulated. If your organization has a presence in North America, you need to be familiar with the relevant laws and standards for IT governance. IT is a key component of the US legislation relating to corporate governance and privacy. In addition, the Basel 2 Accord, the Fair Credit Reporting Act and the online banking standards of the Federal Financial Institutions Examination Council (FFIEC) all have important IT governance implications. Canada also has its own Personal Information Protection and Electronic Documents Act (PIPEDA). With such a wide range of rules and regulations, where do you begin? This pocket guide is intended as a brief, accessible survey of the major North American legislation relating to IT and information security. It provides a concise summary of the IT governance provisions currently in effect in Canada and the United States. Including advice on the requirements for preserving corporate records, the guide will help you to identify any gaps in your organization's IT compliance regime. Benefits to business include: Avoid breaches of criminal or civil law The pocket guide covers the key IT compliance issues for organizations operating in North America Find out about the IT Governance requirements of Sarbanes-Oxley The Sarbanes-Oxley Act of 2002 (SOX) was passed in response to the Enron scandal. Compliance with Sarbanes-Oxley is mandatory and failure to comply can result in significant penalties for individual directors. Tis pocket guide explains the internal controls over your IT systems that SOX requires you to maintain Understand the requirements of GLBA The Gramm-Leach-Bliley Act or Financial Services Modernisation Act covers all US-regulated financial services corporations. The pocket guide outlines the information security requirements of the Act and looks at how they are enforced Learn about Safe Harbor compliance Under the Safe Harbor framework, US corporations that have operations in the EU are permitted to receive European data. The pocket guide outlines the advantages for an American company of Safe Harbor compliance This pocket guide covers essential North American IT- and information-related regulation, including: Corporate governance, particularly Sarbanes-Oxley Basel2 Breach Notification laws O...

Note: Publication information taken from resource description page (Safari, viewed August 16, 2013). - Description based on online resource; title from cover

URL: https://learning.oreilly.com/library/view/-/9781849281201/?ar

Permalink

Library	Location	Call Number	Volume/Issue/Year	Availability

Others were also interested in ...

Online Resource

MPI Ethno. Forsch.

31

Online Resource

IT governance : guidelines for directors (2005)

Calder, Alan [VerfasserIn] 1957-

[Erscheinungsort nicht ermittelbar] : IT Governance Pub.

add to mindlist on the mindlist

Details

Language: English

Pages: 1 online resource (1 v.) , ill.

Parallel Title: Erscheint auch als

Keywords: Information technology ; Management ; Business enterprises ; Computer networks ; Security measures ; Computer security ; Electronic books ; Electronic books ; local

Abstract: A director's guide to IT governance This book is an essential read for those sitting on the board of any organisation that wants to secure its information, its intellectual property and its competitive advantage. Written for a non-technical, commercially-minded audience, this book offers a comprehensive introduction to the critical subject of IT governance. Why is IT governance important? Your business will stand or fall on the quality of its IT governance. Information technology can enable you to improve your operations and cut costs. And by changing the way you deal with your customers, IT may even have the potential to transform your entire business. However, IT involves an element of risk. For the sake of your bottom line, these risks are something your company needs to be capable of managing. IT governance and the board IT governance generally enjoys less board understanding and commitment than corporate governance. However, the reality is that the IT function is vital to the running of your business and so IT governance too requires leadership from the top. Information security breaches have the potential to alienate your customers and to damage your company's reputation. The consequences of cyber crime could cripple your business with heavy financial losses. Failure to comply with the information security requirements of corporate governance codes may even cause your company to be denied a presence in entire countries. The road to information security goes through corporate governance. This means that information security has to be a specific board-agenda item, and a priority at CEO level. IT governance and intellectual property While you can easily judge how much a factory is worth, some of your company's most important assets may be the intangible ones. The real worth of your company is a matter of its intellectual capital - such as patents, designs and databases - as well as the sites and machinery in its possession. This kind of information is held on computer systems. So your company needs to be as serious about protecting its digital information from industrial espionage and cybercrime as it is about protecting its warehouses from robbery and arson. IT governance as a business enabler Having an effective IT governance framework in place will help you to safeguard your company against an information security breach. At the same time, your IT governance framework can open doors for your business. By ensuring that your IT systems are...

Note: Includes bibliographical references. - Description based on print version record

URL: https://learning.oreilly.com/library/view/-/9781849281058/?ar

Permalink

Library	Location	Call Number	Volume/Issue/Year	Availability

Others were also interested in ...

Online Resource

MPI Ethno. Forsch.