Email Alerts
-
Privacy and electronic communications regulations: Guide to EU cookie compliance
Get advice for implementing PECR regulations requiring website owners to request users’ permission to place a tracking cookie. Guide
-
IT in Europe, Security Edition: Password security standards and trends
Passwords have long been a security problem. This IT in Europe: Security Edition looks at password trends and alternative forms of authentication. Learning Guide
-
Opinion: Firms can’t or won’t address social networking security risks
It's a common refrain: Even companies that are aware of social networking security risks don't do anything about them. Opinion
-
IT in Europe, Security Edition: Data security cloud computing outlook
Despite worries about data security, cloud computing is spreading over the UK enterprises, making heroes of many IT staff. Magazine
-
IT security awareness training tutorial: Employee compliance education
Learn best practices for employee awareness training — an essential aspect of compliance, as well as overall security — in this tutorial. Tutorial
-
Patient confidentiality policy for UK electronic health records
While electronic health records could provide valuable information in an emergency, they present patient confidentiality concerns. This Royal Holloway thesis examines the issue. Feature
-
Ministry of Defence security: IT information assurance in the MoD
The MoD should update its information assurance policy, argues Paul Shanes and Chez Ciechanowicz in this Royal Hollo2way MSc thesis article. Feature
-
Security trends 2011: Making sense of predictions
While vendors have never been known to underestimate security threats, the job of the information security pro is, nevertheless, getting harder, says UK Bureau Chief Ron Condon. Feature
-
Risk metrics: Measuring the effectiveness of an IT security control
In this article, based on an MSc thesis by Jonathan Pagett and Siaw-Lynn Ng, learn how to use risk metrics to gauge the effectiveness of IT security controls. Royal Holloway eBook Seri
-
2010 Royal Holloway information security thesis series
In this series of nine articles, recent MSc graduates from Royal Holloway University of London explain their information security research. Royal Holloway 2010
- See more Essential Knowledge on Security Policies and User Awareness
-
Why execs really need corporate security training
Senior executives may be the most likely to disobey all your hard-won corporate security training. Here are five reasons why. News | 31 May 2012
-
Creativity in information security awareness training
Information security awareness training programs must be creative and visually compelling to grab users’ attention and ensure they remember the security lessons. News | 03 May 2012
-
Infosecurity 2012: Survey proves value of security awareness programme
According to the latest findings from PwC, better end-user security training can pay off in fewer breaches. News | 27 Apr 2012
-
Infosecurity 2012: ICO opposes mandatory data breach notification
Information Commissioner Christopher Graham calls mandatory breach disclosure for all companies unnecessary, saying voluntary disclosure is working. News | 26 Apr 2012
-
ISBS 2012 report: Security slow to adapt to new technologies
PwC’s ISBS 2012 report, which will be presented at Infosecurity 2012, shows security teams react too slowly to threats from new technologies. News | 20 Apr 2012
-
For website owners, UK cookie law causing confusion, uncertainty
A survey of digital marketing professionals found some companies plan to take no action to comply with UK cookie law before the May 26 deadline. News | 27 Mar 2012
-
Getting serious about tablet security risks and user training
With increasing tablet security risks, the time has come to get serious about user education. UK Bureau Chief Ron Condon prescribes a new mindset. Opinion | 14 Mar 2012
-
Taking control of smartphone proliferation while avoiding user anarchy
With smartphone proliferation raging through companies, IT teams are turning to MDMs to keep corporate data safe. Are current MDMs up to the task? Feature | 14 Mar 2012
-
Surveying the landscape of today’s mobile device security risks
The biggest mobile device security risks are not from malware -- at least not yet. Find out the primary concerns of IT pros managing mobile devices. News | 14 Mar 2012
-
It's so easy to breach the Data Protection Act
The latest case to appear on the website of the Information Commissioners Office (ICO) shows just how easy it can be to break the law. News | 13 Mar 2012
- See more News on Security Policies and User Awareness
-
The new EU data protection regulation: Planning for compliance
The new data protection rule will impact businesses worldwide. Discover quick wins for SMBs and projects for large businesses to move to compliance. Tip
-
“Click-for-tickets” fraud: Teaching users to sidestep Olympic scams
Attackers are expected to use the Games to foster email and Internet fraud. Learn how to help users sidestep Olympics-related scams. Tip
-
Adding cybercrime software demos to security awareness training
Security professionals can use screenshots of cybercrime software in security awareness training to convey the serious threats organisations face. Tip
-
International computer crime requires an international response
As international computer crime increases in scope and organisation, countries must work together to reduce threats from global cybercrime. Opinion
-
A compliance strategy for the controversial cookie opt-in regulation
Businesses face many concerns with the PECR cookie law. Compliance expert Alan Calder offers a compliance strategy for the cookie opt-in regulation. Tip
-
Four steps to comply with PECR, ICO cookies regulations
To comply with ICO regulations, you’ll need to clean up website cookies and prepare pop-up permission requests. Alan Calder explains how. Tip
-
How to audit cookies for compliance with PECR regulations
Concerned about the PECR regulations for website tracking cookies? Learn how to audit cookies on your site to find out if you are in compliance. Tip
-
Assessing home offices for compliance with security teleworking policy
Get advice on how to assess employee's home offices for security and policy compliance. Tip
-
Segregation of duties: Small business best practices
Segregating duties can be tough in organisations that have few staff members and resources. Get duty segregation best practices for SMBs. Tip
-
How to prevent unauthorised personnel from hacking voicemail
Keeping attackers out of sensitive corporate voicemails can be as easy as updating PIN policies. Tip
- See more Tips on Security Policies and User Awareness
-
Privacy laws in the workplace: Creating employee privacy policies
Are your employees aware of their workplace privacy rights? More specifically, are they aware of what privacy rights they don't retain? Learn how to create effective employee privacy policies. Answer
-
Information security policy template and tips
Information governance expert Neil O'Connor reviews the key considerations that must be made before framing an information security policy. Ask the Expert
-
How to protect employees' personal information and passwords
Even though employees are told over and over again to not give out their user names and passwords, it doesn't always work. Expert Ken Munro explains how to get through to your employees. Ask the Expert
-
What should be part of an employee termination checklist?
Letting go of someone with high IT privileges could come back to haunt you, especially in a time when redundancies are likely to occur in every sector. Ask the Expert
-
Should keystroke loggers be used in enterprise investigations?
Keystroke loggers can provide a great deal of insight into what a perpetrator may be up to inside an enterprise. But not so fast. Ed Skoudis reveals what needs to be done before gathering your first keystroke. Ask the Expert
-
What are the benefits of 'in-the-cloud' network security services?
Services offered 'in the cloud' range from managed firewalls to intrusion detection/prevention services (IDS/IPS) to antispam/antivirus filtering. In this expert Q&A, Mike Chapple reviews the pros and cons of these outsourced security services. Ask the Expert
-
Is it a violation of HIPAA to collect consumer Social Security numbers?
In this expert response, Mike Rothman discusses if collecting consumer SSNs is a HIPAA violation, and unveils how to handle employees that disregard corporate policies. Ask the Expert
-
Who is responsible for handling security program development in an IT infrastructure?
Security management expert Mike Rothman discusses the roles and responsibilities of those involved in IT security program development. Ask the Expert
-
What are the dangers of Web-based remote access systems?
Identity management and access control expert Joel Dubin discusses the security risk associated with using Web-based remote access systems, such as LogMeIn and GoToMyPC. Ask the Expert
-
What is an ideal patch management process for small businesses?
Patch management and testing can be a time-consuming and resource-hungry task. In this expert response, Michael Cobb demonstrates how to streamline the process. Ask the Expert
- See more Expert Advice on Security Policies and User Awareness
-
Privacy and Electronic Communications Regulations (PECR)
The Privacy and Electronic Communications Regulations (PECR) are the UK implementation of the European Union (EU) e-Privacy Directive. Definition
-
Kitemark
Kitemark is a registered trademark owned and awarded by the British Standards Institution for products that have demonstrated standards for quality and safety. Definition
-
BS 10012:2009 (British Standard 10012:2009)
British Standard 10012:2009 (BS 10012:2009) is a standard enacted by the U.K. government in order to further the privacy of sensitive personal information held by British corporations. Definition
-
Financial Services Authority (FSA)
The FSA (Financial Services Authority) is an independent, non-governmental body that regulates the financial services industry in the UK, including most financial services markets, exchanges and firms... (Continued) Definition
-
Basel II
Basel II is an international business standard that requires financial institutions to have enough cash reserves to cover risks incurred by operations. (Continued...) Definition
-
IISP (Institute of Information Security Professionals)
The IISP (Institute of Information Security Professionals) is a London-based professional membership association who describes its purpose as: "to set the standard for professionalism in information security, and to speak with an independent and aut... Definition
-
Risk management in information technology
Get advice on creating a strategy for mitigating information security risk from expert Nick Frost of the Information Security Forum. Video
-
Bruce Schneier on outsourcing, awareness training
At the 2009 Information Security Decisions conference, security expert Bruce Schneier answered some of readers' burning security questions. Video
-
The real reasons behind data backup disk failure
Hugh Thompson, chief security strategist and founder of the consultancy People Security, tells a funny story about how one secretary's innocent mistake was the reason behind a series of suspicious 'media error' messages. Video
-
CISSP Essentials training: Domain 9, Physical Security
Prepare for the CISSP® exam with this special training series on Domain 9, Physical Security. Video
-
Building a framework-based compliance program
Richard Mackey of SystemExperts offers expert advice on how to construct a framework that can help enterprises identify their compliance needs. Video
-
The new EU data protection regulation: Planning for compliance
The new data protection rule will impact businesses worldwide. Discover quick wins for SMBs and projects for large businesses to move to compliance. Tip
-
“Click-for-tickets” fraud: Teaching users to sidestep Olympic scams
Attackers are expected to use the Games to foster email and Internet fraud. Learn how to help users sidestep Olympics-related scams. Tip
-
Why execs really need corporate security training
Senior executives may be the most likely to disobey all your hard-won corporate security training. Here are five reasons why. News
-
Creativity in information security awareness training
Information security awareness training programs must be creative and visually compelling to grab users’ attention and ensure they remember the security lessons. News
-
Adding cybercrime software demos to security awareness training
Security professionals can use screenshots of cybercrime software in security awareness training to convey the serious threats organisations face. Tip
-
International computer crime requires an international response
As international computer crime increases in scope and organisation, countries must work together to reduce threats from global cybercrime. Opinion
-
Infosecurity 2012: Survey proves value of security awareness programme
According to the latest findings from PwC, better end-user security training can pay off in fewer breaches. News
-
Infosecurity 2012: ICO opposes mandatory data breach notification
Information Commissioner Christopher Graham calls mandatory breach disclosure for all companies unnecessary, saying voluntary disclosure is working. News
-
ISBS 2012 report: Security slow to adapt to new technologies
PwC’s ISBS 2012 report, which will be presented at Infosecurity 2012, shows security teams react too slowly to threats from new technologies. News
-
Privacy and electronic communications regulations: Guide to EU cookie compliance
Get advice for implementing PECR regulations requiring website owners to request users’ permission to place a tracking cookie. Guide
- See more All on Security Policies and User Awareness
About Security Policies and User Awareness
Get the latest news and information on developing your information security policies and security user awareness in Internet usage, social engineering and social networking site dangers and threats.