Resources
US Government Resources
NOTE: Some of these, such as NIST documents, may be listed below in topical areas.
- US Computer Emergency Readiness Team — http://www.us-cert.gov/
- List of NIST Information Security Publications — http://csrc.nist.gov/publications/PubsTC.html
- NICCS – National Initiative for Cybersecurity Careers and Studies – http://niccs.us-cert.gov/
Ethical Hacking Educational Resources
Following is a list of Web sites that provide learning resources for ethical hacking.
- Learn How To Hack – Ethical Hacking Resources | HackerOne
https://www.hackerone.com/blog/resources-for-new-hackers
- The Ultimate Guide to Ethical Hacking – InfoSec Resources
- Ethical Hacking Resources | IEEE Innovation at Work
https://innovationatwork.ieee.org/ethical-hacking/
- Top Resources To Learn Ethical Hacking
https://hackwarenews.com/top-resources-to-learn-ethical-hacking/
General Resources
- A Risk Management Reading List — http://fcw.com/articles/2012/10/23/risk-management-reading-list-nist.aspx
- US Computer Emergency Readiness Team — http://www.us-cert.gov/
- IT Security White Papers — http://www.itwhitepapers.com/technology/security
- Risk Assesment
- Computer emergency lines
- Airport Security
Security Blogs
- Bruce Schneier Crypt-O-Gram — http://www.schneier.com/crypto-gram.html
- Krebs on Security — http://krebsonsecurity.com/
Planning for Security and Contingencies
| · Contingency Planning Guide for Federal Information Systems — http://csrc.nist.gov/publications/nistpubs/800-34-rev1/sp800-34-rev1_errata-Nov11-2010.pdf
· Guide for Developing Security Plans for Federal Information Systems — http://csrc.nist.gov/publications/nistpubs/800-18-Rev1/sp800-18-Rev1-final.pdf · Computer Security Incidents: Assessing, Managing, And Controlling The Risks – ITL Security Bulletin — http://csrc.nist.gov/publications/nistbul/b-01-04.pdf · Techniques for System and Data Recovery – ITL Security Bulletin — http://csrc.nist.gov/publications/nistbul/04-02.pdf · System and Network Security Acronyms and Abbreviations — http://csrc.nist.gov/publications/nistir/ir7581/nistir-7581.pdf · Guide to Integrating Forensic Techniques into Incident Response — http://csrc.nist.gov/publications/nistpubs/800-86/SP800-86.pdf · Office of the President of the United States: International Strategy for Cyberspace — http://www.whitehouse.gov/sites/default/files/rss_viewer/international_strategy_for_cyberspace.pdf |
Information Security Policy
- Guide to Protecting the Confidentiality of Personally Identifiable Information (PII) — http://csrc.nist.gov/publications/nistpubs/800-122/sp800-122.pdf
- Information Security Guide For Government Executives — http://csrc.nist.gov/publications/nistir/ir7359/CSD_ExecGuide-booklet.pdf
- Commercial product – Security Policies Made Easy — http://www.informationshield.com/ispmemain.htm
Developing the Security Program
- Building an Information Technology Security Awareness and Training Program — http://csrc.nist.gov/publications/nistpubs/800-50/NIST-SP800-50.pdf
- An Introductory Resource Guide for Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule — http://csrc.nist.gov/publications/nistpubs/800-66-Rev1/SP-800-66-Revision1.pdf
- implementing an Effective IT Security Program (SANS) — http://www.sans.org/reading_room/whitepapers/bestprac/implementing-effective-security-program_80
- Creating the Effective Security Awareness Program — http://www.sans.org/reading_room/whitepapers/awareness/creating-effective-security-awareness-program-demonstration_1079
- Building a Security Awareness Program — http://www.gideonrasmussen.com/article-01.html
- Success Strategies for Security Awareness — http://www.techrepublic.com/article/success-strategies-for-security-awareness/5193710
Security Management Models
- Minimum Security Requirements for Federal Information and Information Systems — http://csrc.nist.gov/publications/fips/fips200/FIPS-200-final-march.pdf
- Standards for Security Categorization of Federal Information and Information Systems — http://csrc.nist.gov/publications/fips/fips199/FIPS-PUB-199-final.pdf
- An Overview Of The Common Criteria Evaluation And Validation Scheme – ITL Security Bulletin — http://csrc.nist.gov/publications/nistbul/10-00.pdf
Security Management Practices
- Guide for Security-Focused Configuration Management of Information Systems — http://csrc.nist.gov/publications/nistpubs/800-128/sp800-128.pdf
- Technical Guide to Information Security Testing and Assessment — http://csrc.nist.gov/publications/nistpubs/800-115/SP800-115.pdf
- IT Security Metrics – ITL Security Bulletin — http://csrc.nist.gov/publications/nistbul/bulletin08-03.pdf
- Information Security Continuous Monitoring for Federal Information Systems and Organizations — http://csrc.nist.gov/publications/nistpubs/800-137/SP800-137-Final.pdf
- Security Guide for Interconnecting Information Technology Systems — http://csrc.nist.gov/publications/nistpubs/800-47/sp800-47.pdf
- Guide for Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach — http://csrc.nist.gov/publications/nistpubs/800-37-rev1/sp800-37-rev1-final.pdf
- Comparison of Security Management Practices — http://www.giac.org/cissp-papers/407.pdf
- Information Security Program Guide for State Agencies – California Office of Information Security and Privacy Protection — http://www.sans.org/reading_room/whitepapers/bestprac/implementing-effective-security-program_80
Risk Management: Identifying and Controlling Risk
- Recommended Security Controls for Federal Information Systems and Organizations — http://csrc.nist.gov/publications/nistpubs/800-53-Rev3/sp800-53-rev3-final_updated-errata_05-01-2010.pdf
- Specification for Asset Identification 1.1 — http://csrc.nist.gov/publications/nistir/ir7693/NISTIR-7693.pdf
- Secure Hash Standard (SHS) — http://csrc.nist.gov/publications/fips/fips180-4/fips-180-4.pdf
- GIAC G2700 Certified ISO-27000 Specialist — http://www.giac.org/certification/certified-iso-27000-specialist-g2700
- ISO-2700 Central — http://www.17799central.com/
- History of ISO-27000 Standards — http://www.27000.org/thepast.htm
- Many resources for IST-27000 Standards — http://www.iso27001security.com/html/iso27000.html
- ESIS – Open Source Executive Security Information System – http://esis.sourceforge.net/ESIS/Home.html
- Security for Cloud Computing – 10 Steps to Ensure Success – http://www.cloud-council.org/Security_for_Cloud_Computing-Final_080912.pdf
- Comparison between ISO-27005, Octave and NIST SP 800-30 – http://sisainfosec.com/blog/comparison-between-iso-27005-octave-nist-sp-800-30-2/
- Why the Emerging ISO-27000 Series are vital for Business Resilience — http://www.personal.psu.edu/gms/sp13/456/about%20iso-27K%20Poole.pdf
- GIAC G2700 Certified ISO-27000 Specialist — http://www.giac.org/certification/certified-iso-27000-specialist-g2700
- ISO-2700 Central — http://www.17799central.com/
- History of ISO-27000 Standards — http://www.27000.org/thepast.htm
- Many resources for IST-27000 Standards — http://www.iso27001security.com/html/iso27000.html
- ISO/IEC 27001 2013 Plain English Introduction – http://www.praxiom.com/iso-27001-intro.htm
- ISO/IEC 27002 2013 Old versus New – http://www.praxiom.com/iso-27002-old-new.htm
- ISO/IEC 27002 2013 Translated into Plain English – http://www.praxiom.com/iso-27002.htm
- Moving from ISO/IEC 27001:2005 to ISO/IEC 27001:2013 – http://www.bsigroup.com/LocalFiles/en-GB/iso-iec-27001/resources/BSI-ISO27001-transition-guide-UK-EN-pdf.pdf
Vulnerabilities and Threats
- The Common Vulnerability Scoring System (CVSS) and Its Applicability to Federal Agency Systems — http://csrc.nist.gov/publications/nistir/ir7435/NISTIR-7435.pdf
- Computer Attacks: What They Are and How to Defend Against Them – ITL Security Bulletin — http://csrc.nist.gov/publications/nistbul/05-99.pdf
| · Guide to Malware Incident Prevention and Handling — http://csrc.nist.gov/publications/nistpubs/800-83/SP800-83.pdf
· National Vulnerability Database: Helping Information Technology System Users And Developers Find Current Information About Cyber Security Vulnerabilities – ITL Security Bulletin — http://csrc.nist.gov/publications/nistbul/b-Oct-05.pdf
|
Protection Mechanisms
- Guidelines for Securing Wireless Local Area Networks (WLANs) — http://csrc.nist.gov/publications/nistpubs/800-153/sp800-153.pdf
- Guidelines on Security and Privacy in Public Cloud Computing — http://csrc.nist.gov/publications/nistpubs/800-144/SP800-144.pdf
- Guide to Intrusion Detection and Prevention Systems (IDPS) — http://csrc.nist.gov/publications/nistpubs/800-94/SP800-94.pdf
- Guidelines on Firewalls and Firewall Policy — http://csrc.nist.gov/publications/nistpubs/800-41-Rev1/sp800-41-rev1.pdf
- Biometrics – Technologies for Highly Secure Personal Authentication – ITL Security Bulletin — http://csrc.nist.gov/publications/nistbul/05-01.pdf
- Guide to SSL VPNs — http://csrc.nist.gov/publications/nistpubs/800-113/SP800-113.pdf
- Advanced Encryption Standard — http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf
- Guidelines for the Selection and Use of Transport Layer Security (TLS) Implementations — http://csrc.nist.gov/publications/nistpubs/800-52/SP800-52.pdf
| · Federal Agency Use of Public Key Technology for Digital Signatures and Authentication — http://csrc.nist.gov/publications/nistpubs/800-25/sp800-25.pdf
· Guideline for Implementing Cryptography in the Federal Government — http://csrc.nist.gov/publications/nistpubs/800-21-1/sp800-21-1_Dec2005.pdf · DoD Cyber Protect Network Security Game — http://iase.disa.mil/eta/cyber-protect/launchpage.htm · TLS – Transport Layer Security — http://en.wikipedia.org/wiki/Transport_Layer_Security · SSL Certificates — https://www.globalsign.com/ssl-information-center/what-is-an-ssl-certificate.html?gclid=CI3YutnD46wCFcp65Qoduzywnw · NIST.org Free Online Antivirus, Spyware and Firewall reviews — http://www.nist.org/news.php?extend.93 |
Personnel and Security
- How to Become CISM Certified
- How to Become CISA Certified
- CISSP Certification — https://www.isc2.org/cissp/default.aspx
- CompTIA+ Practice Exams — http://www.techexams.net/securityplus/
- CompTIA Certification — http://certification.comptia.org/home.aspx
Security Law and Ethics
- The Legal System and Ethics in Information Security (SANS) — http://www.sans.org/reading_room/whitepapers/legal/legal-system-ethics-information-security_54
- Legal, Ethical and Professional Issues in Information Security — http://academic.cengage.com/resource_uploads/downloads/1111138214_259148.pdf
- Information Security Law and Ethics — http://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=5&cad=rja&ved=0CEkQFjAE&url=http%3A%2F%2Fwww.sis.pitt.edu%2F~jjoshi%2FIS2820%2FSpring06%2Fchapter11.doc&ei=qvXhUKXtBNTC0AHAnICYCA&usg=AFQjCNGqm2UvMDJZHdC_B3zLWFnqGD_vgw&bvm=bv.1355534169,d.dmQ
- Computer Ethics — http://www.isaca.org/Journal/Past-Issues/2008/Volume-6/Documents/jpdf0806-computer-ethics.pdf
- An Analysis of Ethics as a Foundation of Information Security in Distributed Systems — http://www.computer.org/csdl/proceedings/hicss/1998/8248/06/82480213.pdf
- GIAC Code of Ethics — http://www.giac.org/about/ethics/code
- ISSA Code of Ethics — http://www.issa.org/?page=codeofethics
- ISC2 Code of Ethics — https://www.isc2.org/ethics/default.aspx
LIVE ATTACK MAPS
Trend Micro’s Botnet Connection Dashboard
https://botnet-cd.trendmicro.com/
Akamai real time web monitor
https://www.akamai.com/us/en/resources/visualizing-akamai/real-time-web-monitor.jsp
FireEye’s map shows attacks as they happen
https://www.fireeye.com/cyber-map/threat-map.html
Checkpoint Threat live map
https://threatmap.checkpoint.com/ThreatPortal/livemap.html
Industry Vendor Collaborations
TrendMicro
https://www.trendmicro.com/en_us/business.html
Oracle Academy
https://academy.oracle.com/en/oa-web-overview.html
Amazon AWS Educate
https://aws.amazon.com/education/awseducate/
IBM Skills Academy
http://www.ibm.com/services/weblectures/meap
Checkpoint Secure Academy
https://www.checkpoint.com/support-services/secureacademy/
Palo Alto Network Cybersecurity Academy
https://www.paloaltonetworks.com/services/education/academy
Splunk Higher Education Academic Licenses
https://www.splunk.com/en_us/solutions/industries/higher-education/academic-licenses.html
