|
Month
|
Links page
|
Module coverage
|
|
#66
Nov
|
Social engineering
|
Core awareness module - will be delivered in time to beat the Christmas rush (peak season for social engineering?)
|
|
#65
Oct
|
Ethics
|
Ethics and morals remain an important means of control in many situations, though employees sometimes need a little guidance ...
|
|
#64
Sep
|
Email security
|
Core awareness module - email does double service as a business and personal communications tool, with numerous security issues.
|
|
#63
Aug
|
Information security governance |
We’ve released a new awareness module covering the information security aspects of governance and its relationship to IT and corporate governance.  [Join our mailing list for the free newsletter  ]
|
|
#62
July
|
Infosec risk management
|
Find out what’s involved in identifying, evaluating, mitigating and monitoring information security risks in the modern enterprise.
[July’s newsletter ]
|
|
#61
June
|
Phishing &
identity theft
|
Core awareness module -
phishing is a topic that integrates user authentication and identity theft, and touches on topics such as integrity and trust, email security, malware and more. [June newsletter ]
|
|
#60
May
|
Trust, integrity
& fraud
|
To what extent do, or should, we trust the information, data and IT systems, plus the people who use and manage them? What can be done to make them more trustworthy? [May newsletter ]
|
|
#59
Apr
|
IT audit
|
IT auditors assess risks and controls affecting an organization’s information assets. Find out what they actually do thins
month and perhaps get ahead of the next audit. [April newsletter ]
|
|
#58
Mar
|
Malware
|
Core awareness module - hackers are finding ever more devious ways to subvert systems using rootkits and Trojans, while viruses, worms etc. remain significant
risks. [March newsletter ]
|
|
#57
Feb
|
Contingency planning
|
When all else fails, contingency plans (Plan B) are what we fall back on. The module also covers resilience, business continuity and disaster recovery planning
|
|
#56
Jan 2008
|
Office security
|
Brand new awareness module covering security issues in the typical office (not security for Microsoft Office)
|
|
#55
Dec
|
Social engineering
|
Core awareness module - as technical controls become ever tighter, hackers are exploiting the unaware
|
|
#54
Nov
|
Security compliance
|
An ever-increasing raft of rules and regulations impinge on information security. Find out why compliance is such an important issue.
|
|
#53
Oct
|
Physical security
|
Concerns controls to protect the IT systems and other information assets against physical harm or theft
|
|
#52
Sept
|
Email security
|
Core awareness module - covering the myriad information security concerns with electronic mail.
|
|
#51
Aug
|
Trade secrets
|
From competitive intelligence through industrial espionage to information warfare, trade secrets are seriously under threat
|
|
#50
July
|
Authentication
|
Core awareness module (updated June 2008)
|
|
#49
June
|
Privacy & data protection
|
Keeping personal information private is more important than ever in these days of identity theft and similar attacks
|
|
#48
May
|
Insider threat
|
Security threats posed by trusted insiders: employees, consultants etc.
|
|
#47
April
|
Network security
|
Network security risks from outsiders and insiders including issues with private LANs and remote network users
|
|
#46
March
|
Viruses
|
Core awareness module (updated March 2008)
|
|
#45
Feb
|
Database security
|
New topic: confidentiality, integrity and availability issues relating to database design/management
|
|
#44
Jan 2007
|
Intellectual Property Rights
|
IPR issues include software licenses and piracy, trademarks, patents, NDAs, DRM etc.
|
|
#43
Dec
|
Social engineering
|
Core awareness module (updated December 2007)
|
|
#42
Nov
|
Roles & responsibilities
|
Security roles and responsibilities are far more than just a SOX issue
|
|
#41
Oct
|
Incident response
|
Responding promptly and efficiently to information security incidents requires preparation and procedures
|
|
#40
Sept
|
Mobile security
|
An updated module covering information security for road warriors and home workers
|
|
#39
Aug
|
Identity theft
|
Core awareness module - (updated June 2008)
|
|
#38
July
|
Availability
|
Resilience and DR are vital controls to maintain availability of critical IT systems and services (updated February 2008)
|
|
#37
June
|
Email security
|
Core awareness module (updated September 2007)
|
|
#36
May
|
Security-SDLC integration
|
Covers integration of information security activities into the Software Development Life Cycle from cradle-to-grave
|
|
#35
April
|
Keeping secrets
|
Shhhh, can you keep a secret? Confidentiality for personal and proprietary
information
|
|
#34
March
|
Malware
|
Core awareness module (updated March 2008)
|
|
#33
Feb
|
Bugs!
|
Software often fails to meet the requirements, including (all too often) information security
|
|
#32
Jan 2006
|
3rd party security
|
Covers information security aspects of relationships with third parties such as suppliers, business partners and customers
|
|
#31
Dec
|
Social engineering
|
Core awareness module (updated December 2007)
|
|
#30
Nov
|
Secure development
|
How should information security be integrated with the systems development lifecycle?
(updated May 2006)
|
|
#29
Oct
|
IT Operations
|
IT Ops keep things running smoothly at the organization’s nerve center but how do/should they secure the IT infrastructure?
(revised July 2008)
|
|
#28
Sept
|
Authentication
|
Core awareness module (updated July 2007)
|
|
#27 & 99
Aug
|
Change management
|
Managing and controlling system configurations,
applying patches etc.
|
|
Security induction
|
Bonus module covers the basics of information security for use in new employee security induction training (updated November 2007)
|
|
#26 & 26+
July
|
Crisis management
|
Special module
on crisis management and contingency planning inspired by the emergency services’ response to the London bombs (see also February 2007 module)
|
|
Hacking
|
Hackers or rather crackers are the bĂȘte noire of information security but is the threat real?
|
|
#25
June
|
Email security
|
Core awareness module (updated June 2007)
|
|
#24
May
|
Risk management
|
Methods for analyzing/assessing, monitoring, minimizing and reporting security risks (updated July 2008)
|
|
#23
April
|
IT governance
|
Management oversight, direction & control with an emphasis on information, IT, risk and SOX (see also November 2006 module)
|
|
#22
March
|
Malware
|
Core awareness module (updated March 2007)
|
|
#21
Feb
|
Information security management
|
How should a best-practice information security function be structured? What does the Information Security Manager actually do?
(updated July 2008)
|
|
#20
Jan 2005
|
IT auditing
|
Independent audits characterize risks affecting an organization’s information assets and recommend control improvements
(updated April 2007)
|
|
#19
Dec
|
Infosec laws, regs & standards
|
Laws, regulations and standards defining obligations and best practice for IT and information security (updated November 2007)
|
|
#18
Nov
|
Physical & environmental security
|
Security and services for the computer suite: physical access controls, UPS, air conditioning etc. (updated October 2007)
|
|
#17
Oct
|
Incident management
|
Procedures to deal effectively with information security breaches (updated October 2006)
|
|
#16
Sept
|
Accountability & responsibility
|
Specifically covers accountability & responsibility for IT and information security (updated November 2006)
|
|
#15
Aug
|
Social engineering
|
Core awareness module (updated December 2007)
|
|
#14
July
|
Wireless networking
|
Special issue in response to the rapid spread of
Wi-Fi and Bluetooth, public hotspots and so on (updated April 2007)
|
|
#13
June
|
Contingency planning
|
Planning for the unpredictable, preparing the organization to recover efficiently from disasters (updated February 2008)
|
|
#12
May
|
Personal data & privacy
|
Protection of personal data and privacy, including legal issues such as Data Protection and HIPAA (updated June 2007)
|
|
#11
April
|
email security
|
Core awareness module (updated September 2007)
|
|
#10
March
|
IT-related fraud
|
Information security controls to tackle IT-related fraud, embezzlement and misrepresentation (updated May 2008)
|
|
#9
Feb
|
Internet/web security
|
Identity theft, hacking, eCommerce ... so much to cover, we’re spoilt for choice (updated April 2007)
|
|
#8
Jan 2004
|
Intellectual Property Rights (IPR)
|
Software licensing and piracy, trademarks, patents, nondisclosure agreements etc.
(updated January 2007)
|
|
#7
Dec
|
Ownership of information assets
|
Accountability and responsibility for information assets, information security classification
(updated November 2006)
|
|
#6
Nov
|
Portable computing & teleworking
|
Security issues with portable PCs, PDAs, wireless LANs, VPNs, dial-up etc. for road warriors and home workers (updated September 2006)
|
|
#5
Oct
|
Integrity
|
Integrity (completeness and accuracy) of data and systems, plus personal integrity (updated May 2008)
|
|
#4
Sept
|
Availability
|
Contingency planning, denial of service attacks and software quality assurance (updated February 2008)
|
|
#3
Aug
|
Confidentiality
|
Covers access control, secrecy, privacy, encryption and identity theft (updated April 2006)
|
|
#2
July
|
Malware
|
Core awareness module (updated March 2008)
|
|
#1
June 2003
|
Security awareness and general infosec links
|
This website and the NoticeBored service was launched with two pages of basic information security links and security awareness links
|
