Email Alerts
-
Royal Holloway 2012: An analysis of cloud security certifications
In his Royal Holloway 2012 thesis, Robert Farrugia analyses cloud security certifications and suggests ways organisations can reduce cloud risks. Feature
-
Ministry of Defence security: IT information assurance in the MoD
The MoD should update its information assurance policy, argues Paul Shanes and Chez Ciechanowicz in this Royal Hollo2way MSc thesis article. Feature
-
Raising the efficacy of a Trusted Platform Module security device
The Trusted Computing Group has set out to make interactions between computing devices more secure: But how effective is the technology it propagates? In this article, Andrew Lee-Thorp discusses the technology's potential limitations. Royal Holloway eBook Seri
-
How to improve pharmaceutical data management with the TCG TPM
This article analyses various ways in which the Trusted Computing Group's Trusted Platform Module (TPM) could be used to enhance data security for pharmaceutical companies. Royal Holloway eBook Seri
-
How to approach Good Practice Guide 13 (GPG13) for CoCo compliance
Though mandatory for CoCo compliance, Good Practice Guide 13's protective monitoring controls are seldom implemented by organisations. Learning Guide
-
The real cost of PCI DSS compliance
It's difficult to overestimate the impact PCI DSS has had on information security, not least because of the expense of compliance. As part of SearchSecurity.co.UK's Royal Holloway University of London thesis series, Martin Bradley and Alexander Dent... Royal Holloway eBook Seri
-
PCI compliance UK: The future of European merchant PCI compliance
This PCI DSS UK compliance guide offers advice on how to achieve merchant PCI compliance with expert advice and real-world case studies. Learning Guide
-
Some Things SOX Doesn't Say: SOX Myths
In this excerpt from Chapter 1 of "Sarbanes-Oxley for Dummies," author Jill Gilbert Welytok demystifies four common myths about SOX. Book Chapter
-
RSA Conference 2006
Can't make it to RSA 2006? Check out our continuous coverage from the show floor. Conference Coverage
-
Web application vulnerability statistics show security losing ground
New Web application vulnerability statistics show the number of vulnerabilities is rising, despite the use of Web application development frameworks. News | 08 Feb 2012
-
Jericho founder: Get involved in plan for protecting identity online
Respected identity expert Paul Simmonds says the NSTIC's identity project needs European involvement, or it may not meet Europe's needs. News | 13 Jan 2012
-
Industry groups offer conflicting options for protecting identity online
The Jericho Forum is promoting its strategy for protecting identity online, claiming its approach is superior to the NSTIC or vendors. News | 21 Dec 2011
-
UK banks bracing for new financial services regulations compliance
A research director for Gartner lists the top five financial services regulations that UK banks will have to deal with in the coming years. News | 03 Oct 2011
-
PCI tokenisation best practices guidance offers flexibility
The newly released PCI tokenisation best practices guidance aims to make PCI DSS compliance easier, yet offers technical flexibility for enterprises. News | 12 Aug 2011
-
New ICO guidance issued on EU cookie law
The Information Commissioner's Office has released practical guidance for companies to comply with the new EU cookie law. News | 10 May 2011
-
ISSA standard aims to improve small business IT security
ISSA is crafting a small-business standard to improve information security, but one group questions whether a single standard for all small companies makes sense. News | 18 Mar 2011
-
Security job skills lacking when it comes to technology trends
The need for information security pros is growing worldwide, particularly for those with skills to lock down emerging technologies, a new report from (ISC)2 finds. Article | 23 Feb 2011
-
ISF, (ISC)2 and ISACA team up on IT security principles guidelines
ISF, (ISC)2 and ISACA have worked together to create 12 principles intended to help business and security teams understand and aid each other. Article | 27 Dec 2010
-
Direction 31B sets out data disclosure guidance for UK courts
Following the release of Practice Direction 31B, new directives on data presentation in courts, many organisations will need to rethink their electronic data policies. Article | 10 Dec 2010
- See more News on IT Security Frameworks and Standards
-
Getting control of IT security documentation
Does your IT department feel buried under mountains of paperwork? Expert Michael Cobb shows an easy way to organise your IT security documentation. Tip
-
Information system security certification: Detailed list of certs
There are many information system security certification choices for security pros, IT staff and managers. This list helps you sort out the certs. Tip
-
Organising an information security discussion on IT security processes
Creating a checklist can help prevent important IT security processes from falling through the cracks. Tip
-
Secure software development lifecycle: An approach for SMBs
Small businesses that lack the resources to implement the full MSDL can use its basic tenants to provide more secure software development. Tip
-
How to use the free Microsoft Security Risk Management Guide
Every organisation needs to perform risk assessments, but not all have the resources to do so. Learn how the free Microsoft Security Risk Management Guide can help. Tip
-
Employee information awareness training: PCI policy templates
To comply with PCI DSS -- and keep cardholder data secure -- organisations must train their employees on data handling best practices. This tip explains how. Tip
-
Good Practice Guide 13: Security monitoring policy for CoCo compliance
Good Practice Guide 13, though mandatory, is little known and even less well implemented in organisations. Expert Michael Cobb explains the guide's mandates. Tip
-
ISO 27001 SoA: Creating an information security policy document
To achieve and fulfill UK government contracts, companies must be able to prove that they meet data handling security guidelines, which many organisations are doing under the auspices of ISO 27001. In this expert tip, learn the importance of creating... Tip
-
How to develop a culture of security in the enterprise
Although many maturity models target government, Michael Cobb reviews how one framework contains guidance that is pertinent to businesses as well, particularly those looking to establish strong security training practices and create a culture of secu... Tip
-
Using ICO privacy impact assessment template for DPA compliance
Personal information management remains a critical enterprise responsibility. One standard originally used for government data can help your organisation assess its own privacy risks. Tip
- See more Tips on IT Security Frameworks and Standards
-
How to meet the PCI DSS compliance deadline on an IT security budget
Learn how to meet the upcoming PCI DSS compliance deadline while sticking to an IT security budget by leveraging existing security infrastructure in this response from expert Mathieu Gorge. Ask the Expert
-
Information security policy template and tips
Information governance expert Neil O'Connor reviews the key considerations that must be made before framing an information security policy. Ask the Expert
-
When IT security costs are cut, which security product is a must?
Having trouble finding the right security product when budgets are tight? Expert Peter Wood explains which particular guidelines can help you find the appropriate technologies for your organization. Ask the Expert
-
What considerations should be made when outsourcing IT infrastructure?
Expert Peter Wood explains how to investigate a partner's security posture when your IT infrastructure is outsourced. Ask the Expert
-
Should ISO 17799 play a role in risk assessment?
In this SearchSecurity.com Q&A, security pro Mike Rothman offers advice on the best risk assessment procedures, and discusses whether or not ISO 17799 should be involved in the process. Ask the Expert
-
How is ISO 17799 different from SAS 70?
In today's security world, it's hard to keep track of each and every management standard and auditing procedure. In this SearchSecurity.com Q&A, security management expert Shon Harris reveals the differences between ISO 17799 and SAS 70. Ask the Expert
-
CESG Good Practice Guides (GPG)
Good Practice Guides (GPG) are documents created by the CESG, which provides guidance on aspects of information assurance (IA) to help organisations manage risk effectively. Definition
-
Jericho Forum
The Jericho Forum is a global organization formed to help members deal the challenges of information security in an increasingly complex environment. (Continued) Definition
-
Kitemark
Kitemark is a registered trademark owned and awarded by the British Standards Institution for products that have demonstrated standards for quality and safety. Definition
-
FTSE 100
FTSE 100 is an index of the financial performance of the100 largest companies in the UK. Definition
-
UK Government Connect Secure Extranet (GCSX)
The UK Government Connect Secure Extranet (GCSX) is a secure WAN that allows officials at local public-sector organisations to interact and share data privately and securely with central government departments. Definition
-
ISO 27001
ISO 27001 (formally known as ISO/IEC 27001:2005) is a specification for an information security management system (ISMS). An ISMS is a framework of policies and procedures that includes all legal, physical and technical controls involved in an organi... Definition
-
Financial Services Authority (FSA)
The FSA (Financial Services Authority) is an independent, non-governmental body that regulates the financial services industry in the UK, including most financial services markets, exchanges and firms... (Continued) Definition
-
UK Identity Cards Act
The UK Identity Cards Act is a framework of enabling legislation for a British National Identity card passed in 2006. The Act has not yet gone into full-scale development or deployment... (Continued) Definition
-
IISP (Institute of Information Security Professionals)
The IISP (Institute of Information Security Professionals) is a London-based professional membership association who describes its purpose as: "to set the standard for professionalism in information security, and to speak with an independent and aut... Definition
-
Jericho Forum: Self-assessment guide
In part one of this interview, Jericho Forum board members Bob West and Paul Simmonds discuss the new self-assessment guide that the forum recently released and how it can help enterprises keep security vendors in check. Video
-
CISSP Essentials training: Domain 8, Law, Investigations and Ethics
In this CISSP Essentials Security School video, Domain 8, Laws, Investigations and Ethics, expert CISSP exam trainer Shon Harris details the role of forensics and how to ensure that companies are compliant to applicable laws. Video
-
CISSP Essentials training: Domain 4, Security Models and Architecture
In this CISSP Essentials Security School lesson, Domain 4, Security Models and Architecture, noted CISSP certification exam trainer Shon Harris investigates the framework and structures that make up typical computer systems. Video
-
Royal Holloway 2012: An analysis of cloud security certifications
In his Royal Holloway 2012 thesis, Robert Farrugia analyses cloud security certifications and suggests ways organisations can reduce cloud risks. Feature
-
CESG Good Practice Guides (GPG)
Good Practice Guides (GPG) are documents created by the CESG, which provides guidance on aspects of information assurance (IA) to help organisations manage risk effectively. Definition
-
Jericho Forum
The Jericho Forum is a global organization formed to help members deal the challenges of information security in an increasingly complex environment. (Continued) Definition
-
Kitemark
Kitemark is a registered trademark owned and awarded by the British Standards Institution for products that have demonstrated standards for quality and safety. Definition
-
Web application vulnerability statistics show security losing ground
New Web application vulnerability statistics show the number of vulnerabilities is rising, despite the use of Web application development frameworks. News
-
FTSE 100
FTSE 100 is an index of the financial performance of the100 largest companies in the UK. Definition
-
Jericho founder: Get involved in plan for protecting identity online
Respected identity expert Paul Simmonds says the NSTIC's identity project needs European involvement, or it may not meet Europe's needs. News
-
Getting control of IT security documentation
Does your IT department feel buried under mountains of paperwork? Expert Michael Cobb shows an easy way to organise your IT security documentation. Tip
-
Industry groups offer conflicting options for protecting identity online
The Jericho Forum is promoting its strategy for protecting identity online, claiming its approach is superior to the NSTIC or vendors. News
-
Information system security certification: Detailed list of certs
There are many information system security certification choices for security pros, IT staff and managers. This list helps you sort out the certs. Tip
- See more All on IT Security Frameworks and Standards
About IT Security Frameworks and Standards
IT security frameworks and standards are an integral aspect of security governance. Get news and expert advice on security standards such as ISO 27002 (27001), COSO and COBIT.