Enjoy Dan ______ |  alt="Sentinel Newsletter" complete=complete complete=complete>
| | Edition 56, 22 February 2010 | |
| | | Sentinel, our newsletter for IT governance and information security professionals, continues to explore the great range of available resources found for us by editor Dan Swanson. | | | "There are no shortcuts. To be a big success, start a little earlier, work a little harder, and stay a little later"
- Brian Tracy "The trouble with many plans is that they are based on the way things are now. To be successful, your personal plan must focus on what you want, not what you have"
- Nido Qubein "Setting a goal is not the main thing. It is deciding how you will go about achieving it and staying with that plan"
- Tom Landry | This Month's Top "Picks" |  
| Avoid the "Reduced Budget" trap and secure funds for vital compliance projects
It's that time of year again when most public sector organisations and many private sector organisations begin to look at budgets for the next financial year. With the country struggling to come out of recession and with big public sector cut-backs on the horizon, it is vital that every pound spent can be justified, accounted for and not wasted. Whist tight financial controls are inevitable given the state of the economy, it is essential that funds are available for projects that will help organisations to survive and prosper though the upturn.
http://blog. itgovernance. co.uk/630/ IT audit checklists
This resource selection focus on IT audit guidance that covers the evaluation of a variety of critical IT activities. One of the key benefits of these guides is the self assessment by IT and other managers that can be facilitated, in advance of a formal internal audit.
http://www.itworldc anada.com/ blogs/ Improving the practice of IT
Leveraging best practice research is always useful - just make sure it applies to your organization before implementing changes. This resource is focused on improving the practice of IT.
http://www.itworldc anada.com/ blogs/ The finance function
The finance function is absolutely critical to the organization' s long term success. This resource provides some excellent best practice information regarding this important corporate function.
http://www.itworldc anada.com/ blogs/ NEW! CISSP CBK – Essential for Infosec Professionals
CISSP certification has become a pre-requisite for anyone looking to make a career in information security and certification provides professionals with an objective measure of competence and a globally recognised standard of achievement.
The issue isn't your current qualification status, it's how current your knowledge is, in relation to the the latest development in this ever-changing field. Purchase a copy of the Official (ISC)2 Guide to the CISSP CBK, Second Edition, it will bring you bang up to date and keep you ahead of the game.
http://www.itgovern ance.co.uk/ products/ 861 | |
| Organisational Governance Being prepared and in control
This resource pick has a "governance" focus. It also re-enforces the importance of being prepared (e.g. implementing a security incident response capability) and being "in control" (e.g we must have effective change management). It really is endless!
http://www.itworldc anada.com/ blogs/ How to 'think for yourself'
This resource combines a mixture of corporate governance guidance and personal growth items. "Thinking for yourself" is one of my favorite little nuggets – and its not often you get something priceless for free.
http://www.itworldc anada.com/ blogs/ Nobody's Perfect
While I never met Edwards Deming in person, this quote continues to inspire me: "You have heard the words; you must find the way. It will never be perfect. Perfection is not for this world; it is for some other world. I hope what you have heard here today will haunt you the rest of your life. I have done my best". Continuous improvement really is a life long journey.
http://www.itworldc anada.com/ blogs/ The importance of internal audits
This resource originates from a monthly internal audit column I write for Jim Kaplan, for going on more than three years now. Each month in Jim's internal audit newsletter (http://www. auditnet. org/) I highlight leading audit and security resources to assist auditors and security practitioners.
http://www.itworldc anada.com/ blogs/ | |
| IT Governance Have you started your journey yet?
Getting IT under control is all about consistent and repeatable IT processes. Change and release management has become a defining performance factor in high performing IT shops. Significant research has also been completed which identifies the huge benefits of tackling change management "head on".
http://www.itworldc anada.com/ blogs/ High Availability: The Next Challenge
CIOs must alter their thinking about their approach to availability. The old paradigm is "Experience and React". Things happen; we react; the organization is affected. The new way of thinking must be "Anticipate and Adjust". Things still happen, but their effect is neutralized; the organization feels little or no effect.
http://www.itworldc anada.com/ news/ Back to the future
Learning from the past is critical in helping prevent the repeat of past mistakes. Studying new research is important in helping to adopt new practices when available & appropriate rather than having to wait for them to go mainstream several years later. Finally, watching for a changing business environment is also important – e.g. to prevent from being hit by fast changing requirements. It's a tough world out there!
http://www.itworldc anada.com/ blogs/ | |
| Risk Management and Internal Audit All about the IIA
This resource highlights IIA's long-term effort to provide leading guidance to internal auditors and risk management professionals.
http://www.itworldc anada.com/ blogs/ Risk management tips
This resource combines risk thought-leadership with a touch of enterprise architecture and a comprehensive quality management resource repository.
http://www.itworldc anada.com/ blogs/ A fistful of risk management resources
This resource highlights three leading risk management books as well as my three year summary of monthly columns for AuditNet and Jim's internal audit newsletter, now into its 15 year! Finally, KARL is a very unique resource which will require hours and hours of study.
http://www.itworldc anada.com/ blogs/ Best practices abound
The amount of valuable information available continues to amaze me. The study, and then application, of recommended practice(s) also continues to be a huge challenge, but it is better than trying to reinvent that wheel, over and over again. I'd really welcome hearing about any leading resources regarding the successful implementation of change and application of new technologies and solutions.
http://www.itworldc anada.com/ blogs/ | |
| Information Security IT GOVERNANCE HELPS COMBAT CYBERTHREATS WITH NEW PENETRATION TESTING SERVICE
Cybercriminals target Internet Protocol (IP) addresses, website applications, firewalls, network devices, hardware and software. All Internet-facing networks and resources are subject to automated, malicious probing and, when a vulnerability is detected, the exploitation of that vulnerability is also usually automatic. No organisation is immune. A security breach of this nature, and the theft of data (personal or commercially confidential) or other business interruption, exposes an organisation to commercial and compliance penalties that can be significant.
The new IT Governance 'penetration testing' service examines and tests the technical security measures an organisation has in place to protect its networks and applications.
http://www.itgovern ance.co.uk/ media/article. aspx?news_ id=840 The book on security engineering
This resource selection focuses on protecting your information, designing security into your solutions and ensuring a comprehensive assurance process is "in place". It also encourages a life long learning philosophy by providing a summary of some leading edge sources of security PD.
http://www.itworldc anada.com/ blogs/ Auditing to avoid IS icebergs
This article explores the audit's assurance role regarding information security and outlines approaches and methodologies.
http://www.itworldc anada.com/ blogs/ Inside the EDPACS newsletter
EDPACS, a long time monthly IT audit and control newsletter, is now in its 37th year of publication. A variety of freely available articles from their web site are accessible from the link below. The annual subscription cost is very reasonable and includes online access to more than ten years of articles.
http://www.itworldc anada.com/ blogs/ | |
| ITIL, ITSM & Prince2 ISO/IEC TR 20000-3:2009
ISO/IEC TR 20000-3:2009 today - this standard will help you decide if ISO/IEC 20000-1 and implementing a service management system are right for your organisation.
http://www.itgovern ance.co.uk/ products/ 2815 Information Security Management with ITIL V3
This title is a comprehensive source of information on the ITILv3 Information Security Management process. This groundbreaking new title looks at information security from defining what security measures positively support the business, to implementation to maintaining the required level and anticipating required changes.
http://www.itgovern ance.co.uk/ products/ 2888 ITIL Complete Certification Kit
This kit contains books and a CD-ROM which will help you pass your ITILv3 Foundation exam and your ITILv3 Intermediate exams. All of the books in this kit are officially approved, they are endorsed by itSMF, APMG or ISEB.
http://www.itgovern ance.co.uk/ products/ 2821 Passing Your ITIL Intermediate Exams (ITILv3)
This ITILv3 exam guide is suitable for candidates taking any of the ITIL Lifecycle or Capability stream exams, or both. It offers details about the exams, how to prepare and how to achieve the target competencies.
http://www.itgovern ance.co.uk/ products/ 2819 | | Sign up now for SENTINEL - monthly updates on IT govenance issues that matter | | Download our new Training Catalog and find out what we have to offer in 2010! | Security Awareness Resources Get to know auditing
This resource selection highlights a variety of audit articles which I've had the pleasure of writing. By regularly studying (auditing) what is "in place" (our current state) and identifying what the priority improvement are (our future state) we can encourage and implement continuous improvement.
http://www.itworldc anada.com/ blogs/ Information Security Awareness Posters
The posters are designed to be used as part of a general information security education and awareness initiative inside security-conscious organisations, and all organisations pursuing ISO27001 certification (which requires a staff training and awareness plan) or Data Protection Act compliance.
http://www.itgovern ance.co.uk/ products/ 1756 The Alan Calder ISO 27001 Library
This library of books assembles key publications from Alan Calder - the world's leading authority on ISMS implementation - together as one kit. The Library contains essential information about Information Security Management and ISO 27001.
http://www.itgovern ance.co.uk/ products/ 749 IT Induction and Information Security Awareness
The only guide on the market to cover IT Induction and Information Security Awareness!
Where your information security is concerned, prevention is better than cure.
http://www.itgovern ance.co.uk/ products/ 2882 | | Sign up now for SENTINEL - monthly updates on IT govenance issues that matter |
| | This message was sent from Joy Smith / IT Governance to dswanson@manitoba- ehealth.ca. It was sent from: IT Governance Ltd, IT Governance Ltd, Unit 3, Clive Court, Bartholomew' s Walk, Cambridgeshire Business Park, Ely, Cambs CB7 4EH. Registered in England No 4418178. , Ely, Cambs CB7 4EH , United Kingdom . You can modify/update your subscription via the link below. | Email Marketing by
 |
| 
-----Inline Attachment Follows-----
This email and/or any documents in this transmission is intended for the
addressee(s) only and may contain legally privileged or confidential information. Any unauthorized use, disclosure, distribution, copying or dissemination is strictly prohibited. If you receive this transmission in error, please notify the sender immediately and return the original.
Ce courriel et tout document dans cette transmission est destiné à la personne ou aux personnes à qui il est adressé. Il peut contenir des informations privilégiées ou confidentielles. Toute utilisation, divulgation, distribution, copie, ou diffusion non autorisée est strictement défendue. Si vous n'êtes pas le destinataire de ce message, veuillez en informer l'expéditeur immédiatement et lui remettre l'original.
Looking for the perfect gift? Give the gift of Flickr! |
Follow us on Twitter!
Join us on Facebook!
IT Governance specialises in governance, risk management, compliance and information security.
View message 
Comment on this message 
Receive as RSS 
del.icio.us 
Digg 
reddit 
Facebook 
StumbleUpon 
0 comments:
Post a Comment