Essential contacts

The security arena is like every other aspect of the IT industry, suppliers and special interest groups come and go. However, where security differs is that there are essential sources of information that anyone who has responsibility for security must have in their address books. Here Karl Cushing lists those must-have details

Legislative material and government reports

Data Protection Act

• http://www.hmso.gov.uk/acts/acts1998/19980029.htm - details about the law
• 
  
• www.dataprotection.gov.uk/ - Data Protection Act resources
• 
  
• www.lcd.gov.uk/foi/datprot.htm- resources from the Lord Chancellor's Department for the Freedom of Information and Data Protection Acts

Human Rights Act

• www.hmso.gov.uk/acts/acts1998/19980042.htm - details about the law
• 
  
• www.lcd.gov.uk/hract/hramenu.htm - Web site of the Human Rights Unit, the part of the Lord Chancellor's Department responsible for implementing the Human Rights Act 1998. E-mail: humanrightsunit@homeoffice.gsi.gov.uk

Regulation of Investigatory Powers Act

• www.hmso.gov.uk/acts/acts2000/20000023.htm - details about the law
• 
  
• www.homeoffice.gov.uk/ripa/ripact.htm - the home page of the Regulation of Investigatory Powers Act 2000, offering news and related material

Computer Misuse Act

• www.hmso.gov.uk/acts/acts1990/Ukpga_19900018_en_1.htm - details about the law

Organisations

• Computer Weekly Infosecurity User Group - for information e-mail: CWinfosecurity@rbi.co.uk
• 
  
  
• www.gammassl.co.uk/bcs-cssg/ - the Web site of the Information Security Specialist Group, part of the British Computer Society
• 
  
  
• www.imis.org.uk/ - the Web site of the Institute for the Management of Information Systems
• 
  
  
• - the National Computing Centre, an independent membership and research organisation, promotes the effective use of information technology. The Web site includes security-related news stories and research. E-mail: nfo@ncc.co.uk, tel: 0161-228 6333
• 
  
  
• www.internetcrimeforum.org.uk/ - the Internet Crime Forum UK aims to promote, maintain and enhance an effective working relationship between industry and law enforcement
• 
  
  
• www.issa.org/ - the Information Systems Security Association is a not-for-profit international organisation of information security professionals and practitioners
• 
  
  
• www.vogon-computer-evidence.com/first_forensic_forum.htm- the Web site of the First Forensic Forum encourages a better understanding of computer-related crime. E-mail: evidential.systems@vogon-international.com, tel: 01869-355255

Government contacts and organisations

• www.cesg.gov.uk/ - the Computer Electronic Security Group is the information security arm of the Government Communications Headquarters (better known as GCHQ)
• 
  
  
• www.niscc.gov.uk/ - the National Infrastructure Security Co-ordination Centre works with both the public and private sector to defend the "critical national infrastructure" against electronic attack. E-mail: enquiries@niscc.gov.uk,
  tel: 020-7821 1330
• 
  
  
• www.uniras.gov.uk/ - the Unified Incident Reporting and Alert Scheme gathers information on IT security incidents in government departments and agencies, providing alerts and briefings. The scheme is part of the National Infrastructure Security Co-ordination Centre. E-mail: muniras@niscc.gov.uk, tel: 020-7821 1330
• 
  
  
• www.nhtcu.org/nhtcu.htm - the National High Tech Crime Unit. E-mail: admin@nhtcu.org, tel: 0870-241 0549
• 
  
  
• www.acpo.police.uk/ - the Web site for the Association of Chief Police Officers, which helps to set guidelines for investigating computer crime
• 
  
  
• www.cps.gov.uk/ - the Crown Prosecution Service
• 
  
  
• www.dataprotection.gov.uk/commissioner.htm - the Information Commissioner enforces and oversees the Data Protection and the Freedom of Information Acts
• 
  
  
• www.lawcom.gov.uk/- the Law Commission's Web site has details on current state of UK law and law reform. E-mail: secretary@lawcommission.gsi.gov.uk

Legal specialists with technology/computer crime expertise

• www.dla.com/ - law firm DLA has a dedicated technology, media and communications group
• 
  
  
• www.herbertsmith.com/ - law firm Herbert Smith has a separate group dealing with IT and e-commerce matters. E-mail: contact@herbertsmith.com, tel: Mark Turner on 020-7466 3602
• 
  
  
• www.mishcon.co.uk/ - law firm Mishcon De Reya deals with IT-related crime and fraud
• 
  
  
• Philipson, Crawford and Berwold - Steven Philipson heads up the department that deals with most computer-related areas. Tel: 020-7831 2691
• 
  
  
• www.lawsociety.org.uk/ - Web site of the Law Society, the representative and regulatory body for solicitors of England and Wales. E-mail: info.services@lawsociety.org.uk, tel: 020-7242 1222

Computer crime investigators

• www.ceuk.net/ - Computer Evidence UK specialises in forensic computing. E-mail: enquiries@ceuk.net, tel: 020-8838 6153
• 
  
  
• Datagenetics - E-mail: mail@dgiforensic.com, tel: 020-7520 9384
• 
  
  
• www.vogon-computer-evidence.com/ - details of investigative services from Vogon

Courses and resources

• AmberTec - training courses on how to investigate computer crime. E-mail: bonczoszek@btclick.com, tel: 01202-828088
• 
  
  
• www.computer-forensics.com/products/welcome.html?training.html - training from DIBS computer forensics
• 
  
  
• www.cybersnitch.net/tucofs/tucofs.asp - resources and forensic software
• 
  
  
• www.digital-detective.co.uk/ - resources and free tools
• 
  
  
• www.forensic-computing.co.uk/training/ - contains information on courses and tools
• 
  
  
• www.htcia.org/ - the High Technology Crime Investigators Association
• 
  
  
• www.vogon-computer-evidence.com/training-00.htm- information on training courses run by computer crime investigation firm Vogon, including forensic computing training for law enforcement authorities and investigators. Tel: 01869-355255

PKI

• www.pki-page.org/ - list of links to public key infrastructure- (PKI) centric resources and bodies
• 
  
  
• www.pkiforum.org/ - Web site of the PKI Forum, a suppliers body promoting PKI
• 
  
  
• www.counterpane.com/pki-risks.html - link to an article entitled 10 Risks of PKI: what you're not being told about public key infrastructure, by C Ellison and B Schneier

Storage

• www.snia-europe.org/ - European arm of the Storage Networking Industry Association. The site includes sections on data protection and has links to case studies and white papers on topics such as standards
• 
  
  
• www.fibrechannel-europe.com/ - the European affiliate of the Fibre Channel Industry Association promotes fibre channel technology. The site includes white papers and other useful advice and resources on effective storage strategies

Biometrics

• www.afb.org.uk/ - the Association for Biometrics promotes biometric technology. E-mail: info@afb.org.uk, tel: 01604-660125

Hacker sites

• www.coderz.net/
• 
  
  
• www.cultdeadcow.com/ - Web site of hacker collective cult of the dead cow

Viruses etc

• vil.mcafee.com - the virus information library from anti-virus software firm McAfee includes information on hoaxes, a virus calendar and a virus map
• 
  
  
• www.cert.org/other_sources/viruses.html - extensive virus resources
• 
  
  
• www.check-mark.com/ - West Coast Lab's Checkmark system tests and certifies computer security products
• 
  
  
• www.sallyone.com/ - news and resources on areas such as virus protection.
• 
  
  
• www.sophos.com/downloads/ - virus resources from security firm Sophos, including research, virus updates and frequently asked questions
• 
  
  
• www.viruslist.com/ - this comprehensive online virus encyclopaedia contains news, advice and warnings
• 
  
  
• www.vmyths.com/ - a compendium of computer virus myths, hoaxes, urban legends and hysteria.