Ongoing Personnel Security - Edition 3
April 2014 - The updated guidance includes considerations on social networks and the use of the internet, and ‘Bring Your Own Devices’. It also refreshes our advice on line management, security culture, and reporting concerns, and investigations (including legal frameworks, and links to advice produced by other organisations such as CIPD). These reflect good practice in organisations, and brings this updated guidance in line with other personnel security guidance documents.
Screening people and their belongings
March 2014 - Updated guidance now available.
End of support for Microsoft Windows XP
March 2014 - On April 8, 2014, Windows XP will no longer be supported by Microsoft. Find out more.
Phase 2 Call: Trustworthy Industrial Control Systems
January 2014 - CPNI and EPSRC are inviting proposals for research as part of the recently-announced 'Research Institute for Trustworthy Industrial Control Systems'.
January 2014 - Are you cyberstreetwise? Or perhaps you’re not as streetwise online as you would like to be?
A new campaign has just been launched to help improve our attitudes towards cyber security and keep important information safe.
Find out if you're cyberstreetwise.
Human factors in CCTV control rooms: A best practice guide
January 2014 - New interactive guidance focusing on human factors in CCTV control rooms, integrating physical and people security effectively, has been published. You can download the guidance from the CCTV page.
New guidance on anti-shatter film
December 2013 - CPNI has developed guidance notes on the use of ASF in buildings, key points for specifying ASF, how to assess the quality of its installation and how to assess existing ASF.
CPNI and EPSRC launch Third Research Institute for Trustworthy Industrial Control Systems
December 2013 - Industrial control systems play a major role in ensuring the correct functioning of significant parts of the UK’s critical national infrastructure. In recognition of this CPNI and the Engineering and Physical Sciences Research Council (EPSRC) have launched the Third Research Institute into Trustworthy Industrial Control Systems.
Social engineering: Understanding the threat
December 2013 - Social engineering - Understanding the threat is a guide for business and security managers to help identify the threat from those who wish to extract information from employees or gain access to sites using psychological manipulation.
The guidance focuses on developing and deploying active measures for countering the threat.
Search and screening – explosives and weapons detection
October 2013 - Updated guidance now available
Spear phishing - Understanding the threat
September 2013 - This paper: Spear phishing - Understanding the threat, describes how spear phishing attacks work, the likelihood of being targeted and the steps an organisation can take to manage the business risks.
Resilience and cyber security of technology in the built environment
August 2013 - The Institute of Engineering and Technology (IET) have produced a paper: Resilience and cyber security of technology in the built environment.
Delamination of laminated glass
August 2013 - New guidance on the delamination of laminated glass has been published on the explosives and ballistics protection page.
Secure destruction of sensitive items
August 2013 - A new CPNI standard on the secure destruction of sensitive items to replace to interim publication has now been published.
Domestic window security
June 2013 - A guide to the assessment of security afforded by domestic windows and Door security: A guide to security doorsets and associated locking hardware. New guidance published
Guard force motivation - edition 3 launched
June 2013 - CPNI has updated its interactive guard force motivation guidance document.
Influencing company boards
June 2013 - CPNI has produced a new document to help inform those who need to influence board-level decision making.
Personnel Security Risk Assessment: A Guide - Edition 4 launched
June 2013 - CPNI has launched the 4th edition of Personnel Security Risk Assessment: A Guide. This new edition contains worked examples and is a succinct step-by-step guide to carrying out a personnel security risk assessment.
May 2013 - CPNI has issued new good practice guidance to raise awareness of how information about organisations from online sources can be used to identify gaps in their security and to compromise their systems. The guidance provides suggestions for how organisations can introduce working practices to mitigate these threats.
Find out more about the new online reconnaissance guidance.
Insider data collection study - Report of main findings
April 2013 - The report of the main finding from the insider data collection study forms part of an on-going programme of CPNI research into the insider threat. It includes analysis of past insider cases, identifies common themes among the individuals and organisations involved, and suggests measures to counter the threat.
Communicating personnel security messages
We’ve listened to the feedback from our annual survey and understand that you want shorter, more punchy guidance from us, in a more accessible format. Taking this into consideration, we have created six short, animated films that will convey the key personnel security messages.
February 2013 - CPNI have completed work with MWR InfoSecurity to produce advice on mobile devices.
CPNI trademark: Replacement of SEAP
February 2013 - The CPNI trademark identifies products which have been assured by CPNI.
With effect from 1st April 2012, successfully evaluated security products will not be rated by the Security Equipment Assessment Panel (SEAP).
Economic espionage film - Piece of Cake
November 2012 - CPNI's new film on economic espionage, Piece of Cake, is now available to view on our YouTube channel.
Cyber Incident Response (CIR) service
November 2012 - The joint CPNI and CESG Cyber Incident Response (CIR) service will enhance industry’s capability to respond to cyber attacks and develop appropriate mitigation measures The CIR service, which began on 31 October as a pilot with four Service providers, replaces the CPNI Specialist Technical Industry Partners (STIP) scheme.
IA12 - Securing opportunities in cyberspace
IA12 - Securing opportunities in cyberspace is the Government’s flagship event for Information Assurance and Cyber Security decision makers from across central government, the wider public sector, industry and academia.
Holistic Management of Employee Risk (HoMER)
September 2012 - Holistic Management of Employee Risk (HoMER) is new guidance to help you manage the risk of employees’ behaviour damaging your business.
Cyber security in civil aviation
September 2012 - A new report has been published, describing the current cyber security situation in civil aviation.
Cyber advice for business
September 2012 - CPNI, GCHQ and the Department for Business, Innovation & Skills (BIS) have jointly produced Cyber Advice for Business.
Security in the Design of Stations guide (SIDOS)
August 2012 - The Security in Design of Stations guide has been produced jointly by the Department for Transport (DfT), the Centre for the Protection of National Infrastructure (CPNI) and the British Transport Police (BTP). It is user-friendly and provides practical advice.
Information for manufacturers of security equipment
August 2012 - As part of CPNI's advice delivery, we assure a wide range of physical security products for use on critical national infrastructure (CNI) sites. Information for manufacturers of security equipment is now available on our site.
July 2012 - The Commonwealth Games: Is your business fit to compete - CPNI are holding a one day conference at Scotland’s Commonwealth Velodrome in Glasgow on 24 October to talk about food and drink opportunities around the 2014 Games.
July 2012 - The emerging technologies project looked at technologies and techniques that are considered to be relevant to the future protection of national infrastructure. The topics are all related to cyber security.
Privacy and cookies
CPNI YouTube Channel
April 2012 - CPNI has recently launched a YouTube channel, which will be used for sharing a range of protective security films and video clips.
20 critical controls for effective cyber defence
February 2012 - The Top Twenty Critical Security Controls are a baseline of high-priority information security measures and controls that can be applied across an organisation in order to improve its cyber defence.
Mail and deliveries
February 2012 - PAS 97: 2012 A Specification for Mail Screening and Security
In collaboration with the British Standards Institution (BSi), and with the assistance of a range of stakeholders, CPNI has reviewed and refreshed its comprehensive guidance on mail screening and security.