Tag Archives: Governance

Good governance should be “differentiator and business enabler” for security integrators

Businesses are at risk of falling behind if they fail to see the advantages of good governance and the benefits it can bring. That’s according to Evolution, the integrated fire and security systems business.

Brendan McGarrity, head of risk and design at Evolution, argues that ‘box-ticking’ to meet a legal, regulatory or compliance obligation should not be the strategy to adopt and implement.

McGarrity informed Security Matters: “I’m sure we’ve all been guilty of ‘ticking a box’ either because we don’t understand or believe in something, but simply need to get it off our desk. I’m sure, also, that there are some of those with a security remit who do much the same when it comes to governance in relation to risk. There are clear advantages and true benefits to be realised from good governance.”

As an example, McGarrity quoted a Quality Manual. “To some, it’s a manual that, once completed, can sit on a dusty shelf or be lost in a drawer, never to see daylight again unless and until a quality inspection’s due. Then there are others who see it differently. They would view a Quality Manual as a proactive tool for instigating continual improvements to a business and its operations.”

Standard Quality Control Certification Assurance Guarantee Internet Business Technology Concept

Readily embracing quality

McGarrity notes certain sectors, such as the pharmaceutical or high-tech electronics industries, embrace quality readily, and realise the benefits such an approach can bring, but others are less willing until an event obliges them to see and think differently.

He also pinpoints the Surveillance Camera Commissioner as an interesting case and highlights the example of a major retailer who sought accreditation with the Commissioner, not because they had to, but because they realised the benefits from doing so.

“The business was not obliged to have Surveillance Camera Commissioner accreditation. It did not need to tick a box. It did so to demonstrate genuine leadership and strategic influence across the sector. The senior stakeholders were engaged and found to be suitably impressed, and their brand and reputation enhanced among stakeholders and customers alike. They also realised the commercial and operational benefits that Surveillance Camera Commissioner compliance could bring. Benefits that far outweighed the costs involved, not least an increase in public confidence in the way the systems were operated and managed.”

Compliance as business enabler

McGarrity added: “Though such compliance wasn’t essential to the business concerned, the organisation saw it as a business enabler and one that affords the company competitive advantage.”

For McGarrity, that’s the key point. “Good governance should be a differentiator,” he concluded. “High-end integrators see it as an opportunity to put distance between themselves and the volume-based installers who are perhaps not as focused on building long-term relationships. That said, good governance only becomes a differentiator if the true benefits are properly understood and realised.”

Leave a comment

Filed under Security Matters

Telefonica UK Property and ISS choose Ideagen’s Enlighten system to manage governance, risk and compliance

Telefonica UK, a leading digital and communications company, and ISS, the global facilities management service provider, are set to work with software firm Ideagen on improving governance, risk and compliance operations across the O2 estate.

Ideagen Enlighten, Ideagen’s cloud-based GRC application, is to be implemented and rolled out to bring several operational improvements to Telefonica UK’s Property department. The software will provide one source of truth for the management of controlled documentation, improve visibility of audit scheduling and automate action management and escalation. Enlighten will also enhance levels of reporting and increase accessibility for Telefonica’s mobile workforce.

Darren Bryanton, Telefonica’s national FM operations manager, said: “We regularly participate in audits to assist Telefonica UK in retaining an impressive portfolio of certifications and standards which are essential in demonstrating world class service to our customers. Enlighten will manage audits and document control for the department.”

Suzanne Burge, ISS’ quality and assurance manager, added: “After a thorough review of the market, we selected Enlighten due its scalability, accessibility and ease of use. We wanted a product that we could design ourselves to fit the needs of the business, not just now but also in the future.”

ideagencorplogo

Tim Blackburne, ISS’ account director, explained: “Telefonica UK’s high standards of operational compliance and audit success rely on clear governance, audit readiness and document management. Ideagen Enlighten gives us this.”

Andrew Neish, Telefonica’s head of property, commented: “Both Ideagen and Telefonica UK share the same vision of how innovation can drive improvement in business. This opportunity to provide a game-changing and transformational system is one that we’re very excited about.”

Ideagen is a supplier of information management software with operations in the UK, the United States and the Middle East. The company specialises in eGRC (Enterprise Governance, Risk and Compliance) and healthcare solutions for organisations operating within highly regulated industries.

Leave a comment

Filed under Risk UK News, Uncategorized

Ideagen releases latest version of Pentana with improved user interface and browser-based risk management

Ideagen has released the latest version of its risk-based audit automation software which comprises a substantially enhanced user experience and new features to support browser-based risk management.

Ideagen Pentana Version 5 provides web access to audit findings, custom fields and user defined views to improve the efficiency and effectiveness of assurance processes.

Building on the Web Actions feature introduced in Version 4.2, Pentana Version 5.0 brings several more important end user tools to the browser interface including Web Risks, Web Findings and Web Views.

User experience improvements include improved performance when producing reports, multilingual ‘pick lists’ to let users see UI and system messages in their own language and a new look and feel to bring it into line with other Ideagen-federated products.

ideagenpentana

Ken Ebbage, Ideagen’s head of products, said: “Ideagen Pentana is trusted and used by over 450 clients worldwide and offers a complete solution for risk-based auditing. The product leverages Ideagen’s enterprise risk management expertise and technology base to deliver ambitious organisational governance objectives and high operational performance.”

Ebbage added: “In Version 5, we’ve built in a host of improvements with the end user experience in mind, but perhaps the most important innovation in the latest version of the software is the ability to manage and assess entity risks and controls via a web browser. This affords business user departments a simple interface to self-assess their own risk registers without having to load the full software. This is invaluable for Sarbanes-Oxley and other internal control applications.”

Ideagen Pentana Version 5 will be supplied as a free upgrade to Ideagen’s existing supported client base, including those who upgrade from the company’s legacy Pentana Audit Work System. With the latest release, Ideagen has federated Pentana with other products in its portfolio, among them Q-Pulse.

Leave a comment

Filed under Risk UK News, Uncategorized

David Blunkett MP to deliver opening Keynote Speech at inaugural (ISC)² Security Congress EMEA

(ISC)² – the largest not-for-profit membership body of certified information and software security professionals – has published the education programme and speaker line-up for its inaugural Security Congress EMEA, which takes place on 9-10 December at the Bloomsbury Hotel in London.

Organised in partnership with the MIS Training Institute, the conference programme offers a broad professional development opportunity, combining a comprehensive plenary programme with focused track sessions delivered by a cross-section of the security community throughout the region.

Kicking off the programme with insights into why the UK Government elevated cyber security to a Tier 1 threat is the Right Honourable David Blunkett MP, who served as Home Secretary between 2001 and 2004.

“I’m very pleased to see and also support this obvious commitment from the (ISC)² community aimed at increasing our capacity to ensure security for us all in the digitally-enabled, digitally-dependent economy,” explained Blunkett. “It has never been more crucial for the EMEA region’s international information security professionals to join forces and align their efforts as we all face the increasingly complex and adversarial challenges developing in the cyber world.”

The ISC2 Security Congress EMEA 2014 takes place in London during early December

The ISC2 Security Congress EMEA 2014 takes place in London during early December

Other confirmed keynote speakers include Dr Simon Singh (the best-selling author, journalist, radio broadcaster, TV producer and director), Dr Stefan Lüders (head of computer security at the European Organisation for Nuclear Research), Jaya Baloo (CISO for KPN in the Netherlands) and Michael Colao, head of security at AXA in the UK.

Conference sessions cover current events (including the privacy issues hampering the UK’s NHS data sharing scheme) and real world Case Studies from Euroclear, the Ministry of Justice in Saudi Arabia, UBS and the Dutch National Cyber Security Centre.

Delegates are able to organise their agenda around 30 sessions, including a comprehensive plenary programme and break-out sessions across six tracks: Governance, Risk and Compliance, Mobile Security, Human Factors, Security Architecture and Data Security.

“The quality and depth of the responses received following our Call for Speakers was overwhelming, allowing us to build a strong programme that addresses professional development needs at all levels,” explained John Colley, managing director for the EMEA region at (ISC)². “This event offers members of the professional community an opportunity to learn from their peers and debate the latest proposals around some of the key cyber security issues that are challenging companies, Governments and society on a daily basis.”

In addition to the conference sessions, Security Congress EMEA delegates have the opportunity to include two pre-conference workshops (to be held on 8 December) within their conference agenda. These workshops are based on the (ISC)² CBK training seminars for the Certified Cyber Forensics Professional (CCFPSM) and Certified Software Security Lifecycle Professional (CSSLP) credentials.

David Blunkett MP

David Blunkett MP

“It’s our vision to inspire a safe and secure cyber world,” commented Wim Remes, chairman of the (ISC)² Board of Directors. “We execute on this vision by offering value to society through credentials, resources and leadership. These concepts are reflected in Security Congress EMEA 2014 through a valuable education programme. I’m delighted to see the calibre of speakers that have chosen to present their thoughts at our event.”

All sessions and workshops qualify for Continuing Professional Education (CPE) credit. Registration is now open. (ISC)² members, chapter members and supporting organisations are eligible for special discounted pricing.

For more information or to register for the (ISC)² Security Congress EMEA visit: http://www.EMEAcongress.isc2.org

Further information about (ISC)²

Formed in 1989 and thus celebrating its 25th Anniversary in 2014, (ISC)² is the largest not-for-profit membership body of certified information and software security professionals worldwide. The organisation currently plays host to over 100,000 members in more than 135 countries.

Globally recognised as ‘The Gold Standard’, (ISC)² issues the Certified Information Systems Security Professional (CISSP) and related concentrations, as well as the Certified Secure Software Lifecycle Professional (CSSLP), the Certified Cyber Forensics Professional (CCFPSM), Certified Authorisation Professional (CAP), HealthCare Information Security and Privacy Practitioner (HCISPPSM) and Systems Security Certified Practitioner (SSCP) credentials to qualifying candidates.

(ISC)²’s certifications are among the first IT credentials to meet the stringent requirements of ISO/IEC Standard 17024, a global benchmark designed for assessing and certifying personnel.

(ISC)² also offers education programmes and services based on its CBK, a compendium of information and software security topics.

Additional detail is available at: http://www.isc2.org

Leave a comment

Filed under Risk UK News

(ISC)² announces inaugural EMEA Security Congress: London, 8-10 December 2014

The Call for Presentations is now open for (ISC)² Security Congress EMEA 2014, an event designed to provide a unique international platform for information security professionals.

International information security professionals have a unique opportunity to meet, learn and get ahead of industry developments with the announcement of the inaugural (ISC)2 Security Congress EMEA.

Organised in partnership with the MIS Training Institute, the (ISC)² Security Congress EMEA 2014 is the first multi-day conference within the Europe, Middle East and Africa (EMEA) region to be hosted by (ISC)², the largest not-for-profit membership body of certified information and software security professionals with over 100,000 members worldwide.

Submissions for presentations are now being accepted until 4 July for the 8-10 December 2014 event, which is to be held at The Bloomsbury Hotel in London.

“(ISC)² EMEA has delivered educational conferences across the region for nearly ten years,” explained John Colley CISSP, managing director for (ISC)² EMEA, “allowing us to develop a strong network of top-notch speakers that can offer real insight into the issues we are all facing.”

International information security professionals have a unique opportunity to meet, learn, and get ahead of industry developments with the announcement of the inaugural (ISC)2 Security Congress EMEA

International information security professionals have a unique opportunity to meet, learn, and get ahead of industry developments with the announcement of the inaugural (ISC)2 Security Congress EMEA

Colley continued: “What makes this initiative really interesting is the opportunity we have to showcase the wealth of experience within the membership. This event presents a unique opportunity for professionals at all levels to come together, share what theyre experiencing on the front lines and learn from each other. I anticipate strong, informative and really useful sessions across the five designated conference tracks.”

Strengthening Cyber Security Defenders

Set to the overall theme of Strengthening Cyber Security Defenders, the (ISC)² Security Congress EMEA 2014 is open to all interested industry professionals.

Building on the experiences of the US-based (ISC)² Security Congress, which is now in its fourth year, the (ISC)² Security Congress EMEA will offer a comprehensive seminar programme over five focused tracks, a pre-conference day of training workshops and special interest sessions along with a gala dinner.

Keynotes and plenaries will be complemented by a broad review of current industry concerns in the following tracks: Governance, Risk and Compliance, Mobile Security, Human Factors, Architecture and Data Security.

The (ISC)² Security Congress EMEA 2014 is the latest development in (ISC)²’s successful and growing global event programme which currently includes 14 one-day (ISC)² information and software security events held in major cities throughout the EMEA region.

For presentation submission requirements, and to learn more, visit: http://www.EMEAcongress.isc2.org

Leave a comment

Filed under IFSECGlobal.com News