Skip to Main Content
USA
Select regional store:
Learn for less: Save 25% on high-quality instructor-led and self-paced foundation training | Find out more

We're sorry but that page cannot be found

Please use the links above to find what you were looking for.

You may not have been able to visit your page because of:

   1. An out-of-date bookmark/favourite
   2. A search engine that has an out-of-date listing
   3. A mistyped address
   4. You have no access to this page
   5. The requested resource was not found.
   6. An error has occurred while processing your request.

Are you looking for:

An Introduction to Information Security and ISO 27001 (2013) A Pocket Guide, Second Edition
Overview

The ideal primer for anyone implementing an Information Security Management System (ISMS)

This pocket guide will help you to:

  • Make informed decisions
    Using this guide will enable the key people in your organization to make better decisions before embarking on an information security project.
  • Ensure everyone is up to speed
    Use this guide to give the non-specialists on the project board and in the project team a clearer understanding of what the project involves.
  • Raise awareness among staff
    Use this guide to make sure your people know what is at stake with regard to information security and understand what is expected of them.
  • Enhance your competitiveness
    Use this guide to let your customers know that the information you hold about them is managed and protected appropriately.
About the author

Steve G. Watkins

Steve G. Watkins managed the world’s first successful BS7799 (the forerunner of ISO27001) implementation project and leads the consultancy and training services of IT Governance Ltd. He is Chair of the ISO/IEC 27001 User Group, the UK Chapter of the ISMS International User Group, and an ISMS Technical Assessor for UKAS, advising on their assessments of certification bodies offering accredited certification. He has over 20 years’ experience managing integrated management systems, including maintenance of Information Security, Quality, Environmental and Investor in People certifications. His experience includes senior management positions in both the public and private sectors.

Application Security in the ISO 27001 2013 Environment - Second edition
Overview

Web application security as part of an ISO 27001-compliant information security management system

Web application vulnerabilities are a common point of intrusion for cyber criminals. As cybersecurity threats proliferate and attacks escalate, and as applications play an increasingly critical role in business, organizations urgently need to focus on web application security to protect their customers, their interests, and their assets.

Although awareness of the need for web application security is increasing, security levels are nowhere near enough: according to the 2015 Trustwave Global Security Report, 98% of tested web applications were vulnerable to attack.

SMEs in particular should be very concerned about web application security: many use common, off-the-shelf applications and plugins—such as Internet Explorer, Java, Silverlight, and Adobe Reader and Flash Player—which often contain exploitable vulnerabilities.

Application Security in the ISO 27001:2013 Environment explains how organizations can implement and maintain effective security practices to protect their web applications—and the servers on which they reside—as part of a wider information security management system by following the guidance set out in the international standard for information security management, ISO 27001.

The book describes the methods used by criminal hackers to attack organizations via their web applications and provides a detailed explanation of how you can combat such attacks by employing the guidance and controls set out in ISO 27001.


Product overview

  • Second edition, updated to reflect ISO 27001:2013 as well as best practices relating to cryptography, including the PCI SSC’s denigration of SSL in favour of TLS.
  • Provides a full introduction to ISO 27001 and information security management systems, including implementation guidance.
  • Describes risk assessment, management, and treatment approaches.
  • Examines common types of web app security attack, including injection attacks, cross-site scripting, and attacks on authentication and session management, explaining how each can compromise ISO 27001 control objectives and showing how to test for each attack type.
  • Discusses the ISO 27001 controls relevant to application security.
  • Lists useful web app security metrics and their relevance to ISO 27001 controls.
  • Provides a four-step approach to threat profiling and describes application security review and testing approaches.
  • Sets out guidelines and the ISO 27001 controls relevant to them, covering:
    • input validation
    • authentication
    • authorization
    • sensitive data handling and the use of TLS rather than SSL
    • session management
    • error handling and logging
  • Describes the importance of security as part of the web app development process

Order Application Security in the ISO 27001 Environment to secure your web applications today.

About the author

About the Authors

  • Vinod Vasudevan, CISSP, is the chief technology officer (CTO) at Paladion. Before co-founding Paladion, Vinod worked with Microsoft. He wrote the chapter "Application Security and ISO27001."
  • Anoop Mangla is a risk specialist in banking and finance an expert on the effectiveness of security technologies in organizations’ security. He wrote the chapter "Introduction to Application Security Threats."
  • Firosh Ummer, CISA, ISO27001 LA, CBCP, BS15000 LA, is co-founder of Paladion and head of the ISO 27001 consulting practice. Firosh wrote the chapter "Threat Profiling and Security Testing."
  • Sachin Shetty, CISSP, is a senior application security engineer with Paladion. He wrote the chapter "Attacks on Applications."
  • Sangita Pakala, GCIH, is Head of Application Security Projects at Paladion. She wrote the chapter "Secure Development Lifecycle."
  • Siddharth Anbalahan is a senior application security engineer. He has developed anti-phishing toolkits to enable banks to detect phishing attacks in real time. Siddharth wrote the chapter "Secure Coding Guidelines."
Assessing Information Security - Strategies, Tactics, Logic and Framework, 2nd Edition
Overview

Build a strategic response to cyber attacks

The activities of the cyber criminal are both deliberate and hostile, and they can be compared to military operations.

Many people in business understand that the insights from the classics of military strategy are as relevant to modern commerce as they are to war.

It is clear that organizations need to develop a view of cybersecurity that goes beyond technology: all staff in the organization have a role to play, and it is the senior managers who must ensure, like generals marshaling their forces, that all staff know the cybersecurity policies that explain what to do when under attack.


Cybercrime… cyber war?

With this in mind, the authors have drawn on the work of Clausewitz and Sun Tzu and applied it to the understanding of information security that they have built up through their extensive experience in the field. The result is expert guidance on information security, underpinned by a profound understanding of human conflict.

Building on the success of the first edition, this new edition covers the most recent developments in the threat landscape and the best-practice advice available in the latest version of ISO 27001:2103.


Contents: 

  1. Information Security Auditing and Strategy
  2. Security Auditing, Governance, Policies, and Compliance
  3. Security Assessments Classification
  4. Advanced Pre-Assessment Planning
  5. Security Audit Strategies and Tactics
  6. Synthetic Evaluation of Risks
  7. Presenting the Outcome and Follow-Up Acts
  8. Reviewing Security Assessment Failures and Auditor Management Strategies 
About the author

About the authors 

Dr. Andrew Vladimirov is a security researcher. His fields of expertise include network security and applied cryptography, and he has extensive experience of performing information security assessments. He and his fellow authors are the founders of Arhont Ltd, a leading information security consultancy.

Konstantin Gavrilenko has over 15 years of experience in IT and security. As a researcher, information security is his specialty, and he has a particular interest in wireless security. He holds a BSc in management science from De Montfort University and an MSc in management from Lancaster University.

Andriej Michajlowski is an expert on network security. His research interests include user and device authentication mechanisms and wireless networking security. He has extensive experience carrying out internal and external information security assessments. He is a graduate of the University of Kent at Canterbury and he holds an MBA.

Information Security Breaches - Avoidance and Treatment based on ISO27001, Second Edition
Overview

What if you suffer an information security breach?

Many books explain how to reduce the risk of information security breaches. Nevertheless, breaches do occur, even to organizations that have taken all reasonable precautions. Information Security Breaches – Avoidance and treatment based on ISO27001:2013 helps you to manage this threat by detailing what to do as soon as you discover a breach.

Be prepared, be prompt, be decisive

When your organization’s security is compromised, you cannot afford to waste time deciding how to resolve the issue. You must be ready to take prompt and decisive action. Updated to cover ISO27001:2013, this second edition gives you clear guidance on how to treat an information security breach and tells you the plans and procedures you have to put in place to minimize damage and return to business as usual.

A recovery plan will help you to:

  • Recover, and resume normal operations, more quickly
  • Preserve customer confidence by quickly resolving service disruption
  • Secure evidence to help with any criminal investigation and improve your chances of catching those responsible. 

Reviews from the first edition

"… I recommend this pocket guide to anyone implementing ISO27001, and indeed to anyone who is concerned about the risks of security breaches, and who wants to know how best to prepare their organization for the unpleasant events that are bound to happen from time to time…”

- Willi Kraml, Global Information Security Officer

 

"… Michael Krausz has created a valuable tool … Written in plain English, this handbook is easy to follow even by a novice in the Information Technology Field. Therefore "Information Security Breaches" is a must within the 'tool box' of anyone who deals with IT issues on an every-day basis…”

- Werner Preining, Interpool Security Ltd

 
About the author

Michael Krausz

Michael Krausz is an IT expert and experienced professional investigator. He has investigated over a hundred cases of information security breaches. Many of these cases have concerned forms of white-collar crime. He studied physics, computer science, and law at the University of Technology in Vienna, and at Vienna and Webster Universities. He has delivered over 5000 hours of professional and academic training and has provided services in eleven countries to date.

Certified ISO 22301 BCMS Lead Auditor Self-Paced Online Training Course
Description

Training course outline

This course teaches you the skills to plan and execute an audit of a BCMS that conforms to ISO 22301:2019. It also prepares you to pass the ISO 22301 Certified BCMS Lead Auditor (CBC LA) exam on the first attempt.

You will learn:

  • The skills to conduct second-party (supplier) and third-party (external and certification) BCMS (business continuity management system) audits
  • How to lead a team of auditors and gain the skills to achieve compliance with ISO 22301
  • How to competently manage a BCM audit program
  • The best-practice audit methodology based on ISO 19011, allowing you to master audit techniques

Please note that this course consists of the following modules:

  • Core Audit Skills Self-Paced Online Training Course
  • Certified ISO 22301 Lead Auditor Module Self-Paced Online Training Course

Certified ISO 22301 BCMS Lead Auditor Self-Paced Online Training Course benefits

 Designed by experts

Designed by experienced ISO 22301 specialists from the leading provider of IT governance, risk management, and compliance solutions.

 Delivered by professionals

Taught by an ISO 22301 consultant with extensive experience auditing management systems and helping organizations prepare for an ISO 22301 audit.

 Aligned with best practice

Aligned with the best-practice ISO 19011:2018 (Guidelines for auditing management systems) audit methodology.

 Study at your own pace

Learn at a time, place, and pace that suits you.

 Bite-sized learning

Pre-recorded online course and learner guide enabling you to learn in easy, manageable, bite-sized chunks.

 Learning support

Comes with a learner guide to read alongside the video modules.


Who should attend this course?

This course is aimed at people who want a globally recognized ISO 22301 lead auditor qualification to further their careers. It is also designed for managers responsible for implementing and maintaining an ISO 22301-compliant BCMS, such as:

  • ISO 22301 auditors
  • Business continuity managers
  • Information security managers
  • IT managers
  • Business managers
  • Compliance managers
  • Project managers
  • Risk managers
  • Emergency planners

Why choose IT Governance USA for your training needs?

  • We are the global specialists – As global specialists in information security, cybersecurity, and privacy, we pride ourselves on being market leaders and keeping one step ahead. Our expert instructors use their working knowledge to bring the course content to life, while covering all the essential and technical content.

  • Built and delivered by experts – Our courses are built and delivered by subject-matter experts and innovative instructional design specialists with years of practical, hands-on experience.

  • Learn your way – We have the training methods and solutions to suit your business or personal learning style. We offer instructor-led (classroom, Live Online or hybrid), blended, self-paced, elearning, in-house, and custom training options.

  • Our service levels are exemplary – From the sales team that pays close attention to your development needs, to the operations team that makes things tick like a Swiss watch, to the energy and skill of the instructors. We are all passionate about what we do and want to ensure you get the best training experience possible.

  • Pass the first time or train again for free – We have trained more than 28,000 people and we’re confident you’ll pass with us first time. If you don’t, we’ll train you again for free.*

* T&Cs apply.

Course details

What does this course cover?

  • Best-practice audit methodology based on ISO 19011
  • Application of the generic auditing process to audit a BCMS
  • ISO 22301 terms and definitions
  • The process approach and PDCA cycle
  • Planning, conducting, reporting, and following up an audit
  • Examples of evidence of conformity and nonconformity
  • Applying observation and active listening
  • Writing nonconformities of intent, implementation, and effectiveness
  • Identifying inconsistencies in a BCMS
  • Relevance of nonconformity statements to scope, policy, and objectives
  • Selecting and leading an ISO 22301 BCMS audit team

What’s included in this course?

  • Full course materials (digital copy provided as a PDF file)
  • Access to our LMS (learning management system) for one year
  • The ISO 22301 Certified BCMS Lead Auditor exam (if purchased)
  • A certificate of attendance

Please note that this course can be purchased with or without the exam as required.


What equipment do I need?

You will need a laptop for the duration of your course and exam.


Are there any prerequisites for this course?

There are no formal entry requirements for this course, but learners should have a good knowledge of ISO 22301. This could be obtained through practical experience, reading, or attending the Business Continuity Management Lead Implementer Training Course.

Participants will need to have their own copies of the ISO 22301:2019 standard for use during the course.


Is there any recommended reading?

We strongly recommend you purchase and read the Standard before attending the course:

We also recommend that you purchase and read the following textbooks:

Exams and qualifications

ISO 22301 Certified BCMS Lead Auditor exam

Candidates take the ISO 22301 Certified BCMS Lead Auditor (CBC LA) exam set by IBITGQ.

  • Delivery method: Online
  • Duration: 90 minutes
  • Questions: 40
  • Format: Multiple choice
  • Pass mark: 65%

This course is equivalent to:

35

CPD points


What qualifications will I receive?

Successfully completing the course and exam awards the ISO 22301 Certified BCMS Lead Auditor (CBC LA) qualification.


Accreditation

This course is accredited by IBITGQ (International Board for IT Governance Qualifications).

IBITGQ is a personnel certification body that certifies individuals in the field of IT governance.

IBITGQ is accredited to the ISO/IEC 17024:2012 standard (Conformity assessment – General requirements for bodies operating certification of persons) by IAS (International Accreditation Service). ISO 17024 is a global, industry-recognized benchmark, and qualifications accredited to this standard are recognized and highly valued by employers throughout the world.

You can demonstrate your professional and practical knowledge and expertise by registering your qualification on the IBITGQ/GASQ successful candidate register.


How will I receive my exam results and certificates?

  • Provisional exam results will be available immediately after completing the exam. Confirmed exam results will be issued within ten working days from the date of the exam.
  • Certificates for those who have achieved a passing grade will be issued within ten working days from the date of the exam.
  • Results notifications and certificates are emailed directly to candidates by the relevant exam board; please note that hard-copy exam certificates are not issued.

Can exams be retaken?

Yes, if you are unsuccessful on the first attempt, you can retake the exam for an additional fee. You can email us to schedule the retest.

Fulfillment

Fulfillment of your self-paced online training course

After you have completed your order, you will receive a sales receipt and a “Thank you for your order” confirmation email. This email will ask you to provide essential participant information and gives instructions on how to access your course. If you don’t receive this email, please check your junk folder.


Participant information

You must provide the requested participant information, including a valid email address. This applies whether you have made the booking for yourself or on behalf of someone.

Please check this information is correct before submitting, as you are unable to change the participant’s email address once it has been added to our system.


Accessing the course

If you are a new customer, you will receive an email from noreply@grcelearning.com with instructions on how to access the LMS. If you or other participants do not receive this email, please check your junk folders.

If you have accessed the LMS previously, please log in using your credentials. You can access the LMS at any time from your My Account page.

Once you have logged in to the LMS, you can download the course material immediately.


Exams

Important information: Please read our examination guide before scheduling your exam.

All exams are delivered online using an automated proctor system managed by GASQ on behalf of IBITGQ (International Board for IT Governance Qualifications).


What you need

When you’re ready to take your exam, please log in to your My Account page, scroll down to the ‘Self-paced online training courses’ section, and click the ‘Course completed’ button. A member of our team will be in touch to provide details of your exam booking procedure.

Exam candidates are required to have:

  • A desktop or laptop computer with a webcam and microphone
  • Google Chrome browser installed
  • Photo ID such as a student card, an ID card, or a driver’s license
  • A tablet or smartphone with a camera (optional – but required for some courses)
  • A stable Wi-Fi Internet connection with a minimum upload speed of 1.5 Mbps

Please see our examination guide for exact specifications.


Scheduling your exam

You are required to book your exam online at least 96 hours before the exam date.

Please be aware that you can reschedule your exam once (if needed) at least 48 hours before your booked exam date for no additional charge.

top
This website uses cookies. View our cookie policy
SAVE 25% ON
FOUNDATION
TRAINING
Loading...