Resources
This page
Tips and solutions have been split into the following categories:
- Standards – Security and Data Protection Standards
- Professional Bodies representing the IT Security Industry
- Training Resources
- Other Resources
This website may contain links to third party sites. Such links do not constitute endorsement of the parties so linked, the content of their websites or their products and/or services. You access at your own risk any other website linked via this website.

Standards
This section contains links to some of the most relevant IT Security and Data Protection standards for SMEs.

Cyber Essentials
Professional database engineers that ensure the flawless functionality of your business and website.

IASME Governance Standard
The IASME Governance Standard is a step up in security from Cyber Essentials, tailored specifically for small companies IASME Governance at a glance - here Full standard click here click here

ISO/IEC 27000 - Information security management systems
This family of standards helps organizations keep information assets secure. ISO/IEC 27001 is the best-known standard – what organisations may aspire to. Website

General Data Protection Regulation (GDPR) Cyber Essentials
Updated EU regulations strengthening individuals rights and controls over their personal data. GDPR at a glance - here Full standard click here

Data Protection Act 2018
UK’s updated Data Protection Act
- Implements GDPR into UK law
- empowers people to take control of their data
- supports UK businesses and organisations through the change

Privacy and Electronic Communications Regulations (PECR)
Sister of GDPR with rules on
- marketing calls, emails, texts and faxes;
- cookies (and similar technologies);
- keeping communications services secure; and
- customer privacy as regards traffic and location data, itemised billing, line identification, and directory listings.

Information Commissioners Office(ICO)
The ICO is the UK regulator on data privacy issues. There is a wealth of information about data privacy issues on their website.

Professional Bodies representing the IT Security Industry
The organisations generally
- have a wealth of resources available on their websites
- have certifications that individuals can gain to demonstrate their knowledge and professionalism
- hold meetings sharing knowledge and providing networking opportunities.

Institute of Information Security Professionals (IISP)
The IISP provides a focal point for the profession, working to raise the standards of professionalism with the industry and promote the growth of talent. They have published frameworks for skills and knowledge. Website

ISACA
ISACA engages in the development, adoption and use of globally accepted, industry-leading knowledge and practices for information systems. They have a huge library of papers and webinars on a range of topics.Website

British Computer Society
BCS has a wide remit in improving IT for modern society. One of their streams on interest is Information Security.Website

(ISC)²
The International Information System Security Certification Consortium specialises in training and certifications for cybersecurity professionals. One of the most widely known security certifications is the Certified Information Systems Security Professional (CISSP) certification.Website

SANS
The SANS Institute is a cooperative research and education organization. It runs lots of training courses and operates the Internet's early warning system - the Internet Storm Center
Website

The Data Protection Network
A free to join network aimed at providing expert opinion, quality resources and learning materials, to both experts and non-experts in the field of Data Protection and Privacy. For example they have created guide to use of legitimate interest. Website

Cyber Security Challenge
The Cyber Security Challenge is a series of national competitions, learning programmes, and networking initiatives designed to identify, inspire and enable more EU citizens resident in the UK to become cyber security professionals. It provides safe environments in people can test and demonstrate their skills and showcases the spread of opportunities for future cyber defenders.Website

Training Resources
A selection of free training materials for use within organisation.

Cyber security training for business
UK government free online training courses to help business protect against cyber threats and online fraud. Course will be available in 2019.Website

SANS OUCH! Newsletter
A monthly newsletter aimed at everybody on a range of security topics. Recent topics have included securing mobile devices; use of social media; passwords etc. Website

LUCY
LUCY is a Swiss company offering phishing security testing, IT-security testing and training suite. They have a free version of their software enabling you to run phishing tests within your organisation to start raising awareness of social engineering issues and identity the employees who need additional training.website

Knowbe4
KnowBe4 is an American company offering security awareness training and simulated phishing platform that helps you manage the ongoing problem of social engineering. They have a series of free tools to test your employees and your network to help you to identify the problems of social engineering, spear phishing and ransomware attacks.website

Get Safe Online
Get Safe Online is a public / private sector partnership supported by HM Government and leading organisations in banking, retail, internet security and other sectors. It provides a advice in a number of media to protect data.Website

Other Resources
General resources of interest