-
Employee security training for Data Protection Act compliance
Data Protection Act compliance can be difficult to manage, but if employees have no awareness of how to handle sensitive information, it becomes impossible. In this excerpt from Data Protection Compliance in the UK -- A Pocket Guide, learn strategies... Book Chapter
-
H1N1 planning for your organization: An essential guide
There are some things that every company should do as part of their H1N1 planning. Discover how to prepare for a possible swine flu outbreak so your business can continue to operate smoothly and securely by downloading this exclusive eBook now. E-Guide
-
Creating an enterprise security awareness campaign
Security awareness programmes work better when everyone is involved in the process Royal Holloway eBook Seri
-
Making security awareness programmes more effective
Geordie Stewart and John Austen believe we could learn a great deal by looking at marketing and psychology disciplines when setting up a security awareness programme. Royal Holloway eBook Seri
-
Can we expect protected privacy online?
Security experts Bruce Schneier and Marcus Ranum debate whether users should have an expectation of online privacy. Face-off
-
Infosecurity Europe 2009: News, interviews and updates
Infosecurity Europe 2009 has begun. SearchSecurity.co.uk is on the conference floor, providing the latest news and updates from London. Special News Coverage
-
Do enterprises face social networking risks?
Should companies be concerned about employees' social networking? Bruce Schenier and Marcus Ranum take opposite sides on this issue. Face-off
-
RSA Conference 2008: Special news coverage
SearchSecurity.com and Information Security deliver all the news from RSA Conference 2008. Special News Coverage
-
Security Metrics: Replacing Fear, Uncertainty, and Doubt
In this chapter excerpt from "Security Metrics: Replacing Fear, Uncertainty and Doubt," author Andrew Jaquith reveals ways to present security data in a clean and elegant manner. Book Chapter
-
Social engineering
The fith tip in our series "How to assess and mitigate information security threats," excerpted from Chapter 3: The Life Cycle of Internet Access Protection Systems of the book "The Shortcut Guide to Protecting Business Internet Usage," published by ... Book Chapter
- See More: Essential Knowledge on Security Policies and User Awareness
-
Study finds attacks slip past spotty patch management policies
A study finds attackers targeting firms with poor patch management policies, exploiting vulnerabilities that should have been patched years ago. News | 10 Feb 2012
-
Jericho founder: Get involved in plan for protecting identity online
Respected identity expert Paul Simmonds says the NSTIC's identity project needs European involvement, or it may not meet Europe's needs. News | 13 Jan 2012
-
Comet hit with lawsuit for alleged Microsoft Windows piracy
Microsoft is suing Comet, alleging the electronics retailer sold counterfeit Windows backup discs, but Comet claims it was just good customer service. News | 04 Jan 2012
-
ICO stands by unpopular UK cookie legislation with advice, warnings
Website owners have resisted compliance with cookie legislation so the ICO has issued more guidance and warnings to nudge them along. News | 21 Dec 2011
-
Report on UK cybercrime statistics reveals culprits and responders
PwC’s cybercrime statistics reveal who is most likely to commit cybercrime, and who is the best choice to respond in any organisation. News | 06 Dec 2011
-
Concerned about tablet security issues? Some are, others not so much
Users love their tablets, but security pros are concerned about tablet security issues. However, though tablets bring new threats, not everyone is ringing the alarm. News | 05 Dec 2011
-
Privacy group reports alarming data breach statistics in public sector
Big Brother Watch reported alarming data breach statistics at local councils, which may be just the tip of the iceberg. News | 30 Nov 2011
-
Government publishes UK Cyber Security Strategy to protect public
The government’s UK cyberscurity strategy includes a new crime unit, more certifications, increased public education, and the creation of kitemarks. News | 28 Nov 2011
-
Tougher data protection rules will push up cost of email marketing
The EU will announce tougher rules for collecting information from consumers. Security pros can plan now for the new rules, expected in January 2012. News | 17 Nov 2011
-
University IT security pros thwart content piracy with traffic shaping
A traffic-shaping system installed at the University of Exeter quickly yielded huge dividends by blocking illegal piracy of music and films. News | 27 Oct 2011
- See More: News on Security Policies and User Awareness
-
Assessing home offices for compliance with security teleworking policy
Get advice on how to assess employee's home offices for security and policy compliance. Tip
-
Segregation of duties: Small business best practices
Segregating duties can be tough in organisations that have few staff members and resources. Get duty segregation best practices for SMBs. Tip
-
How to prevent unauthorised personnel from hacking voicemail
Keeping attackers out of sensitive corporate voicemails can be as easy as updating PIN policies. Tip
-
The case for ongoing end-user security awareness training
Expert Michael Cobb makes the case for year-round end-user security awareness training. Tip
-
Maintaining a third-party security policy for DPA compliance
Prevent data breaches and possible brand damage by vetting and checking up on third parties' security processes. Tip
-
Employee monitoring policy to avoid breaking employee monitoring laws
Both the DPA and Human Rights Act include employee monitoring. Learn how to preserve employee privacy, while still keeping an eye out. Tip
-
How UK security laws and European privacy laws impact businesses
Given the multitude of security and privacy laws within the EU, knowing which ones have bearing on your business can be confusing. Tip
-
Organising an information security discussion on IT security processes
Creating a checklist can help prevent important IT security processes from falling through the cracks. Tip
-
Creating secure virtual machines with strong data separation policies
Virtualisation can increase cost savings and efficiency, but could also increase an organisation's risk level. Tip
-
Project collaboration tools: Web security policy for B2B collaboration
Project collaboration tools are easy for users to set up. Securing them, however, takes a bit more time and effort. Tip
- See More: Tips on Security Policies and User Awareness
-
Privacy laws in the workplace: Creating employee privacy policies
Are your employees aware of their workplace privacy rights? More specifically, are they aware of what privacy rights they don't retain? Learn how to create effective employee privacy policies. Answer
-
Information security policy template and tips
Information governance expert Neil O'Connor reviews the key considerations that must be made before framing an information security policy. Ask the Expert
-
How to protect employees' personal information and passwords
Even though employees are told over and over again to not give out their user names and passwords, it doesn't always work. Expert Ken Munro explains how to get through to your employees. Ask the Expert
-
What should be part of an employee termination checklist?
Letting go of someone with high IT privileges could come back to haunt you, especially in a time when redundancies are likely to occur in every sector. Ask the Expert
-
Should keystroke loggers be used in enterprise investigations?
Keystroke loggers can provide a great deal of insight into what a perpetrator may be up to inside an enterprise. But not so fast. Ed Skoudis reveals what needs to be done before gathering your first keystroke. Ask the Expert
-
What are the benefits of 'in-the-cloud' network security services?
Services offered 'in the cloud' range from managed firewalls to intrusion detection/prevention services (IDS/IPS) to antispam/antivirus filtering. In this expert Q&A, Mike Chapple reviews the pros and cons of these outsourced security services. Ask the Expert
-
Is it a violation of HIPAA to collect consumer Social Security numbers?
In this expert response, Mike Rothman discusses if collecting consumer SSNs is a HIPAA violation, and unveils how to handle employees that disregard corporate policies. Ask the Expert
-
Who is responsible for handling security program development in an IT infrastructure?
Security management expert Mike Rothman discusses the roles and responsibilities of those involved in IT security program development. Ask the Expert
-
What are the dangers of Web-based remote access systems?
Identity management and access control expert Joel Dubin discusses the security risk associated with using Web-based remote access systems, such as LogMeIn and GoToMyPC. Ask the Expert
-
What is an ideal patch management process for small businesses?
Patch management and testing can be a time-consuming and resource-hungry task. In this expert response, Michael Cobb demonstrates how to streamline the process. Ask the Expert
- See More: Expert Advice on Security Policies and User Awareness
-
BS 10012:2009 (British Standard 10012:2009)
British Standard 10012:2009 (BS 10012:2009) is a standard enacted by the U.K. government in order to further the privacy of sensitive personal information held by British corporations. Word
-
Financial Services Authority (FSA)
The FSA (Financial Services Authority) is an independent, non-governmental body that regulates the financial services industry in the UK, including most financial services markets, exchanges and firms... (Continued) Word
-
IISP (Institute of Information Security Professionals)
The IISP (Institute of Information Security Professionals) is a London-based professional membership association who describes its purpose as: "to set the standard for professionalism in information security, and to speak with an independent and auth... Word
-
Basel II
Basel II is an international business standard that requires financial institutions to have enough cash reserves to cover risks incurred by operations. (Continued...) Word
-
Risk management in information technology
Get advice on creating a strategy for mitigating information security risk from expert Nick Frost of the Information Security Forum. Video
-
Bruce Schneier on outsourcing, awareness training
At the 2009 Information Security Decisions conference, security expert Bruce Schneier answered some of readers' burning security questions. Video
-
The real reasons behind data backup disk failure
Hugh Thompson, chief security strategist and founder of the consultancy People Security, tells a funny story about how one secretary's innocent mistake was the reason behind a series of suspicious 'media error' messages. Video
-
CISSP Essentials training: Domain 9, Physical Security
Prepare for the CISSP® exam with this special training series on Domain 9, Physical Security. Video
-
Building a framework-based compliance program
Richard Mackey of SystemExperts offers expert advice on how to construct a framework that can help enterprises identify their compliance needs. Video
-
Study finds attacks slip past spotty patch management policies
A study finds attackers targeting firms with poor patch management policies, exploiting vulnerabilities that should have been patched years ago. News
-
Jericho founder: Get involved in plan for protecting identity online
Respected identity expert Paul Simmonds says the NSTIC's identity project needs European involvement, or it may not meet Europe's needs. News
-
Assessing home offices for compliance with security teleworking policy
Get advice on how to assess employee's home offices for security and policy compliance. Tip
-
Comet hit with lawsuit for alleged Microsoft Windows piracy
Microsoft is suing Comet, alleging the electronics retailer sold counterfeit Windows backup discs, but Comet claims it was just good customer service. News
-
IT in Europe, Security Edition: Password security standards and trends
Passwords have long been a security problem. This IT in Europe: Security Edition looks at password trends and alternative forms of authentication. Learning Guide
-
Opinion: Firms can’t or won’t address social networking security risks
It's a common refrain: Even companies that are aware of social networking security risks don't do anything about them. Opinion
-
ICO stands by unpopular UK cookie legislation with advice, warnings
Website owners have resisted compliance with cookie legislation so the ICO has issued more guidance and warnings to nudge them along. News
-
Segregation of duties: Small business best practices
Segregating duties can be tough in organisations that have few staff members and resources. Get duty segregation best practices for SMBs. Tip
-
How to prevent unauthorised personnel from hacking voicemail
Keeping attackers out of sensitive corporate voicemails can be as easy as updating PIN policies. Tip
-
Report on UK cybercrime statistics reveals culprits and responders
PwC’s cybercrime statistics reveal who is most likely to commit cybercrime, and who is the best choice to respond in any organisation. News
- See More: All on Security Policies and User Awareness
About Security Policies and User Awareness
Get the latest news and information on developing your information security policies and security user awareness in Internet usage, social engineering and social networking site dangers and threats.