General information security resources

A substantial collection of information security links is maintained by the CIPS Vancouver Security SIG.

It’s worth finding good information security blogs such as those by (ISC)² and Securiteam, plus the NoticeBored blog (which has links to still more hot security blogs down the right side).  Bloglines is a handy “blog aggregator” service to track your whole collection of blogs, identifying and summarizing new blog entries for you.

 Computer Security: 20 Things Every Employee Should Know is a good starting point for those with little or no prior experience of information security.

 The CERT CyberSecurity Tips are another helpful resource for security novices - well-written advice and nothing too technical.

 CERIAS is our first choice for general and more technical information security resources.  CERIAS maintains a huge collection of information security resources and links.

 Two highly recommended sites for information security standards are NIST’s site for their Special Publications and our own website with information and advice on the ISO/IEC 27000-series Information Security Management System standards.

 Students studying for SSCP, CISSP etc. (and indeed qualified infosec professionals interested in continuing their professional development) should definitely visit the study guides and other useful resources at CCcure.org, a labor of love by NoticeBored supporter and talented information security evangelist, Clément Dupuis.

 Gideon Rasmussen’s website lists a number of newsletters, alerts and similar resources for information security professionals.  Four mailing lists that we find particularly useful are: ISN (daily Information Security News daily), RISKS (monthly news relating to IT risks), Cryptogram (monthly encryption news) and Giga Law (daily news on IT-related law).  Mailing lists like these are ideal for keeping up with information security news and events.  These  four have a particularly high signal-to-noise ratio, meaning lots of solid content with very little spam or junk.  The NoticeBored newsletter owes them a debt of gratitude.

 The US National Institute of Standards and Technology (NIST) publishes detailed, high-quality guides on various information security topics through the NIST Computer Security Resource Center. 

 The Information Systems Security Association (ISSA) is a professional society for individual information security practitioners.  ISSA offers many membership benefits, including the chance to liaise with your peers.

The UK Government publishes a range of basic good advice for businesses, including a set of awareness materials on information security topics. The link takes you to an index page with access to all sorts of goodies on malware, internet security, physical security etc. plus a general overview publication Information Security: Hard Facts.

If you don’t have the resources to send an information security trainer to every induction/orientation training class, at least consider providing suitable reading materials and perhaps a short general security awareness video that can be played to new recruits.

ITSecurity dotcom carries information security news, free news digest/newsletters, a glossary and a comprehensive database of information security products. The Clinic is a Q&A forum staffed by a panel of infosec experts.

A growing collection of free information security papers is maintained at InfosecWriters.com  and another at Bitpipe.  There are some good technical papers (oh, and a couple of ours!).

A Portuguese information security community - Communidade ISMS PT - has published an entertaining Security Dictionary based on an article in CSO Magazine, itself derived from The Hackers Dictionary and The Devil’s DP Dictionary.

A useful collection of security tips for computer users by Gideon Rasmussen is available in the form of a program that randomly displays them.

A CERT Cyber Security Tip provides advice on some common myths about computers and security.  The cyber security tips, short and sweet reminders about various information security topics, are worth reading and subscribing-to (for free!).

Dan Swanson runs two Yahoo mailing lists supplying links and occasionally content in support of information security, governance, risk management, IT audit, leadership, quality, strategy, and management in general.

IT toolbox has an information security section with news, papers and links.

CERT-CC, the Computer Emergency Response Team Coordination Center at Carnegie Mellon University’s well-respected Software Engineering Institute is an authoritative source of news on information security incidents.  It publishes a wealth of advice to support security managers dealing with incidents in progress, including a comprehensive bulletin on known information security vulnerabilities, patches and exploits, originally called Cybernotes but now known as the National Cyber Notes System.

Thousands of organizations worldwide have been certified against ISO/IEC 27001 by accredited certification bodies.  More information here.

The Register is an irreverent British eZine with an interesting and often humorous slant on the IT news.  Its information security section has plenty of examples of breaches caused by human and technological failures.  SC Magazine undertakes information security product reviews. Sign up on-line for your free copy!  Information Security Magazine specializes in, um, information security.  It is free, but only to qualified US and Canadian subscribers :-(  The Data Administration Newsletter carries interesting articles on a broad range of IT topics, occasionally including information security and other IT governance issues.

If you are looking for information security training, you should visit Training Reviews for information on a broad range of IT courses.

Miscellaneous links

How did you first get into computing?  Do you remember the first hobby computer you saw or owned?  Look it up at old-computers.com and reminisce about those flickery green screen displays, klunky keyboards , huge floppy disks with tiny capacity, incompatibilities (as a whole) and the sheer unbridled excitement of playing Pong or Life.

As part of an academic research project into Return On Security Investment (ROSI), Adrian Mizzi maintains a large collection of infosec links with still more here.

NB: we do not necessarily endorse or agree with the third party websites accessible through the links. Use at your own risk.  Please let us know about new or broken links.

Copyright © 2010  IsecT Ltd.