• Home
• Services
• Methodology
• About Watson Hall
• Security resources
• Contact

Please also view all the organisations on our aggregated chart of principal influences on UK web applications.

United Kingdom

UK-based organisations whose remits or membership have an effect on securing web applications. See also EURIM's Short Guide to UK Political Players on the Information Society Scene.

British Computer Society (BCS)

Professional membership organisation for information technology professionals.
http://www.bcs.org/

British Standards Institution (BSI)

BSI British Standards develops private, national and international standards.
http://www.bsi-global.com/

Business Continuity Institute (BCI)

Promoting best practice for business continuity management.
http://www.thebci.org/

Child Exploitation and Online Protection Centre (CEOP)

Affiliated with SOCA. Educating children and parents about online risks, security awareness and personal safety.
http://www.ceop.gov.uk/

The Children's Charities' Coalition for Internet Safety (CHIS)

Group coordinating joint campaigning on internet safety issues by the UK's leading children's charities. The coalition includes NCH, Barnardos, Childline, The Children's Society, National Children's Bureau, NCVCCO, NSPCC, ECPAT and StopIt Now!
http://www.chis.org.uk/

Communications Electronics Security Group (CESG)

The UK Government/s National Technical Authority for Information Assurance, providing testing, advice and guidance on the security of communications and electronic data.
http://www.cesg.gov.uk/

Council of Registered Ethical Security Testers (CREST)

UK standards based organisation to regulate and control organisations offering security penetration testing (ethical hacking).
http://www.crest-approved.org/

Centre for the Protection of the National Infrastructure (CPNI)

CPNI was formed from the merger of the National Infrastructure Security Co-ordination Centre (NISCC) and the National Security Advice Centre (NSAC), formerly part of MI5 the UK's Security Service. Their work on computer network defence and other information assurance issues and physical security and personnel security issues are now integrated into the one organisation providing advice to organisations and businesses which form part of the UK national infrastructure.
http://www.cpni.gov.uk/

Credit reference agencies

The following three organisations can provide a copy of your credit file for a small charge:
Call Credit http://www.callcreditcheck.com/
Equifax http://www.equifax.co.uk/
Experian http://www.experian.co.uk/

EURIM

The independent all-party Parliament-Industry group supporting a competitive, socially inclusive and democratically accountable information society.
http://www.eurim.org.uk/

Home Office

The United Kingdom government department responsible for security and order.
http://www.homeoffice.gov.uk/

Information Systems Audit And Control Association - London UK

Organisation for IT audit, control, security, assurance and governance professionals (affiliated to the US based ISACA http://www.isaca.org/, with affiliates in over 170 countries). ISACA offers the acclaimed Certified Information Systems Auditor (CISA) and Certified Information Security Manager (CISM) certifications. See also central UK chapter.
http://www.isaca-london.org/

Information Systems Security Association - United Kingdom

Association for information security professionals and practitioners (affiliated to the US based ISSA http://www.issa.org/).
http://www.issa-uk.org/

Institute of Information Security Professionals

Membership organisation raising professionalism in information security.
http://www.instisp.org/

The Institute of Internal Auditors - UK and Ireland

For internal audit professionals (affiliated to the US-based Institute of Internal Auditors).
http://www.iia.org.uk/

Internet Watch Foundation (IWF)

UK hotline for reporting illegal internet content: child abuse, criminally obscene, incitement to racial hatred and inappropriate chat or behaviour with or towards a child online.
http://www.iwf.org.uk/

The IT Health Check Service (known as CHECK)

UK Government scheme to set standards for IT security vulnerability assessments for systems processing protectively marked information up to, and including, confidential (and also secret with CESG approval).
http://www.cesg.gov.uk/products_services/iacs/check/

IT Infrastructure Library (ITIL)

Best practice, qualifications, accreditation, assessment and implementation of IT service management.
http://www.itil.co.uk/

Knowledge Transfer Network - Digital Systems

Information exchange for cyber security expertise.
http://www.ktn.qinetiq-tim.net/

Listed Adviser Scheme (known as CLAS)

Government scheme (operated by CESG) that sets standards for consultants who undertake information assurance advice to government departments and other organisations providing vital services for the United Kingdom.
http://www.cesg.gov.uk/products_services/iacs/clas/

National Working Group on Fraud

The website of the UK's National Working Group on Fraud on behalf of the UK Association of Chief Police Officers (ACPO). Explanations, case studies, alerts, news, preventions, policies, risks and reporting.
http://www.uk-fraud.info/

Police Central e-crime Unit

Recently set up as the centre of excellence to combat e-Crime in England, Wales and Northern Ireland.
http://www.met.police.uk/pceu/

Serious Organised Crime Agency (SOCA)

Responsible for organised crime, including e-crime, liaison with police constabularies since the disbandment of the UK's National Hi-Tech Crime Unit.
http://www.soca.gov.uk/

UK Crimestoppers

Independent UK charity providing advice, information and methods to report crime in the United Kingdom.
http://www.crimestoppers-uk.org/

International

Non UK organisations.

Centre for Education and Research in Information Assurance and Security (CERIAS)

Information security research and resources.
http://www.cerias.purdue.edu/

European Network and Information Security Agency (ENISA)

Centre of expertise for the EU member states and institutions in network and information security.
http://www.enisa.europa.eu/

Information Security Forum (ISF)

Organisation membership group with international programme of workgroups, meetings and forums who also produce an excellent Standard of Good Practice document.
http://www.securityforum.org/

INHOPE

International Association of Internet Hotlines.
http://www.inhope.org/

Insafe

European network of e-safety awareness nodes.
http://www.saferinternet.org/

International Information Systems Security Certification Consortium (ISC²)

Membership organisation developing and promoting industry best practices for information security, including those for Certified Information Systems Security Professionals (CISSPs), Systems Security Certified Professionals (SSCPs) and Certification and Accreditation Professionals (CAPs).
http://www.isc2.org/

International Organization for Standardization (ISO)

Developer of international standards.
http://www.iso.org/

International Electrotechnical Commission (IEC)

The international standards and conformity assessment body for all electrical, electronic and related technologies.
http://www.iec.ch/

Internet Engineering Task Force (IETF)

Standards, policies and educational materials relating to the Internet.
http://www.ietf.org/

Jericho Forum

International IT security thought leadership group.
http://www.opengroup.org/jericho/

Payment Card Industry (PCI) Security Standards Council

Card issuer (Visa, Mastercard, Amex, JCB, etc) global forum for the ongoing development, enhancement, storage, dissemination and implementation of security standards for account data protection.
https://www.pcisecuritystandards.org/

SysAdmin, Audit, Network, Security (SANS) Institute

Information on security training and certifications, research documents and Internet early warning system for attacks such as viruses, worms and abnormal behaviour or trends, the Internet Storm Center (ISC) http://isc.sans.org/.
http://www.sans.org/

W3C Web Security Context Working Group

Security baseline definition and security best practices.
http://www.w3.org/2006/WSC/

West Coast Labs (WCL)

Security testing and certification of products.
http://www.westcoastlabs.com/

Security projects

Some international security projects aiming to improve web application security.

Atlas

Portal with data on internet host/port scanning activity, zero-day exploits and worm propagation, security events, vulnerability disclosures and dynamic botnet and phishing infrastructures. Also includes four regularly updated global activity maps.
http://atlas.arbor.net/

BlogSecurity.net

Social networking and web blog security issues, information and exchange.
http://blogsecurity.net/

CCTA Risk Assessment and Management Methodology (CRAMM)

Risk analysis method developed by the UK Central Communication and Telecommunication Agency (CCTA), now part of Office of Government Commerce (OGC). The toolkit has been extended and developed by Insight Consulting, part of Siemens.
http://www.cramm.com/

Cgisecurity.net

Information, news and resources about database security, web server security, web application security, HTTP security, web services security.
http://www.cgisecurity.com/

Common Weakness Enumeration (CWE)

Formal classification of software weakness types.
http://cwe.mitre.org/

Computer Network Defence Internet Operational Picture

Real time information on new and emerging cyber threats.
http://securitywizardry.com/radar.htm

Economics and Security Resource Page

Links to internet resources about the economics of security.
http://www.cl.cam.ac.uk/~rja14/econsec.html

Mail Abuse Protection System

Black list of email abuse resources (sources, open relays, open mailing lists and websites featured in spam) which have been nominated as forwarding SPAM.
http://www.mail-abuse.com/

Network Abuse Clearinghouse

Reporting and control of network abuse and abusive users, for email users, systems managers and software developers who want to query the abuse lists.
http://www.abuse.net/

Open Web Application Security Project (OWASP)

Developing, demonstrating and sharing best practice for secure web development.
http://www.owasp.org/

QASec.com

Security through the software development lifecycle and quality assurance through software security testing.
http://www.qasec.com/

ScanSafe Threat Centre

Web traffic monitoring and threats including a global map of malware hosts.
http://www.scansafe.com/threat_center

Secure Programming Skills Assessment (SPSA)

An initiative to improve secure coding skills in developers through assessment testing to certify programmers' knowledge of secure-coding practices.
http://www.sans-ssi.org/

Voice Over IP Security Alliance (VOIPSA)

Resources and information on VoIP security issues from the membership organisation.
http://www.voipsa.org/

Web Application Security Consortium (WASC)

An international group of experts, industry practitioners, and organisational representatives who produce open source and widely agreed upon best practice security standards for the World Wide Web.
http://www.webappsec.org/

Other web application security resources

Web application security legislation, standards and codes of practice, and publications.

Act now

Watson Hall works with your business and information systems staff, partners and suppliers, including professional advisors such as accountants, auditors, insurers and solicitors. We guide, assist and build security and skills in organisations to reduce security risk.