Disaster Recovery and Business Continuity. A quick guide for organisations and business managers

IT Governance Publishing, Thejendra B.S

This book delves into disaster recovery (DR) and business continuity (BC), offering practical strategies for organizations to prepare for and manage disruptions. It starts by defining core concepts of DR and BC, highlighting their role in crisis management. Early chapters explore business impact analysis, data protection, and risk assessment, while examining common IT and non-IT disasters like data loss, cyberattacks, and communication failures.Later sections focus on specific disaster scenarios, such as virus attacks, software failures, and data center risks, offering prevention methods and recovery plans. It also addresses human factors in DR, covering IT staff and contractor management, and the risks tied to outsourcing and project failures.In addition to IT risks, the book explores non-IT disasters, including health crises, financial challenges, and natural events, with strategies for mitigation. The final chapters provide guidance on creating and testing contingency plans, featuring checklists and mock run procedures. This book empowers readers to design, implement, and maintain effective DR and BC plans for their organization’s needs.

NIST CSF 2.0. Your essential introduction to managing cybersecurity risks

IT Governance Publishing, Andrew Pattison

This comprehensive guide introduces the origins, aims, and components of the NIST Cybersecurity Framework (CSF) 2.0. It explores the core structure including functions, categories, subcategories, and profiles, and provides detailed implementation tiers and examples.Readers are then guided through a deep dive into all six framework categories—from Govern to Recover—and learn how to develop and apply risk management strategies within an organization. The content covers NIST SP 800-53, informative references, and practical quick-start guides to help translate theory into action.The final sections offer a seven-step implementation roadmap, including gap analysis, target profiles, and continuous improvement. The book concludes by mapping the CSF to international standards like ISO 27001 and ISO 22301, offering a well-rounded and interoperable cybersecurity strategy.

The Power of the Agile Business Analyst. 30 surprising ways a business analyst can add value to your Agile development team

IT Governance Publishing, Jamie Lynn Cooke

Agile frameworks have revolutionized the way business analysis is integrated into projects, but the role of the Agile business analyst is still evolving. This book explores how business analysts can thrive within Agile teams, offering insights into both the challenges and opportunities they face. By understanding the power and limitations of Agile, the reader will gain practical tools to not only survive but thrive in an Agile environment. The text outlines why having a dedicated Agile business analyst is crucial and provides actionable advice on how to build the right team and minimize risks. The author goes beyond theory to offer concrete steps that help business analysts add value to Agile projects. The reader will walk away with a deep understanding of the evolving Agile landscape, including the critical role of business analysis and practical tips for improving team dynamics, managing risks, and maximizing value. This book is perfect for professionals looking to integrate Agile business analysis into their teams and projects to achieve better outcomes and continuous improvement.

Ten Steps to ITSM Success. A Practitioner's Guide to Enterprise IT Transformation

IT Governance Publishing, Angelo Esposito, Timothy Rogers

This book provides a strategic framework for ITSM implementation, focusing on structured planning, role definition, process standardization, and ongoing performance assessments. With each chapter focusing on a critical aspect of ITSM, readers will gain the tools and knowledge needed to optimize service management practices and achieve long-term success. By the end of the book, IT leaders will understand how to build a robust ITSM program that aligns with business goals and drives continuous improvement.The book begins by setting the stage for ITSM implementation, helping readers assess the current state of services and plan their next steps. As the journey progresses, the book delves deeper into organizational changes, process development, and defining roles, ensuring that all stakeholders are aligned with the ITSM strategy.In the final chapters, the book focuses on deployment, continual improvement, and the importance of using metrics such as the balanced scorecard to ensure the ITSM framework is sustainable and continuously evolving. Readers will also learn how to handle operational sustainment and improve service delivery over time.

Adaptable Project Management. A combination of Agile and Project Management for All (PM4A)

IT Governance Publishing, Colin Bentley

This book delves into adaptable project management, emphasizing flexibility in fast-paced environments. It introduces foundational principles, agile terminology, and proven methodologies for success. You will learn how to handle risks, plan projects carefully, and ensure progress using practical tools. The book also explores techniques for managing change and tracking progress, allowing project managers to adapt as needed. Each chapter provides insights for leading teams through complex project phases.Throughout the book, you'll gain the skills to manage projects from start to finish, applying agile methods in real-world scenarios. You'll learn to adapt to changes, manage risks, and keep projects on track. Whether you're overseeing small teams or large projects, the strategies in this book are designed to help you succeed.By the end, you will have mastered the essential skills for managing projects in dynamic, unpredictable environments. You'll be prepared to face challenges confidently, implementing adaptable project management strategies. The book promotes a forward-thinking mindset, equipping readers to lead projects with agility across diverse industries.

Integrated Measurement - KPIs and Metrics for ITSM. A narrative account

IT Governance Publishing, Daniel McLean

This book is a comprehensive guide to understanding and utilizing Key Performance Indicators (KPIs) and metrics in IT Service Management (ITSM). It starts by breaking down complex concepts into easy-to-understand ideas, ensuring even beginners can grasp the essentials of measuring IT service performance. Early chapters introduce foundational principles, helping readers recognize why KPIs matter and how they contribute to operational success.As the book progresses, it delves into the application of these metrics to optimize ITSM processes, offering strategies to tackle challenges in data collection and analysis. The text emphasizes how to identify meaningful data amidst the noise and use it to drive informed decisions. Each chapter builds on practical insights, guiding professionals through the nuances of ITSM measurement and performance enhancement.By the end, readers will have a clear understanding of how to leverage KPIs to achieve measurable improvements, create data-driven strategies, and foster a culture of continuous improvement in their organizations. With real-world examples and actionable advice, this book equips IT professionals with the tools necessary to measure success and elevate their IT service management practices.

The Cyber Security Handbook. Prepare, respond, and recover from cyber attacks using the IT Governance Cyber Resilience Framework

IT Governance Publishing, Alan Calder

This book offers a deep dive into cybersecurity, equipping professionals with tools and frameworks to protect organizations from diverse cyber threats. It covers critical areas such as information security, cyber resilience, and the regulatory and contractual requirements organizations must meet. The book delves into threat anatomy, analyzing technical, human, physical, and third-party vulnerabilities, and includes real-world case studies like the TalkTalk breach and WannaCry ransomware attack.It also emphasizes third-party risk management to ensure robust security practices across all areas. The book introduces the IT Governance Cyber Resilience Framework (CRF), a structured method for managing critical systems, guiding readers through the processes of identification, detection, response, recovery, and continual improvement. Practical strategies in areas like asset management, network security, and staff training are included.The final section offers actionable steps for implementing cybersecurity practices and introduces reference frameworks like NIST and ISO 27001 for compliance and ongoing improvement. With real-world examples and actionable frameworks, this guide is essential for professionals aiming to enhance their organization's cyber resilience.

Well-being in the workplace. A guide to resilience for individuals and teams

IT Governance Publishing, Sarah Cook

This book explores the critical role of resilience in workplace well-being, offering practical tools to enhance physical, emotional, mental, and social health. It begins by defining resilience and its importance, especially in the wake of the pandemic, and explains how it impacts both individuals and teams. Early chapters focus on self-assessment, helping readers gauge their resilience and stress levels, while providing actionable steps for improvement.The book then dives into specific areas of well-being, such as physical health, emotional management, and mental strategies like positive thinking and mindfulness. It emphasizes the significance of social connections and offers practical advice for building support networks in a virtual world. For managers, there are strategies to foster resilience in their teams, from regular communication to promoting well-being initiatives.Each chapter is filled with case studies, self-assessment tools, and reflection points, ensuring readers can apply concepts directly to their work environment. The final section ties everything together with tips on making new resilience habits stick, reinforcing long-term well-being in the workplace.

An Education in Service Management. A guide to building a successful service management career and delivering organisational success

IT Governance Publishing, David Barrow

This comprehensive guide to Service Management explores the core principles of ITSM and its crucial role in modern enterprises. It begins by introducing the fundamentals, addressing common challenges, and showcasing the strategic value service management brings to organizations. The book emphasizes practical applications and the importance of communication in building strong professional communities. As the author shares personal insights and experiences, readers gain a deeper understanding of the dynamic nature of service management.The book then shifts to career-focused content, offering guidance on how to transition service management certifications into professional opportunities and growth. By examining the personal and professional sides of service management, it provides readers with actionable steps to advance their careers, whether they are just starting or looking to deepen their expertise. The content encourages readers to see service management as not only a necessary skill but also a fulfilling career path, highlighting both its challenges and rewards.

ITIL(R) 4 High-velocity IT (HVIT). Your companion to the ITIL® 4 Managing Professional HVIT certification

IT Governance Publishing, Claire Agutter

This book guides readers through the core principles and practices of High-Velocity IT, offering a comprehensive approach to modern IT service management. It begins with foundational concepts, introducing High-Velocity IT and the essential behaviors needed for success in dynamic environments. Readers are then introduced to the digital product lifecycle and the ITIL® operating model, which emphasize the importance of service value systems and value streams in driving business outcomes.The book delves into key behaviors that support continuous improvement, including adaptability, trust, and commitment to learning. It also covers various principles and models, such as Lean, Agile, and Design Thinking, offering practical techniques to enhance IT performance.In the later chapters, the focus shifts to ensuring valuable investments, fast development, resilient operations, and co-created value. It presents techniques for achieving these objectives while aligning with ITIL® 4 practices. The final chapter prepares readers for the HVIT certification exam, consolidating key learnings and providing a solid foundation for future success in High-Velocity IT environments. This book offers both theory and practical guidance for those seeking to thrive in fast-paced, value-driven IT operations.

The Security Consultant's Handbook. Essential Strategies for Building and Managing a Security Consulting Business

IT Governance Publishing, Richard Bingley

Becoming a successful security consultant requires a unique set of skills that span both the business and security worlds. This handbook serves as a practical guide to help professionals navigate the complex landscape of security consulting. It covers everything from the entrepreneurial aspects of starting a business to the essential security disciplines like private investigations, information security, and protective security. You’ll also explore the growing importance of resilience in both personal and organizational contexts.The book also delves into the crucial elements of security legislation and regulation, offering a thorough understanding of the legal frameworks that affect security professionals. From UK human rights laws to international laws related to corporate management and conflict, readers will gain the knowledge necessary to operate securely and legally in a variety of environments. Whether you are just starting out or looking to refine your security consulting expertise, this handbook provides the insights needed to thrive in the ever-evolving security industry. It’s a must-read for anyone seeking to build a reputation as a trusted expert in the security consulting field.

Establishing an Occupational Health & Safety Management System. A practical guide to implementing ISO 45001 for better occupational health and safety

IT Governance Publishing, Naeem Sadiq

This book is designed to guide organizations through the process of establishing an Occupational Health and Safety Management System (OHSMS) based on ISO 45001. It begins by explaining the significance of ISO 45001 and its structure, providing a foundational understanding of the standard's importance in enhancing workplace health and safety. The book focuses on critical topics such as identifying workplace risks, determining legal and other regulatory requirements, and the importance of leadership and worker participation. Each section presents practical strategies and methodologies for building and implementing an effective OHSMS, ensuring a proactive safety culture. Through real-world examples and actionable insights, this book helps professionals navigate the complexities of ISO 45001, ensuring organizations meet compliance standards while fostering a safe and healthy work environment.

ISO 27001/ISO 27002. A guide to information security management systems

IT Governance Publishing, Alan Calder

This comprehensive guide demystifies the ISO 27001 and ISO 27002 standards, offering a clear roadmap to understanding, implementing, and managing an Information Security Management System (ISMS). It begins with foundational concepts, a history of ISO 27001, and introduces the ISO 27000 family. The book proceeds to cover the PDCA cycle, Annex SL structure, and the significance of shall vs. should in compliance language.Core chapters walk through ISO 27001’s clauses and requirements, from organizational context and leadership to performance evaluation and continual improvement. Annex A's security controls are explored in detail, linking theory with practical application. ISO 27002 is also thoroughly reviewed to offer guidance on selecting and implementing appropriate controls.By the end of the book, readers gain a strong understanding of ISMS design, certification processes, and control mapping. This resource supports IT managers, compliance officers, and auditors seeking to align with international security standards.

ISO 27001 Controls. Mastering ISO 27001: A Step-by-Step Guide to Effective Implementation and Auditing

IT Governance Publishing, Bridget Kenyon

This guide offers a comprehensive approach to implementing and auditing ISO 27001 controls, providing clear steps for establishing a robust Information Security Management System (ISMS). It is designed to help organizations navigate the complexities of meeting international security standards while ensuring the protection of sensitive information. The book covers every aspect of ISO/IEC 27001, from the foundational principles to practical applications of organizational, physical, and technological controls.Each chapter is carefully structured to explain the implementation of specific controls, focusing on real-world scenarios and offering actionable advice for security professionals. With detailed instructions and clear examples, readers will gain a deep understanding of the ISO 27001 framework and how to align their organizations with best practices. In addition to control implementation, the book emphasizes ongoing compliance and risk management strategies. It highlights critical areas such as incident management, supplier relationships, and data protection, ensuring readers can address security challenges at all levels. Whether new to ISO 27001 or looking to refine an existing ISMS, this book provides the tools necessary for successful information security management and compliance auditing.

ISO 14001 Step by Step. A comprehensive guide to implementing ISO 14001 environmental management standards

IT Governance Publishing, Naeem Sadiq, Asif Hayat Khan

This book offers a thorough walk-through of the ISO 14001 standard, providing practical guidance on meeting its requirements. It includes clear explanations, examples, and sample procedures to help readers understand and apply environmental management principles. By following this guide, businesses can develop effective environmental policies, measure and monitor environmental performance, and continuously improve their management systems to align with sustainability goals. The book covers everything from emergency preparedness to internal audits and management reviews. It also provides tools such as sample procedures for identifying environmental aspects, ensuring regulatory compliance, and controlling documented information. Each chapter is designed to help organizations not only achieve ISO 14001 certification but also foster a long-term commitment to sustainable environmental practices.

The California Privacy Rights Act (CPRA). An implementation and compliance guide

IT Governance Publishing, Preston Bukaty

This comprehensive guide to the California Privacy Rights Act (CPRA) explores its impact on businesses and consumers within California. The book begins with a clear explanation of CPRA’s territorial and material jurisdiction, providing readers with an understanding of where and how the law applies. It delves into key definitions critical for businesses and individuals alike, covering terms such as personal information, pseudonymization, and consumer rights. One of the focal points of the book is the examination of the rights granted to consumers, including the right to access, delete, and opt-out of data sales. Alongside this, it addresses the business obligations, such as the need for privacy notices and compliance with security requirements. The book also offers an analysis of penalties for non-compliance and breach notification procedures, making it an essential resource for understanding the legal landscape of consumer privacy in California. It concludes with an overview of related laws that further influence how businesses must manage customer data.

The Service Desk Handbook. A guide to service desk implementation, management and support

IT Governance Publishing, Sanjay Nair

This book provides practical insights into service desk management, focusing on building and optimizing a service desk to meet organizational needs. It starts with an understanding of the service desk's role, mission, and vision, laying the foundation for effective operations. It covers strategic planning for a well-structured service desk, focusing on staffing, SLAs, and using knowledge bases and self-service portals.The book discusses essential tools and technologies like telephony systems and ITSM tools, and how to configure them for efficiency. It emphasizes developing high-performance teams focused on respect, integrity, and teamwork, highlighting the importance of clear documentation, such as standard operating procedures and incident management, to ensure consistency in service delivery.Performance measurement is emphasized with strategies for tracking success using CSFs, KPIs, and customer satisfaction metrics. It explores both qualitative and quantitative evaluations to improve service desk performance.Finally, it examines emerging trends such as AI and chatbots, and their integration into service desk operations. The last chapters offer professional tips, techniques for root cause analysis, and provide a roadmap to optimize service desk operations for future success.

Information Security Risk Management for ISO 27001/ISO 27002. A Practical Guide to Risk, Assessment, and Control Selection Aligned with ISO Standards

IT Governance Publishing, Alan Calder, Steve G Watkins

This guide navigates through the essential processes of risk management within an ISO 27001/27002 framework. Beginning with foundational principles and methodologies, it systematically details every stage from assessment and analysis to treatment and review. Readers will learn how to apply both qualitative and quantitative techniques to measure impact, likelihood, and risk levels accurately.The book provides clarity on roles, policies, asset classification, and control selection, reinforced by practical tools like gap analysis and risk assessment software. Real-world scenarios and methodologies are contextualized for effective decision-making aligned with international compliance standards.By the end, readers will possess a comprehensive understanding of implementing and sustaining a risk management system that meets ISO 27001/27002 requirements, enabling them to better safeguard information assets and demonstrate regulatory accountability.

IT for Business (IT4B). From Genesis to Revolution, a Business and IT approach to Digital Transformation

IT Governance Publishing, Brian Johnson, Walter Zondervan

This book delves into the evolving role of IT in business transformation, covering key strategies for aligning business objectives with digital tools and technologies. It focuses on the importance of governance, efficiency, and risk management in driving IT success. Readers will discover how to build effective IT strategies, manage service delivery, and improve stakeholder engagement in a rapidly changing digital landscape. With practical frameworks and real-world case studies, it provides a roadmap for managing the complexities of digital service design, contract management, and performance. As the book progresses, it highlights the challenges and opportunities IT presents, from governance issues to innovation drivers. It concludes with actionable insights into digital readiness and transformation, equipping readers with the tools to navigate and lead in the digital age.

ITIL(R) 4 Direct, Plan and Improve (DPI). Your companion to the ITIL® 4 Managing Professional and Strategic Leader DPI certification

IT Governance Publishing, Claire Agutter

This book offers a comprehensive exploration of ITIL® 4 Direct, Plan and Improve (DPI), beginning with key concepts of governance, risk management, continual improvement, and organizational change management. It introduces the essentials of direction, planning, and improvement, guiding readers in aligning strategic goals with actionable steps. The core methods, risks, and controls crucial for effective DPI practices are explored.As you progress, the book delves into governance, risk, and compliance, emphasizing how to align objectives and establish clear decision-making frameworks. You'll learn to craft policies and controls, ensuring a robust and adaptable service management strategy. A strong focus on continual improvement equips you with practical strategies for assessing and enhancing service quality.The book also covers organizational change management (OCM), providing techniques to manage emotional and social aspects of change while aligning with business goals. You’ll gain strategies for stakeholder communication, feedback mechanisms, and values-based change management. Finally, the book discusses measurement, reporting, and optimization, showing how to map value streams, optimize workflows, and measure performance. By the end, you’ll be ready to lead DPI initiatives and drive transformation within your organization.

ISO 50001. A strategic guide to establishing an energy management system

IT Governance Publishing, Alan Field

This guide introduces readers to the essential concepts of an Energy Management System (EnMS), with a focus on the internationally recognized ISO 50001 standard. It explains why energy management is a strategic priority, the benefits of adopting an EnMS, and how ISO 50001 plays a pivotal role in reducing energy consumption while enhancing environmental sustainability.The book covers the essential aspects of ISO 50001, from its key definitions and principles to the PDCA (Plan-Do-Check-Act) cycle that underpins its effectiveness. It also provides practical insights on integrating ISO 50001 with ISO 14001, creating a comprehensive management system that aligns with both energy and environmental objectives. Readers will learn about the key differences between the 2011 and 2018 versions of ISO 50001 and how to successfully prepare for third-party assessments to achieve certification.Perfect for energy managers, sustainability professionals, and organizations aiming to improve their energy efficiency, this book offers a detailed roadmap for implementing ISO 50001 and achieving long-term energy savings. It also highlights the strategic advantages of integrating energy management with broader sustainability goals and environmental management practices.

Business Continuity and the Pandemic Threat. Learning from COVID-19 while preparing for the next pandemic

IT Governance Publishing, Robert A. Clark

In today’s volatile world, businesses must be prepared for crises, especially pandemics. This book offers a comprehensive guide to help organizations adapt and survive in the face of such challenges. Analyzing the COVID-19 pandemic, it explores the virus's origins, the global response, and the reasons behind widespread unpreparedness. Real-world case studies provide insights into effective strategies and missteps during the crisis.The book offers practical tools for developing a robust business continuity plan and highlights the crucial role of leadership and crisis management teams. It also covers key lessons on managing lockdowns, mitigating economic impact, and addressing the psychological and societal effects of a pandemic. Emphasizing both operational and human aspects of crisis management, the book underscores that proactive preparedness today can safeguard businesses and lives tomorrow.

The Ransomware Threat Landscape. Prepare for, recognise and survive ransomware attacks

IT Governance Publishing, Alan Calder

The Ransomware Threat Landscape offers an in-depth examination of ransomware, explaining how it works, its modes of access, and the consequences of attacks. The book begins by detailing the mechanisms of ransomware, how cybercriminals exploit vulnerabilities, and the damage it causes to organizations. It further explores the types of ransomware, their infection methods, and how attackers use ransomware for financial gain.The guide provides practical, actionable advice on basic and advanced cybersecurity measures to protect against ransomware. Topics like cybersecurity hygiene, staff awareness, and the importance of creating an anti-ransomware program are covered. The book emphasizes the role of a well-structured risk management framework and its application in preventing attacks and mitigating fallout from infections.For organizations of all sizes, the book offers tailored controls to strengthen defenses. It also explains the steps needed for a comprehensive recovery plan. Advanced prevention strategies for larger enterprises are discussed, making this guide suitable for IT professionals, security experts, and organizational leaders aiming to protect their systems from ransomware threats.

ITIL(R) 4: Digital and IT Strategy (DITS). Your companion to the ITIL® 4 strategic leader DITS certification

IT Governance Publishing, Claire Agutter

This book explores ITIL® 4’s approach to digital strategy, starting with key concepts like digital transformation, ITIL® 4 guiding principles, and the role of technology in shaping business models. It introduces the driving forces behind change and how to align digital strategies with business goals for maximum impact.The middle chapters delve into the practical aspects of IT strategy, focusing on areas such as strategy management, governance, and continual improvement. Key topics like digital disruption, organizational viability, and strategic approaches for operational excellence are covered in-depth. The book provides a structured framework for managing risks, handling financial strategies, and fostering innovation in digital organizations.The final chapters guide readers on implementing and assessing digital strategies, from defining clear goals to establishing operational models. Practical tools, case studies, and exam preparation further enhance the reader's understanding. Ideal for IT professionals, business leaders, and strategists, this book equips them with the skills and knowledge to lead digital transformation and succeed in the modern business environment.