[ISN] IT Security Resources

From: InfoSec News (isnat_private)
Date: Tue Apr 23 2002 - 22:50:55 PDT

  • Next message: InfoSec News: "[ISN] Honeynet looks to sting hackers"

    http://www.washingtonpost.com/wp-dyn/articles/A29557-2002Apr22.html
    
    Monday, April 22, 2002; 4:02 PM 
    
    Since September 11, the government and Corporate America alike have 
    taken a stronger interest in understanding how to ward off security 
    risks. Company executives have realized that their information 
    technology infrastructure is both an important asset - as well as a 
    vulnerable one. But many firms don't know where to start to pinpoint 
    weaknesses in their networks or to find tips for getting prepared for 
    or warding off various IT-related security risks. While IT security 
    experts caution that there is not a magic list that applies to every 
    company or organization's needs, there are some online resources - 
    including many free clearinghouses - that may serve as starting points 
    for IT security information. 
    
    http://www.cert.org/
    Run by the federally funded Software Engineering Institute operated at
    Carnegie Mellon University, the CERT Coordination Center provides
    various resources on Internet security, including advisories on
    vulnerabilities and computer security incidents.
    
    http://csrc.ncsl.nist.gov
    Under the National Institute of Standards and Technology (NIST), the
    Computer Security Resource Center Web site has a number of resources
    to help with IT risks, vulnerabilities and protection requirements.  
    Once on the home page, there is a section with helpful links to other
    IT resources from various academic, governmental and professional
    outlets. For a full list of CSRC's list of outside resources on the
    Web: http://csrc.nist.gov/csrc/links.html
    
    http://icat.nist.gov/icat.cfm
    Also part of NIST, this Web site contains a searchable index of
    information on computer vulnerabilities and information for obtaining
    patches for problems.
    
    http://www.nist.gov
    The main National Institute of Standards and Technology Web site. NIST
    is a non-regulatory federal agency under the U.S. Commerce
    Department's Technology Administration.
    
    http://www.sans.org/newlook/home.php
    The SANS (System Administration, Networking and Security) Institute is
    a research and education organization designed for the information
    security community to share information. The Web site provides free
    information on research summaries, news digests and security alerts,
    among other resources.
    
    http://www.nipc.gov
    The National Infrastructure Protection Center (NIPC) Web site. The
    NIPC operates out of the FBI's headquarters in Washington. The group
    -- along with state, local and private partnerships -- provides threat
    assessment, warning, investigation, and response to threats or attacks
    against telecommunications, energy, emergency services and other
    infrastructures for the U.S. government. The site has information on
    various alerts and cyberthreats.
    
    http://www.cybercrime.gov/
    U.S. Department of Justice site that provides a wide-range of 
    information on cyberthreats and cybercrime policy issues. 
    
    http://iase.disa.mil
    Information Assurance Support Environment Web site, sponsored by the 
    Defense Information Systems Agency. The site is billed as an 
    information assurance clearinghouse. 
    
    http://www.ciac.org/ciac/
    The Department of Energy Computer Incident Advisory Capability Web 
    site includes information on up-to-date vulnerabilities and articles 
    and information on addressing particular security issues. 
    
    http://www.fedcirc.gov
    The Federal Computer Incident Response Center is a central facility 
    that handles computer security-related issues affecting the U.S. 
    federal government's civilian agencies and departments. 
    
    http://www.whitehouse.gov/homeland/
    The U.S. Government's Homeland Security Office main Web site with 
    various links to government news, information and alerts. 
    
    Some links to IT security-related associations and other 
    organizations: 
    
    http://www.issa-intl.org
    Information Systems Security Association, a nonprofit international 
    group of information security professionals. The group provides 
    educational forums among other services. 
    
    http://www.commoncriteria.org/
    The Common Criteria was formed to develop criteria to evaluate IT 
    security, with a focus on the international community. 
    
    http://www.mitre.org
    A nonprofit organization that provides systems engineering, research 
    and development and information technology support to the government. 
    The group's common vulnerabilities and exposures Web site, 
    http://cve.mitre.org/, provides a list of standardized names for 
    vulnerabilities and information security exposures. 
    
    http://cisecurity.org
    The Center for Internet Security group was formed to help 
    organizations manage risks related to information security. The center 
    provides tools for individuals and businesses to monitor and compare 
    the security level of Internet-connected systems. 
    
    http://www.isalliance.org
    Internet Security Alliance is a group effort involving Carnegie Mellon 
    University's Software Engineering Institute, the CERT Coordination 
    Center and the Electronic Industries Alliance. The group lobbies 
    legislators and regulators and works to identify and standardize "best 
    practices" in Internet security. 
    
    http://www.fsisac.com
    Financial Services Information Sharing and Analysis Center, touted on 
    its site as an industry-wide database for its membership of e-security 
    threats, vulnerabilities and solutions to IT security problems. 
    
    http://www.infosecuritymag.com/
    A publication covering the information security industry. 
    
    Compiled by Washtech.com Staff Writer Cynthia L. Webb. Selected Web 
    links suggested by Lee Zeichner, president of LegalNet Works Inc. of 
    Falls Church. LegalNet Works develops information security laws and 
    regulations. Additional Web links suggested by Patricia Hammar, vice 
    president for corporate development and advanced technology programs 
    at National Security Research Inc., a Washington company that conducts 
    technical and policy research for federal government agencies. 
    National Institute of Standards and Technology spokesman Phil Bulman 
    suggested additional links. 
    
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Wed Apr 24 2002 - 01:39:13 PDT