ISO 17799 Information Aggregator

EX0-101 certification

Posted: June 21st, 2010 | Author: | Filed under: Uncategorized | Tags: , , , , , , , , , , , , , , | No Comments »

Testinside is Necessary for EX0-101 Exam
The EX0-101 certificates give you possibility to work in any country of the world because they are acknowledged in all countries equally. This Testinside EX0-101 torrent certificate helps not only to improve your knowledge and skills, but it also helps your career, gives a possibility for qualified usage of Testinside EX0-101 exam products under different conditions.

The majority of companies in the sphere of information technologies require the presence of EX0-101 exam for the work in the company, and that makes obtaining this EX0-101 certification necessary. Many IT specialists were not able to obtain the EX0-101 certificate from the first attempt, which was the result of poor preparation for the examination, using preparatory EX0-101 study guide of poor quality.

Testinside EX0-101 Practice Questions are designed with questions, coupled with precise, logical and verified explanations. Our EX0-101 practice exam provides you with an examination experience like no other. Our EX0-101 practice exams and study questions are composed by current and active Information Technology experts, who use their experience in preparing you for your future in IT area.

Prove your competencies: get EX0-101 certified
Information technology is the cornerstone of today’s highly demanding and competitive business world. As an IT professional, you face the daily challenge of providing reliable, consistent and affordable IT services in a constantly changing performance-driven environment. Prove your knowledge and join the EX0-101 certified IT Professionals.

EXIN,Inc the Examination Institute for Information Science, is a global, independent IT examination provider offering qualification programs for ISO/IEC 20000, ISO/IEC 27000, ITIL®, MOF, ASL, BiSL, TMap® and SCP. It’s EXIN’s mission to improve the quality of the IT sector, the IT professionals and the IT users, by means of independent testing and certification.

Retrieved from “http://www.articlesbase.com/education-articles/ex0101-certification-1607617.html”

Visit link: EX0-101 certification

ISO 27001 Security Standard Published

Posted: June 20th, 2010 | Author: | Filed under: Uncategorized | Tags: , , , , , , , , , , , , , | No Comments »

This standard essentially defines an Information Security Management System (known as an ISMS), and compliments the ISO 17799 ‘code of practice’ standard, which was re-published earlier in the year. It specifies the framework for the …

Read the rest here: ISO 27001 Security Standard Published

ISO 27002 Security Policy Templates

Posted: June 20th, 2010 | Author: | Filed under: Uncategorized | Tags: , , , , , , , , , | No Comments »

The ISO 27002 Security Policy templates from ecfirst provide an excellent opportunity for organizations to develop customized policies to address critical regulatory compliance mandates. The policy templates are available in Microsoft Word as a download from the ecfirst e-store.

Why is the ISO 27000 such an important standard in the world of information security? The ISO 27000 series provides best practice recommendations on information security management, risks and controls within the context of an overall Information Security Management System (ISMS). It is applicable to organizations of all types, across industries, and sizes.

The security policy templates address all the controls defined within categories and clauses of the ISO 27002 information security standard. The ISO 27002 provides best practice recommendations on information security management for use by those who are responsible for initiating, implementing or maintaining an ISMS.

Your organization may be impacted by regulations such as the Health Insurance Portability and Accountability Act (HIPAA) and possibly other regulations such as the Payment Card Industry’s Data Security Standard (PCI’s DSS) or U.S. State requirements. An important reference and an excellent framework in the world of information security are the ISO 27001 and ISO 27002 standards. Your organization can get a fast start to addressing regulatory requirements by first developing policies centered around this exclusive global information security standard.

About ecfirst:
ecfirst, an Inc. 500 business, has served over 1400 clients all across the United States in the areas of compliance, security and professional services. ecfirst delivers deep expertise with its full suite of services that include ISMS, IT Project Management, and general security and IT infrastructure solutions.

Retrieved from “http://www.articlesbase.com/management-articles/iso-27002-security-policy-templates-968350.html”

Read the original: ISO 27002 Security Policy Templates

Managing Risk in Information Technology

Posted: June 17th, 2010 | Author: | Filed under: Uncategorized | Tags: , , , , , , , , , , , , | No Comments »

As information technology increasingly falls within the scope of corporate governance, so management must increasingly focus on the management of risk to the achievement of its business objectives.

There are two fundamental components of effective management of risk in information and information technology: the first relates to an organization’s strategic deployment of information technology in order to achieve its corporate goals, the second relates to risks to those assets themselves. IT systems usually represent significant investments of financial and executive resources. The way in which they are planned, managed and measured should therefore be a key management accountability, as should the way in which risks associated with information assets themselves are managed.

Clearly, well managed information technology is a business enabler. Every deployment of information technology brings with it immediate risks to the organization and, therefore, every director or executive who deploys, or manager who makes any use of, information technology needs to understand these risks and the steps that should be taken to counter them.

ITIL has long provided an extensive collection of best practice IT management processes and guidance. In spite of an extensive range of practitioner-orientated certified qualifications, it is not possible for any organization to prove – to its management, let alone an external third party – that it has taken the risk-reduction step of implementing best practice.

More than that, ITIL is particularly weak where information security management is concerned – the ITIL book on information security really does no more than refer to a now very out-of-date version of ISO 17799, the information security code of practice.

The emergence of the international IT Service Management ISO 27001 and Information Security Management (ISO20000) standards changes all this. They make it possible for organizations that have successfully implemented an ITIL environment to be externally certificated as having information security and IT service management processes that meet an international standard; organizations that demonstrate – to customers and potential customers – the quality and security of their IT services and information security processes achieve significant competitive advantages.

Information Security Risk

The value of an independent information security standard may be more immediately obvious to the ITIL practitioner than an IT service management one. The proliferation of increasingly complex, sophisticated and global threats to information security, in combination with the compliance requirements of a flood of computer- and privacy-related regulation around the world, is driving organizations to take a more strategic view of information security. It has become clear that hardware-, software- or vendor-driven solutions to individual information security challenges are, on their own, dangerously inadequate. ISO/IEC 27001 (what was BS7799) helps organizations make the step to sytematically managing and controlling risk to their information assets.

IT Process Risk

IT must be managed systematically to support the organization in achieving its business objectives, or it will disrupt business processes and undermine business activity. IT management, of course, has its own processes – and many of these processes are common across organizations of all sizes and in many sectors. Processes deployed to manage the IT organization itself need both to be effective and to ensure that the IT organization delivers against business needs. IT service management is a concept that embraces the notion that the IT organization (known, in ISO/IEC 20000 as in ITIL, as the “service provider”) exists to deliver services to business users, in line with business needs, and to ensure the most cost-effective use of IT assets within that overall context. ITIL, the IT Infrastructure Library, emerged as a collection of best practices that could be used in various organizations. ISO/IEC 20000, the IT service management standard, provides a best-practice specification that sits on top of the ITIL.

Regulatory and Compliance Risk

All organizations are subject to a range of information-related national and international legislation and regulatory requirements. These range from broad corporate governance guidelines to the detailed requirements of specific regulations. UK organizations are subject to some, or all, of:

* Combined Code and Turnbull Guidance (UK)

* Basel2

* EU data protection, privacy regimes

* Sectoral regulation: FSA (1) , MiFID (2) , AML (3)

* Human Rights Act, Regulatation of Investigatory Powers Act

* Computer misuse regulation

Those organizations with US operations may also be subject to US regulations such as Sarbanes Oxley and SEC regulations, as well as sectoral regulation such as GLBA (4), HIPAA (5) and USA PATRIOT Act. Most organizations are possibly also subject to US state laws that appear to have wider applicability, including SB 1386 (California Information Practice Act) and OPPA (6) . Compliance depends as much on information security as on IT processes and services.

Many of these regulations have emerged only recently and most have not yet been adequately tested in the courts. There has been no co-ordinated national or international effort to ensure that many of these regulations – particularly those around personal privacy and data protection – are effectively co-ordinated. As a result, there are overlaps and conflicts between many of these regulations and, while this is of little importance to organizations trading exclusively within one jurisdiction, the reality is that many enterprises today are trading on an international basis, particularly if they have a website or are connected to the Internet.

Management Systems

A management system is a formal, organized approach used by an organization to manage one or more components of their business, including quality, the environment and occupational health and safety, information security and IT service management. Most organizations – particularly younger, less mature ones, have some form of management system in place, even if they’re not aware of it. More developed organizations use formal management systems which they have certified by a third party for conformance to a management system standard. Organizations that use formal management systems today include corporations, medium- and small-sized businesses, government agencies, and non-governmental organizations (NGOs).

Standards and Certifications

Formal standards provide a specification against which aspects of an organization’s management sytsem can be independently audited by an accredited certification body and, if the management system is found to conform to the specification, the organization can be issued with a formal certificate confirming this. Organizations that are certificated to ISO 9000 will already be familiar with the certification process.

Integrated Management Systems

Organizations can choose to certify their management systems to more than one standard. This enables them to integrate the processes that are common – management review, corrective and preventative action, control of documents and records, and internal quality audits – to each of the standards in which they are interested. There is already an alignment of clauses in ISO 9000, ISO 14001 (the environmental management system standard) and OHSAS 18001 (the health and safety management standard) that supports this integration, and which enables organizations to benefit from lower cost initial audits, fewer surveillance visits and which, most importantly, allows organizations to ‘join up’ their management systems.

The emergence of these international standards now enables organizations to develop an integrated IT management system that is capable of multiple certification and of external, third party audit, while drawing simultaneously on the deeper best-practice contained in ITIL. This is a huge step forward for the ITIL world.

Sources:

(1)Financial Services Authority

(2)Markets in Financial Instruments Directive

(3)Anti-money laundering regulations

(4)Gramm-Leach-Bliley Act

(5)Health Insurance Portability and Accountability Act

(6)Online Personal Privacy Act

Alan Calder is an international authority on IT Governance and information security management. He led the world’s first successful implementation of BS 7799, the information security management standard upon which ISO 27001 is based, and wrote the definitive compliance guide for this standard, IT Governance: A Manager’s Guide to Data Security and BS7799/ISO17799. The 3rd edition of this book is the basis for the UK Open University’s postgraduate course on Information Security. He has just written, for BSI, a management guide on integrating ISO 27001 and ISO 20000 Management Systems, drawing heavily on ITIL best practice. He is a consultant to companies around the world, including Cisco.

Article Source:

http://EzineArticles.com/?expert=Alan_Calder

Read the original: Managing Risk in Information Technology