Invulnerability against cyber security attacks will never be fully achieved – it is an ongoing and increasing problem. However the cyber threats we experience today are far from new. These types of crime have been around for almost as long as civilisation itself, albeit perpetrated in different forms. The threats are not really changing either but the way in which competent companies address them is evolving, with the support of law enforcement and the provision of evolving defensive tools and techniques.
Primarily the way in which legal services (police and related authorities) deal with the crimes is improving. They are combating cyber criminals in increasingly effective ways – however the task is also growing quickly with threats evolving daily. Despite some notable victories they are not likely to win in the longer term without the support and education of businesses and individuals alike.
The most significant changes we are seeing in the cyber landscape are the effects of the threats realising their aims. Credit card details are still valuable for criminals since they can be traded and monetised very easily within a thriving black-market. Money is the prime target for criminals and they have the time, and increasingly the resources, to find better ways of attacking individuals and organisations. Blackmail, denial of service and similar attacks, based on for example cryptoware, will doubtlessly increase in frequency and complexity in the coming months and years with financial targets as a primary focal point. Continued…
Posted in Cyber Security.
– December 15, 2014
1. The current version
M_o_R® (Management of Risk) 2010 Edition
2. The basics
Management of Risk, M_o_R is a structured framework and process for taking informed decisions about the risks that affect an organization, at a strategic, programme, project or operational level.
M_o_R® was first published in 2002; its current version is the 2010 Edition. The approach was originally designed for use by the UK Government and is now owned by Axelos. It is used in the public and private sectors alike.
Management of Risk is of enterprise-wide importance, and can be applied to the three core elements of a business (see Figure):
- Strategic – business direction
- Change – turning strategy into action, including programme, project and change management
- Operational – day-to-day operation and support of the business
In this way, the strategy for managing risk should be managed from the top of the organization while being embedded into the normal working routines and activities of the organization.
Posted in Exams, Project Mgmt, Qualifications.
– December 11, 2014
Last month marked a momentous milestone in APMG’s journey having launched its Brazilian operation in São Paulo. Establishing a foothold in Brazil is an incredibly exciting opportunity. APMG’s keen to make its expansive portfolio of certification and qualification schemes available to our fellow Portuguese-speaking professionals.
Managed by Priscylla Monteiro – the operation welcomes Accredited Training Organizations (ATOs) in South America access to one of the world’s most diverse portfolio of professional certification schemes.
Posted in Accreditation, Events, Exams, Project Mgmt, Qualifications.
– December 9, 2014
1. The current version
2. The basics
Lean IT is an extension of the Lean manufacturing and Lean services principles, applied in an IT environment. The approach is a way of thinking and acting, focusing heavily on organizational culture. Lean IT is associated with the development and management of Information Technology products and services. The central concern, applied in the context of IT, is the elimination of waste, where waste is work that adds no value to a product or service.
Lean IT focuses on maximizing customer value by minimizing waste, where waste is work that adds no value to a product or service. The mean focus is to achieve operational excellence through improved agility, service quality and process efficiency. It means building a customer and value-oriented culture in which employees engage in Lean IT processes.
It also means involving all employees to continually improve services and preserve value with less effort and optimizing IT operations and processes supporting the most business critical applications and services. Lean IT has a great impact on the culture of an organization with behavioral aspects such as empowering employees to involve them in the optimization of processes. The goal is to implement a rigorous problem solving process to achieve greater strategic and financial value.
Posted in Exams, IT Service Mgmt, Qualifications.
– December 4, 2014
1. The current version
ITIL (Information Technology Infrastructure Library) 2011 Edition
2. The basics
ITIL® is the most widely accepted approach to IT service management in the world; it focuses on aligning IT services with the needs of the business.
ITIL was created in the 1980s by the UK government’s CCTA (Central Computer and Telecommunications Agency) with the objective of ensuring better use of IT services and resources. ITIL is now owned by Axelos: the current version is ITIL 2011 Edition (published July 2011), which updates ITIL v3.
ITIL advocates that IT services must be aligned with the needs of the business and underpin the core business processes. It provides guidance to organizations on how to use IT as a tool to facilitate business change, transformation and growth. The ITIL best practices are described in five core guides that map the entire ITIL Service Lifecycle (see Figure).
- Service Strategy – understanding who the IT customers are, the service offerings to meet their needs, and the IT capabilities and resource to deliver the services
- Service Design – assures that new and changed services are designed effectively to meet customer expectations, including the technology, architecture and processes that will be required
Posted in Exams, IT Service Mgmt.
– November 27, 2014
APMG-International and Leading Edge Forum (LEF) recently delivered a webinar on Business Relationship Management, delivered by Tudor Rees, Associate at LEF.
IT enterprises are facing a dilemma between having a COST agenda for back office efficiency or having a VALUE agenda to achieve front-office effectiveness.
The difference between the two are: in a COST agenda, the approach is often inside-out. There is efficiency and control on processes, standard platforms that teams can work on, structured data, established suppliers, simple and certain ways of work, high compliance but there is also a ‘one size fits all’ approach.
On the other hand, in the VALUE agenda, it is an ‘outside-in’ approach with a focus on value creation. In such organizations, employees are often empowered to think and do outside the box, new technologies are adopted, creativity is encouraged, individuals often bring unique capabilities to the team and are led by business intelligence. However, in these organizations, the risks tend to be higher with a reward to match the risks involved.
Today, new business models are more like the latter, outside-in in approach, and with a strong digital agenda. Organizations embracing this approach engage with key executives, keep customers and partners informed and updated, promote transparency within the business and have a digital focus.
Posted in Accreditation, Business relationship management, Project Mgmt.
– November 27, 2014
ISO/IEC 20000 audits
In ISO/IEC 20000-1 there are requirements for 3 types of audits. Most people recognize the need for internal audit but may forget that there are also requirements for information security audits and configuration audits.
Internal audit (clause 22.214.171.124/2 of ISO20000-1)
The internal audit requirements are common to all management system standards e.g. 9001, 27001. The audit is not just against the requirements of ISO20000-1 but also against the service requirements and the SMS i.e. the organization’s SM policy, SM objectives, SM plan. There is a requirement to audit that all of these items are ‘effectively implemented and maintained’.
Internal audits need to be conducted to ensure objectivity and impartiality. Auditors are not allowed to audit their own work. There are usually 3 options to resource auditors:
- an internal audit department within your organization
- staff within IT services auditing each other’s work
- external consultants conducting internal audits on your behalf.
A procedure is required to provide details of the objectives of internal audits, responsibilities and reporting. The internal audit programme needs to be planned including the criteria, scope, frequency and methods for the audit. The audit may find nonconformities and can make recommendations for improvement.
After an audit, the audit results are written up and reported to the management responsible for the audited area that are then responsible for ensuring that corrective actions are taken. The actions also need to be verified to close any nonconformities found.
ISO 19011 provides useful guidance on internal auditing.
Posted in ISO Schemes.
– November 18, 2014
Priscylla Monteiro -Business Development Manager, APMG South and Central America
APMG International is thrilled to unveil the successful launch of our new operation in Brazil, São Paulo.
The launch of this operation has been catalyzed by a rise in Professional Certifications in South America.
This operation allows us to expand our reach to Portuguese speaking professionals – giving them access to our extensive portfolio of qualifications. It’s an exciting prospect – as this expansion gives many more individuals the opportunity to enhance their business knowledge, skills and performance.
Priscylla Monteiro is spear-heading the operation as manager – enabling Accredited Training Organizations (ATOs) in South America access to over 40 APMG certification and qualification schemes.
Priscylla said that the operation has so far been well received, “The market is pleased to have a local APMG presence. Having the chance to represent APMG in South America will be a great and enjoyable challenge for me.
“My strategy will be to work closely with our customers to help them to identify the best product for their business and to develop a successful growth plain in partnership with them.”
Posted in Events.
– November 17, 2014
Contracts are a part of everyday life; from employment contracts and mortgages to the additional warranty offered on purchases of white goods. So should I be reading every word in these documents, or I should I just shrug and put my signature in the allocated space? Most people will agree with me when I say that a contract is not a riveting read. But we all know that we should be aware of what we are signing ourselves up for before we put pen to paper.
I am the first to admit that I always tick the ‘I agree’ or ‘I have read & understood the terms and conditions’ box as soon as it appears – without clicking on the link to read the details of the terms and conditions. It’s quicker that way; I don’t have time to read the small print, I just want to get to where I am going without paperwork holding me up. I make the assumption that the terms and conditions given to me by my lender or high street retailer are OK, because surely anything untoward in there would have already been picked up by someone else signing before me?
However in business we don’t see these ‘standard’ agreements as often. Contracts between organizations are usually initiated for a specific project. Therefore the detail contained within the contract will be more highly defined and appropriate to the parties involved than a high street retailer agreement. There would have been negotiation and discussion on the responsibilities and requirements of both parties before the contract was drafted. And both of you have pledged your commitment to this venture.
Posted in Qualifications.
– November 17, 2014
UK Trade and Investment (UKTI) has nearly reached the end of its sixth ‘Export Week’. UKTI hold a series of export-focused events throughout the UK – empowering businesses to start their venture into exporting or increasing their international trade.
Harnessing the excitement surrounding this occasion – we reflect on APMG’s own success in exporting and its journey towards achieving a Queens Award for Enterprise in the International Trade Category.
Awarded to us in 2012 – the award serves as recognition of outstanding continuous performance over a period of six years. APMG proudly displays the Queen’s Award Emblem as recognition of our enduring commitment to developing leading qualifications – that challenge and reward candidates with critical knowledge and skills.
The award also recognizes the exemplary training delivered by our Accredited Training Organizations (ATOs) who operate across the globe. It’s commendable that our ATOs survive our scrupulous assessment process – so candidates can be confident that our ATOs are committed to providing world-class training.
Posted in Accreditation, Cyber Security, Events, Exams, Project Mgmt, Qualifications.
– November 14, 2014