|
Academic
Resources:
The following are some of the more prominent academic
resources we use for research projects. For a complete list of NSA Centers
of Academic Excellence in Information Assurance Education, please see
NIETP.
Carnegie Mellon
Since its inception as a department in 1965, and its evolution into a School
in 1988, Computer Science at Carnegie Mellon has followed a path devoted to
excellence in both research and education. In the past 15 years, SCS
researchers have pioneered developments in the areas of distributed systems,
networking, software technology, robotics, and parallel processing.
CERIAS Purdue
University
The Center for Education and Research in Information Assurance and Security,
or CERIAS, is the world's foremost University center for multidisciplinary
research and education in areas of information security. Our areas of
research include computer, network, and communications security as well as
information assurance.
CERT Coordination Center
See also US CERT
The CERT Coordination Center (CERT/CC) is a center of Internet security
expertise, at the Software Engineering Institute, a federally funded
research and development center operated by Carnegie Mellon University. We
study Internet security vulnerabilities, handle computer security incidents,
publish security alerts, research long-term changes in networked systems,
and develop information and training to help you improve security at your
site.
Recovering from an Incident - If you believe that your site may have
suffered a break-in or other type of incident, the CERT/CC has some
documents that can help you. Cert publishes annual
statistics since 1988.
CIAS University of Texas
at San Antonio
The Center for Infrastructure Assurance and Security (CIAS) is the research
arena at the University of Texas at San Antonio. The CIAS is designed to
leverage San Antonio's Infrastructure Assurance and Security (IAS) strengths
as part of the solution to the nation's Homeland Defense needs and deficit
of IAS talent and resources.
CiSR Naval
Postgraduate School Center for Information Systems Security Studies and
Research
The NPS CISR is the Country's foremost center for military research and
education in Information Assurance (IA), defensive information warfare, and
computer and network security. CISR is also known throughout the field as
one of the most innovative security research groups in the world and is
unsurpassed in producing a cadre of military officers with MS or Ph.D.
degrees qualified for assignment to critical IA-related roles.
CMU
Carnegie Mellon
The National Security Agency designated Carnegie Mellon University (CMU) as
a Center of Academic Excellence in Information Assurance Education. This
certificate is presented in recognition of a significant contribution in
meeting the national demand for information assurance education, developing
a growing number of professionals with information assurance expertise in
various disciplines, and ultimately contributing to the protection of the
national information infrastructure.
Cornell Computer Science
CNRI Technical Report Collection.
CSIS
George Mason University
The Center for Secure Information Systems (CSIS) has been created to provide
a dedicated environment to encourage the development of expertise in both
the theoretical and applied aspects of information systems security.
Dartmouth
Institute For Security Technology Studies ISTS - Technical Analysis Group
TAG
A National Center For Cybersecurity and Counterterrorism Research,
Development & Analysis.
The Technical Analysis Group (TAG) delivers research products that identify
and address critical federal, state, and local law enforcement needs. TAG
develops and coordinates law enforcement partnerships, alliances, and
relationships nationally in support of the core mission of the Institute.
FSU Florida
State University
The Department of Computer Science has undertaken an initiative in
Information Technology Assurance and Security, which includes software
reliability, information assurance, and computer and communications
security.
FSU NCFS National Center for
Forensic Science - LINKS
NCFS is a program of the National Institute of Justice hosted by the
University of Central Florida provides Forensic Science Links to
Organizations, Evidence Collection, Digital Evidence, DNA Evidence, Useful
Sites, and Weapons of Mass Destruction.
GASSP
Generally Accepted System Security Principles (GASSP).
The International Information Security Foundation (I2SF) - Sponsored
Committee to Develop and Promulgate Generally Accepted System Security
Principles.
I3P
The Institute for Information Infrastructure Protection
To help protect the information infrastructure of the United States by
coordinating the development of a comprehensive, prioritized research and
development agenda for cyber security, and promoting collaboration and
information sharing among academia, industry and government. The information
infrastructure consists of technologies and capabilities for gathering,
handling, and sharing information that are accessible to, or commonly
depended upon by, multiple organizations, whether within a single
enterprise, a critical infrastructure sector such as banking and finance,
the U.S. Government, the nation as a whole, or transnationally.
IRM Information
Resources Management College of the National Defense University.
The IRM College was established November 10, 1988 by Joint Memorandum of the
DoD Comptroller and the President of the National Defense University,
responding to Congressional direction to establish a graduate-level
institution to educate leaders with IRM responsibilities. Further direction
was received from the House Armed Services Committee in a report on November
20, 1989 which emphasized the need to provide information systems education
to IRM officials and recognized that the IRM College was the DoD institution
designated to meet this requirement. The IRM College was included in the
consortium of schools forming the Defense Acquisition University when the
latter institution was created in 1992. Finally, the Secretary of Defense
has designated the IRM College to implement the senior level educational
requirement of the Clinger-Cohen Act (Information Technology Management
Reform Act of 1995), under the policy guidance of the DoD Chief Information
Officer.
ISG Royal Holloway, University of London
The Information Security Group (ISG) at Royal Holloway is an
interdisciplinary research group comprised of computer scientists and
mathematicians. The group offers an active research environment with over
ten established academic posts and a large number of research students,
making it one of the largest academic security groups in the world. The
group regularly hosts international visitors and has strong research links
with a number of industrial and government institutions.
ISU
Idaho State University
Idaho State University was designated a National Center of Academic
Excellence in Information Assurance Education by the Federal Government. It
was recognized for a significant contribution in meeting the national demand
for Information Assurance education, developing a growing number of
professionals with information assurance expertise in various disciplines,
and ultimately contributing to the protection of the national information
infrastructure.
JHUISI Johns
Hopkins University Information Security Institute
The Johns Hopkins University Information Security Institute (ISI) is the
University's focal point for research and education in information security,
assurance and privacy. Securing cyberspace and our national information
infrastructure is more critical now than ever before, and it can be achieved
only when the core technology, legal and policy issues are adequately
addressed. ISI is committed to a comprehensive approach that includes input
from academia, industry and government. The University, through ISI's
leadership, has thus been designated as a Center of Academic Excellence in
Information Assurance by the National Security Agency and leading experts in
the field.
MIT LCS
The MIT Laboratory for Computer Science (LCS) is an interdepartmental
laboratory whose principal goal is research in computer science and
engineering. It is dedicated to the invention, development and understanding
of information technologies which are expected to drive substantial
technical and socio-economic change. See also
MIT Libraries.
NCSTRL at the
Massachusetts Institute of Technology
The Networked Computer Science Technical Reference Library, or NCSTRL
(pronounced "ancestral") is an international collection of computer science
technical reports from CS departments and industrial and government research
laboratories, made available for non-commercial and educational use.
Stanford University Libraries & Academic Information Resources
Stanford Computer Science Department's Technical Report Electronic Library
was part of an ARPA funded project, directed by CNRI, to develop concepts
for linking electronic libraries. This server allows you to retrieve and
view technical reports from participating institutions and other sources of
Computer Science
Technical Reports.
Stanford Law School
Lawrence Lessig.
UC Davis University
of California at Davis Computer Science Department
UIUC University of
Illinois at Urbana-Champaign Security Research Resource Links
UMD University of Maryland Virtual Technical Reports Center
The Institutions listed here provide either full-text reports, or searchable
extended abstracts of their technical reports on the World Wide Web. This
site contains links to technical reports, preprints, reprints,
dissertations, theses, and research reports of all kinds. Some metasites are
listed by subject categories, as well as by institution.
Government
Resources:
See our CIO/CSO Gov/Mil
link for additional government and military links.
CART
FBI Laboratory - Computer Analysis and Response Team
The Computer Analysis and Response Team (CART) provides assistance to FBI
field offices in the search and seizure of computer evidence as well as
forensic examinations and technical support for FBI investigations. This
Unit includes a state-of-the-art forensic laboratory comprised of computer
specialists and a network of trained and equipped forensic examiners
assigned to more than 50 field offices.
CCIPS
Computer Crime and Intellectual Property Section of the Criminal Division of
the U.S. Department of Justice.
CIAC DOE
Computer Incident Advisory Capability for the Department of Energy publishes
security bulletins and technical vulnerabilities.
CIT
Center for Information Technology National Institutes of Health
Common Criteria
IS15408
In June 1993, the sponsoring organizations of the existing US, Canadian, and
European criterias started the CC Project to align their separate criteria
into a single set of IT security criteria. Version 1.0 of the CC was
completed in January 1996. Based on a number of trial evaluations and an
extensive public review, Version 1.0 was extensively revised and CC Version
2.0 was produced in April of 1998. This became ISO International Standard
15408 in 1999. The CC Project subsequently incorporated the minor changes
that had resulted in the ISO process, producing CC version 2.1 in August
1999.
CRN
New or newly recognized vulnerabilities of modern societies and the rising
complexity of causal circles involving various kinds of risks call for an
intensified international dialogue and more co-operation in the field of
national risk profiling – to be undertaken in an open structure, and not a
hierarchical one. A new knowledge, a better understanding of new risks,
their causes, interactions, probabilities and costs is needed. The
Comprehensive Risk Analysis and Management Network (CRN) is a
future-oriented initiative launched by Switzerland (Center for Security
Studies, ETH Zurich) and Sweden (SEMA, The Swedish Emergency Management
Agency) to cope with the complexity and multidimensionality of the threats
we are facing in this age of uncertainty. As a sub-network related to the
ISN, CRN contains methodologies, procedures, tools and case studies for the
risk profiling process on a national, subnational (cantonal) and local
level. It provides open and free of charge access to information covering
the full range of existential risks for modern societies. The project is
supported by the Swiss Government as an official part of Switzerland's
participation in Partnership for Peace (PfP).
CSRC
Computer Security Resource Center is one of eight divisions within NIST
grouped into five major categories: Cryptographic Standards, Security
Testing, Security Research and Emerging Technologies, Security Management
and Guidance, Outreach, Awareness and Education. CSRC
publications
present the results of NIST studies, investigations, and research on
information technology security issues.
DOD CCRP Command and
Control Research Program
The CCRP within the Office of the Assistant Secretary of Defense (C3I)
focuses upon 1) improving both the state of the art and the state of the
practice of command and control and 2) enhancing DoD's understanding of the
national security implications of the Information Age. It provides "Out of
the Box" thinking and explores ways to help DoD take full advantage of the
opportunities afforded by the Information Age. The CCRP forges links between
the operational and technical communities, and enhances the body of
knowledge and research infrastructure upon which future progress depends.
DOD DCFL Department of
Defense Computer Forensics Laboratory
The DCFL is the
national resource and international benchmark for rapid forensic examination
and analysis of electronic evidence. The DCFL provides the community with
timely, unbiased evidence examination, analysis and operational support.
Teamed with the Department of Defense Law Enforcement and
Counterintelligence Community our unique technical expertise and computer
solutions ensure information superiority for the War fighter.
DOC TA US
Department of Commerce Technology Administration
The Under Secretary for Technology, supported by the Deputy Under Secretary
for Technology, manages the Technology Administration's (TA) three agencies:
The Office of Technology Policy (OTP)
is the only office in the federal government with the explicit mission of
developing and advocating national policies and initiatives that use
technology to build America's economic strength.
The National Institute of Standards and Technology (NIST)
promotes economic growth and improves the quality of life by working with
industry to develop and apply technology, measurements, and standards.
The National Technical Information Service (NTIS)
collects and disseminates scientific, technical, engineering and related
business information produced by the U.S. government and foreign sources.
GAO Technology Assessment -
Cybersecurity for Critical Infrastructure Protection
May 2004
(PDF)
GrayLIT Network
A Science Portal of Technical Reports, the GrayLIT Network is the world's
most comprehensive portal to Federal gray literature. By offering a mode of
communication for this hard-to-find class of literature, the GrayLIT Network
enables convenient access by the American public to government information.
The Department of Energy (DOE) provides public access to this research tool
through GPO Access in partnership with the Government Printing Office.
Federal Agencies participating in this project are DOD/DTIC, DOE, EPA, and
NASA.
Homeland Security DHS
IASE - Information
Assurance Support Environment sponsored by
DISA
INTERPOL
International Criminal Police Organization
Interpol exists to help create a safer world. Our aim is to provide a unique
range of essential services for the law enforcement community to optimize
the international effort to combat crime.
Naval
Surface Warfare Center Dahlgren Lab Information Assurance Office
NIAP National
Information Assurance Partnership
NIAP is a U.S. Government
initiative designed to meet the security testing, evaluation, and assessment
needs of both information technology (IT) producers and consumers. NIAP is a
collaboration between the National Institute of Standards and Technology (NIST)
and the National Security Agency (NSA) in fulfilling their respective
responsibilities under the Computer Security Act of 1987.
NIJ
National Institute of Justice (NIJ) is the research, development, and
evaluation agency of the U.S. Department of Justice and is dedicated to
researching crime control and justice issues. NIJ provides objective,
independent, evidence-based knowledge and tools to meet the challenges of
crime and justice, particularly at the State and local levels. NIJ's
principal authorities are derived from the Omnibus Crime Control and Safe
Streets Act of 1968, as amended (see 42 USC § 3721-3723). The NIJ Director
is appointed by the President and confirmed by the Senate. The NIJ Director
establishes the Institute's objectives, guided by the priorities of the
Office of Justice Programs, the U.S. Department of Justice, and the needs of
the field. The Institute actively solicits the views of criminal justice and
other professionals and researchers to inform its search for the knowledge
and tools to guide policy and practice.
NIST
The National Institute of Standards and Technology, an agency of the
Commerce Department's Technology Administration, was founded in 1901 as the
nation's first federal physical science research laboratory. Over the years,
the scientists and technical staff at NIST have made solid contributions to
image processing, DNA diagnostic "chips," smoke detectors, and automated
error-correcting software for machine tools.
NIST Computer
Security Resource Center.
NSA
The National Security Agency is the Nation's cryptologic organization. It
coordinates, directs, and performs highly specialized activities to protect
U.S. information systems and produce foreign intelligence information. A
high technology organization, NSA is on the frontiers of communications and
data processing. It is also one of the most important centers of foreign
language analysis and research within the Government.
ODP
The Office for Domestic Preparedness (ODP) is the principal component of the
Department of Homeland Security responsible for preparing the United States
for acts of terrorism. In carrying out its mission, ODP is the primary
office responsible for providing training, funds for the purchase of
equipment, support for the planning and execution of exercises, technical
assistance and other support to assist states and local jurisdictions to
prevent, plan for, and respond to acts of terrorism.
OSTI
The Office of Scientific and Technical Information (OSTI) leads Department
of Energy (DOE) e-government initiatives for disseminating R&D information.
Located within the Office of Advanced Scientific Computing Research (OASCR)
in the DOE Office of Science (SC), it is responsible for leading the
Department's Technical Information Program (TIMP) and for providing
direction and coordination for the dissemination of scientific and technical
information (STI) resulting from DOE research and development (R&D)
programs.
Rainbow Series Library
Although the Common Criteria (CC) replaces the Rainbow Series, it is still
referenced in some security domains.
In 1981, the Department of Defense assigned responsibility for computer
security to the Director of the National Security Agency (NSA). The DoD
Computer Security Center was formed that same year, and was later renamed
the National Computer Security Center (NCSC). The center's charter,
promulgated in DoD Directive 5215.1, specifically tasked the center to
establish and maintain..."technical standards and criteria for the security
evaluation of trusted computer systems that can be incorporated into the
Department of Defense component life-cycle management process."
SWGDE
Scientific Working Group on Digital Evidence (SWGDE). The Federal Crime
Laboratory Directors group formed SWGDE in 1998. It was noted that the
traditional audio and video examination and processing was becoming digital
and, along with digital still photography, was converging with computer
forensics. As a result, they formed a group to explore digital evidence as a
forensic discipline. The initial members were the forensic laboratories of
the ATF, DEA, FBI, IRS-CID, US Customs, US Postal Inspection Service, and
the US Secret Service. In addition, NASA and the Department of Defense
Computer Forensics Laboratory participated from the beginning. In an effort
to widen the participation, representatives from North Carolina,
Pennsylvania, and Illinois State Crime Laboratories were invited to
participate along with the Florida Department of Law Enforcement. Later on,
representatives of other state and local agencies (including Ocean City,
Maryland and Lakewood, Colorado) were accepted for membership.
Private
Sector Resources:
AirDefense
AirDefense is a thought leader and innovator of wireless LAN security and
operational support solutions. Founded in 2001, AirDefense has pioneered the
concept of 24x7 monitoring of the airwaves and now provides the most
advanced solutions for rogue WLAN detection, policy enforcement, intrusion
protection and WLAN health monitoring. As a key element of wireless LAN
security, AirDefense complements wireless VPNs, encryption and
authentication.
Anser.Org Research Institute
Anser is a non-profit public service research institute dedicated to enhance
public awareness, communication, and education for the science and
technology workforce.
Applied
Cryptography Handbook
The Handbook was reprinted (5th printing) in August 2001. CRC Press has
generously given permission to make all chapters available for free download
via this site subject to its copyright notice.
Association of Certified Fraud Examiners
The Association of Certified Fraud Examiners is an international,
25,000-member professional organization dedicated to fighting fraud and
white-collar crime.
Astalavista
A great research source with good links to the underground.
At Stake
Security
At Stake addresses digital security from strategy to incident handling.
AT&T Labs Research
A full-text resource for advanced technology research from 1996-present.
Attrition.org
Attrition.org is a computer security website dedicated to the collection,
dissemination and distribution of information about the industry for anyone
interested in the subject. They maintain one of the largest catalogs of
security advisories, text files, and humorous image galleries. They are also
known for the largest mirror of website defacements and their crusade to
expose industry frauds and inform the public about incorrect information in
computer security articles.
BITS
BITS is a nonprofit industry consortium of the 100 largest financial
institutions in the United States. Serving as the strategic “brain trust”
for the industry, BITS focuses on issues related to e-commerce, payments and
emerging technologies. Today BITS’ top issues include cybersecurity, crisis
management coordination, fraud reduction, identity theft, IT outsourcing,
operational risk management and payments strategies.
CGI Security
CGI Security.com is dedicated to web application security.
CIS
The Center for Internet Security mission is to help organizations around the
world effectively manage the risks related to information security. CIS
provides methods and tools to improve, measure, monitor, and compare the
security status of your Internet-connected systems and appliances, plus
those of your business partners. CIS is not tied to any proprietary product
or service. It manages a consensus process whereby members identify security
threats of greatest concern, then participate in development of practical
methods to reduce the threats. This consensus process is already in use and
has proved viable in creating Internet security benchmarks available for
widespread adoption. Download the CIS Gold Standard Minimum Security
Benchmarks and Scoring Tool and test your systems for compliance.
CiteSeer -
Scientific Literature Digital Library.
ResearchIndex is a scientific literature digital library that aims to
improve the dissemination and feedback of scientific literature, and to
provide improvements in functionality, usability, availability, cost,
comprehensiveness, efficiency, and timeliness.
Computer
Forensics Community
This website is intended to be a community portal for law enforcement and
private sector to discuss issues of computer forensics and other related
electronic investigations.
Crypto Link Farm
The Crypto Link Farm, provided by Peter Gutmann, is a comprehensive list of
Encryption and Security-related Resources. Because of its large size, he
only updates the online version of the page every few months, so please be
patient when waiting for updates to reported changes to appear. The complete
link farm is around 1/2MB of data and the links contain the complete
collection broken down by topic for ease of access.
CSI
Computer Security Institute (CSI) is the world's leading membership
organization specifically dedicated to serving and training the information,
computer and network security professional. Since 1974, CSI has been
providing education and aggressively advocating the critical importance of
protecting information assets. CSI sponsors two conference and exhibitions
each year, NetSec in June and the CSI Annual in November, and seminars on
encryption, intrusion management, Internet, firewalls, awareness, Windows
and more.
Counterpane Internet
Security
Counterpane is the world's leader in Managed Security Monitoring. Their
expert Security Analysts monitor your network for suspicious activities, and
take immediate, effective action to keep your business running smoothly.
Cipher
AES by Rijndael
Crypto Log
A good Internet source for Cryptography Research and Information.
Crypto.com
Matt Blaze's cryptography resource on the Web. Matt is a computer security
and cryptology research scientist at AT&T Labs.
Digital
Defense
Founded in 1999, Digital Defense, Inc., a privately held company, is a
global network security provider of proactive risk assessment solutions.
Digital Defense's low-touch, highly automated security solutions combine the
technical expertise of their analysts with a state-of-the-art security
operations platform that maintains the most up-to-date scripts, penetration
techniques, threats, and information in today's network security industry.
DoS - Denial of
Service Attack Resources
DRMAA
The Distributed Resource Management Application API (DRMAA, pronounced
"drama"), group consists of vendors interested in grid computing, including
Intel, Sun, Veridian, IBM, United Devices, TurboLinux and Platform
Computing. DRMAA wants to encourage independent software vendors to build
grid-friendly applications. It plans to create an API that will allow
applications to run in grid computing nets and also make grid creation
easier.
E-Evidence.info
The E-Evidence Information and Resource site, a Digital Forensics and
Electronic Evidence resource, is a side effect of Christine Siedsma's
research and learning process conducted in connection with her position as
Project Manager at the Computer Forensic Research and Development Center at
Utica College, and her ongoing search to find timely material to present to
the students enrolled in the Computer Forensic course that she teaches at
Utica College.
eEye Digital Security
eEye Digital Security is poised to be a leader in the emerging security
software market, and is one of the fastest growing companies in the
industry. Founded over three years ago, eEye released its flagship product –
Retina, the Network Security Scanner - in 2000 and has steadily grown its
market share in the scanner market. Since then, eEye has released two more
products: Iris, the Network Traffic Analyzer and SecureIIS, Application
Firewall. Many more are in the pipeline.
Encyclopedia of Computer Security
A free security resource site for the IT industry covering the latest
warnings, product news, and white papers.
EvidentData
The core of EvidentData is a team of professionals, many with law
enforcement backgrounds, experienced in investigating and prosecuting cases
involving technology.
Forensics Focus
Computer Forensics News and Discussion.
Forensics
Web
Forensics Web is dedicated to technology related investigations and
forensics. The site caters to law enforcement and corpsec interests with a
special focus on computer related forensics and investigations.
GE Corporate
Research and Development
GE is actively working on advanced technology and innovation in such things
as Nanotechnology, Molecular Imaging, Photonics, Advanced Propulsion, and
High Performance Polymers.
Gibson Research
Gibson Research Corporation offers an array security, operating system, and
mass storage data recovery & maintenance information and tools such as
SpinRite, ShieldsUP, Leak Test.
Global Grid Forum
The Global Grid Forum (GGF) is a community-initiated forum of individual
researchers and practitioners working on distributed computing, or "grid"
technologies. GGF is the result of a merger of the Grid Forum, the eGrid
European Grid Forum, and the Grid community in Asia-Pacific.
GnuPG
Privacy Handbook
GnuPG is a tool for secure communication. This handbook covers the core
functionality and all aspects of GnuPG. GnuPG uses public-key cryptography
so that users may communicate securely. In a public-key system, each user
has a pair of keys consisting of a private key and a public key. A user's
private key is kept secret; it need never be revealed. The public key may be
given to anyone with whom the user wants to communicate. GnuPG uses a
somewhat more sophisticated scheme in which a user has a primary keypair and
then zero or more additional subordinate keypairs. The primary and
subordinate keypairs are bundled to facilitate key management and the bundle
can often be considered simply as one keypair.
GovernmentSecurity.org
This site is NOT affiliated with, operated or funded by the Military or
Government.
GovernmentSecurity.org is not a Black Hat or White Hat website. This is a
security related website that proclaims Library Status. The information can
be used in both positive and in negative manners. Their justification for
carrying certain fringe information is that their organization follows the
motto: Know thy Enemy...
High Technology Crime
Investigation Association
The High Technology Crime Investigation Association (HTCIA) is designed to
encourage, promote, aid and effect the voluntary interchange of data,
information, experience, ideas and knowledge about methods, processes, and
techniques relating to investigations and security in advanced technologies
among its membership.
HP Labs
HP Labs is one of the world's great industrial research laboratories,
providing technological leadership to HP, and inventing new technologies
that change markets and create new business opportunities.
IATFF - Information
Assurance Technical Framework Forum
IBM Research
IBM Worldwide research labs work in all areas of information technology,
from physics and cognitive science to leading-edge application research. We
invent innovative materials and structures and use them to create exciting
machine designs and architectures. We create tools and technologies that
will enable the continued evolution of computing and computing services over
the network. Our work across many disciplines is often done in concert with
our colleagues in academic and government research centers, as well as "in
the marketplace" with customers who provide us with challenging research
problems.
IdeaHamster
Organization
The resource for inspired security. Open standards in development.
ISF Information
Security Forum
The Information Security Forum (ISF) is an international association of over
250 leading organizations which fund and co-operate in the development of
practical research about information security. The ISF Standard of Good
Practice for Information Security is designed to help any organization,
irrespective of market sector, size or structure, keep the risks associated
with its information systems within acceptable limits. Download the PDF
standard from
http://www.isfsecuritystandard.com.
Information Security
Research Center
SecureStandard.com has compiled a good list of security related documents from
an array of sources with a good selection of Security Policies.
Infragard
InfraGard is an information sharing and analysis effort serving the
interests and combining the knowledge base of a wide range of members. At
its most basic level, InfraGard is a cooperative undertaking between the
U.S. Government (led by the FBI and the NIPC) and an association of
businesses, academic institutions, state and local law enforcement agencies,
and other participants dedicated to increasing the security of United States
critical infrastructures.
ISACA
With more than 23,000 members in over 100 countries, the Information Systems
Audit and Control Association® (ISACA™) is a recognized global leader in IT
governance, control and assurance. Founded in 1969, ISACA sponsors
international conferences, administers the globally respected CISA®
(Certified Information Systems Auditor™) designation earned by more than
26,000 professionals worldwide, and develops globally applicable information
systems (IS) auditing and control standards.
(ISC)2
International Information Systems Security Certifications Consortium, Inc.
(ISC)2 is a global, not-for-profit organization. Governments, corporations,
centers of higher learning and organizations worldwide demand a common
platform for and proficiency in mastering the dynamic nature of information
security. (ISC)2 helps fulfill these needs.
ISECOM
The Institute for Security and Open Methodologies (ISECOM) is a non-profit,
international, research initiative dedicated to defining standards in
security testing and business integrity testing since January 2001. ISECOM
authoritatively provides impartial accreditation for security testing and
analysis as well as full security audits.
ISSA
The Information Systems Security Association (ISSA) is a not-for-profit
international organization of information security professionals and
practitioners. It provides education forums, publications and peer
interaction opportunities that enhance the knowledge, skill and professional
growth of its members.
IWS
The Information Warfare Site is an online resource that aims to stimulate
debate about a range of subjects from information security to information
operations and e-commerce. It is the aim of the site to develop a special
emphasis on offensive and defensive information operations. IWS has
developed a discussion forum and a mailing list to enable a more interactive
debate. IWS launched INFOCON Threat Centre, a major IWS research project.
The aim is to monitor different Internet sources and sub-state activities
and then analyse cyberthreat trends every month, providing an INFOCON Level.
Java Security
Underlying the Java platform is a dynamic, extensible security architecture,
standards-based and interoperable. Security features -- cryptography,
authentication and authorization, public key infrastructure, and more -- are
built in. The Java security model is based on a customizable "sandbox" in
which Java software programs can run safely, without potential risk to
systems or users.
LinuxSecurity.com
LinuxSecurity.com is designed to serve as the primary Internet-based source
of information, insight and news relating to Linux and Open Source security
issues, and is driven by the security needs of the users of the site. This
site focuses on gathering advisories, articles and reports on Linux
security.
Metasploit Project
This is the Metasploit Project. The goal is to provide useful information to
people who perform penetration testing, IDS signature development, and
exploit research. This site was created to fill the gaps in the information
publicly available on various exploitation techniques and to create a useful
resource for exploit developers. The tools and information on this site are
provided for legal penetration testing and research purposes only.
mi2g
mi2g pioneers practices and techniques for wealth creation and protection in
the 21st century which help major financial services groups and government
agencies to deliver and sustain competitive advantage through information
intelligence. Our solutions pay particular regard to safety and security. We
advise on the management of Digital Risk and incorporate Bespoke Security
Architecture™ in our SMART sourcing methodology. We build highly secure data
visualization Matrix and Radar tools that are specifically constructed from
real time data and strategic knowledge to mitigate risk at board level.
Microsoft
Research Publications
Predominately full-text, a resource of technology research from
1993-present.
MITRE
MITRE is a not-for-profit national resource that provides systems
engineering, research and development, and information technology support to
the government. It operates federally funded research and development
centers for the DOD, the FAA, and the IRS, with principal locations in
Bedford, Massachusetts, and Northern Virginia.
NCSP
The National Cyber Security Partnership (NCSP) is led by the Business
Software Alliance (BSA),
the Information Technology Association of America (ITAA),
TechNet and the
U.S. Chamber of
Commerce in voluntary partnership with academicians, CEOs, federal
government agencies and industry experts. Following the release of the 2003
White House National Strategy to Secure Cyberspace and the National Cyber
Security Summit, this public-private partnership was established to develop
shared strategies and programs to better secure and enhance America’s
critical information infrastructure.
Neohapsis Archives
The people who comprise NEOHAPSIS are consultants with diverse backgrounds
in the world of network and security consulting that have years of
experience working in the publishing, healthcare, advertising, financial,
and manufacturing industries. Their consultants have traditionally come from
scientific labs, VARs, Internet Service Providers, and much larger
consulting firms.
NetIQ
NetIQ is a leading provider of e-business infrastructure management and
intelligence solutions for all the components of an organizations'
e-business infrastructure—from back-end servers, networks and directories to
front-end Web servers and applications. Our solutions cover Manageability,
Windows 2000 Migration, Exchange Migration, Security Monitoring and
Management, Network Performance Management, Storage Administration,
Automated Provisioning, Directory Management, and Web Analytics. NetIQ's
more than 52,000 customers span e-businesses, medium to large enterprises
and xSPs. NetIQ is committed to delivering the most comprehensive and
effective management solutions that our customers need to manage their
distributed and complex enterprise and e-business infrastructures.
Netsecurity.org
Help Net Security has a good database of articles including an archive of
Lance Spitzners' White Papers.
Netstumbler
NetStumbler.com is a website dedicated to wireless networking technology and
security of all kinds. We do our best to keep our website up to date with
the latest wireless news - we really appreciate user submitted stories.
NetStumbler.com is also the official home of the NetStumbler software.
Network Security Library
The Secinf.net Network Security Library offers access to hundreds of
articles, FAQs, white papers and books on network security, gathered from
various sources throughout the industry.
NewOrder.box.sk
The free resource for people to help avoid being hacked, security and
exploiting related files and links.
NRIC
The Network Reliability and Interoperability Council NRIC VII Mission:
“Partner with the Federal Communications Commission, the communications
industry and public safety to facilitate enhancement of emergency
communications networks, homeland security, and best practices across the
burgeoning telecommunications industry.” The purpose of the Council is to
provide recommendations to the FCC and to the communications industry that,
if implemented, shall under all reasonably foreseeable circumstances assure
optimal reliability and interoperability of wireless, wireline, satellite,
cable, and public data networks. This includes facilitating the reliability,
robustness, security, and interoperability of communications networks
including emergency communications networks. The scope of this activity also
encompasses recommendations that shall ensure the security and
sustainability of communications networks throughout the United States;
ensure the availability of adequate communications capacity during events or
periods of exceptional stress due to natural disaster, terrorist attacks or
similar occurrences; and facilitate the rapid restoration of
telecommunications services in the event of widespread or major disruptions
in the provision of communications services.
NSI
The National Security Institute's website is the premier Internet resource
for the security professional. The site features industry and product news,
computer alerts, travel advisories, a calendar of events, a directory of
products and services, and access to an extensive virtual security library.
NTSecurity.com
One stop portal for NT Security.
NW3C
Having no investigative authority of its own, the National White Collar
Crime Center (NW3C) is a non-profit organization funded by Congress that
provides support services to state and local law enforcement agencies and
other organizations with an active interest in the prevention,
investigation, and prosecution of economic and high-tech crime. Since 1980,
our organization has existed to support enforcement agencies in these
endeavors.
OWASP
The Open Web Application Security Project (OWASP) is dedicated to helping
organizations understand and improve the security of their web applications
and web services. This list was created to focus government and industry on
the most serious of these vulnerabilities. Web application security
vulnerabilities are highly exploitable and the consequence of an attack can
be devastating. These vulnerabilities represent an equivalent magnitude of
risk as network security problems, and should be given the same degree of
attention.
PARC
Palo Alto Research Center. In January 2002, the Xerox Palo Alto Research
Center became Palo Alto Research Center Incorporated.
Razor
BindView Security Researchers
BindView's RAZOR is a worldwide team of cutting-edge security researchers.
We are dedicated to advancing the state of the art in securing networks and
computers. RAZOR develops the art by identifying new security holes and
disclosing our results publicly, so that all may benefit from our research.
Reverse Engineering Malicious Code:
Alien Autopsy: Reverse Engineering Win32 Trojans on Linux - Infocus
1641
by Joe Stewart.
Code
Links
Detecting and Containing IRC-Controlled Trojans: When Firewalls, AV, and IDS
Are Not Enough - Infocus
1605
by Corey Merchant and Joe Stewart.
Fravia Reverse
Engineering.
Reverse Engineering Hostile Code - Infocus
1637
by Joe Stewart.
Reverse Engineering Malware by
Lenny
Zeltser.
SANS
The System Administration, Networking, and Security Institute, founded in
1989, is a cooperative research and education organization through which
more than 156,000 security professionals, auditors, system administrators,
and network administrators share the lessons they are learning and find
solutions to the challenges they face. The core of the Institute is the many
security practitioners in government agencies, corporations, and
universities around the world who invest hundreds of hours each year in
research, sharing knowledge, and teaching to help the entire sans community.
SANS Intrusion Detection
FAQ.
SANS
Security Policy Project
Welcome to the SANS Security Policy Resource page, a consensus research
project of the SANS community. The ultimate goal of the project is to offer
everything you need for rapid development and implementation of information
security policies. You’ll find a great set of resources posted here already
including policy templates for twenty-four important security requirements.
Secure Coding
Securecoding.org is the on-line home of Secure Coding: Principles and
Practices book by O'Reilly 2003 that provides information about the book and
its authors; updated versions of links and tables that appear in the book
and original supplemental material like op/ed pieces and vulnerability
analyses.
SecureInfo
Founded in 1992, SecureInfo Corporation's principles spearheaded the
creation of the security policy accepted by the National Security Agency and
standardized by the Department of Defense to protect high-risk Government
systems. Having founded both the Air Force Computer Emergency Response Team
(global security monitoring for Air Force networks) and the Air Force
Product Assessment Certification Center (security product certification
testing), SecureInfo Corporation's leaders are considered early pioneers of
security policy development, information assurance, risk management and
enterprise level security.
Security Focus
SecurityFocus, a privately held company, is a leading provider of enterprise
security threat management systems. SecurityFocus provides customized and
comprehensive alerts of impending cyber attacks worldwide - with
countermeasures to prevent attacks before they occur - enabling companies to
mitigate risk, manage threats, and ensure business continuity. The company
also licenses the world's largest, most complete vulnerability database,
hosts the most popular security community mailing list, Bugtraq™, and
publishes original security content at this site. See their
Library
for additional information.
SecurityForums
Security Forums Dot Com was set-up in April 2002 by a group of like-minded
friends who were interested in computers and computer security, the idea was
for the site to become a friendly community for security and other areas,
for asking questions, gaining experience and learning in a welcoming
atmosphere.
Security - Linux/Unix
A good site for Linux/Unix security information, articles, and links.
Security Protocols
Security-protocols.com was founded in 2001. Here you will find information
relating to the computer security field. sp.com was meant to be a site for
hackers by hackers. When sp.com got started it was trying to be a huge
archive for all who wanted to learn and check out some good documentation
written by various authors. Here you will find information relating to the
computer security field.
SOMAP.org
Security Officers Management and Analysis Project (SOMAP.org) was started by
members of SwordLord - the coding crew (SwordLord.com) out of an observation
of the security industry. The main goals of SOMAP.org are to create and
provide: an open and free Repository with security rules, guidelines and
best practices; an open source Security Management Tool which uses the
SOMAP.org Repository; and, Document Templates which allow to generate
documentation from the two projects above. In implementing the above
projects, SOMAP.org always has the focus to help Security Officers in doing
their management and analysis concerning policies, procedures, standards and
documentation as comfortable as possible.
SpyDynamics.com
Enterprise Security for Web Applications - WebInspect is the leading web
application security product used enterprise-wide to assess security
throughout the application lifecycle – from development to post-production.
Sun
Microsystems Research Lab
Established in 1990, Sun Microsystems Laboratories is the applied research
and advanced development arm of Sun Microsystems, Inc., with locations in
California, Massachusetts and France. Researchers at Sun Labs are working on
projects that are significant to the evolution of technology and to our
society's future; asynchronous and high-speed circuits, optical
interconnects, 3rd-generation web technologies, sensors, network scaling and
Java[tm] technologies, to name a few.
Sys-Security Group
Sys-Security.com is a website dedicated to computer security research. It
is the home of the "ICMP Usage In Scanning" research project.
THC The Hacker's Choice
THC was founded in 1995 in Germany by a group of people involved in hacking,
phreaking and anarchy. Through the years THC was joined by other experts and
grew to probably Germany's best hacking group. The intention of THC is to
demonstrate weaknesses in common security solutions that can be found in
telecommunication and network services. On this site you will find software
and papers that were released by THC members.
TISC Internet
Security Conference - Resource Links
The Internet Security Conference Security Resources & Links maintains a good
collection of security resources and links that were compiled by their
advisory staff and readers.
TNO-FEL
TNO Physics and Electronics Laboratory (TNO-FEL) is part of the Netherlands
Organization of Applied Scientific Research (TNO) - the independent
knowledge organization that builds a bridge between fundamental know-how and
the everyday practices of government authorities and the business community.
U.S.SecurityAwareness
This site is dedicated to increasing security awareness among the general
population and the technology community. The Basic Security section is
focused on the average person. The Advanced Security section will be of
interest to technologists, senior management and legislators.
w00w00.org Security
Development
w00w00, with 30+ active members, is currently the largest non-profit
security team in the world. w00w00 was created over three years ago. We have
members in 5 continents, and 11 countries (Australia, Argentina, Canada,
Japan, France, Russia, England, Spain, Sweden, Germany, USA), and 14 states
(USA). The members are diverse in their abilities, location, and ethnicity.
W3C
The World Wide Web Consortium (W3C) develops interoperable technologies
(specifications, guidelines, software, and tools) to lead the Web to its
full potential as a forum for information, commerce, communication, and
collective understanding. On this page, you'll find W3C news as well as
links to information about W3C technologies.
WASC
Founded in January 2004, the Web Application Security Consortium is a group
of top security experts dedicated to developing and promoting standards of
best practice for the World Wide Web. Through firsthand experience, the
Consortium members understand the risks of conducting business online and
the challenges of securing web sites against all conceivable threats. The
Consortium will improve web application security by assisting developers,
security professionals and software vendors. Through a collaborative effort
with the community, the Consortium feels strongly that significant progress
will be achieved to enhance the overall security of the Web.
Whitehats.com
Whitehats.com is an online community resource to provide support for those
who are interested in network security, including network and security
administrators. Whitehats.com offers free software and community support
with a policy of full-disclosure and user education. Our goal is to empower
people with the knowledge and tools required to defend their networks in an
ongoing struggle against irresponsible or malevolent attacks.
WindowsSecurity.com
WindowSecurity.com provides Windows security news, articles, tutorials,
software listings and reviews for information security professionals
covering topics such as firewalls, viruses, intrusion detection and other
security topics.
XFocus.org
Xfocus is a non-profit and free technology organization which was founded in
1998 in China. We are devoting to research and demonstration of weaknesses
related to network services and communication security.
zone-h.org
Zone-h is an open site with many administrators acting from all over the
world, whose faces and real names might be unknown to us therefore we cannot
be held responsible for the material contained.
|
