http://www.washingtonpost.com/wp-dyn/articles/A29557-2002Apr22.html Monday, April 22, 2002; 4:02 PM Since September 11, the government and Corporate America alike have taken a stronger interest in understanding how to ward off security risks. Company executives have realized that their information technology infrastructure is both an important asset - as well as a vulnerable one. But many firms don't know where to start to pinpoint weaknesses in their networks or to find tips for getting prepared for or warding off various IT-related security risks. While IT security experts caution that there is not a magic list that applies to every company or organization's needs, there are some online resources - including many free clearinghouses - that may serve as starting points for IT security information. http://www.cert.org/ Run by the federally funded Software Engineering Institute operated at Carnegie Mellon University, the CERT Coordination Center provides various resources on Internet security, including advisories on vulnerabilities and computer security incidents. http://csrc.ncsl.nist.gov Under the National Institute of Standards and Technology (NIST), the Computer Security Resource Center Web site has a number of resources to help with IT risks, vulnerabilities and protection requirements. Once on the home page, there is a section with helpful links to other IT resources from various academic, governmental and professional outlets. For a full list of CSRC's list of outside resources on the Web: http://csrc.nist.gov/csrc/links.html http://icat.nist.gov/icat.cfm Also part of NIST, this Web site contains a searchable index of information on computer vulnerabilities and information for obtaining patches for problems. http://www.nist.gov The main National Institute of Standards and Technology Web site. NIST is a non-regulatory federal agency under the U.S. Commerce Department's Technology Administration. http://www.sans.org/newlook/home.php The SANS (System Administration, Networking and Security) Institute is a research and education organization designed for the information security community to share information. The Web site provides free information on research summaries, news digests and security alerts, among other resources. http://www.nipc.gov The National Infrastructure Protection Center (NIPC) Web site. The NIPC operates out of the FBI's headquarters in Washington. The group -- along with state, local and private partnerships -- provides threat assessment, warning, investigation, and response to threats or attacks against telecommunications, energy, emergency services and other infrastructures for the U.S. government. The site has information on various alerts and cyberthreats. http://www.cybercrime.gov/ U.S. Department of Justice site that provides a wide-range of information on cyberthreats and cybercrime policy issues. http://iase.disa.mil Information Assurance Support Environment Web site, sponsored by the Defense Information Systems Agency. The site is billed as an information assurance clearinghouse. http://www.ciac.org/ciac/ The Department of Energy Computer Incident Advisory Capability Web site includes information on up-to-date vulnerabilities and articles and information on addressing particular security issues. http://www.fedcirc.gov The Federal Computer Incident Response Center is a central facility that handles computer security-related issues affecting the U.S. federal government's civilian agencies and departments. http://www.whitehouse.gov/homeland/ The U.S. Government's Homeland Security Office main Web site with various links to government news, information and alerts. Some links to IT security-related associations and other organizations: http://www.issa-intl.org Information Systems Security Association, a nonprofit international group of information security professionals. The group provides educational forums among other services. http://www.commoncriteria.org/ The Common Criteria was formed to develop criteria to evaluate IT security, with a focus on the international community. http://www.mitre.org A nonprofit organization that provides systems engineering, research and development and information technology support to the government. The group's common vulnerabilities and exposures Web site, http://cve.mitre.org/, provides a list of standardized names for vulnerabilities and information security exposures. http://cisecurity.org The Center for Internet Security group was formed to help organizations manage risks related to information security. The center provides tools for individuals and businesses to monitor and compare the security level of Internet-connected systems. http://www.isalliance.org Internet Security Alliance is a group effort involving Carnegie Mellon University's Software Engineering Institute, the CERT Coordination Center and the Electronic Industries Alliance. The group lobbies legislators and regulators and works to identify and standardize "best practices" in Internet security. http://www.fsisac.com Financial Services Information Sharing and Analysis Center, touted on its site as an industry-wide database for its membership of e-security threats, vulnerabilities and solutions to IT security problems. http://www.infosecuritymag.com/ A publication covering the information security industry. Compiled by Washtech.com Staff Writer Cynthia L. Webb. Selected Web links suggested by Lee Zeichner, president of LegalNet Works Inc. of Falls Church. LegalNet Works develops information security laws and regulations. Additional Web links suggested by Patricia Hammar, vice president for corporate development and advanced technology programs at National Security Research Inc., a Washington company that conducts technical and policy research for federal government agencies. National Institute of Standards and Technology spokesman Phil Bulman suggested additional links. - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Wed Apr 24 2002 - 01:39:13 PDT