|
Month
|
Links page
|
Module coverage
|
|
#90 Nov
|
Social engineering
|
Exploiting the people who use information and IT systems.
|
|
#89 Oct
|
Security standards
|
A new module expounding on the benefits of adopting both international best practice security standards and in-house technical standards.
|
|
#88 Sept
|
Wi-fi security
|
Securing wireless LANs and other wireless network connections.
|
|
#87 Aug
|
Industrial espionage |
A new module all about appreciating the value of, and protecting,
trade secrets and other sensitive proprietary information against industrial espionage and related threats. [Free PDF newsletter ]
|
|
#86 Jul
|
Human factors
|
Human elements of information security - security culture, awareness, policies, procedures, roles & responsibilities and compliance ...
|
|
#85 Jun
|
Incident management
|
With the best will in the world, incidents will happen. Responding effectively and efficiently is the key.
|
|
#84 May
|
Identity theft
|
If someone can become your virtual clone, imagine all the mischief they might cause in your name. Imagine too just how difficult it would
be to prove that you are the original and they are the clone ...
|
|
#83 Apr
|
Network and Internet security
|
Widespread Internet connectivity has revolutionized business but created substantial security issues with LANs, remote network users and
WWW
|
|
#82 Mar
|
Malware
|
Find out what’s hot in the world of malware threats and defenses.
|
|
#81 Feb
|
Cryptography
|
All about the art and science of secret writing, a fundamental confidentiality, authenticity and integrity control
|
|
#80 Jan 2010
|
Secure software development
|
If ‘software engineering’ is truly an engineering science, just why is so much software horrendously flawed and insecure?
|
|
#79 Dec
|
Physical security
|
Physical protection for tangible information assets and the associated information processing services and supplies
|
|
#78 Nov
|
Social networking
|
Focuses on social networking, social media, Web 2.0 and other social engineering threats.
|
|
#77 Oct
|
Securing business relationships
|
Since commercial relationships with third parties necessarily involve exchanging information, information security risks should be considered.
|
|
#76 Sep
|
Privacy
|
Confidentiality issues for individuals, namely privacy and protection of personal information.
|
|
#75 Aug
|
Email/messaging and office security
|
There are numerous information security risks in the typical office/workplace, ranging from physical security to email, IM and other forms
of messaging, phones and FAXes.
|
|
#74 July
|
Digital forensics
|
How do real-world forensic investigators examine computer systems, networks, cellphones and data for clues? (see also June 2010)
|
|
#73 June
|
Bugs!
|
About those security vulnerabilities built-in to software through programming errors and design flaws.
|
|
#72 May
|
Change & config management
|
Security requires that changes to IT systems, networks etc. plus information handling procedures, are tested and approved.
|
|
#71 Apr
|
Network security
|
From logon to logoff, staff are dependent on networks but do they even consider, let alone fulfill their information security
obligations?. (updated April 2010)
|
|
#70 Mar
|
SCADA
|
Securing industrial control systems and embedded systems is important to protect critical both national and corporate infrastructures.
|
|
#69 Feb
|
Malware
|
Viruses, worms, Trojans, rootkits and so forth represent one of the oldest security threats (updated March 2010)
|
|
#68 Jan 2009
|
Hacking
|
Explore IT’s dark side with a look at hackers, crackers And All That. Ethical issues get a mention alongside issues such as full
disclosure, cybercriminals, cyberterrorism and more.
|
|
#67 Dec
|
Gizmos
|
The security issues associated with portable IT devices (“gizmos”) and teleworking have become a serious challenge.
|
|
#66 Nov
|
Social engineering
|
Find out why it’s not such a bright idea to publish loads of personal information on MySpace or Linkedin (updated November 2009)
|
|
#65 Oct
|
Ethics
|
Ethics and morals remain an important means of control in many situations, though employees sometimes need a little guidance ...
|
|
#64 Sep
|
Email security
|
Email does double service as a business and personal communications tool. (Updated August 2009)
|
|
#63 Aug
|
Information security governance
|
Covers the information security aspects of governance and its relationship to both IT governance and corporate governance.
|
|
#62 July
|
Infosec risk management
|
Find out what’s involved in identifying, evaluating, mitigating and monitoring information security risks in the modern enterprise.
|
|
#61 June
|
Phishing & identity theft
|
Integrates user authentication and identity theft, touching on integrity and trust, email security, malware and more. (Updated May 2010)
|
|
#60 May
|
Trust, integrity & fraud
|
To what extent do, or should, we trust the information, data and IT systems, plus the people who use and manage them? What can be done to make
them more trustworthy?
|
|
#59 Apr
|
IT audit
|
IT auditors assess risks and controls affecting an organization’s information assets. Find out what they actually do thins month and
perhaps get ahead of the next audit.
|
|
#58 Mar
|
Malware
|
Hackers are finding ever more devious ways to subvert systems using rootkits and Trojans, while viruses, worms etc. remain significant risks (updated March 2010)
|
|
#57 Feb
|
Contingency planning
|
When all else fails, contingency plans (Plan B) are what we fall back on. The module also covers resilience, business continuity and disaster
recovery planning
|
|
#56 Jan 2008
|
Office security
|
Brand new awareness module covering security issues in the typical office (not security for Microsoft Office) (updated August 2009)
|
|
#55 Dec
|
Social engineering
|
Manipulating people to access information assets without proper authority (updated November 2009)
|
|
#54 Nov
|
Security compliance
|
An ever-increasing raft of rules and regulations impinge on information security. Find out why compliance is such an important issue.
|
|
#53 Oct
|
Physical security
|
Concerns controls to protect the IT systems and other information assets against physical harm or theft
|
|
#52 Sept
|
Email security
|
Security risks associated with the use of email and indeed other forms of personal messaging (updated August 2010)
|
|
#51 Aug
|
Trade secrets
|
From competitive intelligence through industrial espionage to information warfare, trade secrets are seriously under threat
|
|
#50 July
|
Authentication
|
Known to most of us as usernames and passwords (updated May 2010)
|
|
#49 June
|
Privacy & data protection
|
Keeping personal information private is more important than ever in these days of identity theft and similar attacks
|
|
#48 May
|
Insider threat
|
Security threats posed by trusted insiders: employees, consultants etc.
|
|
#47 April
|
Network security
|
Network security risks from outsiders and insiders including issues with private LANs and remote network users (updated April 2010)
|
|
#46 March
|
Viruses
|
... or malware, as the security geeks would have it (updated March 2010)
|
|
#45 Feb
|
Database security
|
New topic: confidentiality, integrity and availability issues relating to database design/management
|
|
#44 Jan 2007
|
Intellectual Property Rights
|
IPR issues include software licenses and piracy, trademarks, patents, non-disclosure agreements, Digital Rights Management and more
|
|
#43 Dec
|
Social engineering
|
Exploiting gullible employees (updated November 2009)
|
|
#42 Nov
|
Roles & responsibilities
|
Security roles and responsibilities are far more than just a SOX issue
|
|
#41 Oct
|
Incident response
|
Responding promptly and efficiently to information security incidents requires preparation and procedures (updated June 2010)
|
|
#40 Sept
|
Mobile security
|
An updated module covering information security for road warriors and home workers (updated December 2008)
|
|
#39 Aug
|
Identity theft
|
Stealing - or rather cloning - someone’s identity (updated May 2010)
|
|
#38 July
|
Availability
|
Resilience and DR are vital controls to maintain availability of critical IT systems and services (updated February 2008)
|
|
#37 June
|
Email security
|
Information security issues associated with the use of electronic mail (updated August 2009)
|
|
#36 May
|
Security-SDLC integration
|
Covers integration of information security activities into the Software Development Life Cycle from cradle-to-grave (updated Jan 2010)
|
|
#35 April
|
Keeping secrets
|
Shhhh, can you keep a secret? Confidentiality for personal and proprietary information (see also Aug 2010)
|
|
#34
March
|
Malware
|
Malicious software (updated March 2010)
|
|
#33 Feb
|
Bugs!
|
Software often fails to meet the requirements, including (all too often) information security (updated June 2009)
|
|
#32 Jan 2006
|
3rd party security
|
Information security aspects of relationships with third parties such as suppliers, business partners and customers (updated October 2009)
|
|
#31 Dec
|
Social engineering
|
Tricking and manipulating employees (updated November 2009)
|
|
#30 Nov
|
Secure development
|
How should information security be integrated into the systems development lifecycle? (updated May 2006)
|
|
#29 Oct
|
IT Operations
|
IT Ops keep things running smoothly in IT but how do they secure the IT infrastructure in fact? (updated July 2008)
|
|
#28 Sept
|
Authentication
|
About logging on and checking claimed identities (updated May 2010)
|
|
#27 Aug
|
Change management
|
Managing and controlling system configurations, applying patches etc. (updated May 2009)
|
|
#26 & 26+ July
|
Crisis management
|
Bonus module on crisis management inspired by the emergency services’ exemplary response to the London bombing this month
|
|
Hacking
|
Hackers or rather crackers are the bĂȘte noire of information security but is the threat real? (updated January 2009)
|
|
#25 June
|
Email security
|
Information security issues associated with electronic mail (updated June 2007)
|
|
#24 May
|
Risk management
|
Methods for analyzing/assessing, monitoring, minimizing and reporting security risks (updated July 2008)
|
|
#23 April
|
IT governance
|
Management oversight, direction & control with an emphasis on information, IT, risk and SOX (see also November 2006 module)
|
|
#22 March
|
Malware
|
Viruses, worms, Trojans And All That (updated March 2010)
|
|
#21 Feb
|
Information security management
|
How should a best-practice information security function be structured? What does the Information Security Manager actually do? (updated July 2008)
|
|
#20 Jan 2005
|
IT auditing
|
Independent audits characterize risks affecting an organization’s information assets and recommend control improvements (updated April 2007)
|
|
#19 Dec
|
Infosec laws, regs & standards
|
Laws, regulations and standards defining obligations and best practice for IT and information security (updated November 2007)
|
|
#18 Nov
|
Physical & environmental security
|
Security and services for the computer suite: physical access controls, UPS, air conditioning etc. (updated October 2007)
|
|
#17 Oct
|
Incident management
|
Procedures to deal effectively with information security breaches (updated June 2010)
|
|
#16 Sept
|
Accountability & responsibility
|
Specifically covers accountability & responsibility for IT and information security (updated November 2006)
|
|
#15 Aug
|
Social engineering
|
Hoodwinking employees can be a much easier route in than hacking well-secured IT systems (updated November 2009)
|
|
#14 July
|
Wireless networking
|
Special issue in response to the rapid spread of Wi-Fi and Bluetooth, public hotspots and so on (updated April 2009)
|
|
#13 June
|
Contingency planning
|
Planning for the unpredictable, preparing the organization to recover efficiently from disasters (updated February 2008)
|
|
#12 May
|
Personal data & privacy
|
Protection of personal data and privacy, including legal issues such as Data Protection and HIPAA (updated September 2009)
|
|
#11 April
|
email security
|
Securing the design and use of electronic mail and other messaging systems (updated August 2009)
|
|
#10 March
|
IT-related fraud
|
Information security controls to tackle IT-related fraud, embezzlement and misrepresentation (updated May 2008)
|
|
#9 Feb
|
Internet/web security
|
Identity theft, hacking, eCommerce ... so much to cover, we’re spoilt for choice (updated April 2010)
|
|
#8 Jan 2004
|
Intellectual Property Rights (IPR)
|
Software licensing and piracy, trademarks, patents, nondisclosure agreements etc. (updated January 2007)
|
|
#7 Dec
|
Ownership of information assets
|
Accountability and responsibility for information assets, information security classification (updated November 2006)
|
|
#6 Nov
|
Portable computing & teleworking
|
Security issues with portable PCs, PDAs, wireless LANs, VPNs, dial-up etc. for road warriors and home workers (updated December 2008)
|
|
#5 Oct
|
Integrity
|
Integrity (completeness and accuracy) of data and systems, plus personal integrity (updated May 2008)
|
|
#4 Sept
|
Availability
|
Contingency planning, denial of service attacks and software quality assurance (updated February 2008)
|
|
#3 Aug
|
Confidentiality
|
Covers access control, secrecy, privacy, encryption and identity theft (updated in many other modules)
|
|
#2 July
|
Malware
|
Malicious software, or rather viruses etc. written and released by malicious programmers (updated March 2010)
|
|
#1
June 2003
|
Security awareness and general infosec links
|
This website and the NoticeBored service was launched with two pages of basic information security links and security awareness links
|