Security publications

security resources

Security reports

Key statistics and trends.

Adults' Media Use and Attitudes Report 2013

Report from OFCOM, the UK communications sector's regulator and competition authority
http://stakeholders.ofcom.org.uk/market-data-research/media-literacy/media-lit-research/adults-2013/

Annual Security Report 2013

Overview of information security intelligence from Cisco.
http://www.cisco.com/en/US/prod/vpndevc/annual_security_report.html

Application Security Trends Report

Cenzic's overview of the web application security market, key findings, top 10 vulnerabilities, and breakdowns of web application vulnerabilities.
http://www.cenzic.com/resources/application-security-papers/index.html

Application Usage & Threat Report

Enterprise application usage and threat activity from Palo Alto Networks.
http://www.paloaltonetworks.com/literature/whitepapers/aur-report.html

The Cost of Cyber Crime

Estimate of the cost of cyber crime to the UK economy, produced by Detica in partnership with the Office of Cyber Security and Information Assurance in the Cabinet Office.
http://www.cabinetoffice.gov.uk/sites/default/files/resources/the-cost-of-cyber-crime-full-report.pdf

Cyber Vulnerability Index 2012

An assessment of information leakage from the Forbes 2000 list of companies.
http://www.kpmg.com/UK/en/IssuesAndInsights/ArticlesPublications/Documents/PDF/Advisory/Forbes-Survey-publish-and-be-damned.pdf

Data Breach Investigations Report 2013

Security breach information and analysis from Verizon.
http://www.verizonenterprise.com/DBIR/2013/

Financial Services Global Security Study 2013

Drivers, issues and trends from a survey of the world's financial industry by Deloitte.
http://www.deloitte.com/view/en_LU/lu/industries/banking-securities/e1917e4c1e36d310VgnVCM3000003456f70aRCRD.htm

Global Security Report 2013

Detailed analysis of actual incident investigations and penetration tests, and global trends from Trustwave.
https://www2.trustwave.com/2013GSR.html

Global Phishing Survey: Domain Name Use and Trends, 1H2013

Comprehensive analysis of phishing from the Anti-Phishing Working Group (APWG). See also Phishing Attack Trends Report, below.
http://www.apwg.org/resources/apwg-reports/whitepapers

Global State of Information Security Survey 2013

Results from a survey conducted jointly by PricewaterhouseCoopers, CIO Magazine and CSO Magazine.
http://www.pwc.com/gx/en/consulting-services/information-security-survey/index.jhtml

The Internet in Britain 2009

Internet usage and demographics from the Oxford Internet Institute. See also OFCOM report above.
http://www.oii.ox.ac.uk/microsites/oxis/publications.cfm

Information Security Breaches Survey 2013

Business information security survey, including controls, incidents and exposures. Produced for the UK government's Department for Business, Innovation and Skills (BIS) by PricewaterhouseCoopers.
http://www.pwc.co.uk/audit-assurance/publications/2013-information-security-breaches-survey.jhtml

Internet Security Threat Report Volume 18, April 2013

Symantec's analysis of internet attacks, vulnerabilities, malicious code, phishing, spam and security risks.
http://www.symantec.com/business/theme.jsp?themeid=threatreport

M-Trends 2013

Information on the changing threat landscape from Mandiant.
http://www.mandiant.com/resources/m-trends/

Mobile Threat Report Q3 2013

Summary of mobile application threat data from F-Secure.
http://www.f-secure.com/en/web/labs_global/whitepapers/reports

Payment Card Industry Compliance Report 2011

Payment card data threats, PCI DSS compliance, validation and information from QSA assessments and forensic investigations of breaches from Verizon.
http://www.verizonbusiness.com/resources/reports/rp_2011-payment-card-industry-compliance-report_en_xg.pdf

Payment Card Industry Data Security Standards Trends Study 2011

Survey of IT and IT security practitioners in the US of their views about the Payment Card Industry Data Security Standard (PCI DSS) by the Ponemon Institute and Imperva.
http://www.imperva.com/docs/AP_Ponemon_2011_PCI_DSS_Compliance_Trends_Study.pdf

Phishing Attack Trends Report, Q3 2012

Phishing statistics, trends and analysis from the Anti-Phishing Working Group (APWG) and its members. See also Global Phishing Survey: Trends and Domain Name Use, above.
http://www.apwg.org/resources/apwg-reports/

Security Spending Benchmarks, Q2 2009

Benchmarking to justifying overall web application security spending from OWASP. This quarter's report has a special focus on cloud computing.
http://www.owasp.org/index.php/Category:OWASP_Security_Spending_Benchmarks

Security Threat Report 2013

Current and predicted cybercrime trends including some useful statistics on web site/server threats from Sophos.
http://www.sophos.com/en-us/security-news-trends/reports/security-threat-report.aspx

State of the Internet, Q2 2013

Data on attack traffic, average & maximum connection speeds, Internet penetration and broadband adoption, and mobile usage from Akamai.
http://www.akamai.com/stateoftheinternet/

State of Software Security Report - The Intractable Problem of Insecure Software, Volume 5, April 2013

Security intelligence derived from multiple testing methodologies on the full spectrum of application types and programming languages across the software supply chain.
http://www.veracode.com/reports/index.html

Threat Report 2013

An analysis of web and email threats seen in the year by Websense Security Labs.
https://www.websense.com/assets/reports/websense-2013-threat-report.pdf

Trend and Risk Report Mid-Year 2012 & Threat Insight Report Q1 2011

Analysis of threat trends from IBM X-Force.
http://www-935.ibm.com/services/us/iss/xforce/trendreports/

UK Cyber Vulnerability Index 2013

Short research report about profiling FTSE350 companies via their online presences.
http://www.kpmg.co.uk/email/08Aug13/285392/

Web Application Security Statistics Project 2007

Compilation of web application security assessment project testing data to identify the prevalence and probability of different vulnerability classes and to compare automated and manual testing methodologies.
http://www.webappsec.org/projects/statistics/

Web Hacking Incidents Database Report 2010

The Web Application Security Consortium's list of web application security incidents. Now reported in Trustwave's Global Security Report (above).
http://projects.webappsec.org/f/WHIDWhitePaper_WASC.pdf

Website Security Statistics Report May 2013

This report from WhiteHat Security Inc provides a comparison of website vulnerabilities by industry sector and size of organisation.
http://www.whitehatsec.com/home/resource/stats.html

Training and awareness

See also security organisations.

Action Fraud

Definition of fraud, how to protect yourself and fraud reporting from the National Fraud Authority.
http://www.actionfraud.org.uk/

Bank Safe Online

The UK banking industry's initiative to help online banking users stay safe. Good description of the types of scams, how to identify scams and how website users can help to protect themselves. Also facility to report a scam or request advice.
http://www.banksafeonline.org.uk/

CardWatch

Guidance, advice and tips for retailers and card holders on the types of debit and credit card fraud. Some information from the police and Home Office.
http://www.cardwatch.org.uk/

Cyber Streetwise

Online safety guidance from UK government for small businesses and homes, including simple "health check" forms.
https://www.cyberstreetwise.com/

Digizen

Awareness and understanding about digital citizenship for educators, parents, carers and young people, from Childnet International.
http://www.digizen.org/

E-Victims

Practical advice for consumers in the UK who are victims of e-incidents such as e-crime.
http://www.e-victims.org/

Get Safe Online

Advice to UK consumers and small businesses on protecting their computer, their own and their family's privacy and computer systems when online. The excellent 10-minute guide for internet beginners should be read by all internet users.
http://www.getsafeonline.org/

Identity Theft

Home Office's guide to identity theft. Information on how to protect yourself and what to do if you think you are a victim.
http://www.identitytheft.org.uk/

OnGuard Online

US federal/industry site with advice for adults and children on using the internet safely - "stop, think, click".
http://www.onguardonline.gov

Stay Safe Online

International (US) website like the UK Get Safe Online from the National Cyber Security Alliance (NCSA). Content quite North American orientated, but useful as a comparison.
http://staysafeonline.org/

Think U Know

Internet help and advice for young people, parents and teachers including ability to report abuse from the UK's Child Exploitation and Online Protection Centre (CEOP).
http://www.thinkuknow.co.uk/

Wise Kids

Promoting safe and positive use of the internet by children. Includes resources for parents, communities, educators and businesses.
http://www.wisekids.org.uk

Articles

Website white papers, research and other documents.

Automatic Security Scanning vs. OWASP Top Ten

Discussion of how automated scanning products can tackle common website vulnerabilities.
http://www.whitehatsec.com/home/resource/whitepapers/auto_scanning.html

Cloud Computing Benefits, Risks and Recommendations

ENISA's excellent analysis of cloud computing for SMEs.
http://www.enisa.europa.eu/act/rm/files/deliverables/cloud-computing-risk-assessment
November 2009

The Cyber-Crime Market Uncovered

Definition of the black market, how it works and the sales process.
http://press.pandasecurity.com/wp-content/uploads/2011/01/The-Cyber-Crime-Black-Market.pdf
January 2011

OWASP Top Ten

The most critical web application security flaws, published as one of the Open Web Application Security Project (OWASP) projects.
http://www.owasp.org/index.php/OWASP_Top_Ten_Project
Updated periodically

The Psychology of Security

An essay on the difference between what we perceive as security and the reality.
http://www.schneier.com/essay-155.html
7th February 2007

SANS Top-20 Internet Security Attack Targets

Detailed information and references on the most common attack targets.
http://www.sans.org/top20/
Updated regularly

Security Guidance for Critical Areas of Focus in Cloud Computing

Security recommendations from the CSA
http://www.cloudsecurityalliance.org/guidance/csaguide.v2.1.pdf
v2.1, December 2009

Security Economics and the Internal Market

Identification, assessment and analysis of the economic barriers to an e-communication internal market for ENISA.
http://www.enisa.europa.eu/pages/analys_barr_incent_for_nis_20080306.htm
29th January 2008

Security and the Software Development Lifecycle: Secure at the Source

Description of the stretegic approach of building security in to the software development lifecycle, with an analysis of the return on investment (ROI).
http://www.aberdeen.com/Aberdeen-Library/6983/RA-software-development-lifecycle.aspx
January 2011

State of Application Security: Immature Practices Fuel Inefficiencies, but Positive ROI Is Attainable

Results from a survey of North American companies that develop software, examining their security practices in the software development lifecycle.
http://www.microsoft.com/downloads/en/details.aspx?FamilyID=813810f9-2a8e-4cbf-bd8f-1b0aca7af61d&displaylang=en&pf=true
19th January 2011

Magazines and journals

Security related printed publications.

Card Technology Today

Smart card technologies, applications, manufacturers, legislation and industry initiatives.
http://www.elsevier.com/wps/find/journaldescription.cws_home/621017/description#description

Computer Fraud & Security

Monthly threat reports, news and technical features.
http://www.elsevier.com/wps/find/journaldescription.cws_home/405876/description#description

Financial Sector Technology (FST)

Business IT issues for the financial services sector, including regular items on compliance and risk.
http://www.fstech.co.uk/

Infosecurity

Print and digital editions with security news, features and comment.
http://www.infosecurity-magazine.com/

SC

Security news and product information with UK, US, Asia-Pacific and Australia-New Zealand editions, from Haymarket Publishing.
http://www.scmagazine.com/uk/

Other web application security resources

Web application security legislation, standards and codes of practice and organisations.

Contact Watson Hall

Watson Hall works with your business and information systems staff, partners and suppliers, including professional advisors such as accountants, auditors, insurers and solicitors. We guide, assist and build security and skills in organisations to reduce security risk.

Act now

Watson Hall works with your business and information systems staff, partners and suppliers, including professional advisors such as accountants, auditors, insurers and solicitors. We guide, assist and build security and skills in organisations to reduce security risk.

To discuss security matters in confidence and without obligation, telephone us on 020 7183 3710 or complete the enquiry form

© 2007-2014 Watson Hall Ltd, last reviewed 23 January 2014

These pages contain general information only. Nothing in these pages constitutes professional advice. Please read the website's terms of use, and consult a suitably qualified information security professional on any specific problem or matter.

© 2007-2014 Watson Hall Ltd, last reviewed 23 January 2014

Watson Hall Ltd is a company registered in England no 6004969 at North Bastle, Gatehouse, NE48 1NG, United Kingdom.

https://www.watsonhall.com/security/articles.pl
Watson Hall Ltd - Publications
Requested by: 23.20.34.25 on Wednesday, 16 April 2014 at 11:37 hrs