|
Month
|
Links page
|
Module coverage
|
|
#63
Aug
|
Governance
|
We’re researching for a brand new module for August, covering the information security aspects of governance.
|
|
#62
July
|
Infosec risk management
|
Find out what’s involved in managing information security risks
in the modern enterprise.
|
|
#61
June
|
Phishing
|
Core awareness module - phishing is a topic that integrates user authentication, malware, identity theft, trust, email security and more.
|
|
#60
May
|
Trust, integrity
& fraud |
Our 5th birthday module! To what extend do, or should, we trust the information, data and IT systems, plus the people who use and manage them? What can be done to make them more trustworthy? 
[Sign-up to the newsletter mailing list for May’s newsletter  ]
|
|
#59
Apr
|
IT audit
|
IT auditors assess risks and controls affecting an organization’s information assets. Find out what they actually do thins
month and perhaps get ahead of the next audit. [April newsletter ]
|
|
#58
Mar
|
Malware
|
Core awareness module - hackers are finding ever more devious ways to subvert systems using rootkits and Trojans, while viruses, worms etc. remain significant risks. [March newsletter ]
|
|
#57
Feb
|
Contingency planning
|
When all else fails, contingency plans (Plan B) are what we fall back on. The module also covers resilience, business continuity and disaster recovery planning [February newsletter ]
|
|
#56
Jan 2008
|
Office security
|
Brand new awareness module covering security issues in the typical office (not security for Microsoft Office)
[January newsletter ]
|
|
#55
Dec
|
Social engineering
|
Core awareness module - as technical controls become ever tighter, hackers are exploiting the unaware [December newsletter ]
|
|
#54
Nov
|
Security compliance
|
An ever-increasing raft of rules and regulations impinge on information security. Find out why compliance is such an important issue.
[November newsletter ]
|
|
#53
Oct
|
Physical security
|
Concerns controls to protect the IT systems and other information assets against physical harm or theft
|
|
#52
Sept
|
Email security
|
Core awareness module - covering the myriad information security concerns with electronic mail.
|
|
#51
Aug
|
Trade secrets
|
From competitive intelligence through industrial espionage to information warfare, trade secrets are seriously under threat
|
|
#50
July
|
Authentication
|
Core awareness module - passwords and multi-factor authentication using tokend and biometrics
|
|
#49
June
|
Privacy & data protection
|
Keeping personal information private is more important than ever in these days of identity theft and similar attacks
|
|
#48
May
|
Insider threat
|
Security threats posed by trusted insiders: employees, consultants etc.
|
|
#47
April
|
Network security
|
Network security risks from outsiders and insiders including issues with private LANs and remote network users
|
|
#46
March
|
Viruses
|
Core awareness module - find out what’s happening with PC viruses,
worms, Trojans and keyloggers
|
|
#45
Feb
|
Database security
|
New topic: confidentiality, integrity and availability issues relating to database design/management
|
|
#44
Jan 2007
|
Intellectual Property Rights
|
IPR issues include software licenses and piracy, trademarks, patents, NDAs, DRM etc.
|
|
#43
Dec
|
Social engineering
|
Core awareness module: - manipulating people to get them to disclose information (updated December 2007)
|
|
#42
Nov
|
Roles & responsibilities
|
Security roles and responsibilities are far more than just a SOX issue
|
|
#41
Oct
|
Incident response
|
Responding promptly and efficiently to information security incidents requires preparation and procedures
|
|
#40
Sept
|
Mobile security
|
An updated module covering information security for road warriors and home workers
|
|
#39
Aug
|
Identity theft
|
Core awareness module - covered remote user authentication and IT fraud issues in time for Global Security Week (updated July 2007)
|
|
#38
July
|
Availability
|
Resilience and DR are vital controls to maintain availability of critical IT systems and services (updated February 2008)
|
|
#37
June
|
Email security
|
Core awareness module on the information security aspects of using email (updated September 2007)
|
|
#36
May
|
Security-SDLC integration
|
Covers integration of information security activities into the Software Development Life Cycle from cradle-to-grave
|
|
#35
April
|
Keeping secrets
|
Shhhh, can you keep a
secret? Confidentiality for personal and proprietary information
|
|
#34
March
|
Malware
|
Core awareness module on viruses, network worms, Trojans, key loggers, spyware etc.
|
|
#33
Feb
|
Bugs!
|
Software often fails to meet the requirements, including (all too often) information security
|
|
#32
Jan 2006
|
3rd party security
|
Covers information security aspects of relationships with third parties such as suppliers, business partners and customers
|
|
#31
Dec
|
Social engineering
|
Core awareness module (updated December 2007)
|
|
#30
Nov
|
Secure development
|
How should information security be integrated with the systems development lifecycle?
(updated May 2006)
|
|
#29
Oct
|
IT Operations
|
IT Ops keep things running smoothly at the organization’s nerve center but how do/should they secure the IT infrastructure?
(to be revised July 2008)
|
|
#28
Sept
|
Authentication
|
Core awareness module (updated July 2007)
|
|
#27 & 99
Aug
|
Change management
|
Managing and controlling system configurations,
applying patches etc.
|
|
Security induction
|
Bonus module covers the basics of information security for use in new employee security induction training (updated November 2007)
|
|
#26 & 26+
July
|
Crisis management
|
Special module
on crisis management and contingency planning inspired by the emergency services’ response to the London bombs (see also February 2007 module)
|
|
Hacking
|
Hackers or rather crackers are the bĂȘte noire of information security but is the threat real?
|
|
#25
June
|
Email security
|
Core awareness module (updated June 2007)
|
|
#24
May
|
Risk management
|
Methods for analyzing/assessing, monitoring, minimizing and reporting security risks (to be revised July 2008)
|
|
#23
April
|
IT governance
|
Management oversight, direction & control with an emphasis on information, IT, risk and SOX (see also November 2006 module)
|
|
#22
March
|
Malware
|
Core awareness module (updated March 2007)
|
|
#21
Feb
|
Information security management
|
How should a best-practice information security function be structured? What does the Information Security Manager actually do?
(to be revised July 2008)
|
|
#20
Jan 2005
|
IT auditing
|
Independent audits characterize risks affecting an organization’s information assets and recommend control improvements
(updated April 2007)
|
|
#19
Dec
|
Infosec laws, regs & standards
|
Laws, regulations and standards defining obligations and best practice for IT and information security (updated November 2007)
|
|
#18
Nov
|
Physical & environmental security
|
Security and services for the computer suite: physical access controls, UPS, air conditioning etc. (updated October 2007)
|
|
#17
Oct
|
Incident management
|
Procedures to deal effectively with information security breaches (updated October 2006)
|
|
#16
Sept
|
Accountability & responsibility
|
Specifically covers accountability & responsibility for IT and information security (updated November 2006)
|
|
#15
Aug
|
Social engineering
|
Core awareness module (updated December 2007)
|
|
#14
July
|
Wireless networking
|
Special issue in response to the rapid spread of
Wi-Fi and Bluetooth, public hotspots and so on (updated April 2007)
|
|
#13
June
|
Contingency planning
|
Planning for the unpredictable, preparing the organization to recover efficiently from disasters (updated February 2008)
|
|
#12
May
|
Personal data & privacy
|
Protection of personal data and privacy, including legal issues such as Data Protection and HIPAA (updated June 2007)
|
|
#11
April
|
email security
|
Core awareness module (updated September 2007)
|
|
#10
March
|
IT-related fraud
|
Information security controls to tackle IT-related fraud, embezzlement and misrepresentation (updated May 2008)
|
|
#9
Feb
|
Internet/web security
|
Identity theft, hacking, eCommerce ... so much to cover, we’re spoilt for choice (updated April 2007)
|
|
#8
Jan 2004
|
Intellectual Property Rights (IPR)
|
Software licensing and piracy, trademarks, patents, nondisclosure agreements etc.
(updated January 2007)
|
|
#7
Dec
|
Ownership of information assets
|
Accountability and responsibility for information assets, information security classification
(updated November 2006)
|
|
#6
Nov
|
Portable computing & teleworking
|
Security issues with portable PCs, PDAs, wireless LANs, VPNs, dial-up etc. for road warriors and home workers (updated September 2006)
|
|
#5
Oct
|
Integrity
|
Integrity (completeness and accuracy) of data and systems, plus personal integrity (updated May 2008)
|
|
#4
Sept
|
Availability
|
Contingency planning, denial of service attacks and software quality assurance (updated February 2008)
|
|
#3
Aug
|
Confidentiality
|
Covers access control, secrecy, privacy, encryption and identity theft (updated April 2006)
|
|
#2
July
|
Malware
|
Core awareness module (updated March 2007) 
|
|
#1
June 2003
|
Security awareness and general infosec links
|
This website and the NoticeBored service was launched with two pages of basic information security links and security awareness links
|
