Please use the links above to find what you were looking for.
You may not have been able to visit your page because of:
1. An out-of-date bookmark/favourite
2. A search engine that has an out-of-date listing
3. A mistyped address
4. You have no access to this page
5. The requested resource was not found.
6. An error has occurred while processing your request.
This pocket guide will help you to:
Steve G. Watkins managed the world’s first successful BS7799 (the forerunner of ISO27001) implementation project and leads the consultancy and training services of IT Governance Ltd. He is Chair of the ISO/IEC 27001 User Group, the UK Chapter of the ISMS International User Group, and an ISMS Technical Assessor for UKAS, advising on their assessments of certification bodies offering accredited certification. He has over 20 years’ experience managing integrated management systems, including maintenance of Information Security, Quality, Environmental and Investor in People certifications. His experience includes senior management positions in both the public and private sectors.
Web application vulnerabilities are a common point of intrusion for cyber criminals. As cybersecurity threats proliferate and attacks escalate, and as applications play an increasingly critical role in business, organizations urgently need to focus on web application security to protect their customers, their interests, and their assets.
Although awareness of the need for web application security is increasing, security levels are nowhere near enough: according to the 2015 Trustwave Global Security Report, 98% of tested web applications were vulnerable to attack.
SMEs in particular should be very concerned about web application security: many use common, off-the-shelf applications and plugins—such as Internet Explorer, Java, Silverlight, and Adobe Reader and Flash Player—which often contain exploitable vulnerabilities.
Application Security in the ISO 27001:2013 Environment explains how organizations can implement and maintain effective security practices to protect their web applications—and the servers on which they reside—as part of a wider information security management system by following the guidance set out in the international standard for information security management, ISO 27001.
The book describes the methods used by criminal hackers to attack organizations via their web applications and provides a detailed explanation of how you can combat such attacks by employing the guidance and controls set out in ISO 27001.
Order Application Security in the ISO 27001 Environment to secure your web applications today.
The activities of the cyber criminal are both deliberate and hostile, and they can be compared to military operations.
Many people in business understand that the insights from the classics of military strategy are as relevant to modern commerce as they are to war.
It is clear that organizations need to develop a view of cybersecurity that goes beyond technology: all staff in the organization have a role to play, and it is the senior managers who must ensure, like generals marshaling their forces, that all staff know the cybersecurity policies that explain what to do when under attack.
With this in mind, the authors have drawn on the work of Clausewitz and Sun Tzu and applied it to the understanding of information security that they have built up through their extensive experience in the field. The result is expert guidance on information security, underpinned by a profound understanding of human conflict.
Building on the success of the first edition, this new edition covers the most recent developments in the threat landscape and the best-practice advice available in the latest version of ISO 27001:2103.
Dr. Andrew Vladimirov is a security researcher. His fields of expertise include network security and applied cryptography, and he has extensive experience of performing information security assessments. He and his fellow authors are the founders of Arhont Ltd, a leading information security consultancy.
Konstantin Gavrilenko has over 15 years of experience in IT and security. As a researcher, information security is his specialty, and he has a particular interest in wireless security. He holds a BSc in management science from De Montfort University and an MSc in management from Lancaster University.
Andriej Michajlowski is an expert on network security. His research interests include user and device authentication mechanisms and wireless networking security. He has extensive experience carrying out internal and external information security assessments. He is a graduate of the University of Kent at Canterbury and he holds an MBA.
"… I recommend this pocket guide to anyone implementing ISO27001, and indeed to anyone who is concerned about the risks of security breaches, and who wants to know how best to prepare their organization for the unpleasant events that are bound to happen from time to time…”
- Willi Kraml, Global Information Security Officer
"… Michael Krausz has created a valuable tool … Written in plain English, this handbook is easy to follow even by a novice in the Information Technology Field. Therefore "Information Security Breaches" is a must within the 'tool box' of anyone who deals with IT issues on an every-day basis…”
- Werner Preining, Interpool Security Ltd
Michael Krausz is an IT expert and experienced professional investigator. He has investigated over a hundred cases of information security breaches. Many of these cases have concerned forms of white-collar crime. He studied physics, computer science, and law at the University of Technology in Vienna, and at Vienna and Webster Universities. He has delivered over 5000 hours of professional and academic training and has provided services in eleven countries to date.
This course teaches you the skills to plan and execute an audit of a BCMS that conforms to ISO 22301:2019. It also prepares you to pass the ISO 22301 Certified BCMS Lead Auditor (CBC LA) exam on the first attempt.
You will learn:
Please note that this course consists of the following modules:
Designed by experienced ISO 22301 specialists from the leading provider of IT governance, risk management, and compliance solutions.
Taught by an ISO 22301 consultant with extensive experience auditing management systems and helping organizations prepare for an ISO 22301 audit.
Aligned with the best-practice ISO 19011:2018 (Guidelines for auditing management systems) audit methodology.
Learn at a time, place, and pace that suits you.
Pre-recorded online course and learner guide enabling you to learn in easy, manageable, bite-sized chunks.
Comes with a learner guide to read alongside the video modules.
This course is aimed at people who want a globally recognized ISO 22301 lead auditor qualification to further their careers. It is also designed for managers responsible for implementing and maintaining an ISO 22301-compliant BCMS, such as:
We are the global specialists – As global specialists in information security, cybersecurity, and privacy, we pride ourselves on being market leaders and keeping one step ahead. Our expert instructors use their working knowledge to bring the course content to life, while covering all the essential and technical content.
Built and delivered by experts – Our courses are built and delivered by subject-matter experts and innovative instructional design specialists with years of practical, hands-on experience.
Learn your way – We have the training methods and solutions to suit your business or personal learning style. We offer instructor-led (classroom, Live Online or hybrid), blended, self-paced, elearning, in-house, and custom training options.
Our service levels are exemplary – From the sales team that pays close attention to your development needs, to the operations team that makes things tick like a Swiss watch, to the energy and skill of the instructors. We are all passionate about what we do and want to ensure you get the best training experience possible.
Pass the first time or train again for free – We have trained more than 28,000 people and we’re confident you’ll pass with us first time. If you don’t, we’ll train you again for free.*
* T&Cs apply.
Please note that this course can be purchased with or without the exam as required.
You will need a laptop for the duration of your course and exam.
There are no formal entry requirements for this course, but learners should have a good knowledge of ISO 22301. This could be obtained through practical experience, reading, or attending the Business Continuity Management Lead Implementer Training Course.
Participants will need to have their own copies of the ISO 22301:2019 standard for use during the course.
We strongly recommend you purchase and read the Standard before attending the course:
We also recommend that you purchase and read the following textbooks:
Candidates take the ISO 22301 Certified BCMS Lead Auditor (CBC LA) exam set by IBITGQ.
This course is equivalent to:
35
CPD points
Successfully completing the course and exam awards the ISO 22301 Certified BCMS Lead Auditor (CBC LA) qualification.
This course is accredited by IBITGQ (International Board for IT Governance Qualifications).
IBITGQ is a personnel certification body that certifies individuals in the field of IT governance.
IBITGQ is accredited to the ISO/IEC 17024:2012 standard (Conformity assessment – General requirements for bodies operating certification of persons) by IAS (International Accreditation Service). ISO 17024 is a global, industry-recognized benchmark, and qualifications accredited to this standard are recognized and highly valued by employers throughout the world.
You can demonstrate your professional and practical knowledge and expertise by registering your qualification on the IBITGQ/GASQ successful candidate register.
Yes, if you are unsuccessful on the first attempt, you can retake the exam for an additional fee. You can email us to schedule the retest.
After you have completed your order, you will receive a sales receipt and a “Thank you for your order” confirmation email. This email will ask you to provide essential participant information and gives instructions on how to access your course. If you don’t receive this email, please check your junk folder.
You must provide the requested participant information, including a valid email address. This applies whether you have made the booking for yourself or on behalf of someone.
Please check this information is correct before submitting, as you are unable to change the participant’s email address once it has been added to our system.
If you are a new customer, you will receive an email from noreply@grcelearning.com with instructions on how to access the LMS. If you or other participants do not receive this email, please check your junk folders.
If you have accessed the LMS previously, please log in using your credentials. You can access the LMS at any time from your My Account page.
Once you have logged in to the LMS, you can download the course material immediately.
Important information: Please read our examination guide before scheduling your exam.
All exams are delivered online using an automated proctor system managed by GASQ on behalf of IBITGQ (International Board for IT Governance Qualifications).
When you’re ready to take your exam, please log in to your My Account page, scroll down to the ‘Self-paced online training courses’ section, and click the ‘Course completed’ button. A member of our team will be in touch to provide details of your exam booking procedure.
Exam candidates are required to have:
Please see our examination guide for exact specifications.
You are required to book your exam online at least 96 hours before the exam date.
Please be aware that you can reschedule your exam once (if needed) at least 48 hours before your booked exam date for no additional charge.