General information security resources

 Computer Security: 20 Things Every Employee Should Know is a good starting point for those with little or no prior experience of information security.

 The CERT CyberSecurity Tips are another helpful resource for security novices - well-written advice and nothing too technical.

 CERIAS is our first choice for general and more technical information security resources. CERIAS maintains a huge collection of information security resources and links.

 Students studying for SSCP, CISSP etc. (and indeed qualified infosec professionals interested in continuing their professional development) should definitely visit the study guides and other useful resources at CCcure.org, a labor of love by NoticeBored supporter and talented information security evangelist, Clément Dupuis.

 Gideon Rasmussen’s website lists a number of newsletters, alerts and similar resources for information security professionals. Four mailing lists that we find particularly useful are: ISN (daily Information Security News daily), RISKS (monthly news relating to IT risks), Cryptogram (monthly encryption news) and Giga Law (daily news on IT-related law). Mailing lists like these are ideal for keeping up with information security news and events. These four have a particularly high signal-to-noise ratio, meaning lots of solid content with very little spam or junk. The NoticeBored newsletter owes them a debt of gratitude.

 The US National Institute of Standards and Technology (NIST) publishes detailed, high-quality guides on various information security topics through the NIST Computer Security Resource Center. 

 The Information Systems Security Association (ISSA) is a professional society for individual information security practitioners. ISSA offers many membership benefits, including the chance to liaise with your peers .

ITSecurity dotcom carries information security news, free news digest/newsletters, a glossary and a comprehensive database of information security products. The Clinic is a Q&A forum staffed by a panel of infosec experts.

A growing collection of free information security papers is maintained at InfosecWriters.com and another at Bitpipe. There are some good technical papers (oh, and a couple of ours!).

A Portuguese information security community - Communidade ISMS PT - has published an entertaining Security Dictionary based on an article in CSO Magazine, itself derived from The Hackers Dictionary and The Devil’s DP Dictionary.

A useful collection of security tips for computer users by Gideon Rasmussen is available in the form of a program that randomly displays them.

A CERT Cyber Security Tip provides advice on some common myths about computers and security. The cyber security tips, short and sweet reminders about various information security topics, are worth reading and subscribing-to (for free!).

Dan Swanson runs two Yahoo mailing lists supplying links and occasionally content in support of information security, governance, risk management, IT audit, leadership, quality, strategy, and management in general.

Educause, a not-for-profit association for the US academic community, has an active cybersecurity special interest group.

IT toolbox has an information security section with news, papers and links.

CERT-CC, the Computer Emergency Response Team Coordination Center at Carnegie Mellon University’s well-respected Software Engineering Institute is an authoritative source of news on information security incidents. It publishes a wealth of advice to support security managers dealing with incidents in progress, including a comprehensive bulletin on known information security vulnerabilities, patches and exploits, originally called Cybernotes but now known as the National Cyber Notes System.

More than 3,600 organizations have been certified against ISO/IEC 27001 by accredited certification bodies. More information here.

The Register is an irreverent British eZine with an interesting and often humorous slant on the IT news. Its information security section has plenty of examples of breaches caused by human and technological failures. SC Magazine undertakes information security product reviews. Sign up on-line for your free copy! Information Security Magazine specializes in, um, information security. It is free, but only to qualified US and Canadian subscribers :-( The Data Administration Newsletter carries interesting articles on a broad range of IT topics, occasionally including information security and other IT governance issues.

If you are looking for information security training, you should visit Training Reviews for information on a broad range of IT courses.

Miscellaneous links

NIST Special Publication SP 800-60 presents an information classification process that takes account of confidentiality, integrity and availability requirements.

How did you first get into computing? Do you remember the first hobby computer you saw or owned? Look it up at old-computers.com and reminisce about those flickery green screen displays, klunky keyboards , huge floppy disks with tiny capacity, incompatibilities (as a whole) and the sheer excitement of playing Pong or Life.

As part of an academic research project into Return On Security Investment (ROSI), Adrian Mizzi maintains a large collection of infosec links with still more here.

NB: we do not necessarily endorse or agree with the third party websites accessible through the links. Use at your own risk. Please let us know about new or broken links.