|
|
East Stroudsburg University of Pennsylvania Center for Computer Security and Information Assurance |
|
Information
Assurance Curriculum Resources and Tools |
|
These resources have been organized
in the following categories: |
|
If you find a link in error, please send this information to compusec@esu.edu |
|
If you would like to add a link to our collection, please mail the link
and its proposed category to compusec@esu.edu |
|
Resource |
Description In almost all cases, descriptions are in the words
of the web site creators |
|||||
|
|
|
|||||
|
|
||||||
|
Under Executive Order
(E.O.) 13231 of October 16, 2001, Critical Infrastructure Protection in the Information
Age, the President re-designated the National Security Telecommunications and
Information Systems Security Committee (NSTISSC) as the Committee on National
Security Systems (CNSS). The Department of Defense continues to chair the
Committee under the authorities established by NSD-42. This was reaffirmed by
Executive Order 13284, dated January 23, 2003, Executive Order Amendment of
Executive Orders and Other Actions, in Connection with the Transfer of
Certain Functions to the Secretary of Homeland Security. The CNSS provides a forum
for the discussion of policy issues, sets national policy, and promulgates
direction, operational procedures, and guidance for the security of national
security systems. |
||||||
|
Computer
Crime and Intellectual Property Section (CCIPS) of the Criminal Division of
the U.S. Department of Justice |
||||||
|
The
Defense Information Systems Agency is a combat support agency responsible for
planning, engineering, acquiring, fielding, and supporting global net-centric
solutions to serve the needs of the President, Vice President, the Secretary
of Defense, and other DoD Components, under all conditions of peace and
war. DISA also has free IA training
products available at http://iase.disa.mil/eta/ |
||||||
|
The DSS Academy
provides security education and training to DoD and other U.S. Government
personnel, DoD contractors, and sponsored representatives of foreign
governments. Its professional staff of instructors, technology professionals,
and education support personnel combine expertise to create, collaborate and
facilitate delivery of quality education and training across the security
disciplines. |
||||||
|
Computer Incident
Advisory Capability - Keeping DOE Secure |
||||||
|
This
Instruction establishes a C&A process to manage the implementation of IA
capabilities and services and provide visibility of accreditation decisions
regarding the operation of DoD ISs, including core enterprise services- and
Web services-based software systems and applications. |
||||||
|
This Manual is
issued under the authority of DoD Instruction 5200.40, “DoD Information
Technology Security Certification and Accreditation Process,” December 30,
1997. It provides implementation
guidance to standardize the certification and accreditation process throughout
DoD. |
||||||
|
The Office of
the Assistant Secretary of Defense for Networks and Information Integration
(ASD (NII)) annually announces a Department of Defense Information Assurance
(IA) Scholarship Program (IASP) grant and scholarship competition. The
program is designed to: 1) increase the number of new entrants to DoD who
possess key Information Assurance (IA) and IT skill sets; 2) serve as a mechanism
to build the nation’s IA infrastructure through grants to colleges and
universities jointly designated by the National Security Agency (NSA) and
Department of Homeland Defense as Centers of Academic Excellence in
Information Assurance Education; and 3) serve as a tool to develop and retain
well-educated military and DoD civilian personnel who support the
Department’s critical IT management and infrastructure protection functions. |
||||||
|
Scholarship For Service (SFS) is a unique program
designed to increase and strengthen the cadre of federal information
assurance professionals that protect the government's critical information
infrastructure. This program provides scholarships that fully fund the
typical costs that students pay for books, tuition, and room and board while
attending an approved institution of higher learning. Additionally,
participants receive stipends of up to $8,000 for undergraduate and $12,000
for graduate students. The scholarships are funded through grants awarded by
the National Science Foundation NSF. |
||||||
|
Under the Information
Technology Management Reform Act (Public Law 104-106), the Secretary of
Commerce approves standards and guidelines that are developed by the National
Institute of Standards and Technology (NIST) for Federal computer systems.
These standards and guidelines are issued by NIST as Federal Information
Processing Standards (FIPS) for use government-wide. NIST develops FIPS when
there are compelling Federal government requirements such as for security and
interoperability and there are no acceptable industry standards or solutions. |
||||||
|
IATAC
Mission: Provide the DoD a central
point of access for information on Information Assurance emerging
technologies in system vulnerabilities, research and development, models, and
analysis to support the development and implementation of effective defense
against Information Warfare attacks. The
IA Digest is a semi-weekly news summary for information assurance
professionals protecting the global information grid. It is transmitted in an
HTML formatted email and provides hot links to articles and news summaries
across a spectrum of IA and IO topics. |
||||||
|
InfraGard is a Federal Bureau of Investigation
(FBI) program that began in the Cleveland Field Office in 1996. It was a
local effort to gain support from the information technology industry and academia
for the FBI’s investigative efforts in the cyber arena. The program expanded
to other FBI Field Offices, and in 1998 the FBI assigned national program
responsibility for InfraGard to the former National Infrastructure Protection
Center (NIPC) and to the Cyber Division in 2003. |
||||||
|
The
Internet Fraud Complaint Center (IFCC) was established as a partnership
between the Federal Bureau of Investigation (FBI) and the National White Collar
Crime Center (NW3C) to serve as a means to receive Internet related criminal
complaints, research, develop and refer the criminal complaints to law
enforcement agencies for any investigation they deem to be appropriate. The
IFCC was intended, and continues to emphasize serving the broader law
enforcement community, to include federal, as well as state and local
agencies, which are combating Internet crime and in many cases participating
in Cyber Crime Task Forces. |
||||||
|
National
Information Assurance Education and Training Program |
Through
partnerships with government, academia, and industry, the National
Information Assurance Education and Training Program (NIETP) provides a broad
range of services. The NIETP operates under national authority, advocating improvements in information
assurance (IA) education, training, and awareness. The NIETP is national in focus,
future-oriented, multi-dimensional, and tied to technology and business. |
|||||
|
The
National Information Assurance Partnership (NIAP) is a U.S. Government initiative
originated to meet the security testing needs of both information technology
(IT) consumers and producers and is operated by the National Security Agency
(NSA). |
||||||
|
The
Research, Development, and Evaluation Agency of the US Department of Justice |
||||||
|
The
National Security Agency/Central Security Service is America’s cryptologic
organization. It coordinates, directs, and performs highly specialized
activities to protect U.S. government information systems and produce foreign
signals intelligence information. A high technology organization, NSA is on
the frontiers of communications and data processing. It is also one of the
most important centers of foreign language analysis and research within the
government. |
||||||
|
Information
assurance includes measures that protect and defend information and
information systems by ensuring their availability, integrity,
authentication, confidentiality and non-repudiation. These measures include
providing for restoration of information systems by incorporating protection,
detection and reaction capabilities. |
||||||
|
The
Computer Security Division (CSD) - (893) is one of eight divisions within
NIST's Information Technology Laboratory. The
mission of NIST's Computer Security Division is to improve information
systems security by:
|
||||||
|
The
Cyber Security Research and Development Act requires NIST to develop, and
revise as necessary, a checklist setting forth settings and option selections
that minimize the security risks associated with each computer hardware or
software system that, or is likely to become widely used within the Federal
Government. |
||||||
|
The
FISMA Implementation Project was established in January 2003 to produce
several key security standards and guidelines required by Congressional
legislation. These publications include FIPS 199, FIPS 200, and NIST Special
Publications 800-59 and 800-60. Additional security guidance documents are
being developed in support of the project while not called out directly in
the FISMA legislation. These publications include NIST Special Publications
800-37, 800-53, and 800-53A. It should be noted that the Computer Security
Division continues to produce other security standards and guidelines in
support of FISMA. |
||||||
|
Special
Publications in the 800 series present documents of general interest to the
computer security community. The Special Publication 800 series was
established in 1990 to provide a separate identity for information technology
security publications. This Special Publication 800 series reports on ITL's
[Information Technology Laboratory] research, guidance, and outreach efforts
in computer security, and its collaborative activities with industry,
government, and academic organizations. |
||||||
|
Office of the Commonwealth of Pennsylvania. Also offers cybersecurity tips |
||||||
|
The Commonwealth of Pennsylvania is a trusted
steward of citizen information. Trust in government is directly related to
the quality of service and the sense of security that citizens feel when
working with the government. To ensure the confidentiality, integrity and
availability of data and services, the Commonwealth recognizes the need to
have enterprise policies, standards and views of the state of security within
the government. |
||||||
|
CESG
is the Information Assurance (IA) arm of GCHQ and we are based in Cheltenham,
Gloucestershire, UK. We are the UK Government’s National Technical Authority
for IA, responsible for enabling secure and trusted knowledge sharing to help
our customers achieve their business aims |
||||||
|
This
manual presents the basic principles and techniques of cryptanalysts and
their relation to cryptography.
Cryptography concerns the various ways of protecting messages from
being understood by anyone except those for whom the messages are intended.
Cryptographers are the people who create and use codes and ciphers.
Cryptanalytics is the art and science of solving unknown codes and
ciphers. Cryptanalysts try to break
the codes and ciphers created and used by cryptographers. |
||||||
|
The Department of Homeland Security (DHS) has
three primary missions: Prevent terrorist attacks within the United States, reduce
America's vulnerability to terrorism, and minimize the damage from potential
attacks and natural disasters. |
||||||
|
|
|
|||||
|
|
||||||
|
|
|
|||||
|
|
||||||
|
The Center for Education and
Research in Information Assurance and Security (CERIAS) is currently viewed as
one of the world's leading centers for research and education in areas of
information security that are crucial to the protection of critical computing
and communication infrastructure. CERIAS is unique among such national
centers in its multidisciplinary approach to the problems, ranging from
purely technical issues (e.g., intrusion detection, network security, etc) to
ethical, legal, educational, communicational, linguistic, and economic
issues, and the subtle interactions and dependencies among them. |
||||||
|
Established
in 1988, the CERT® Coordination Center (CERT/CC) is a center of
Internet security expertise, located at the Software Engineering
Institute, a federally funded research and development center
operated by Carnegie Mellon University. |
||||||
|
The purpose of the Cyber Incident
Detection & Data Analysis Center (CIDDAC) is to manage an automated cyber
attack-reporting infrastructure that supports the protection of the national
infrastructure. CIDDAC is a not-for-profit organization that combines
private, public and government perspectives to facilitate automated real-time
sharing of cyber attack data. CIDDAC is specifically designed to protect
privacy rights while collecting serious cyber threat information from sensors
attached to real corporate computer networks. The benefit of CIDDAC is the
real-time cyber attack signatures identified. These signatures will assist
government and private sector organizations, charged with protecting critical
infrastructure networks, in their efforts to neutralize cyber threats. |
||||||
|
This
site contains a brief outline of the various types of cipher systems that
have been used historically, and tries to relate them to each other while
avoiding a lot of mathematics. |
||||||
|
Created by Brooke
Stephens, Department of Computer Science and Electrical Engineering,
University of Maryland, Baltimore County |
||||||
|
Does increased security provide comfort to
paranoid people? Or does security provide some very basic protections that we
are naive to believe that we don't need? During this time when the Internet
provides essential communication between tens of millions of people and is
being increasingly used as a tool for commerce, security becomes a
tremendously important issue to deal with. There are many aspects to security and many applications,
ranging from secure commerce and payments to private communications and
protecting passwords. One essential aspect for secure communications is that
of cryptography, which is the focus of this chapter. But it is important to
note that while cryptography is necessary for secure communications, it is
not by itself sufficient. The reader is advised, then, that the topics
covered in this chapter only describe the first of many steps necessary for
better security in any number of situations. |
||||||
|
Here are some selected
links to cryptographic information and software available outside of North America,
which can be freely downloaded in most countries (including the USA and
Canada). |
||||||
|
The invention of
cryptography is not limited to either civilians or the government. Wherever
the need for secrecy is felt, the invention occurs. However, over time the
quality of the best available system continues to improve and those best
systems were often invented by civilians. |
||||||
|
Welcome to the Cybercop
secure portal. This online application was created as a means for individuals
to share and collaborate on information in a protected environment over the
internet. Users have access to a host of tools, such as a document/file
library, internet messaging system , and even an internal webpage hosting
area. For a portal manual please refer to our user guide located in the
public library section under the category labeled "User Manual". |
||||||
|
The
ECM Mark II (also known in the Navy as CSP-888/889 or SIGABA by the Army) is
a cipher machine. |
||||||
|
EDUCAUSE is a nonprofit association
whose mission is to advance higher education by promoting the intelligent use
of information technology. |
||||||
|
These pages give an
introduction to substitution ciphers and then go on to explain exactly how
the Enigma machine worked and how it was used. |
||||||
|
Fred Cohen is best known
as the inventor of computer virus defense techniques, the principal investigator
whose team defined the information assurance problem as it relates to
critical infrastructure protection today, as a seminal researcher in the use
of deception for information protection, and as a top flight information
protection consultant. But his work on information protection extends far
beyond these areas. |
||||||
|
Founded in January 2000,
GigaLaw.com provides legal information for Internet and technology
professionals, Internet entrepreneurs and the lawyers who serve them. GigaLaw.com was founded by
Doug Isenberg, an attorney, who serves as the website's editor and publisher.
A former news reporter and magazine editor, he is the founder of The GigaLaw
Firm in Atlanta, where he practices intellectual property and Internet law,
and is an adjunct professor at Georgia State University College of Law. |
||||||
|
The High Technology Crime
Investigation Association (HTCIA) is designed to encourage, promote, aid and
effect the voluntary interchange of data, information, experience, ideas and
knowledge about methods, processes, and techniques relating to investigations
and security in advanced technologies among its membership. |
||||||
|
The Honeynet Project is a
non-profit (501c3) organization dedicated to improving the security of the
Internet by providing cutting-edge research for free. Founded in October, 1999
we have been providing the following services for free to the public. Raise Awareness: We raise
awareness of the threats and vulnerabilities that exist in the Internet
today. Many individuals and organizations do not realize they are a target,
nor understand who is attacking them, how, or why. We provide this
information so people can better understand they are a target, and understand
the basic measures they can take to mitigate these threats. This information
is provided through our Know Your Enemy series of papers. Teach and Inform: For
those who are already aware and concerned, we provide details to better
secure and defend your resources. Historically, information about attackers
has been limited to the tools they use. We provide critical additional
information, such as their motives in attacking, how they communicate, when
they attack systems and their actions after compromising a system. We provide
this service through our Know Your Enemy whitepapers and our Scan of the
Month challenges. Research: For
organizations interested in continuing their own research about cyber
threats, we provide the tools and techniques we have developed. We provide
these through our Tools Site. |
||||||
|
ISACA got its start in
1967, when a small group of individuals with similar jobs—auditing controls
in the computer systems that were becoming increasingly critical to the
operations of their organizations—sat down to discuss the need for a
centralized source of information and guidance in the field. In 1969, the
group formalized, incorporating as the EDP Auditors Association. In 1976 the
association formed an education foundation to undertake large-scale research
efforts to expand the knowledge and value of the IT governance and control
field. |
||||||
|
International Association of Computer Investigative
Specialists |
IACIS® is an international
volunteer non-profit corporation composed of law enforcement professionals
dedicated to education in the field of forensic computer science. IACIS
members represent Federal, State, Local and International Law Enforcement
professionals. Regular IACIS members have been trained in the forensic
science of seizing and processing computer systems. |
|||||
|
InternetCases.com is a
weblog that will highlight some of the more interesting court cases dealing
with issues relating to the Internet and new technologies. |
||||||
|
The Internet Security Alliance is a
non-profit collaboration between the Electronic Industries Alliance (EIA) and Carnegie Mellon's CyLab and works closely with the
CERT Coordination Center (CERT/CC)
a leading, recognized center of Internet security expertise. |
||||||
|
The
Institute for Security and Open Methodologies (ISECOM) is an open-source
collaborative community since January 2001 with non-profit status in the USA
and Spain. We are dedicated to providing practical security awareness,
research, certification and business integrity. |
||||||
|
National Information Assurance Training and Education
Center |
NIATEC, is a consortium of academic, industry, and
government organizations to improve the literacy, awareness, training and education
standards in Information Assurance. As the federally designated cornerstone for
essential education and training components of a strong Information Assurance
initiative, the mission is to establish an effective Information Assurance
infrastructure for academic, industry and government organizations. |
|||||
|
|
|
|||||
|
|
||||||
|
|
|
|||||
|
|
||||||
|
A division of Computerworld |
||||||
|
The goal of the CRA Committee on the Status of Women
in Computing research (CRA-W) is to take positive action to increase the
number of women participating in Computer Science and Engineering (CSE)
research and education at all levels. For more information, read about
CRA-W's background. |
||||||
|
CSO
provides news, analysis and research on a broad range of security and risk
management topics. Areas of focus include information security, physical
security, business continuity, identity and access management, loss
prevention and more. CSO magazine and CSOonline.com are published by CXO
Media Inc., which is an IDG (International Data Group) company. |
||||||
|
This
site is dedicated to providing enterprise security professionals with the
latest and most useful online security news, information and advice. |
||||||
|
F-Secure
Corporation protects individuals and businesses against computer viruses and
other threats spreading through the Internet and mobile networks. Our
award-winning products include antivirus, network encryption, desktop
firewall with intrusion prevention, anti-spam and parental control. |
||||||
|
Information
Security
is the enterprise security and risk managers' leading source of critical,
objective information on strategic and practical security issues. |
||||||
|
[InformIT is] here
to help you learn about anything remotely related to that screen you're
staring at right now, including programming, networking, web development and
design, operating systems, and IT and project management. |
||||||
|
SecurityFocus is the most comprehensive
and trusted source of security information on the Internet. SecurityFocus is a vendor-neutral
site that provides objective, timely and comprehensive security information
to all members of the security community, from end users, security hobbyists
and network administrators to security consultants, IT Managers, CIOs and
CSOs. |
||||||
|
For
Consumers Simple
steps, practices and resources a consumer can use to learn the basics on how to
better secure their home computer from cyber threats. Information
for Educators Cyber
Security tips, lessons and resources for teachers, professors and
administrators to help teach children and young adults how to stay safe
online. Family
and Children Practical
tips, practices and resources parents can use to help their children safely
surf the Internet. Small
Business Resources
and steps your small business or organization can use to help secure your
networks. |
||||||
|
VerifiedVoting.org,
our partners, and voters across the country have successfully persuaded state
governments to pass or propose legislation / regulations to require
voter-verified paper ballots. Help us complete the legislative landslide
toward reliable, secure, and transparent elections! |
||||||
|
Since
1989, Virus Bulletin has been dedicated to providing PC users with a regular
source of uninfluenced, unbiased, independent intelligence about computer viruses, their
prevention, detection and removal, and how to recover programs and data
following an attack. |
||||||
|
Learn about computer virus myths, hoaxes, urban
legends, hysteria, and the implications if you believe in them. |
||||||
|
VNU is a global information and media
company with leading market positions and recognized brands in marketing
information (ACNielsen), media measurement and information (Nielsen Media
Research), business information (Billboard, The Hollywood Reporter,
Computing, Intermediair) and directory publishing (Golden Pages). |
||||||
|
A division of the Washington Post Newspaper |
||||||
|
|
|
|||||
|
|
||||||
|
|
|
|||||
|
|
||||||
|
Association for Computing Machinery: Founded in 1947, ACM is a major force in
advancing the skills of information technology professionals and students worldwide.
Today, our 80,000 members and the public turn to ACM for the industry's
leading Portal to Computing Literature, authoritative publications and
pioneering conferences, providing leadership for the 21st century. |
||||||
|
Here
you can access the full, unabridged text of IT books from leading publishers.
Read up on today’s most popular IT topics. Browse or search text and create
annotated bookmarks for quick future reference. Find work solutions at your
fingertips, or learn about a new content area. |
||||||
|
Full
text collection of every article published by ACM, including over 50 years of
archives. [Much of this site is
available through the ESU
Library – access the library site first.] |
||||||
|
SIGSAC's
mission is to develop the information security profession by sponsoring high
quality research conferences and workshops. |
||||||
|
Founded
in 1997, the National Colloquium for Information Systems Security Education is
one of the leading proponents for implementing courses of instruction in
INFOSEC into American higher education. In December 1998 the NCISSE was
incorporated in the Commonwealth of Virginia by the James Madison University
Center for Research in Information Systems Security Education (CRISSE). The
CRISSE manages the Colloquium as the chairmanship rotates yearly from
academia, industry and government. Members of the CRISSE serve on the board
of directors of the Colloquium and as the Executive Secretary and Treasurer.
The Colloquium provides a forum for academia, government and industry INFOSEC
experts to discuss and form needed direction in (1) INFOSEC undergraduate and
graduate curricula, (2) common requirements, (3) specific knowledge, skills
and abilities, (4) certification requirements, and (5) establishment of
professional certification boards. |
||||||
|
From
Porcupine.org: Computer forensics is yet another computer security topic that
is being covered in a long-lasting collaboration between computer security
researchers Dan Farmer (Elemental) and Wietse Venema (IBM). |
||||||
|
Computing Reviews (CR) aims to provide access to current
research, theory and applications in all subdisciplines of computing via the
review medium. CR compiles expert, unbiased critical reviews of current
publications of note in computing. The goals of CR are to provide an overview
of developments in computing to both specialists and generalists who wish to
survey the field as a whole; isolate and illuminate quality materials; and
build and enhance communities of computer scientists and others by promoting
the exchange of ideas. |
||||||
|
From UC Davis:
These
papers are unpublished, seminal works in computer security. They are papers
every serious student of computer security should read. They are not easy to
find. The goal of this collection is to make them widely available. |
||||||
|
With
nearly 100,000 members, the IEEE Computer Society is the world's leading
organization of computer professionals. Founded in 1946, it is the largest of
the 39 societies of the IEEE. The IEEE
Computer Society's vision is to be the leading provider of technical
information, community services, and personalized services to the world's
computing professionals. |
||||||
|
The IEEE
Task Force on Information Assurance is sponsoring a series of annual workshops
on information assurance in cooperation with the ACM SIGSAC on research and
experience in information assurance. These
workshops are part of a comprehensive IEEE program to realize the potential
of IT to deliver the information it produces and stores with high assurance. |
||||||
|
Organizations
relying on the Internet face significant challenges to ensure that their
networks operate safely. And that their systems continue to provide critical
services even in the face of attacks. Denial
of service, worms, DNS, and router attacks are increasing. To help you stay
one step ahead of these and other threats, the IEEE Computer Society
published a new periodical in 2003, IEEE
Security & Privacy magazine. IEEE
Security & Privacy will rethink the role and importance of networked
infrastructure and help you develop lasting security solutions. |
||||||
|
TFIA Objectives
|
||||||
|
The International Association for Cryptologic
Research (IACR) is a non-profit scientific organization whose purpose is to
further research in cryptology and related fields. |
||||||
|
|
|
|||||
|
|
||||||
|
|
|
|||||
|
|
||||||
|
Ad-Aware
Personal provides advanced protection from known data-mining, aggressive
advertising, Trojans, dialers, malware, browser hijackers, and tracking
components. This software is downloadable free of charge. |
||||||
|
Avast antivirus is based on the comprehensive
ALWIL Software scanning technology available since 1988. [A free antivirus product] |
||||||
|
Backbone,
a privately owned business with offices in Stroudsburg, PA, Fairmont, WV,
Sudbury, MA, and Hampton Roads, VA was established in 1999 with the objective
of integrating government, industry, and academic computer security expertise
to provide consulting in computer security and to serve as a source for
solving computer and network security problems. |
||||||
|
A high volume, full disclosure
mailing list for the detailed discussion and announcement of computer
security vulnerabilities. |
||||||
|
Resources … designed to provide additional
technical and/or background information on Cigital's approach to protecting
companies from the severe business risks of failed or flawed software |
||||||
|
The Critical Infrastructure Assurance Group
provides leadership to improve the security of global critical
infrastructures. |
||||||
|
A list of standardized names for vulnerabilities
and other information security exposures - CVE aims to standardize the names
for all publicly known vulnerabilities and security exposures. |
||||||
|
Resources compiled by Bruce Schneier: Bruce Schneier is the founder and Chief
Technology Officer of Counterpane Internet Security, Inc., the premier
provider of Managed Security Monitoring services in the world. Bruce
established Counterpane in 1999 to address the critical need for increased
levels of security services. |
||||||
|
Computer
Security Institute (CSI) is the world's leading membership organization
specifically dedicated to serving and training the information, computer and
network security professional. Since 1974, CSI has been providing education
and aggressively advocating the critical importance of protecting information
assets. |
||||||
|
IBM
has been preparing a defense against fast spreading viruses for several
years. The Digital Immune System for Cyberspace can automatically detect viral
activity during early spread, automatically develop a cure and distribute it
across the Internet faster than the virus spreads. Deploying a commercially
viable system demands expertise reaching from basic research in neural
networks that distinguish virus from non-virus to extremely fast pattern
recognition to networks that remain effective even during computer virus
epidemics. |
||||||
|
Site
created by Fyodor - most famous free software creation is Nmap, a utility for
network exploration or security auditing. |
||||||
|
International
Information Systems Security Certification Consortium |
The
International Information Systems Security Certification Consortium, Inc., or
(ISC)², is a non-profit organization, incorporated in the Commonwealth of
Massachusetts, based in Palm Harbor, Florida. (ISC)² is dedicated to:
|
|||||
|
The
world has become a far more risky place for business. The Internet is being
used for on-line business continues to grow, more businesses are outsourcing
and using third party services, supply chains are getting larger and computer
fraud is on the increase all risk areas to business. Also business dependence
on IT, networks, wireless and mobile communications again raises the risk
levels. |
||||||
|
Java
security technology includes a large set of APIs, tools, and implementations
of commonly used security algorithms, mechanisms, and protocols. The Java
security APIs span a wide range of areas, including cryptography, public key
infrastructure, secure communication, authentication, and access control.
Java security technology provides the developer with a comprehensive security
framework for writing applications, and also provides the user or
administrator with a set of tools to securely manage applications. |
||||||
|
We
create technologies that protect computer users from ever-increasing cyber
threats. We ensure support for our secure content management solutions and
strive to increase awareness about secure computing worldwide. |
||||||
|
LinuxSecurity.com
was first launched in 1996 by a handful of Open Source enthusiasts and
security experts who recognized a void in the availability of accurate and
insightful news relating to open source security issues. Led by Dave Wreski,
who currently serves as chief executive officer of Guardian Digital, this
group has grown into a global network of collaborators who devote their time
to gathering and publicizing the latest security news, advisories and reports
relevant to the Linux community. Headquartered in Guardian Digital's offices
in Allendale, New Jersey, LinuxSecurity.com's editorial and web development
staff also creates feature articles, commentaries and surveys designed to
keep readers informed of the latest Linux advancements and to promote the
general growth of Linux around the world. |
||||||
|
McAfee
is respected for our ability to effectively solve real-world security
problems in a dynamic risk environment. We are innovative and experienced,
capable and committed, and we proactively secure systems and networks from
known and unknown threats. |
||||||
|
The
TechNet Security Center provides security tools, security response
information, such as security bulletins and virus alerts, and the most
prescriptive security guidance Microsoft has to offer to assist IT
Professionals in securing their systems. |
||||||
|
The
purpose of ASSET is to automate the completion of the questionnaire contained
in NIST Special Publication 800-26, "Security Self-Assessment Guide for Information
Technology Systems." As described
in NIST Special Publication 800-26, the results of the questionnaire provide
a "method of evaluating the security of a particular system or group of
systems." Through interpretation of the questionnaire results, users are
able to assess the information technology (IT) security posture for any
number of systems within their organization and, in particular, assess the
status of the organization's security program plan. |
||||||
|
The
Open Source Security Testing Methodology Manual (OSSTMM) is a peer-reviewed
methodology for performing security tests and metrics. |
||||||
|
Packet
Storm offers an abundant resource of up-to-date and historical security
tools, exploits, and advisories. We are a non-profit organization comprised
of security professionals that are dedicated to providing the information
necessary to secure networks on a global scale. We accomplish this goal by
publishing new security information on a global network of websites. |
||||||
|
An
academic environment within a commercial organization, RSA Laboratories is the
research center of RSA Security Inc., the company founded by the inventors of
the RSA public-key cryptosystem. Through its research program, standards
development, and educational activities, RSA Laboratories provides
state-of-the-art expertise in cryptography and security technology for the
benefit of RSA Security and its customers. |
||||||
|
SANS
is the most trusted and by far the largest source for information security training
and certification in the world. It also develops, maintains, and makes
available at no cost, the largest collection of research documents about
various aspects of information security, and it operates the Internet's early
warning system - Internet Storm Center. The SANS (SysAdmin, Audit, Network,
Security) Institute was established in 1989 as a cooperative research and
education organization. Its programs now reach more than 165,000 security
professionals, auditors, system administrators, network administrators, chief
information security officers, and CIOs |
||||||
|
Secunia
is a leading provider of IT-security services. Secunia's unique corporate
culture has been the driving force behind these services and the success. |
||||||
|
Symantec
is the global leader in information integrity. We provide software,
appliances, and services to help individuals, small and mid-sized businesses,
and large enterprises secure and manage their most important
asset—information. |
||||||
|
Zone
Labs®, a Check Point company, is one of the most trusted brands in Internet
security. Zone Labs is a leading creator of endpoint security solutions protecting
millions of PCs and the valuable, personally-identifiable information on
those PCs, from hackers, spyware and data theft. [Offers a free personal
firewall] |
||||||
|
|
|
|||||
|
|
||||||
|
|
|