Books published by IT Governance Publishing

ITIL(R) 4 Direct, Plan and ImproveIf you've achieved your ITIL Foundation certificate, you're probably planning the next stage in your ITIL journey and which qualification to work towards. DPI provides essential knowledge and capabilities for service management professionals, supporting those involved in directing or planning based on strategy and continual improvement - a must-have skillset practitioners should seek beyond Foundation level.DPI is the only one of the ITIL 4 advanced level courses that leads to both Managing Professional (MP) and Strategic Leader (SL) status. The module is aimed at managers and aspiring managers at all levels, providing them with the practical skills needed to improve themselves and their organisation by way of effective strategic direction and delivering continual improvement.An excellent supplement to any training courseITIL Direct, Plan and Improve (DPI) - Your companion to the ITIL 4 Managing Professional and Strategic Leader DPI certificationis a study guide designed to help students pass the ITIL Direct, Plan and Improve module.The majority of this book is based on the AXELOSITIL: Direct, Plan and Improve publication and the associated DPI Strategist syllabus. It provides students with the information they need to pass the DPI exam, and help them become a successful practitioner.Suitable for existing ITIL v3 experts, ITIL 4 Managing Professional (MP) students, ITIL 4 Strategic Leader (SL) students, ITSM (IT service management) practitioners who are adopting ITIL 4, approved training organisations, IT service managers, IT managers and those in IT support roles, the book covers:Key concepts;Scope, key principles and methods;The role of governance, risk and compliance;Continual improvement;Organisational change management;Measurement and reporting;Value streams and practices; andExam preparation.A useful tool throughout your careerIn addition to being an essential study aid, the author - a seasoned ITSM professional - also provides additional guidance throughout the book which you can lean on once your training and exam are over. The book includes her own practical experience from which she gives advice and points to think about along the way so that you can refer back to this book for years to come - long after you've passed your exam.The essential link between your ITIL qualification and the real world - buy this book today!ITIL is a registered trade mark of AXELOS Limited. All rights reserved. This book is an official AXELOS licensed product.About the authorClaire Agutter is a service management trainer, consultant and author. In 2020, she was one of Computer Weekly's Top 50 Most Influential Women in Tech. In 2018 and 2019 she was recognised as an HDI Top 25 Thought Leader and was part of the team that won itSMF UK's 2017 Thought Leadership Award.Claire provides regular, free content to the ITSM community as the host of the popular ITSM Crowd hangouts, and is the chief architect for VeriSM the service management approach for the digital age. She is the director of ITSM Zone, which provides online ITSM training, and Scopism, a content and consulting organisation and the publisher of the SIAM Body of Knowledge.

This book provides clear guidance on the SIAM process, answering questions on what service integration is, when SIAM is applicable, and what approach should be taken when sourcing ITSM services in a multi-sourced environment.

ITIL® 4 is the latest evolution of the leading best-practice framework for ITSM (IT service management). It has been significantly updated from ITIL v3 and addresses new ITSM challenges, includes new technologies and incorporates new ways of working.ITIL® Foundation Essentials ITIL 4 Edition is the ultimate revision guide for candidates preparing for the ITIL 4 Foundation exam. It is fully aligned with the Foundation course syllabus and gives a clear and concise overview of the facts. Whether you are taking an ITIL 4 Foundation training course or are a self-study candidate, new to the framework or looking to upgrade your ITIL 2011 certification, this guide is the essential companion. It: Provides definitions of the key terms and concepts used in ITIL 4; Presents detailed information in clear, user-friendly and easy-to-follow ways through tables, bullet points and diagrams; and Explains the key figures and diagrams in the ITIL syllabus.This second edition has been updated to align with amendments to the ITIL® 4 Foundation syllabus, including: Replacing 'change control' with 'change enablement' throughout; The removal of 'IT' from the definition of a change; and Updating definitions for customer, sponsor and user.Start preparing for your ITIL Foundation exam - order your copy today.ITIL® is a registered trade mark of AXELOS Limited. All rights reserved. This book is an official AXELOS licensed product.

A must-have resource for anyone looking to establish, implement and maintain an ISMS.Ideal for information security managers, auditors, consultants and organisations preparing for ISO 27001 certification, this book will help readers understand the requirements of an ISMS (information security management system) based on ISO 27001. Similarly, for anyone involved in internal or external audits, the book includes the definitive requirements that auditors must address when certifying organisations to ISO 27001.The book covers:Implementation guidance -what needs to beconsidered to fuli lthe requirements of thecontrols from ISO/IEC27001, Annex A. This guidance is aligned with ISO/IEC27002, which gives advice on implementing the controls;Auditing guidance -whatshouldbechecked, and how,whenexaminingthe ISO/IEC27001controls to ensure that the implementation coversthe ISMS control requirements.The implementation guidance gives clear descriptions covering what needs to be considered to achieve compliance against the requirements, with examples given throughout. The auditing guidance covers what evidence an auditor should look for in order to satisfy themselves that the requirement has been met. Useful for internal auditors and consultants, the auditing guidance will also be useful for information security managers and lead implementers as a means of confirming that their implementation and evidence to support it will be sufficient to pass an audit.This guide is intended to be used by those involved in:Designing, implementing and/or maintaining an ISMS;Preparing for ISMS audits and assessments; orUndertaking both internal and third-party ISMS audits and assessmentsAbout the authorBridget Kenyon (CISSP) is global CISO for Thales eSecurity. Her experience in information security started in 2000 with a role in network vulnerabilities at DERA, following which she has been a PCI Qualified Security Assessor, information security officer for Warwick University and head of information security for UCL, and has held a variety of roles in consultancy and academia.Bridget has been contributing to international standards since 2006, when she first joined BSI Panel 1, coordinating development of information security management system standards; she is currently editor for ISO/IEC 27014. Bridget has also co-authored three textbooks on information security. She strongly believes that "e;information security is fundamental to reliable business operations, not a nice-to-have"e;. In 2018, she was named one of the top 25 women in tech by UK publication PCR.

Succeed as a PRINCE2(R) practitioner with this concise overview. This guide explains the fundamental principles of PRINCE2 2017, enabling you to review essential themes before taking your PRINCE2 Foundation exam. Following accreditation, it serves as a reference guide to help you manage ongoing PRINCE2 projects within your organisation.

Prepare for the ITIL Foundation examITIL is best practice for IT Service Management, developed by the UK government and globally adopted in both the public and private sectors. ITIL is not prescriptive, but rather it is a framework that organisations can adopt and adapt.The Foundation Certificate is the entry-level ITIL qualification, which offers candidates a general awareness of the key elements, concepts and terminology used in the ITIL service lifecycle.These fundamental ITIL ideas have been condensed into this pocket guide to provide candidates with the essential facts they need in order to pass the ITIL Foundation exam.All you need to knowto achieveITIL Foundation CertificationAn official ITIL Licensed product, ITIL Foundation Essentials is a distillation of critical information - no waffle or padding - just exactly what you need to understand how to pass the ITIL Foundation exam. Written forself-study candidates, ITIL community training delegates, itSMF/BCS members and V2 Foundation Certificate holders, who have yet to take an upgraded exam, this pocket guide is fully aligned with the ITIL 2011 core volumes.Project managers, who are looking to expand their qualifications, and IT contractors or consultants, who don't want to take time out from their day jobs to attend a course, will also find this pocket guide an essential companion to their studies and education.The complete ITIL Foundation syllabusTHE essential companion for those studying the ITIL Foundation syllabus, the pocket guide covers key areas including:A basic introduction to ITIL and a description of service classifications (core, enabling, enhancing) and an outline of internal and external services.A point-by-point summary of the purpose, objectives, scope and value of the five stages of the service lifecycle that form the ITIL core; from strategy and design, through to transition, operation and continual service improvement (CSI).Separate sections in the guide are dedicated to describing ITIL key concepts and terminology (including "e;stakeholders"e; and "e;processes, functions and roles"e;) and throughout the pocket guide the wide range of 3, 4 and 5 letter ITIL acronyms (including PBA, FMITS, BRM, SLM, OLA, SLR, VBF, ITSCM, SACM, RADM) are expanded and explained.A brief summary of the ITIL qualification scheme and the Foundation exam.The ideal revision guide for the ITIL Foundation examinationThis product is accredited by AXELOS, the licensors of official ITIL products.ITIL is a Registered Trade Mark of AXELOS Limited.

This book provides information security and risk management teams with detailed, practical guidance on how to develop and implement a risk assessment in line with the requirements of ISO27001. Drawing on international best practice including ISO/IEC 27005 and BS7799-3, the book explains in detail how to do an information security risk assessment.

An IT service desk is the first point of contact between users and an IT organisation. A service desk is a one-stop destination for enquiries, requests and reporting issues, ensuring continuing use of IT services without disruption. They have become intrinsic in modern organisations.A service desk makes prioritising and responding to customer enquiries much more efficient, saving time and money. More and more organisations are understanding that customer satisfaction is key to developing their business.The Service Desk Handbook - A guide to service desk implementation, management and support provides operational guidance for implementing, managing and supporting service desks in the enterprise. It will help service desk teams in adopting ITIL to accomplish their tasks while making the necessary adaptations as per their organisation's needs.Suitable for service desk agents, supervisors and managers, as well as project managers and senior management looking to revise processes, this book will help readers get a service desk unit off the ground and act as a key reference guide once the service desk has been implemented.Topics covered include: Planning for a service desk; Telephony and tooling; The service desk team; Documentation; Performance measures; and Technology considerations - artificial intelligence and platforms and tools.

Adaptable Project Management - A combination of Agile and Project Management for All (PM4A)Project management skills continue to be desired by employers, and those with qualifications can often demand a higher salary. Project managers are valued for their flexibility, agility and, increasingly, ability to align with the strategic goals of the business as project management moves from being a specialist discipline in software environments to a general business skill.Adaptable Project Management - A combination of Agile and Project Management for All (PM4A)dispels the myth that Agile approaches to project management can only be used for software development. It also recognises that there are both benefits and drawbacks to all project management methodologies. Following detailed analysis of Agile practices and the traditional waterfall approach, author Colin Bentley proposes a new method of project management using principles that focus on PM4A (project management for all).Adaptable Project Management:Enables readers to understand how to approach projects where the full requirements are not known at the outset;Gives advice on how to combine the benefits of Agile and waterfall project management methodologies for successful project implementation;Helps readers take a thorough approach to risk management; andProvides a universal approach to project management, making sure that it is accessible for multiple industries and not wedded to software development practices.Project managers, IT managers, consultants and other senior managers trying to develop a project management approach suitable for their organisation, or those employees expected to take on project management or 'client/product owner' roles without any briefing or other support will find this book extremely valuable. It will also benefit any readers doing a project assurance review for the first time, as well as Agile users who want to know how to fill the gaps in their current method, such as quality and risk management.Buy this book today for a universal and successful approach to project management!

Understand the basics of business continuity and ISO 22301:2019 with this concise pocket guide, which will help you ensure your organisation can continue to operate in the event of a disruption.

Cyber Security - Essential principles to secure your organisation takes you through the fundamentals of cyber security, the principles that underpin it, vulnerabilities and threats, and how to defend against attacks.

How Cyber Security Can Protect your Business - A guide for all stakeholders provides an effective and efficient framework for managing cyber governance, risk and compliance, which organisations can adapt to meet their own risk appetite and synchronise with their people, processes and technology.

Ideal for risk managers, information security managers, lead implementers, compliance managers and consultants, as well as providing useful background material for auditors, this book will enable readers to develop an ISO 27001-compliant risk assessment framework for their organisation and deliver real, bottom-line business benefits.

Improve employee safety, reduce workplace incidents and create better, safer working conditionsAccording to a reportfrom the ILO (International Labour Organization), there are more than 2.78 million deaths and 374 million non-fatal injuries and illnesses per year as a result of occupational accidents or work-related diseases. The ILO estimates that the annual cost to the global economy is $3 trillion (about trillion), and in the UK alone it's estimated that 30.7 million working days were lost in 2017/2018 as a result of work-related illness and injury. Can your organisation afford to contribute to these statistics?How can ISO 45001 help?ISO 45001:2018, Occupational health and safety management systems - Requirements with guidance for use, is the international standard for creating and maintaining an OHSMS (occupational health and safety management system). The Standard provides guidance and an effective set of processes for improving worker safety and is designed to help organisations of all sizes and anywhere in the world reduce workplace injuries and illnesses.Creating and maintaining an OHSMS demonstrates employer due diligence and reasonable care, reduces workplace incidents, improves employee health, reduces absenteeism, increases productivity and creates a safer working environment for employees.Establishing an OHSMS based on ISO 45001This book provides a comprehensive explanation of the detailed requirements of ISO 45001. The author draws out key parts of the Standard, which can often be confusing for non-experts or newcomers to ISO standards, and explains what they mean and how to comply.Professionals involved in any aspect of an OHSMS, including development, documentation, implementation, training, supervision or auditing, will find the book useful. Equally, those with no background in the subject will find it a valuable resource. The book:Follows a hands-on and step-by-step approach to building an OHSMS;Explains the purpose and the requirements of each clause of ISO 45001;Describes how the requirements can be fulfilled by an organisation;Provides definitions of the roles and responsibilities of leadership; andIncludes numerous examples, suggestions, sample forms and procedures.Suitable for HSQE professionals, project managers, lead implementers and senior management, this book demystifies the ISO 45001 Standard by presenting its contents and implementation methodology in a simple, user-friendly and easily understandable manner. Consultants, trainers and auditors will also find it a useful reference guide.Successfully establish an OHSMS and proactively reduce injury and ill-health in your organisation - buy this book today.About the authorNaeem Sadiq holds a BSc in Aerospace and a Master's in Manufacturing Engineering. He is a certified lead auditor, an ASQ-certified manager and a quality systems auditor. Naeem's experience in engineering and management includes 25 years as an independent consultant, auditor and trainer for the ISO 9001, ISO 14001 and OHSAS 18001 standards.Naeem has presented a number of papers at national conferences on management system standards, and has provided consultancy, training and auditing support to more than 100 organisations. As a freelance writer, he is a regular contributor to national newspapers reporting on safety, environmental and social issues. He is also the author of two books: OHSAS 18001 Step by Step - A practical guide and ISO 14001 Step by Step - A practical guide.

Achieving certification to multiple ISO standards can be time consuming and costly, but an IMS incorporates all of an organisation's processes and systems so that they are working under - and towards - one set of policies and objectives.

This pocket guide serves as an introduction to the National Institute of Standards and Technology (NIST) and to its Cybersecurity Framework (CSF).Now more than ever, organizations need to have a strong and flexible cybersecurity strategy in place in order to both protect themselves and be able to continue business in the event of a successful attack. The NIST CSF is a framework for organizations to manage and mitigate cybersecurity risk based on existing standards, guidelines, and practices.With this pocket guide you can:Adapt the CSF for organizations of any size to implementEstablish an entirely new cybersecurity program, improve an existing one, or simply provide an opportunity to review your cybersecurity practicesBreak down the CSF and understand how other frameworks, such as ISO 27001 and ISO 22301, can integrate into your cybersecurity frameworkBy implementing the CSF in accordance with their needs, organizations can manage cybersecurity risks in the most cost-effective way possible, maximizing the return on investment in the organization's security. This pocket guide also aims to help you take a structured, sensible, risk-based approach to cybersecurity.

A wealth of material has been written to describe the underlying mechanics of ITSM, but very little practical advice is available on how to implement ITSM best practices to achieve an organization's business objectives.The official ITIL volumes explain what service management is, how the processes work and fit together, and why IT functions should adopt the practice, but they are notoriously vague on how to design and implement an ITSM model in a real organization. This challenge is best understood by those with experience of transforming ineffective and expensive IT, yet most ITSM guides are authored from a purely academic standpoint.Real-world IT Service ManagementThis book provides guidance on implementing ITSM Best Practices in an organization based on the authors' real-world experiences. Advice is delivered through a Ten-Step approach, with each step building upon the successes of its predecessors.Subjects covered include:Documenting objectives, identifying current and future demands, analyzing service financials.High-level design, negotiating development priorities, creating an execution plan and roadmap, agreeing roles and responsibilities.Detailed design, building, testing, deploying.Monitoring and continual improvement.Each step includes summary lists of key questions to ask and specific actions to take, and a useful business case template is included as an appendix.A practical guide to ITSMAs organizations seek to boost revenue, cut costs and increase efficiency, they increasingly look to IT as a strategic partner in achieving these objectives.Ten Steps to ITSM Success helps IT to prepare for this role by providing a detailed and practical guide to implementing ITSM best practices. It is aimed at ITSM practitioners and consultants, but will also be of interest to IT Directors and C-suite executives looking to transform the role of IT into a value-creating business partner, to establish a service management culture, and to drive improvements in their respective organizations.

Considering the pandemic threat in a business continuity contextI thoroughly enjoyed reading Clark's book which is written in a style that makes it easy for anyone to understand without requiring a background in medicine or business. I have been involved in disaster management planning for the past ten years and yet I still found this book both enlightening and extremely informative.Dr Tanya Melillo MD, MSc(Dist), PhDThis informative book is written in an easy going and conversational manner, but the message it brings to the table is critical to understanding the meaning of any forthcoming pandemic threat and considerations of how to mitigate the effects, where possible, to you and your organisationOwen Gregory MSc BA (Hons) MBCI MBCSThe increase in commercial aviation and international travel means that pandemics now spread faster than ever before. Seasonal flu pandemics, zoonotic contagions such as Ebola, swine flu and avian flu (e.g. H5N1 and H7N9), and respiratory syndromes such as SARS and MERS have affected millions worldwide. Add the ever-present threat of terrorism and biological warfare, and the possibility of large proportions of your workforce being incapacitated is a lot stronger than you might think.You may well have prepared for limited business interruptions, but how would your business fare if 50% or more of your employees, including those you rely on to execute your business continuity plan, were afflicted by illness - or worse?Although nothing can be done to prevent pandemics, their impact can be significantly mitigated. Business Continuity and the Pandemic Threat explains how.Product overviewThe book is divided into two parts, which examine the pandemic threat and explain how businesses can address it:Part I: Understanding the ThreatThe first, shorter, part provides the reader with a detailed overview of the challenge that pandemic threats can present. It uses historical examples (such as the 1918-19 Spanish Flu outbreak, which killed 50 million) to illustrate how pandemics can have devastating effects not only on the global population but also on critical infrastructure, the global economy and society.Part II: Preparing for the InevitableThe second part of the book considers the actions that can be taken at a global, national, corporate and individual level to mitigate the risk and limit the damage of pandemic incidents. It provides guidance on creating and validating a pandemic plan, and explains how it integrates with a business continuity plan. Comprehensive case studies are provided throughout.Topics covered include:The World Health Organisation (WHO)'s pandemic phases and the Centre for Disease Control (CDC)'s Pandemic Severity IndexPreventive control measuresCrisis management and the composition of a crisis management teamDealing with cash-flow, staff absenteeism, home working and supply chain managementCommunications and media plansPandemic issues for HRThe threat to critical national infrastructureHealth service contingency plans and first responders' business continuity plansThe provision of vaccines and antiviral medicines, including relevant ethical issuesTake your business continuity plan to the next level: ensure your organisation survives a pandemic with a substantially depleted workforce. Buy Business Continuity and the Pandemic Threat today.About the authorA Fellow of the Institute of Business Continuity Management and Member of the Business Continuity Institute, Robert A. Clark is also a Fellow of the British Computer Society and a Member of the Security Institute. His career includes 15 years with IBM and 11 years with Fujitsu Services working with clients on BCM related assignments. He is now a freelance business continuity consultant at www.bcm-consultancy.com.

Co-written by a PCI QSA (Qualified Security Assessor) and updated to cover PCI DSS version 3.2, this handy pocket guide provides all the information you need to consider as you approach the PCI DSS. It is also an ideal training resource for anyone in your organisation involved with payment card processing.

Insider Threat - A Guide to Understanding, Detecting, and Defending Against the Enemy from Within looks beyond perimeter protection tools, and shows how a security culture based on international best practice can help mitigate the insider threat to your security.

Ensure the success of your security programme by understanding users' motivations"e;This book cuts to the heart of many of the challenges in risk management, providing advice and tips from interviews as well as models that can be employed easily. Leron manages to do this without being patronising or prescriptive, making it an easy read with some very real practical takeaways."e;Thom Langford, Chief Information Security Officer at Publicis Groupe"e;Based on real world examples the book provides valuable insights into the relationship of information security, compliance, business economics and decision theory. Drawing on interdisciplinary studies, commentary from the field and his own research Leron gives the reader the necessary background and practical tools to drive improvements in their own information security program."e;Daniel Schatz, Director for Threat & Vulnerability Management at Thomson ReutersIn today's corporations, information security professionals have a lot on their plate. In the face of constantly evolving cyber threats they must comply with numerous laws and regulations, protect their company's assets and mitigate risks to the furthest extent possible.Security professionals can often be ignorant of the impact that implementing security policies in a vacuum can have on the end users' core business activities. These end users are, in turn, often unaware of the risk they are exposing the organisation to. They may even feel justified in finding workarounds because they believe that the organisation values productivity over security. The end result is a conflict between the security team and the rest of the business, and increased, rather than reduced, risk.This can be addressed by factoring in an individual's perspective, knowledge and awareness, and a modern, flexible and adaptable information security approach. The aim of the security practice should be to correct employee misconceptions by understanding their motivations and working with the users rather than against them - after all, people are a company's best assets.Product descriptionBased on insights gained from academic research as well as interviews with UK-based security professionals from various sectors,The Psychology of Information Security - Resolving conflicts between security compliance and human behaviourexplains the importance of careful risk management and how to align a security programme with wider business objectives, providing methods and techniques to engage stakeholders and encourage buy-in.The Psychology of Information Securityredresses the balance by considering information security from both viewpoints in order to gain insight into security issues relating to human behaviour , helping security professionals understand how a security culture that puts risk into context promotes compliance.ContentsChapter 1: Introduction to information securityChapter 2: Risk managementChapter 3: The complexity of risk managementChapter 4: Stakeholders and communicationChapter 5: Information security governanceChapter 6: Problems with policiesChapter 7: How security managers make decisionsChapter 8: How users make decisionsChapter 9: Security and usabilityChapter 10: Security cultureChapter 11: The psychology of complianceChapter 12: Conclusion - Changing the approach to securityAppendix: AnalogiesAbout the authorLeron Zinatullin (zinatullin.com) is an experienced risk consultant specialising in cyber security strategy, management and delivery. He has led large-scale, global, high-value security transformation projects with a view to improve cost performance and support business strategy.He has extensive knowledge and practical experience in solving information security, privacy and architectural issues across multiple industry sectors.He has an MSc in information security from University College London, where he focused on the human aspects of information security. His research was related to modelling conflicts between security compliance and human behaviour.

Aligned with the latest iteration of the Standard - ISO 27001:2013 - this new edition of the original no-nonsense guide to successful ISO 27001 certification is ideal for anyone tackling ISO 27001 for the first time, and covers each element of the ISO 27001 project in simple, non-technical language