SECURITY WEBSITES
CISSP Open Study Guide
www.cccure.org
The CISSP Open Study Guide website includes many valuable study resources for the CISSP candidate, such as study guides, downloads, study presentations, online quizzes, books, news, and access to numerous study groups and discussion forums.
Carnegie Mellon SEI CERT Coordination Center
www.cert.org
The Carnegie Mellon Software Engineering Institute (SEI) Computer Emer- gency Response Team (CERT) Coordination Center includes information about vulnerabilities and fixes, incidents, and security practices and evaluations; offers survivability research and analysis; and provides training and education resources.”
Common Vulnerabilities and Exposures
http://cve.mitre.org
The Common Vulnerabilities and Exposures (CVE) is a list, maintained by the MITRE Corporation, of standardized names for vulnerabilities and other information security exposures. You can download the CVE dictionary – which contains publicly known information security vulnerabilities and exposures – from this website.
Dark Reading
www.darkreading.com
Dark Reading is an excellent portal for current security-related news and information on a number of security topics. Join their security discussions, subscribe to RSS feeds, and follow their blogs to keep current on the latest in security and data protection.
(ISC)2
www.isc2.org
The (ISC)2 website is not only the most important website for CISSP candidates — it’s where you download the Candidate Information Bulletin (CIB), get the latest official updates on the CISSP certification, register and schedule your exam, pay your annual dues, and log your Continuing Professional Education (CPE) credits — it’s also where you can find out about local (ISC)2 chapters, network with other CISSPs, participate in security blogs, and download valuable security resources. Make it a habit to check the Chapters, Social Responsibility, Events, Industry Resources, and Blog tabs frequently!
INFOSYSSEC
www.infosyssec.com
INFOSYSSEC is the mother of all security websites and one of the largest security portals we’ve ever seen.
National Institute of Standards and Technology
www.nist.gov/itl
The U.S. National Institute of Standards and Technology (NIST) Information Technology Laboratory (ITL) provides access to NIST special publications, guides, standards, toolkits, projects, and a wealth of other helpful information and security resources. This site contains some of the best security standards and practices we have seen, and all of it is available for free.
PCI Security Standards Council
www.pcisecuritystandards.org
The Payment Card Industry (PCI) Security Standards Council website isn’t a security website per se, but it is full of very useful and helpful security information related to the most far-reaching and comprehensive industry security standard today — the PCI Data Security Standard (DSS). PCI DSS is applicable to any organization that processes, transmits, or stores payment card data — whether it handles one transaction or one million transactions — so it is very likely that your organization or your clients are subject to or affected by PCI DSS in some way.
Check out the PCI Standards and Documents, Training, and News and Events tabs on the PCI website for useful resources such as incident response templates, self-assessment questionnaires, WiFi security guidelines, encryption and tokenization information, and secure virtualization tips. These resources are specific to PCI DSS, but since most data protection standards and regulations are based on security best practices, this isn’t a bad place to go for good security information.”
The SANS Institute
www.sans.org
The SANS (Systems Administration, Networking, and Security) Institute sponsors the Global Information Assurance Certification (GIAC) program, a series of security certifications that have a more technical, hands-on focus than the CISSP certification. GIAC is an excellent complement to CISSP certification, and SANS offers a 40-percent discount on its GSEC (GIAC Security Essentials Certification) certification for those who have CISSP certification.
This website also includes SANS conference schedules, an extremely helpful “Internet Storm Center” and security digest, the SANS online bookstore, various projects, resources, security links, sample security policies, white papers, GIAC student practicals, and security tools.
The site also features the SANS/FBI Top Twenty Vulnerabilities list. This list, co-sponsored by the FBI, helps organizations prioritize security efforts by listing and describing the top 20 Internet security vulnerabilities in three categories: General Vulnerabilities, Windows Vulnerabilities, and UNIX Vulnerabilities.”
WindowSecurity Network Security Library
www.windowsecurity.com
Don’t be fooled by the name of the website — the Network Security Library deals with more than just Windows security issues. It’s an excellent source of free online books, articles, FAQs, and how-to’s on many subjects, including Windows, UNIX, Netware, firewalls, intrusion detection and prevention systems, security policy, the Internet, the National Computer Security Center (NCSC), the Department of Defense (DoD) Rainbow Series, harmless hacking, and many more.”
www.cccure.org
The CISSP Open Study Guide website includes many valuable study resources for the CISSP candidate, such as study guides, downloads, study presentations, online quizzes, books, news, and access to numerous study groups and discussion forums.
Carnegie Mellon SEI CERT Coordination Center
www.cert.org
The Carnegie Mellon Software Engineering Institute (SEI) Computer Emer- gency Response Team (CERT) Coordination Center includes information about vulnerabilities and fixes, incidents, and security practices and evaluations; offers survivability research and analysis; and provides training and education resources.”
Common Vulnerabilities and Exposures
http://cve.mitre.org
The Common Vulnerabilities and Exposures (CVE) is a list, maintained by the MITRE Corporation, of standardized names for vulnerabilities and other information security exposures. You can download the CVE dictionary – which contains publicly known information security vulnerabilities and exposures – from this website.
Dark Reading
www.darkreading.com
Dark Reading is an excellent portal for current security-related news and information on a number of security topics. Join their security discussions, subscribe to RSS feeds, and follow their blogs to keep current on the latest in security and data protection.
(ISC)2
www.isc2.org
The (ISC)2 website is not only the most important website for CISSP candidates — it’s where you download the Candidate Information Bulletin (CIB), get the latest official updates on the CISSP certification, register and schedule your exam, pay your annual dues, and log your Continuing Professional Education (CPE) credits — it’s also where you can find out about local (ISC)2 chapters, network with other CISSPs, participate in security blogs, and download valuable security resources. Make it a habit to check the Chapters, Social Responsibility, Events, Industry Resources, and Blog tabs frequently!
INFOSYSSEC
www.infosyssec.com
INFOSYSSEC is the mother of all security websites and one of the largest security portals we’ve ever seen.
National Institute of Standards and Technology
www.nist.gov/itl
The U.S. National Institute of Standards and Technology (NIST) Information Technology Laboratory (ITL) provides access to NIST special publications, guides, standards, toolkits, projects, and a wealth of other helpful information and security resources. This site contains some of the best security standards and practices we have seen, and all of it is available for free.
PCI Security Standards Council
www.pcisecuritystandards.org
The Payment Card Industry (PCI) Security Standards Council website isn’t a security website per se, but it is full of very useful and helpful security information related to the most far-reaching and comprehensive industry security standard today — the PCI Data Security Standard (DSS). PCI DSS is applicable to any organization that processes, transmits, or stores payment card data — whether it handles one transaction or one million transactions — so it is very likely that your organization or your clients are subject to or affected by PCI DSS in some way.
Check out the PCI Standards and Documents, Training, and News and Events tabs on the PCI website for useful resources such as incident response templates, self-assessment questionnaires, WiFi security guidelines, encryption and tokenization information, and secure virtualization tips. These resources are specific to PCI DSS, but since most data protection standards and regulations are based on security best practices, this isn’t a bad place to go for good security information.”
The SANS Institute
www.sans.org
The SANS (Systems Administration, Networking, and Security) Institute sponsors the Global Information Assurance Certification (GIAC) program, a series of security certifications that have a more technical, hands-on focus than the CISSP certification. GIAC is an excellent complement to CISSP certification, and SANS offers a 40-percent discount on its GSEC (GIAC Security Essentials Certification) certification for those who have CISSP certification.
This website also includes SANS conference schedules, an extremely helpful “Internet Storm Center” and security digest, the SANS online bookstore, various projects, resources, security links, sample security policies, white papers, GIAC student practicals, and security tools.
The site also features the SANS/FBI Top Twenty Vulnerabilities list. This list, co-sponsored by the FBI, helps organizations prioritize security efforts by listing and describing the top 20 Internet security vulnerabilities in three categories: General Vulnerabilities, Windows Vulnerabilities, and UNIX Vulnerabilities.”
WindowSecurity Network Security Library
www.windowsecurity.com
Don’t be fooled by the name of the website — the Network Security Library deals with more than just Windows security issues. It’s an excellent source of free online books, articles, FAQs, and how-to’s on many subjects, including Windows, UNIX, Netware, firewalls, intrusion detection and prevention systems, security policy, the Internet, the National Computer Security Center (NCSC), the Department of Defense (DoD) Rainbow Series, harmless hacking, and many more.”