Home
Security assessments and audit
Security design and review
Policies, standards and procedures
Approach
Case studies
Check lists
Top 10s
Company information
Principal staff
Website map
Terms of use
Privacy notice
Legislation
Standards and codes of practice
Organisations
Publications
Addresses
Enquiry form
Security standards
security resources
International standards
See organisations for details of ISO and IET.
BS EN ISO/IEC 17025:2005 - General requirements for the competence of testing and calibration laboratories
ISO/IEC 17025 is standard published by ISO and formerly known as ISO/IEC Guide 25. Calibration, testing and sampling including digital forensics.
http://shop.bsigroup.com/en/ProductDetail/?pid=000000000030159674
BS ISO/IEC 27001:2005 (BS 7799-2:2005) - Information security management systems
Specification for an information systems management system (ISMS) and the foundation for third party audit and certification.
http://shop.bsigroup.com/en/ProductDetail/?pid=000000000030126472
BS ISO/IEC 27002:2005 (BS 7799-1:2005, BS ISO/IEC 17799:2005) - Code of practice for information security management
Guidelines and general principles for initiating, implementing, maintaining, and improving information security management in an organization.
http://shop.bsigroup.com/en/ProductDetail/?pid=000000000030166440
British standards
Including BS specifications, guidance and codes of practice.
BS 8878:2009 Web accessibility
Draft for public comment.
http://www.bsi-global.com/en/Shop/Publication-Detail/?pid=000000000030180387
BS 10008:2008 Evidential weight and legal admissibility of electronic information
Requirements for the implementation and operation of electronic information management systems, storage and transfer of information, and addresses issues relating to authenticity and integrity of information.
http://www.bsigroup.com/en/Shop/Publication-Detail/?pid=000000000030172973
BS 10012:2009
Data Protection. Specification for a Personal Information Management System.
http://www.bsigroup.com/en/Shop/Publication-Detail/?pid=000000000030175849
BS 25999:2006 Business continuity management
Business continuity management (BCM) principles, processes and terminology.
http://www.bsi-global.com/en/Shop/Publication-Detail/?pid=000000000030157563
Codes of Practice
Agreed and developing industry best practice.
The Association of Chief Police Officers (ACPO) Good Practice Guide for Computer-Based Evidence
Best practice in all dealings with electronic evidence.
http://www.7safe.com/electronic_evidence/
Central Office of Information (UK) Website Standards and Guidelines
Public sector website standards and guidelines published and those in consultation.
http://www.coi.gov.uk/guidance.php?page=188
Centre for the Protection of National Infrastructure (UK) Guidance on Securing Web Sites
Technical Note 06/03 from the former NISCC.
http://www.cpni.gov.uk/Docs/re-20030801-00726.pdf
Code of Practice for the investigation of protected electronic information
Powers and duties conferred under Part III of the UK's Regulation of Investigatory Powers Act 2000.
http://security.homeoffice.gov.uk/ripa/publication-search/ripa-cop/electronic-information
The Employment Practices Code and supplementary guidance
A code of practice from the UK's Information Commissioner which includes a section on monitoring at work.
http://www.ico.gov.uk/Home/for_organisations/topic_specific_guides/employment.aspx
Guidance on Encrypting Data on Mobile Devices
US government guidance.
http://www.whitehouse.gov/omb/memoranda/fy2006/m06-16.pdf
Home Office (UK) Good Practice Guidance for the Providers of Social Networking and Other User Interactive Services
Social networking guidance providing advice for industry, parents and children about how to stay safe online.
http://police.homeoffice.gov.uk/publications/operational-policing/social-networking-guidance
Information Commissioner's Office (ICO) Privacy Impact Assessment Handbook
How to determine whether a privacy impact assessment (PIA) is needed (UK) and the steps to take for small and large-scale PIAs.
http://www.ico.gov.uk/for_organisations/topic_specific_guides/pia_handbook.aspx
Information Commissioner's Office (ICO) Privacy Notices Code of Practice
Guidance on consumer-friendly privacy notices for paper and online systems (UK).
http://www.ico.gov.uk/upload/documents/library/data_protection/detailed_specialist_guides/privacy_notices_cop_final.pdf
Interception of Communications Code of Practice
Code of practice for entitled public authorities to intercepting communications under the RIPA.
http://security.homeoffice.gov.uk/ripa/publication-search/ripa-cop/
The Home office also published (consultation closed 30 August 2006) a revised 'Acquisition and Disclosure of Communications Data Revised Draft Code of Practice' ahead of a public consultation.
http://www.homeoffice.gov.uk/documents/cons-2006-ripa-part1/
National Institute of Science and Technology (NIST) Special Publications (800 Series)
Guidelines on computer security matters, especially important to US federal organizations.
http://csrc.nist.gov/publications/PubsSPs.html
Open Web Application Security Project (OWASP) Guide to Building Secure Web Applications
The gold standard for web application security, adopted by many commercial and public organisations. Version 2, July 2005. See also the Application Security Verification Standard (ASVS), Software Assurance Maturity Model (below), OWASP Testing Guide and OWASP Top Ten most critical web application security flaws referenced by the Payment Card Industry Security Standards Council in their Data Security Standard (below).
http://www.owasp.org/index.php/Category:OWASP_Guide_Project
Open Web Application Security Project (OWASP) Software Assurance Maturity Model (SAMM)
Framework to help organisations of all sizes formulate and implement a strategy for software development security.
http://www.opensamm.org/
Payment Card Industry Data Security Standard (PCI DSS)
Mandatory actions for payment card processing. Version 1.2, October 2008.
https://www.pcisecuritystandards.org/security_standards/pci_dss.shtml
Retention of Communications Data under Part 11: Anti-Terrorism, Crime and Security Act 2001
Guidance from the Home Office.
http://security.homeoffice.gov.uk/news-publications/publication-search/general/5b1.pdf
Interception and Monitoring of Communications in Further Education and Higher Education
UKERNA, who provide the JANET network, produced a code of practice.
http://www.jisclegal.ac.uk/esecurity/esecurity.htm
The Standard of Good Practice for Information Security
From the Information Security Forum http://www.securityforum.org/.
http://www.isfsecuritystandard.com/
Other web application security resources
Web application security legislation, organisations, and publications.
Contact Watson Hall
Watson Hall works with your business and information systems staff, partners and suppliers, including professional advisors such as accountants, auditors, insurers and solicitors. We guide, assist and build security and skills in organisations to reduce security risk.
Act now
Watson Hall works with your business and information systems staff, partners and suppliers, including professional advisors such as accountants, auditors, insurers and solicitors. We guide, assist and build security and skills in organisations to reduce security risk.
These pages contain general information only. Nothing in these pages constitutes professional advice. Please read the website's terms of use, and consult a suitably qualified information security professional on any specific problem or matter.