LockedKeyboard.jpg

East Stroudsburg University of Pennsylvania

 

Center for Computer Security and Information Assurance

 

 

 

Information Assurance Curriculum Resources and Tools

 

These resources have been organized in the following categories:

Government Resources

IA Centers and Projects

News and Information

Research Sites

Vendors and Tools

If you find a link in error, please send this information to compusec@esu.edu

If you would like to add a link to our collection, please mail the link and its proposed category to compusec@esu.edu

 

Resource

Description

In almost all cases, descriptions are in the words of the web site creators

 

 

Government Resources

 

Committee on National Security Systems

Under Executive Order (E.O.) 13231 of October 16, 2001, Critical Infrastructure Protection in the Information Age, the President re-designated the National Security Telecommunications and Information Systems Security Committee (NSTISSC) as the Committee on National Security Systems (CNSS). The Department of Defense continues to chair the Committee under the authorities established by NSD-42. This was reaffirmed by Executive Order 13284, dated January 23, 2003, Executive Order Amendment of Executive Orders and Other Actions, in Connection with the Transfer of Certain Functions to the Secretary of Homeland Security.

The CNSS provides a forum for the discussion of policy issues, sets national policy, and promulgates direction, operational procedures, and guidance for the security of national security systems.

Cybercrime.gov

Computer Crime and Intellectual Property Section (CCIPS) of the Criminal Division of the U.S. Department of Justice

Defense Information Systems Agency

The Defense Information Systems Agency is a combat support agency responsible for planning, engineering, acquiring, fielding, and supporting global net-centric solutions to serve the needs of the President, Vice President, the Secretary of Defense, and other DoD Components, under all conditions of peace and war.  DISA also has free IA training products available at http://iase.disa.mil/eta/

Defense Security Service Academy

The DSS Academy provides security education and training to DoD and other U.S. Government personnel, DoD contractors, and sponsored representatives of foreign governments. Its professional staff of instructors, technology professionals, and education support personnel combine expertise to create, collaborate and facilitate delivery of quality education and training across the security disciplines.

Department of Energy CIAC

Computer Incident Advisory Capability - Keeping DOE Secure

DIACAP

This Instruction establishes a C&A process to manage the implementation of IA capabilities and services and provide visibility of accreditation decisions regarding the operation of DoD ISs, including core enterprise services- and Web services-based software systems and applications.

DITSCAP

This Manual is issued under the authority of DoD Instruction 5200.40, “DoD Information Technology Security Certification and Accreditation Process,” December 30, 1997.  It provides implementation guidance to standardize the certification and accreditation process throughout DoD.

DOD Information Assurance Scholarship Program

The Office of the Assistant Secretary of Defense for Networks and Information Integration (ASD (NII)) annually announces a Department of Defense Information Assurance (IA) Scholarship Program (IASP) grant and scholarship competition. The program is designed to: 1) increase the number of new entrants to DoD who possess key Information Assurance (IA) and IT skill sets; 2) serve as a mechanism to build the nation’s IA infrastructure through grants to colleges and universities jointly designated by the National Security Agency (NSA) and Department of Homeland Defense as Centers of Academic Excellence in Information Assurance Education; and 3) serve as a tool to develop and retain well-educated military and DoD civilian personnel who support the Department’s critical IT management and infrastructure protection functions.

Federal Cyber Service: Scholarship for Service

Scholarship For Service (SFS) is a unique program designed to increase and strengthen the cadre of federal information assurance professionals that protect the government's critical information infrastructure. This program provides scholarships that fully fund the typical costs that students pay for books, tuition, and room and board while attending an approved institution of higher learning. Additionally, participants receive stipends of up to $8,000 for undergraduate and $12,000 for graduate students. The scholarships are funded through grants awarded by the National Science Foundation NSF.

Federal Information Processing Standards

Under the Information Technology Management Reform Act (Public Law 104-106), the Secretary of Commerce approves standards and guidelines that are developed by the National Institute of Standards and Technology (NIST) for Federal computer systems. These standards and guidelines are issued by NIST as Federal Information Processing Standards (FIPS) for use government-wide. NIST develops FIPS when there are compelling Federal government requirements such as for security and interoperability and there are no acceptable industry standards or solutions.

IATAC IA Digest

IATAC Mission:  Provide the DoD a central point of access for information on Information Assurance emerging technologies in system vulnerabilities, research and development, models, and analysis to support the development and implementation of effective defense against Information Warfare attacks.

The IA Digest is a semi-weekly news summary for information assurance professionals protecting the global information grid. It is transmitted in an HTML formatted email and provides hot links to articles and news summaries across a spectrum of IA and IO topics.

Infragard

InfraGard is a Federal Bureau of Investigation (FBI) program that began in the Cleveland Field Office in 1996. It was a local effort to gain support from the information technology industry and academia for the FBI’s investigative efforts in the cyber arena. The program expanded to other FBI Field Offices, and in 1998 the FBI assigned national program responsibility for InfraGard to the former National Infrastructure Protection Center (NIPC) and to the Cyber Division in 2003.

Internet Crime Complaint Center

The Internet Fraud Complaint Center (IFCC) was established as a partnership between the Federal Bureau of Investigation (FBI) and the National White Collar Crime Center (NW3C) to serve as a means to receive Internet related criminal complaints, research, develop and refer the criminal complaints to law enforcement agencies for any investigation they deem to be appropriate. The IFCC was intended, and continues to emphasize serving the broader law enforcement community, to include federal, as well as state and local agencies, which are combating Internet crime and in many cases participating in Cyber Crime Task Forces.

National Information Assurance Education and Training Program

Through partnerships with government, academia, and industry, the National Information Assurance Education and Training Program (NIETP) provides a broad range of services. The NIETP operates under national authority, advocating improvements in information assurance (IA) education, training, and awareness. The NIETP is national in focus, future-oriented, multi-dimensional, and tied to technology and business.

National Information Assurance Partnership

The National Information Assurance Partnership (NIAP) is a U.S. Government initiative originated to meet the security testing needs of both information technology (IT) consumers and producers and is operated by the National Security Agency (NSA).

National Institute of Justice

The Research, Development, and Evaluation Agency of the US Department of Justice

National Security Agency

The National Security Agency/Central Security Service is America’s cryptologic organization. It coordinates, directs, and performs highly specialized activities to protect U.S. government information systems and produce foreign signals intelligence information. A high technology organization, NSA is on the frontiers of communications and data processing. It is also one of the most important centers of foreign language analysis and research within the government.

Navy Information Assurance Website

Information assurance includes measures that protect and defend information and information systems by ensuring their availability, integrity, authentication, confidentiality and non-repudiation. These measures include providing for restoration of information systems by incorporating protection, detection and reaction capabilities.

NIST Computer Security Resource Center

The Computer Security Division (CSD) - (893) is one of eight divisions within NIST's Information Technology Laboratory.

The mission of NIST's Computer Security Division is to improve information systems security by:

  • Raising awareness of IT risks, vulnerabilities and protection requirements, particularly for new and emerging technologies;
  • Researching, studying, and advising agencies of IT vulnerabilities and devising techniques for the cost-effective security and privacy of sensitive Federal systems;
  • Developing standards, metrics, tests and validation programs:
    • to promote, measure, and validate security in systems and services
    • to educate consumers and
    • to establish minimum security requirements for Federal systems
  • Developing guidance to increase secure IT planning, implementation, management and operation.

NIST CSRC Security Checklists

The Cyber Security Research and Development Act requires NIST to develop, and revise as necessary, a checklist setting forth settings and option selections that minimize the security risks associated with each computer hardware or software system that, or is likely to become widely used within the Federal Government.

NIST FISMA Implementation Project

The FISMA Implementation Project was established in January 2003 to produce several key security standards and guidelines required by Congressional legislation. These publications include FIPS 199, FIPS 200, and NIST Special Publications 800-59 and 800-60. Additional security guidance documents are being developed in support of the project while not called out directly in the FISMA legislation. These publications include NIST Special Publications 800-37, 800-53, and 800-53A. It should be noted that the Computer Security Division continues to produce other security standards and guidelines in support of FISMA.

NIST Special Publications

Special Publications in the 800 series present documents of general interest to the computer security community. The Special Publication 800 series was established in 1990 to provide a separate identity for information technology security publications. This Special Publication 800 series reports on ITL's [Information Technology Laboratory] research, guidance, and outreach efforts in computer security, and its collaborative activities with industry, government, and academic organizations.

Pennsylvania Department of Homeland Security

Office of the Commonwealth of Pennsylvania.  Also offers cybersecurity tips

Pennsylvania Information Security Office

The Commonwealth of Pennsylvania is a trusted steward of citizen information. Trust in government is directly related to the quality of service and the sense of security that citizens feel when working with the government. To ensure the confidentiality, integrity and availability of data and services, the Commonwealth recognizes the need to have enterprise policies, standards and views of the state of security within the government.

UK Communications Electronics Security Group

CESG is the Information Assurance (IA) arm of GCHQ and we are based in Cheltenham, Gloucestershire, UK. We are the UK Government’s National Technical Authority for IA, responsible for enabling secure and trusted knowledge sharing to help our customers achieve their business aims

US Army Field Manual: Basic Cryptanalysis - 1990

This manual presents the basic principles and techniques of cryptanalysts and their relation to cryptography.  Cryptography concerns the various ways of protecting messages from being understood by anyone except those for whom the messages are intended. Cryptographers are the people who create and use codes and ciphers. Cryptanalytics is the art and science of solving unknown codes and ciphers.  Cryptanalysts try to break the codes and ciphers created and used by cryptographers.

US Department of Homeland Security

The Department of Homeland Security (DHS) has three primary missions: Prevent terrorist attacks within the United States, reduce America's vulnerability to terrorism, and minimize the damage from potential attacks and natural disasters.

 

 

Return to Top

Government

IA Centers & Projects

News & Information

Research

Vendors & Tools

 

 

Information Assurance Centers and Projects

 

CERIAS

The Center for Education and Research in Information Assurance and Security (CERIAS) is currently viewed as one of the world's leading centers for research and education in areas of information security that are crucial to the protection of critical computing and communication infrastructure. CERIAS is unique among such national centers in its multidisciplinary approach to the problems, ranging from purely technical issues (e.g., intrusion detection, network security, etc) to ethical, legal, educational, communicational, linguistic, and economic issues, and the subtle interactions and dependencies among them.

CERT

Established in 1988, the CERT® Coordination Center (CERT/CC) is a center of Internet security expertise, located at the Software Engineering Institute, a federally funded research and development center operated by Carnegie Mellon University.

CIDDAC

The purpose of the Cyber Incident Detection & Data Analysis Center (CIDDAC) is to manage an automated cyber attack-reporting infrastructure that supports the protection of the national infrastructure. CIDDAC is a not-for-profit organization that combines private, public and government perspectives to facilitate automated real-time sharing of cyber attack data. CIDDAC is specifically designed to protect privacy rights while collecting serious cyber threat information from sensors attached to real corporate computer networks. The benefit of CIDDAC is the real-time cyber attack signatures identified. These signatures will assist government and private sector organizations, charged with protecting critical infrastructure networks, in their efforts to neutralize cyber threats.

Cryptographic Compendium

This site contains a brief outline of the various types of cipher systems that have been used historically, and tries to relate them to each other while avoiding a lot of mathematics.

Cryptographic Programming Projects

Created by Brooke Stephens, Department of Computer Science and Electrical Engineering, University of Maryland, Baltimore County

Cryptography - Overview

Does increased security provide comfort to paranoid people? Or does security provide some very basic protections that we are naive to believe that we don't need? During this time when the Internet provides essential communication between tens of millions of people and is being increasingly used as a tool for commerce, security becomes a tremendously important issue to deal with.

There are many aspects to security and many applications, ranging from secure commerce and payments to private communications and protecting passwords. One essential aspect for secure communications is that of cryptography, which is the focus of this chapter. But it is important to note that while cryptography is necessary for secure communications, it is not by itself sufficient. The reader is advised, then, that the topics covered in this chapter only describe the first of many steps necessary for better security in any number of situations.

Cryptography Links Outside of North America

Here are some selected links to cryptographic information and software available outside of North America, which can be freely downloaded in most countries (including the USA and Canada).

Cryptography Timeline

The invention of cryptography is not limited to either civilians or the government. Wherever the need for secrecy is felt, the invention occurs. However, over time the quality of the best available system continues to improve and those best systems were often invented by civilians.

Cybercop

Welcome to the Cybercop secure portal. This online application was created as a means for individuals to share and collaborate on information in a protected environment over the internet. Users have access to a host of tools, such as a document/file library, internet messaging system , and even an internal webpage hosting area. For a portal manual please refer to our user guide located in the public library section under the category labeled "User Manual".

ECM Mark II

The ECM Mark II (also known in the Navy as CSP-888/889 or SIGABA by the Army) is a cipher machine.

Educause

EDUCAUSE is a nonprofit association whose mission is to advance higher education by promoting the intelligent use of information technology.

Enigma

These pages give an introduction to substitution ciphers and then go on to explain exactly how the Enigma machine worked and how it was used.

Fred Cohen Security Website

Fred Cohen is best known as the inventor of computer virus defense techniques, the principal investigator whose team defined the information assurance problem as it relates to critical infrastructure protection today, as a seminal researcher in the use of deception for information protection, and as a top flight information protection consultant. But his work on information protection extends far beyond these areas.

Gigalaw

Founded in January 2000, GigaLaw.com provides legal information for Internet and technology professionals, Internet entrepreneurs and the lawyers who serve them.

GigaLaw.com was founded by Doug Isenberg, an attorney, who serves as the website's editor and publisher. A former news reporter and magazine editor, he is the founder of The GigaLaw Firm in Atlanta, where he practices intellectual property and Internet law, and is an adjunct professor at Georgia State University College of Law.

High Technology Crime Investigation Association

The High Technology Crime Investigation Association (HTCIA) is designed to encourage, promote, aid and effect the voluntary interchange of data, information, experience, ideas and knowledge about methods, processes, and techniques relating to investigations and security in advanced technologies among its membership.

Honeynet Project

The Honeynet Project is a non-profit (501c3) organization dedicated to improving the security of the Internet by providing cutting-edge research for free. Founded in October, 1999 we have been providing the following services for free to the public.

Raise Awareness: We raise awareness of the threats and vulnerabilities that exist in the Internet today. Many individuals and organizations do not realize they are a target, nor understand who is attacking them, how, or why. We provide this information so people can better understand they are a target, and understand the basic measures they can take to mitigate these threats. This information is provided through our Know Your Enemy series of papers.

Teach and Inform: For those who are already aware and concerned, we provide details to better secure and defend your resources. Historically, information about attackers has been limited to the tools they use. We provide critical additional information, such as their motives in attacking, how they communicate, when they attack systems and their actions after compromising a system. We provide this service through our Know Your Enemy whitepapers and our Scan of the Month challenges.

Research: For organizations interested in continuing their own research about cyber threats, we provide the tools and techniques we have developed. We provide these through our Tools Site.

 

Information Systems Audit and Control Association

ISACA got its start in 1967, when a small group of individuals with similar jobs—auditing controls in the computer systems that were becoming increasingly critical to the operations of their organizations—sat down to discuss the need for a centralized source of information and guidance in the field. In 1969, the group formalized, incorporating as the EDP Auditors Association. In 1976 the association formed an education foundation to undertake large-scale research efforts to expand the knowledge and value of the IT governance and control field.

International Association of Computer Investigative Specialists

IACIS® is an international volunteer non-profit corporation composed of law enforcement professionals dedicated to education in the field of forensic computer science. IACIS members represent Federal, State, Local and International Law Enforcement professionals. Regular IACIS members have been trained in the forensic science of seizing and processing computer systems.

Internet Cases

InternetCases.com is a weblog that will highlight some of the more interesting court cases dealing with issues relating to the Internet and new technologies.

Internet Security Alliance

The Internet Security Alliance is a non-profit collaboration between the Electronic Industries Alliance (EIA) and Carnegie Mellon's CyLab and works closely with the CERT Coordination Center (CERT/CC) a leading, recognized center of Internet security expertise.

ISECOM

The Institute for Security and Open Methodologies (ISECOM) is an open-source collaborative community since January 2001 with non-profit status in the USA and Spain. We are dedicated to providing practical security awareness, research, certification and business integrity.

National Information Assurance Training and Education Center

NIATEC, is a consortium of academic, industry, and government organizations to improve the literacy, awareness, training and education standards in Information Assurance.

As the federally designated cornerstone for essential education and training components of a strong Information Assurance initiative, the mission is to establish an effective Information Assurance infrastructure for academic, industry and government organizations.

 

 

Return to Top

Government

IA Centers & Projects

News & Information

Research

Vendors & Tools

 

 

News and Information

 

Computerworld Security

A division of Computerworld

CRA Committee on the Status of Women in Computing Research

The goal of the CRA Committee on the Status of Women in Computing research (CRA-W) is to take positive action to increase the number of women participating in Computer Science and Engineering (CSE) research and education at all levels. For more information, read about CRA-W's background.

CSO Online

CSO provides news, analysis and research on a broad range of security and risk management topics. Areas of focus include information security, physical security, business continuity, identity and access management, loss prevention and more. CSO magazine and CSOonline.com are published by CXO Media Inc., which is an IDG (International Data Group) company.

eSecurity Planet

This site is dedicated to providing enterprise security professionals with the latest and most useful online security news, information and advice.

F-Secure Resources

F-Secure Corporation protects individuals and businesses against computer viruses and other threats spreading through the Internet and mobile networks. Our award-winning products include antivirus, network encryption, desktop firewall with intrusion prevention, anti-spam and parental control.

Information Security Magazine

Information Security is the enterprise security and risk managers' leading source of critical, objective information on strategic and practical security issues.

InformIT Security Articles

[InformIT is] here to help you learn about anything remotely related to that screen you're staring at right now, including programming, networking, web development and design, operating systems, and IT and project management.

Security Focus

SecurityFocus is the most comprehensive and trusted source of security information on the Internet. SecurityFocus is a vendor-neutral site that provides objective, timely and comprehensive security information to all members of the security community, from end users, security hobbyists and network administrators to security consultants, IT Managers, CIOs and CSOs.

Stay Safe Online

For Consumers

Simple steps, practices and resources a consumer can use to learn the basics on how to better secure their home computer from cyber threats.

Information for Educators

Cyber Security tips, lessons and resources for teachers, professors and administrators to help teach children and young adults how to stay safe online.

Family and Children

Practical tips, practices and resources parents can use to help their children safely surf the Internet.

Small Business

Resources and steps your small business or organization can use to help secure your networks.

Verified Voting

VerifiedVoting.org, our partners, and voters across the country have successfully persuaded state governments to pass or propose legislation / regulations to require voter-verified paper ballots. Help us complete the legislative landslide toward reliable, secure, and transparent elections!

Virus Bulletin

Since 1989, Virus Bulletin has been dedicated to providing PC users with a regular source of uninfluenced, unbiased, independent intelligence about computer viruses, their prevention, detection and removal, and how to recover programs and data following an attack.

Vmyths

Learn about computer virus myths, hoaxes, urban legends, hysteria, and the implications if you believe in them.

Vnunet Security

VNU is a global information and media company with leading market positions and recognized brands in marketing information (ACNielsen), media measurement and information (Nielsen Media Research), business information (Billboard, The Hollywood Reporter, Computing, Intermediair) and directory publishing (Golden Pages).

Washington Post Security Fix

A division of the Washington Post Newspaper

 

 

Return to Top

Government

IA Centers & Projects

News & Information

Research

Vendors & Tools

 

 

Research Sites

 

ACM

Association for Computing Machinery:  Founded in 1947, ACM is a major force in advancing the skills of information technology professionals and students worldwide. Today, our 80,000 members and the public turn to ACM for the industry's leading Portal to Computing Literature, authoritative publications and pioneering conferences, providing leadership for the 21st century.

ACM Books

Here you can access the full, unabridged text of IT books from leading publishers. Read up on today’s most popular IT topics. Browse or search text and create annotated bookmarks for quick future reference. Find work solutions at your fingertips, or learn about a new content area.

ACM Digital Library

Full text collection of every article published by ACM, including over 50 years of archives.  [Much of this site is available through the ESU Library – access the library site first.]

ACM SIGSAC

SIGSAC's mission is to develop the information security profession by sponsoring high quality research conferences and workshops.

CISSE

Founded in 1997, the National Colloquium for Information Systems Security Education is one of the leading proponents for implementing courses of instruction in INFOSEC into American higher education. In December 1998 the NCISSE was incorporated in the Commonwealth of Virginia by the James Madison University Center for Research in Information Systems Security Education (CRISSE). The CRISSE manages the Colloquium as the chairmanship rotates yearly from academia, industry and government. Members of the CRISSE serve on the board of directors of the Colloquium and as the Executive Secretary and Treasurer. The Colloquium provides a forum for academia, government and industry INFOSEC experts to discuss and form needed direction in (1) INFOSEC undergraduate and graduate curricula, (2) common requirements, (3) specific knowledge, skills and abilities, (4) certification requirements, and (5) establishment of professional certification boards.

Computer Forensics Resources

From Porcupine.org: Computer forensics is yet another computer security topic that is being covered in a long-lasting collaboration between computer security researchers Dan Farmer (Elemental) and Wietse Venema (IBM).

Computing Reviews

Computing Reviews (CR) aims to provide access to current research, theory and applications in all subdisciplines of computing via the review medium. CR compiles expert, unbiased critical reviews of current publications of note in computing. The goals of CR are to provide an overview of developments in computing to both specialists and generalists who wish to survey the field as a whole; isolate and illuminate quality materials; and build and enhance communities of computer scientists and others by promoting the exchange of ideas.

Early Computer Security Papers

From UC Davis:  These papers are unpublished, seminal works in computer security. They are papers every serious student of computer security should read. They are not easy to find. The goal of this collection is to make them widely available.

IEEE Computing Society

With nearly 100,000 members, the IEEE Computer Society is the world's leading organization of computer professionals. Founded in 1946, it is the largest of the 39 societies of the IEEE.  The IEEE Computer Society's vision is to be the leading provider of technical information, community services, and personalized services to the world's computing professionals.

IEEE International Information Assurance Workshops

The IEEE Task Force on Information Assurance is sponsoring a series of annual workshops on information assurance in cooperation with the ACM SIGSAC on research and experience in information assurance.

These workshops are part of a comprehensive IEEE program to realize the potential of IT to deliver the information it produces and stores with high assurance.

IEEE Security and Privacy Magazine

Organizations relying on the Internet face significant challenges to ensure that their networks operate safely. And that their systems continue to provide critical services even in the face of attacks.

Denial of service, worms, DNS, and router attacks are increasing. To help you stay one step ahead of these and other threats, the IEEE Computer Society published a new periodical in 2003, IEEE Security & Privacy magazine.

IEEE Security & Privacy will rethink the role and importance of networked infrastructure and help you develop lasting security solutions.

 

IEEE Task Force on Information Assurance

TFIA Objectives

  • Conduct symposia where topics and research relating to Information Assurance can be discussed.
  • Foster the education of professionals by sponsoring tutorials.
  • Promote the inclusion of Information Assurance topics in university curricula at the graduate and undergraduate levels.
  • Serve as a forum for manufacturers of Information Assurance products, developers of Information Assurance technologies.
  • Act as a bridge for communication between vendors and clients.
  • Enhance the understanding of Information Assurance.
  • Work in concert with a companion standards committee to promote development of Information Assurance standards, including standard definitions of terms.

International Association for Cryptologic Research

The International Association for Cryptologic Research (IACR) is a non-profit scientific organization whose purpose is to further research in cryptology and related fields.

 

 

Return to Top

Government

IA Centers & Projects

News & Information

Research

Vendors & Tools

 

 

Vendors and Tools

 

Adaware

Ad-Aware Personal provides advanced protection from known data-mining, aggressive advertising, Trojans, dialers, malware, browser hijackers, and tracking components. This software is downloadable free of charge.

Avast

Avast antivirus is based on the comprehensive ALWIL Software scanning technology available since 1988.  [A free antivirus product]

Backbone Security

Backbone, a privately owned business with offices in Stroudsburg, PA, Fairmont, WV, Sudbury, MA, and Hampton Roads, VA was established in 1999 with the objective of integrating government, industry, and academic computer security expertise to provide consulting in computer security and to serve as a source for solving computer and network security problems.

Bugtraq Vulnerabilities

A high volume, full disclosure mailing list for the detailed discussion and announcement of computer security vulnerabilities.

Cigital Resources

Resources … designed to provide additional technical and/or background information on Cigital's approach to protecting companies from the severe business risks of failed or flawed software

Cisco Critical Infrastructure Assurance Group

The Critical Infrastructure Assurance Group provides leadership to improve the security of global critical infrastructures.

Common Vulnerabilities and Exposures

A list of standardized names for vulnerabilities and other information security exposures - CVE aims to standardize the names for all publicly known vulnerabilities and security exposures.

Counterpane Resources

Resources compiled by Bruce Schneier:  Bruce Schneier is the founder and Chief Technology Officer of Counterpane Internet Security, Inc., the premier provider of Managed Security Monitoring services in the world. Bruce established Counterpane in 1999 to address the critical need for increased levels of security services.

Computer Security Institute

Computer Security Institute (CSI) is the world's leading membership organization specifically dedicated to serving and training the information, computer and network security professional. Since 1974, CSI has been providing education and aggressively advocating the critical importance of protecting information assets.

IBM Antivirus Research

IBM has been preparing a defense against fast spreading viruses for several years. The Digital Immune System for Cyberspace can automatically detect viral activity during early spread, automatically develop a cure and distribute it across the Internet faster than the virus spreads. Deploying a commercially viable system demands expertise reaching from basic research in neural networks that distinguish virus from non-virus to extremely fast pattern recognition to networks that remain effective even during computer virus epidemics.

Insecure.org

Site created by Fyodor - most famous free software creation is Nmap, a utility for network exploration or security auditing.

International Information Systems Security Certification Consortium

The International Information Systems Security Certification Consortium, Inc., or (ISC)², is a non-profit organization, incorporated in the Commonwealth of Massachusetts, based in Palm Harbor, Florida. (ISC)² is dedicated to:

  • Maintaining the CBK® for information security,
  • Certifying industry professionals and practitioners under an international standard,
  • Providing education,
  • Administering certification examinations, and
  • Ensuring the continued competence of credential holders.

ISO Information Security

The world has become a far more risky place for business. The Internet is being used for on-line business continues to grow, more businesses are outsourcing and using third party services, supply chains are getting larger and computer fraud is on the increase all risk areas to business. Also business dependence on IT, networks, wireless and mobile communications again raises the risk levels.

Java Security

Java security technology includes a large set of APIs, tools, and implementations of commonly used security algorithms, mechanisms, and protocols. The Java security APIs span a wide range of areas, including cryptography, public key infrastructure, secure communication, authentication, and access control. Java security technology provides the developer with a comprehensive security framework for writing applications, and also provides the user or administrator with a set of tools to securely manage applications.

Kapersky Labs

We create technologies that protect computer users from ever-increasing cyber threats. We ensure support for our secure content management solutions and strive to increase awareness about secure computing worldwide.

Linux Security

LinuxSecurity.com was first launched in 1996 by a handful of Open Source enthusiasts and security experts who recognized a void in the availability of accurate and insightful news relating to open source security issues. Led by Dave Wreski, who currently serves as chief executive officer of Guardian Digital, this group has grown into a global network of collaborators who devote their time to gathering and publicizing the latest security news, advisories and reports relevant to the Linux community. Headquartered in Guardian Digital's offices in Allendale, New Jersey, LinuxSecurity.com's editorial and web development staff also creates feature articles, commentaries and surveys designed to keep readers informed of the latest Linux advancements and to promote the general growth of Linux around the world.

McAfee

McAfee is respected for our ability to effectively solve real-world security problems in a dynamic risk environment. We are innovative and experienced, capable and committed, and we proactively secure systems and networks from known and unknown threats.

Microsoft Security

The TechNet Security Center provides security tools, security response information, such as security bulletins and virus alerts, and the most prescriptive security guidance Microsoft has to offer to assist IT Professionals in securing their systems.

NIST CSRC Asset Self-Evaluation Tool

The purpose of ASSET is to automate the completion of the questionnaire contained in NIST Special Publication 800-26, "Security Self-Assessment Guide for Information Technology Systems."  As described in NIST Special Publication 800-26, the results of the questionnaire provide a "method of evaluating the security of a particular system or group of systems." Through interpretation of the questionnaire results, users are able to assess the information technology (IT) security posture for any number of systems within their organization and, in particular, assess the status of the organization's security program plan.

OSSTMM

The Open Source Security Testing Methodology Manual (OSSTMM) is a peer-reviewed methodology for performing security tests and metrics.

PacketStorm

Packet Storm offers an abundant resource of up-to-date and historical security tools, exploits, and advisories. We are a non-profit organization comprised of security professionals that are dedicated to providing the information necessary to secure networks on a global scale. We accomplish this goal by publishing new security information on a global network of websites.

RSA Labs

An academic environment within a commercial organization, RSA Laboratories is the research center of RSA Security Inc., the company founded by the inventors of the RSA public-key cryptosystem. Through its research program, standards development, and educational activities, RSA Laboratories provides state-of-the-art expertise in cryptography and security technology for the benefit of RSA Security and its customers.

SANS

SANS is the most trusted and by far the largest source for information security training and certification in the world. It also develops, maintains, and makes available at no cost, the largest collection of research documents about various aspects of information security, and it operates the Internet's early warning system - Internet Storm Center. The SANS (SysAdmin, Audit, Network, Security) Institute was established in 1989 as a cooperative research and education organization. Its programs now reach more than 165,000 security professionals, auditors, system administrators, network administrators, chief information security officers, and CIOs

Secunia

Secunia is a leading provider of IT-security services. Secunia's unique corporate culture has been the driving force behind these services and the success.

Symantec

Symantec is the global leader in information integrity. We provide software, appliances, and services to help individuals, small and mid-sized businesses, and large enterprises secure and manage their most important asset—information.

Zone Alarm

Zone Labs®, a Check Point company, is one of the most trusted brands in Internet security. Zone Labs is a leading creator of endpoint security solutions protecting millions of PCs and the valuable, personally-identifiable information on those PCs, from hackers, spyware and data theft. [Offers a free personal firewall]

 

 

Return to Top

Government

IA Centers & Projects

News & Information

Research

Vendors & Tools