In an era characterised by the remarkable growth of AI, there emerges a profound ethical dimension that demands our attention. This book presents a timely and significant addition to the ongoing discourse around the ethical implications of AI in general, as well as the new and disruptive AI technologies, such as generative AI platforms like ChatGPT.

This book discusses:

• • Digital technology disruption and AI;
  • An overview of AI and generative AI;
  • The role of AI and generative AI in misinformation and disinformation;
  • AI and online disinhibition;
  • How AI bias can occur;
  • AI and job displacement;
  • AI privacy issues; and
  • AI regulation and policy.

This book is a philosophical approach to the AI world, so it is of use to anyone curious about the moral issues surrounding advancements in AI, and not only for those who have a background in AI.

Recommended textbook for the Open University's postgraduate information security course and the recommended text for all IBITGQ ISO 27001 courses

In this updated edition, renowned ISO 27001/27002 experts Alan Calder and Steve Watkins:

• Discuss the ISO 27001/27002:2022 updates;
• Provide guidance on how to establish a strong IT governance system and an ISMS (information security management system) that complies with ISO 27001 and ISO 27002;
• Highlight why data protection and information security are vital in our ever-changing online and physical environments;
• Reflect on changes to international legislation, e.g. the GDPR (General Data Protection Regulation); and
• Review key topics such as risk assessment, asset management, controls, security, supplier relationships and compliance.
• 
  

Fully updated to align with ISO 27001/27002:2022

IT Governance - An international guide to data security and ISO 27001/ISO 27002, Eighth edition provides:

• Expert information security management and governance guidance based on international best practice;
• Guidance on how to protect and enhance your organisation with an ISO 27001:2022-compliant ISMS; and
• Discussion around the changes to international legislation, including ISO 27001:2022 and ISO 27002:2022.

As cyber threats continue to increase in prevalence and ferocity, it is more important than ever to implement a secure ISMS to protect your organisation. Certifying your ISMS to ISO 27001 and ISO 27002 demonstrates to customers and stakeholders that your organisation is handling data securely.

This guide contains everything you need to know to pass the ITIL 4(R) Strategic Leader Digital and IT Strategy certificate, plus more.

It covers practices and concepts that are not addressed as part of the DITS syllabus, making it ideal for newly qualified practitioners.

The target audience for the DITS training and associated certification is different to some of the other ITIL training courses. The material is specifically aimed at:

IT and business directors;Department heads;C-suite professionals;Leaders who are involved in digital change; andConsultants who are working with organisations that are digitally transforming.

So, if you're not in a senior role, does that mean this content isn't for you? Absolutely not! Perhaps you aspire to a more senior role, in which case you'll gain valuable knowledge.

Ideal for self-study candidates and training participants, this guide will prove a helpful companion and a practical aid for their professional development.

The majority of this book is based on the official ITIL 4: Digital and IT Strategic Leader publication and the associated DITS syllabus. It provides students with the information they need to pass the DITS exam and help them become a successful practitioner.

ITIL(R) is a registered trade mark of the PeopleCert group. Used under licence from PeopleCert. All rights reserved.

Following the success of the first edition, this book has been re-released to reflect the ISO/IEC 27001:2022 and ISO/IEC 27002:2022 updates.

Ideal for information security managers, auditors, consultants and organisations preparing for ISO 27001:2022 certification, this book will help readers understand the requirements of an ISMS (information security management system) based on ISO 27001:2022. Similarly, for anyone involved in internal or external audits, the book includes the definitive requirements that auditors must address when certifying organisations to ISO 27001:2022.

The auditing guidance covers what evidence an auditor should look for to satisfy themselves that the requirement has been met. This guidance is useful for internal auditors and consultants, as well as information security managers and lead implementers as a means of confirming that their implementation and evidence to support it will be sufficient to pass an audit.

This guide is intended to be used by those involved in:

- Designing, implementing and/or maintaining an ISMS;

- Preparing for ISMS audits and assessments; or

- Undertaking both internal and third-party ISMS audits and assessments.

ISO 27001/ISO 27002 - A guide to information security management systems ISO 27001 is one of the leading information security standards. It offers an internationally recognised route for organisations of all sizes and industries to adopt and demonstrate effective, independently verified information security. Information is the lifeblood of the modern world. It is at the heart of our personal and working lives, yet all too often control of that information is in the hands of organisations, not individuals. As a result, there is ever-increasing pressure on those organisations to ensure the information they hold is adequately protected. Demonstrating that an organisation is a responsible custodian of information is not simply a matter of complying with the law - it has become a defining factor in an organisation's success or failure. The negative publicity and loss of trust associated with data breaches and cyber attacks can seriously impact customer retention and future business opportunities, while an increasing number of tender opportunities are only open to those with independently certified information security measures. Understand how information security standards can improve your organisation's security and set it apart from competitors with this introduction to the 2022 updates of ISO 27001 and ISO 27002.

Recommended textbook for the Open University's postgraduate information security course and the recommended text for all IBITGQ ISO 27001 courses

In this updated edition, renowned ISO 27001/27002 experts Alan Calder and Steve Watkins:

• Discuss the ISO 27001/27002:2022 updates;
• Provide guidance on how to establish a strong IT governance system and an ISMS (information security management system) that complies with ISO 27001 and ISO 27002;
• Highlight why data protection and information security are vital in our ever-changing online and physical environments;
• Reflect on changes to international legislation, e.g. the GDPR (General Data Protection Regulation); and
• Review key topics such as risk assessment, asset management, controls, security, supplier relationships and compliance.
• 
  

Fully updated to align with ISO 27001/27002:2022

IT Governance - An international guide to data security and ISO 27001/ISO 27002, Eighth edition provides:

• Expert information security management and governance guidance based on international best practice;
• Guidance on how to protect and enhance your organisation with an ISO 27001:2022-compliant ISMS; and
• Discussion around the changes to international legislation, including ISO 27001:2022 and ISO 27002:2022.

As cyber threats continue to increase in prevalence and ferocity, it is more important than ever to implement a secure ISMS to protect your organisation. Certifying your ISMS to ISO 27001 and ISO 27002 demonstrates to customers and stakeholders that your organisation is handling data securely.

Following the success of the first edition, this book has been re-released to reflect the ISO/IEC 27001:2022 and ISO/IEC 27002:2022 updates.

Ideal for information security managers, auditors, consultants and organisations preparing for ISO 27001:2022 certification, this book will help readers understand the requirements of an ISMS (information security management system) based on ISO 27001:2022. Similarly, for anyone involved in internal or external audits, the book includes the definitive requirements that auditors must address when certifying organisations to ISO 27001:2022.

The auditing guidance covers what evidence an auditor should look for to satisfy themselves that the requirement has been met. This guidance is useful for internal auditors and consultants, as well as information security managers and lead implementers as a means of confirming that their implementation and evidence to support it will be sufficient to pass an audit.

This guide is intended to be used by those involved in:

- Designing, implementing and/or maintaining an ISMS;

- Preparing for ISMS audits and assessments; or

- Undertaking both internal and third-party ISMS audits and assessments.

Essential guidance for anyone tackling ISO 27001:2022 implementation for the first time.

ISO/IEC 27001:2022 is the blueprint for managing information security in line with an organisation's business, contractual and regulatory requirements, and its risk appetite.

Nine Steps to Success has been updated to reflect the 2022 version of ISO 27001. This must-have guide from expert Alan Calder will help you get to grips with the requirements of the Standard and make your ISO 27001 implementation project a success. The guide:

Details the key steps of an ISO 27001 project from inception to certification;Explains each element of the ISO 27001 project in simple, non-technical language; andIs ideal for anyone tackling ISO 27001 implementation for the first time.

To be resilient against cyber attacks, organisations must do more than just erect digital defences; a significant percentage of successful attacks originate in the physical world or are aided and exacerbated by environmental vulnerabilities. Effective cyber security therefore requires a comprehensive, systematic and robust ISMS (information security management system), with boards, customers and regulators all seeking assurance that information risks have been identified and are being managed.

Successfully implement ISO 27001 with this must-have guide.

Simplify DORA (EU's Digital Operational Resilience Act) compliance with our concise and insightful guide. Designed for busy professionals, this guide distils key principles and compliance strategies into an easily digestible format. You'll find: Clear explanations of DORA's core requirements; Practical tips for implementation and compliance; Expert insights to enhance your operational resilience; and A compact format for quick reference.

The PCI DSS (Payment Card Industry Data Security Standard) is now on its fourth version. The withdrawal date for v3.2.1 is 31 March 2024. Many organisations around the world - particularly those that fall below the top tier of payment card transaction volumes - are not yet compliant with the new version.

This book:

• Explains the fundamental concepts of PCI DSS v4.0;
• Is a perfect quick reference guide for PCI professionals, or a handy introduction for people new to the payment card industry; and
• Covers the consequences of a data breach and how to comply with the Standard, giving practical insights.

An ideal introduction to PCI DSS v4.0

Organisations that accept payment cards are prey for criminal hackers trying to steal financial information and commit identity fraud. Many attacks are highly automated, searching for website and payment card system vulnerabilities remotely, using increasingly sophisticated tools and techniques.

This guide will help you understand:

• How you can comply with the requirements of the Standard;
• The PCI DSS and ISO/IEC 27001:2022;
• PTS (PIN Transaction Security); and
• P2PE (Point-to-point encryption).

In his second book with IT Governance Publishing, Richard Bingley's Combatting Cyber Terrorism - A guide to understanding the cyber threat landscape and incident response planning analyses the evolution of cyber terrorism and what organisations can do to mitigate this threat.

This book discusses:

• Definitions of cyber terrorism;
• Ideologies and idealisations that can lead to cyber terrorism;
• How threat actors use computer systems to diversify, complicate and increase terrorist attack impacts;
• The role of Big Tech and social media organisations such as X (formerly Twitter) and Instagram within the cyber threat landscape; and
• How organisations can prepare for acts of cyber terrorism via security planning and incident response strategies such as ISO 31000, ISO 27001 and the NIST Cybersecurity Framework.

Increasingly, cyber security practitioners are confronted with a stark phrase: cyber terrorism. For many, it conveys fear and hopelessness. What is this thing called 'cyber terrorism' and what can we begin to do about it?

Malicious-minded ICT users, programmers and even programs (including much AI-powered software) have all been instrumental in recruiting, inspiring, training, executing and amplifying acts of terrorism. This has resulted in the loss of life and/or life-changing physical injuries that could never have occurred without support and facilitation from the cyber sphere. These types of attacks can be encapsulated by the phrase 'cyber terrorism'.

This book recounts case studies to show the types of threats we face and provides a comprehensive coverage of risk management tactics and strategies to protect yourself against such nefarious threat actors. These include key mitigation and controls for information security or security and HR-related professionals.

In an organisational context, you need to be able to influence well in a variety of situations. These can include but are not limited to:

Networking and developing good interpersonal relationships;Leading and inspiring others;Communicating and gaining buy-in for your ideas;Promoting change;Developing a high-performing team;Negotiating with other people;Building successful working relationships;Navigating the complexities of hybrid/remote working; and Successful negotiating.

This book is very practical. It features case studies of successful influencing and persuading in different industries, including the cyber security sector.

It also contains advice, exercises, activities and diagnostics to help you improve your influencing skills.

Influencing is a soft skill that is applicable to leaders, managers, project managers and team members.

The world is witnessing an increasingly dangerous combination of social, economic and environmental factors which are accelerating an ever growing emergence of novel viruses resulting in new epidemics. A must-have for facing the consequential pandemic threat, Robert A. Clark's new book reveals what you should do to mitigate the risk, and limit the damage, while designing contingency measures to address a pandemic crisis.

The book builds on the themes introduced in his 2016 title Business Continuity and the Pandemic Threat - Potentially the biggest survival challenge facing organisations, by focusing specifically on the COVID-19 pandemic.

Business Continuity and the Pandemic Threat - Learning from COVID-19 while preparing for the next pandemic

COVID-19 has shown organisations that the threat of a pandemic needs to be taken seriously, emphasising the importance of preparing a business continuity plan and a pandemic plan in response to the crisis. Clark's book focuses on how an organisation can create a new or update an existing pandemic response plan. He highlights the similarities in managing different types of crisis whether it is a pandemic, or other threats such as cyber attacks, floods, fires, civil disturbances, terrorism etc.

The book looks at several case studies, reviewing how different industries have been impacted by the pandemic, with the author also reflecting on his own personal experience during this crisis. It also discusses the ways the virus has affected our economy and daily routines, and the psychological impact. The book further provides useful free resources that offer additional guidance/information.

Explore how:

• Your organisation can create and validate a pandemic response plan;
• To manage your organisation when faced with a pandemic threat;
• Lockdown has impacted our mental health, economies and working culture;
• Organisations from varied industries have adapted in response to the pandemic;
• To search for new opportunities that pandemics can present by both changes to working practises and diversification; and
• Information technology helped many organisations to continue functioning during lockdowns.

Bob's book, Business Continuity and the Pandemic Threat does a spectacular job filling a gaping void in the pandemic preparedness and response literature. It should be required reading for every CEO concerned with keeping their business in business and every corporate risk manager, regardless of the type of business. He's written with an engaging, rare combination of hard-nosed business survival strategy and insightful human stories of pandemic experiences.

Dr Jonathan Quick MD MPH, global health leader with expertise in pandemic and epidemic threats

Understand the corporate, psychological and societal impact of a pandemic threat and how to prepare for and mitigate its effects with this book - order your copy today!

Implementing ISO 9001:2015 - A practical guide to busting myths surrounding quality management systems

In his new book, Andrew W Nichols debunks many of the common misconceptions about ISO 9001:2015 and describes the many advantages the standard brings. Drawing on more than 30 years of hands-on experience, he gives clear, practical and up-to-date advice on how to implement a QMS (Quality Management System) to maximum effect.

In September 2015, the much-anticipated sixth version of ISO 9001 was published, and, with it, several myths were given life. Implementations of QMSs, based on the requirements of ISO 9001, have been plagued by misunderstood and misinterpreted requirements, from the earliest version back in 1987. New myths have arrived with the publication of the ISO 9001:2015 edition.

This book exposes many of the myths and enables a better understanding of ISO 9001:2015 by those who seek to create, implement, and improve an effective QMS for their organization

Thousands of organizations worldwide are reaping the benefits from adopting the ISO 9001:2015, and implementing an effective QMS, and this book will provide you with the tools to do the same!

Full of real-life examples, this book enables you to read and successfully interpret the ISO 9001:2015 documentation

The Art of Cyber Security - A practical guide to winning the war on cyber crime

This book is about cyber security, but it's also about so much more; it's about giving you the skills to think creatively about your role in the cyber security industry.

In Part 1, the author discusses his thoughts on the cyber security industry and how those that operate within it should approach their role with the mindset of an artist.

Part 2 explores the work of Sun Tzu's The Art of War. The author analyses key sections and reviews them through the lens of cyber security and data protection to derive how his teachings can be used within the cyber security industry. Although Tzu's book on military strategy, tactics and operations was written more than 2,000 years ago, The Art of Cyber Security - A practical guide to winning the war on cyber crime reflects on how relevant Tzu's words are for today's technological era.

Receive a different perspective on cyber security, and think differently about the industry and your place within it

This book celebrates the individuals who are striving to protect us in an ever-expanding technological era. Data and technology are so important to our lives, that protecting people who use technology is incredibly important. The professionals working to protect children, adults and corporations have a tough job, and this book celebrates their work while advocating ways for improving cyber security services and fighting cyber crime.

This book will challenge your thinking and force you to approach cyber security and data protection from theoretical, philosophical, strategic, tactical and operational perspectives.

Agile Project Management, Assurance and Auditing - A practical guide for auditors, reviewers and project teams

Project managers are under increasing pressure to deliver more with less time and fewer resources. The pace of change is relentless, with technological opportunities far beyond what we imagined a decade ago.

Adopting the Agile methodology helps organisations develop the flexibility and adaptability necessary in such fast-paced environments.

Agile can be frightening, as it represents a completely different approach from other project management methodologies that an organisation may be used to, and also changes the project audit and review processes. Using Agile for non-IT projects - such as the introduction of new products, refurbishing retail outlets, and even planning and running audits - means that general auditors and other reviewers, as well as IT specialist auditors are now having to understand Agile practices.

This guide provides an overview of Agile for auditors, reviewers and project teams

This guide discusses the following:

• What are the Agile project management audit objectives?
• What risks are covered by each objective?
• What controls can we expect and how can these be audited?
• Case studies illustrating Agile project initiation and high-level requirements.
• Hints and tips for performing an audit review.

For experienced auditors and project management teams, this guide demonstrates how they can adapt and reuse audit skills that they may have gained during traditional waterfall, CCTA Risk Analysis and Management Method (CRAMM) or PRINCE2^(R) implementation/audits. For those less experienced, it will encourage them to consider some of these good practices and their application to Agile audits.

An ideal introduction to Agile project management for auditors, project managers, Agile teams and students.

Whether you are contemplating a career in service management or are working in the sector, this book will help you understand current trends, job opportunities, frustrations and progression. It also features contributions from industry professionals to show what their day-to-day service management role looks like.

Resilient Thinking - Protecting Organisations in the 21st Century, Second edition

Since the release of the first edition in 2012, a lot has changed in the world of risk and organisational resilience. Global conflict, political realignments, environmental disruptions, pandemics and disease outbreaks and cyber attacks are a plethora of threats that have and will continue to endanger the stability of the world. Alongside these risks and issues, technological and societal change is ushering in a new age of opportunity and progress.

What can organisations and individuals do to prepare for an unexpected future?

To prepare for the unexpected future, organisations need to be resilient, and this requires:

• Understanding the current, emerging and future environments and contexts;
• People who are knowledgeable, confident and capable in building and maintaining resilience in the organisation and themselves; and
• A sensible approach to the use of guidance, frameworks and initiative.

Phil Wood's much expanded and updated second edition explores, develops and enhances the concepts discussed in his previous book in granular detail, analysing our understanding of where we have been, where we are now, and where we should be going to develop resilient organisations.

Essential guidance for anyone tackling ISO 27001:2022 implementation for the first time.

ISO/IEC 27001:2022 is the blueprint for managing information security in line with an organisation's business, contractual and regulatory requirements, and its risk appetite.

Nine Steps to Success has been updated to reflect the 2022 version of ISO 27001. This must-have guide from expert Alan Calder will help you get to grips with the requirements of the Standard and make your ISO 27001 implementation project a success. The guide:

Details the key steps of an ISO 27001 project from inception to certification;Explains each element of the ISO 27001 project in simple, non-technical language; andIs ideal for anyone tackling ISO 27001 implementation for the first time.

To be resilient against cyber attacks, organisations must do more than just erect digital defences; a significant percentage of successful attacks originate in the physical world or are aided and exacerbated by environmental vulnerabilities. Effective cyber security therefore requires a comprehensive, systematic and robust ISMS (information security management system), with boards, customers and regulators all seeking assurance that information risks have been identified and are being managed.

Successfully implement ISO 27001 with this must-have guide.

An Education in Service Management - A guide to building a successful service management career and delivering organisational success IT is a business-critical function. It delivers experiences, stimulates strategic shifts, and protects organisations from theft, cyber attacks, and the related regulatory, reputational and financial impacts. ITSM is a critical element of IT that is often misunderstood. In this book, the author and his network of associates demystify ITSM and help you understand how: Working in or with ITSM enables you to build a career that spans global industries, locations and sectors; ITSM roles vary from service desk analyst to chief technology officer or consultant; and As a CTO, a CIO or an organisational leader, you can enable your teams to deliver exceptional digital experiences that delight your consumers, partners and customers.