Speaking at the United Nations’ Information Security Special Interest Group’s symposium in Geneva, Calder said: “ISO27001 is international best practice for any organisation seeking a structured framework to address cyber risks. ISO27001 has many strengths, including helping organisations secure the right balance of data availability, integrity and confidentiality. A further benefit of ISO27001 is the flexibility to integrate with other management standards. This point is vital – effective cybersecurity depends on establishing a comprehensive and interconnected defence strategy.

“Every organisation should remember, however, that ISO27001 certification does not equate with invincible security. ISO27001, effectively deployed, improves an organisation’s information security and resilience, but new threats are constantly evolving. Defences, therefore, need to evolve, too. There is no room for complacency. ISO27001 rightly expects you to continually reassess your business, risk and compliance environment in line with ‘real-world’ developments.

“There is never a time for complacency in information security. The need to keep strategies under constant review has never been greater. The revolutionary wonders of ‘Web 2.0’ can rapidly turn into ‘Threat 2.0’. The speed and degree of change in the modern business, compliance and security worlds is unprecedented, from new standards and threats to new technologies, such as Google+ and Android telephones. Any technological advance brings new security risks, as hackers immediately start finding ways to burrow in and exploit vulnerabilities. Everyone must be prepared.”

The three-day course, ‘Principles of IT Governance’, will deliver introductory training for IT professionals, providing delegates with a complete understanding of IT governance implementation.

Alan Calder, Chief Executive of ITG, says: ‘Senior managers and consultants who advise on IT governance are in boardroom demand across the globe. IT governance is now recognised as a key driver in ensuring a return on IT investment. In order to compete at the highest levels, companies need staff with experience and the relevant, accredited qualifications.

‘IT governance is at the heart of strategic IT management in all successful organisations. A close alliance between business objectives and IT resources, an optimised return on investment and compliance with IT standards are key factors in determining whether IT truly delivers the competitive advantage it should.

‘The course is designed for individuals whose role requires them to have a broad understanding of IT governance and a familiarity with the wide range of frameworks, standards and methodologies in use, from the COBIT IT governance/management framework and the corporate governance standard ISO38500 through to the IT Infrastructure Library (ITIL®) and the ISO27001 information security management standard. This course enables delegates to understand each of the existing frameworks and standards, to see them in their context, and to appreciate how to use each standard as part of an integrated approach to improving governance, risk management and compliance.’

The course will therefore look at these overlapping and competing frameworks and standards and propose organisational solutions, such as the Calder-Moir Framework, teaching delegates how best to use the framework in order to improve IT governance.

Calder himself, author of many governance publications including Corporate Governance and IT Governance: A Pocket Guide, will be leading the training. The courses will provide delegates with opportunities to interact with their trainers to help identify and apply current lessons to their own organisations.

The course also prepares delegates for the ‘Principles of IT Governance’ examination, which is taken on the final day of the course. Successful candidates will be awarded the ‘Certificate in IT Governance’, a foundation qualification accredited by the International Board for IT Governance Qualifications (IBITGQ), the new international board for harmonising and improving IT governance qualifications.

Calder continues: ‘IT qualifications certified by accredited and respected organisations are becoming an essential requirement for any IT governance professional. With an ever-increasing demand for such staff, employers are offering enhanced career opportunities to candidates who have certified qualifications and relevant experience.’

Each ‘Principles of IT Governance’ course will include 18 topical sessions to help organisations adjust to the ever-changing IT environment and will cover key issues such as internal control and culture, the definition of drivers for IT governance, risk and control in IT governance, and performance management. As such, typical delegates could include anyone from a board director or IT executive to an IT consultant or a compliance manager.

The three-day courses will be held in London, with the first course taking place from October 5-7 2011. The course dates for 2012 are January 18-20, April 4-6 and July 4-6, with each course costing £1,495 ($2,470.71/€1,717.74). An ‘early bird’ discount of £300 is also available on any bookings made by August 31 2011.

All booking information can be found at: www.itgovernance.co.uk/products/3461.

Alan Calder, Chief Executive of ITG, says: ‘Gaining ISO27001 certification is one thing, but what next? ISO27001 is a security management standard that rightly expects you to continually reassess your business, risk and compliance environment in line with ‘real world’ developments. There is a lot of guidance on how to achieve ISO27001 certification, but very little guidance on the next steps. These courses fill that gap.

‘There is never a time for complacency in information security. The revolutionary wonders of ‘Web 2.0’ can rapidly turn into ‘Threat 2.0’. Any technological advance brings new security risks, as hackers immediately start finding ways to burrow in and exploit vulnerabilities. You need to be prepared.

‘These two-day classroom training courses address the constant threat posed by cyberattacks, providing expert guidance from overarching strategies to practical steps. The need to keep ISMS strategies under constant review has never been greater. The speed and degree of change in the modern business, compliance and security worlds is unprecedented, from new standards and threats to new technologies such as Google+ and Android phones. You can be sure cybercriminals will constantly be probing your defences. How do you monitor, measure and improve the effectiveness of your controls? By regularly attending these courses, you will be able to continue implementing best practice information security management, and demonstrating that fact to external auditors, despite the changing environment.’

The new ITG courses, Reviewing and Improving Your ISMS, will be led by Calder and Steve Watkins, Consultancy Director of ITG, who together co-authored IT Governance: A Manager’s Guide to Data Security and ISO27001/ISO27002. The courses will provide delegates with an opportunity to interact with their trainers to help identify and apply current lessons to their own organisations.

Calder continues: ‘The courses are designed for individuals whose role requires them to have a broad understanding of current trends in information security, and to be aware of new and emerging regulation and technical standards and evolving best practice in reviewing and improving an ISMS. The scope of training, therefore, makes the courses relevant to everyone from an information security manager or an IT auditor to a board director or chief information officer.

‘No two of the quarterly courses will be the same, as we will take into account new laws and regulations, threats and vulnerabilities, technologies, standards and certification requirements. Each course will therefore evolve from its predecessor. We want to take ISO27001 training to the next level and the best way to achieve this goal is to ensure training is up-to-date and comprehensive. These courses are the first of their kind and will allow organisations to maintain the best levels of protection.’

Each course will include 18 topical sessions to help organisations adjust to the ever-changing IT environment, looking at everything from the quarter’s headline events through to key new technological trends. Courses will also use case studies to illustrate and learn from real-life experiences.

The courses will be held in London, with the first course taking place on October 24-25 2011. The scheduled dates for 2012 are January 24-25, April 18-19 and July 17-18, with each course offering 15 hours of continuing professional development (CPD).

The courses cost £895.00 each ($1,479.12/€1,028.35) or all four courses can be booked for a discounted £2,595+VAT. An ‘early bird’ discount of £150 is also available on any bookings made by August 31 2011.

All booking information can be found at: www.itgovernance.co.uk/products/3399.

The new ‘IT Service Management Documentation Toolkit’ is designed to help companies put in place ‘fit-for-purpose’ documentation, implement ITIL service management best practices and, ultimately, optimise their IT service management systems.

Alan Calder, Chief Executive of IT Governance, says: ‘This unique toolkit is the perfect investment for organisations seeking an optimal route to ITSM best practice, guiding companies through the relevant processes. ITIL is the world’s foremost ITSM framework and ITIL implementation is invaluable for achieving compliance with ISO/IEC 20000, the globally recognised set of ITSM standards.

‘With the ITIL framework providing best practice guidance on how to manage IT infrastructure and streamline IT services in line with business expectations, ITIL is becoming increasingly vital for IT professionals.

‘Our toolkit draws on original content licensed by the Office of Government Commerce (OGC), which oversees the ITIL framework, so you can be sure the toolkit contains the relevant documentation to ensure correct implementation and enjoy the consequent organisational and commercial benefits.

‘The importance of ITSM can hardly be overestimated, especially as many service providers are required by their governments to achieve ISO/IEC 20000 certification. This toolkit will help organisations avoid costly trial-and-error dead-ends.’

The documents contained in the toolkit include service management plan templates; a service level agreement template; 100 pre-written policies, procedures, templates and guidance documents; a pre-written IT service management system manual; and over 400 pages of fit-for-purpose information.

The toolkit has been written by ITIL specialists Jenny Dugmore and Shirley Lacy. Dugmore was the chair of the British Standards Institution (BSI) committee that produced BS15000, a prequel to ISO/IEC 20000, and is now the chair of the ISO Committee responsible for the 20000 series. In 2005, she was awarded a lifetime achievement award by the IT Service Management Forum (itSMF). Lacy was an ITIL author and project mentor for the ITIL 2011 Update. She holds the ITIL ‘expert’ certificate and is an accredited trainer for ITIL and ISO/IEC 20000. Among their many ITSM-related achievements, Dugmore and Lacy have co-authored ‘A Manager’s Guide to Service Management’ and ‘Introduction To The ISO/IEC 20000 Series’.

Dugmore says: ‘Effective service management is increasingly recognised as fundamental to business success. Customers are looking for better quality, lower costs, greater flexibility and faster responses to their changing requirements. This toolkit enables all types of service providers to set up and implement an effective service management system that delivers quality and value to customers.’

Lacy adds: ‘The toolkit uses tried and tested best practices that avoid re-inventing the wheel. The gap analysis tool and template-driven approach will help an organisation assess current ITSM requirements and implement relevant service management processes.’

The toolkit costs £495 ($818.06/€568.75) and can be purchased as a download at: www.itgovernance.co.uk/products/3370.

A ‘try before you buy’ version of the toolkit is also available and can be requested here.

Alan Calder, chief executive of IT Governance, says: “When you look at the current spate of cyberattacks – many successful – you can’t help but feel there are a lot of organisations which simply don’t care very much about protecting their customers’ personal data. Such complacency is morally inexcusable and often either illegal or a breach of a commercial contract, such as failing to meet the requirements of the global Payment Card Industry Data Security Standard (PCI DSS).

“Why on earth are organisations risking millions of pounds – and brand reputation that might literally threaten the existence of the company – with inadequate information security? Penetration testing on the vulnerability of a website to cyberattack can cost as little as £2,000.

“Furthermore, here in the UK, we too often see a cavalier attitude toward the Data Protection Act (DPA). Already this month the Information Commissioner’s Office has issued Surrey County Council with a £120,000 penalty after e-mails containing sensitive information were sent to the wrong recipients on three separate occasions by staff members.

“Incident after incident indicates one of the weakest links in DPA compliance is staff. Organisations need to implement better, consistent and systematic training.”

Calder is a leading author on information security and IT governance issues. He is an authority on ISO27001 (formerly BS7799), the international security standard, about which he has co-written (with Steve Watkins) the definitive compliance guide, ‘IT Governance: A Manager’s Guide to Data Security and ISO27001/ISO27002’.