Informationen zur Netzsicherheit:

Bücher

The CISSP Prep Guide von Ronald L. Krutz, Russell D. Vines	The Advanced CISSP Prep Guide, w. CD-ROM von Ronald L. Krutz, Russell D. Vines	Mike Meyers' CISSP(R) Certification Passport. von Shon Harris
Information Security Management Handbook von Harold F. Tipton, Micki Krause	Hacking Exposed Web Applications. von Scarnbray	Computer Forensics von Warren G. Kruse, Jay G. Heiser
Handbook of Computer Crime Investigation von Eoghan Casey	Inside Network Perimeter Security von Stephen Northcutt, u. a.	Hacker's Challenge von Mike Schiffman

Network Intrusion Detection. von Stephen Northcutt, Judy Novak	Checkpoint Next Generation Security Administration. von Drew Simonis, u. a.	Secrets and Lies. Digital Security in a Networked World. von Bruce Schneier
Hacking Exposed. Network Security Secrets and Solutions. von Stuart McClure, u. a.	Angewandte Kryptographie . Protokolle, Algorithmen und Sourcecode in C von Bruce Schneier	Das Anti-Hacker-Buch für Windows von Joel Scambray, Stuart McClure
LDAP System Administration von Hodges	The Art of Deception. Controlling the Human Element of Security. von Kevin D. Mitnick, William L. Simon	Windows 2000 Befehle. Kurz und gut. von Aeleen Frisch

Building Secure Servers with Linux. von Michael D. Bauer	Practical Cryptography. von Niels Ferguson, Bruce Schneier	Java Server Pages. von Hans Bergsten
Network Intrusion Detection. von Stephen Northcutt, Judy Novak	Inside Network Perimeter Security von Stephen Northcutt, u. a.	Linux Server Hacks. 100 Industrial- Strength Tips and Tools. von Rob Flickenger (Herausgeber)
Network Security with OpenSSL. Cryptography for Secure Communications. von Jon Viega, u. a.	Hacking Exposed. Network Security Secrets and Solutions. von Stuart McClure, u. a.	TCP/ IP Illustrated I. The Protocols. von W. Richard Stevens

Carnegie Mellon University:

CERT:

CERT Aktuelles

Vulnerabilites & Fixes

Evaluation & Practices

Articles & Reports:

• 2004 E-Crime Watch Survey^TM: Summary of Findings (pdf)
  2005 E-Crime Watch Survey^TM: Survey Results (pdf)
  ActiveX workshop report (pdf)
  Advanced Information Assurance Handbook (pdf)
  An Analysis of Security Incidents on the Internet 1989-1995
  Applying FSQ Engineering Foundations to Automated Calculation of Program Behavior (pdf)
  Avoiding the Trial-By-Fire Approach to Security Incidents
  Attack Modeling for Information Security and Survivability (pdf)
  
• Bidirectional Flow Export Using IPFIX (txt)
  Botnets as a Vehicle for Online Crime (pdf)
  A Brief Tour of the Simple Network Management Protocol (pdf)
  Building Information Assurance Educational Capacity: Pilot Efforts to Date (pdf)
  
• A Case Study in Survivable Network System Analysis (pdf)
  The CERT Function Extraction Experiment: Quantifying FX Impact on Software Comprehension and Verification (pdf)
  A Common Language for Computer Security Incidents (pdf)
  Computer Security (Congressional testimony)
  Computer Security Issues that Affect Federal, State, and Local Governments and the Code Red Worm (Congressional testimony)
  Correlations between Quiescent Ports in Network Flows (pdf)
  Countering Cyber War (pdf)
  Creating a Computer Security Incident Response Team: A Process for Getting Started
  Cross-Site Scripting Vulnerabilities (pdf)
  CSIRT Handbook (pdf)
  CSIRT Services html | pdf
  Cyber Security (Congressional testimony)
  Cyber Security - Growing Risk from Growing Vulnerability (Congressional testimony)
  Cyber Threats and the US Economy (Congressional testimony)
  
• Dealing with External Computer Security Incidents (pdf)
  Defending Yourself: The Role of Intrusion Detection Systems (pdf)
  Defining Incident Management Processes for CSIRTs: A Work in Progress (pdf)
  Design and Implementation of Easel: A Language for Simulating Highly Distributed Systems (pdf)
  Detecting Scans at the ISP Level (pdf)
  Distributed-Systems Intruder Tools workshop report pdf | html
  Downstream Liability for Attack Relay and Amplification (pdf)
  
• Emergent Algorithms: A New Method for Enhancing Survivability in Unbounded Systems
  An Empirical Analysis of Target Resident DoS Filters (pdf)
  
• Finding Peer-to-Peer File-sharing Using Coarse Network Behaviors (pdf)
  First Responders Guide to Computer Forensics (pdf)
  First Responders Guide to Computer Forensics: Advanced Topics (pdf)
  Flow-Service-Quality (FSQ) Engineering: Foundations for Network System Analysis and Development (pdf)
  Foundations for Survivable System Development: Service Traces, Intrusion Traces, and Evaluation Models (pdf)
  Foundations for Survivable Systems Engineering html | pdf
  
• Handbook for Computer Security Incident Response Teams (CSIRTs) (pdf)
  
• The Impact of Function Extraction Technology on Next-Generation Software Engineering (pdf)
  Improving the Security of Networked Systems
  The Incident Object Description Exchange Format Data Model and XML Implementation (txt)
  The Incident Object Description Exchange Format (IODEF) Implementation Guide (txt)
  Information Assurance: Building Educational Capacity (pdf)
  Information Survivability: Required Shifts in Perspective
  Information Technology - Essential But Vulnerable: Internet Security Trends (Congressional testimony)
  Insider Threat Study: Illicit Cyber Activity in the Banking and Finance Sector (pdf)
  International Liability Issues for Software Quality (pdf)
  Internet Fraud (Congressional testimony)
  Intelligence Analysis for Internet Security
  International Cooperation for Cyber Crime and Terrorism in the 21st Century (pdf)
  Internet Denial of Service Attacks and the Federal Response
  Internet Security Issues
  Intrusion Detection: Implementation and Operation Issues
  
• Life-Cycle Models for Survivable Systems (pdf)
  Life-Cycle Models for Survivable Systems 2000 IEEE (pdf)
  Locality: A New Paradigm for Thinking About Normal Behavior and Outsider Threat (pdf)
  
• Malicious IT Roundtable: Roundtable on Information Security Policy (pdf)
  Managing for Enterprise Security (pdf)
  Managing the Threat of Denial-of-Service Attacks (pdf)
  The Melissa Virus: Inoculating Our Information Technology from Emerging Threats
  A Model for Opportunistic Network Exploits: The Case of P2P Worms (pdf)
  Models of Information Security Trend Analysis (pdf)
  More Netflow Tools: For Performance and Security(pdf)
  
• Network Survivability Analysis Using Easel (pdf)
  
• OCTAVE^SM Catalog of Practice, Version 2.0 (pdf)
  OCTAVE^SM Criteria, Version 2.0 (pdf)
  Organizational Models for Computer Security Incident Response Teams pdf | html
  Organized Crime and Cyber-Crime: Implications for Business (pdf)
  Outsourcing Managed Security Services(pdf)
  Overview of Attack Trends (pdf)
  Overview of The Survivable Network Analysis Method
  
• Preparing RIR Allocation Data for Network Security Analysis Tasks (pdf slides)
  
• Removing Roadblocks to Cyber Defense
  Report on Annual Regional Information Assurance Symposia (pdf)
  Report to the President's Commission on Critical Infrastructure Protection html | pdf
  Requirements Definition for Survivable Network Systems (pdf)
  Requirements Engineering for Survivable Systems (pdf)
  Requirements for the Format for Incident Information Exchange (FINE) (txt)
  A Research Agenda for Survivable Systems (pdf)
  Results of the Distributed-Systems Intruder Tools Workshop pdf | html
  Results of the Security in ActiveX Workshop (pdf)
  rlogin(1): The Untold Story (pdf)
  
• Secure Infrastructure Design (pdf)
  Securing an Internet Name Server (pdf)
  Securing Networks Systematically - the SKiP Method (pdf)
  Securing Your Web Browser (pdf)
• Security and Survivability Reasoning Frameworks and Architectural Design Tactics September 2004 (pdf)
• Security Often Sacrificed for Convenience
  Security of the Internet
  Sets, Bags & Rock and Roll: Analyzing Large Sets of Network Data (pdf)
  Simple IPFIX Files for Persistent Storage (txt)
  A Simulation Model for Managing Survivability of Networked Information Systems (pdf)
  Software Vulnerabilities in Java
  Spyware (pdf)
  SQUARE Project: Cost/Benefit Analysis Framework for Information Security Improvement Project in Small Companies (pdf)
  Staffing Your Computer Security Incident Response Team – What Basic Skills Are Needed?
  State of the Practice of Computer Security Incident Response Teams (pdf)
  State of the Practice of Intrusion Detection Technologies (pdf)
  Steps for Creating National CSIRTs (pdf)
  A Structured Approach to Classifying Security Vulnerabilities
  Survivability - A New Technical and Business Perspective on Security (pdf)
  The Critical Success Factor Method: Establishing a Foundation for Enterprise Security Management
  The Survivability Imperative: Protecting Critical Systems
  The Survivability of Network Systems: An Empirical Analysis (pdf)
  Survivability: Protecting Your Critical Systems
  Survivable Functional Units: Balancing an Enterprise's Mission and Technology (pdf)
  Survivable Network Analysis Method (pdf)
  Survivable Network System Analysis: A Case Study (pdf)
  Survivable Network Systems: An Emerging Discipline (pdf)
  Systematic Generation of Stochastic Diversity as an Intrusion Barrier in Survivable Systems Software
  Systems Quality Requirements Engineering (SQUARE) Methodology: Case Study on Asset Management System
  
• Technical Trends in Phishing Attacks
  Testimony to the Commerce and Economic Development Subcommittee on Electronic Commerce
  Tracking and Tracing Cyber-Attacks: Technical Challenges and Global Policy Issues (pdf)
  Trends in Denial of Service Attack Technology (pdf)
  Trustworthy Integration: Challenges for the Practitioner (pdf)
  Trustworthy Refinement through Intrusion-Aware Design (TRIAD): An Overview (pdf)
  Trustworthy Refinement Through Intrusion-Aware Design (pdf)
  
• Using PGP to Verify Digital Signatures (pdf)
• Viruses and Worms: What Can We Do About Them? (Congressional testimony)
• Windows Intruder Detection Checklist

Research Papers:

Survivability

• Technical Report: Survivable Network Systems: An Emerging Discipline. November 1997 (pdf)
• Paper: An Approach to Survivable Systems. NATO IST Symposium on Protecting Information Systems in the 21st Century. Washington, DC, October 25-27, 1999 (doc)
• Paper: Survivability: Protecting Your Critical Systems (condensed version of Survivable Network Systems), published in the November/December 1999 issue of IEEE Internet Computing
• Paper: Survivability - A New Technical and Business Perspective on Security. Proceedings of the 1999 New Security Paradigms Workshop. Caledon Hill, ON, September 21-24, 1999. New York, NY: Association for Computer Machinery, 2000 (pdf)
• Presentation: Survivability - A New Security Paradigm for Protecting Highly Distributed Mission Critical Systems. 38th Meeting of IFIP Working Group 10.4 on Dependable Computing and Fault Tolerance. Kerhonkson, NY, June 28-July 2, 2000 (pdf)
• Paper: The Survivability Imperative: Protecting Critical Systems. CrossTalk, October 2000
• Presentation: Survivable Network Technology for the Survivability of Critical Systems - Intruder Trends that IRTs Will Have to Handle: 2001-2010. June 2001 (pdf)
• Technical Report: Foundations for Survivable System Development: Service Traces, Intrusion Traces, and Evaluation Models. October 2001 (pdf)

Modeling and Predicting Survivability Attributes (Easel, Emergent Algorithms)

• Technical Report: Network Survivability Analysis Using Easel December 2002 (pdf)
• Paper: Emergent Algorithms: A New Method for Enhancing Survivability in Unbounded Systems . Proceedings of the Hawaii International Conference on System Sciences. Maui, HI, January 5-8, 1999. IEEE, 1999
• Paper: Simulating the emergent behavior of complex software-intensive organizations. June 2000 (pdf)
• Paper: Survivability and Simulation. Third Information Survivability Workshop (ISW-2000). Boston, MA, October 23-26, 2000 (pdf)
• Paper: The Easel Survivability Simulation Project. NDIA, 16th annual Security and Technology Symposium. Williamsburg, VA, June 26-29, 2000 (doc)
• Paper: A Simulation Environment for Survivability Algorithms. Proceedings of the 1998 Information Survivability Workshop. Orlando, FL, October 28-30, 1998. Software Engineering Institute and IEEE Computer Society, 1998 (doc)
• Paper: Emergent Algorithms for Survivable Systems, Proceedings of the 1998 Information Survivability Workshop. Orlando, FL, October 28-30, 1998. Software Engineering Institute and IEEE Computer Society, 1998
• Paper: Simulation and Visualization of Survivability Problems and Solutions. The 1999 Software Engineering Symposium—Improving the State of Software Engineering. Pittsburgh, PA, August 30-September 22, 1999

Survivability Engineering

Overview

• Paper: Foundations for Survivable Systems Engineering html | pdf, May 2002 (html)

Requirements Engineering

•  
• Technical Report: Security Quality Requirements Engineering (SQUARE) Methodology November 2005 (pdf)
• Special Report: Security Quality Requirements Engineering (SQUARE): Case Study on Asset Managment System, Phase II May 2005 (pdf)
• Special Report: Systems Quality Requirements Engineering (SQUARE) Methodology: Case Study on Asset Management System December 2004 (pdf)
• Technical Note:SQUARE Project: Cost/Benefit Analysis Framework for Information Security Improvement Project in Small Companies November 2004 (pdf)
• Technical Note: Requirements Engineering for Survivable Systems September 2003 (pdf)
• Paper: Requirements Definition for Survivable Network Systems (pdf)

Survivable Systems Analysis

• Technical Note: Trustworthy Integration: Challenges for the Practitioner October 2005 (pdf)
• Technical Report: Security and Survivability Reasoning Frameworks and Architectural Design Tactics September 2004 (pdf)
• Technical Report: Trustworthy Refinement Through Intrusion-Aware Design March 2003 (pdf)
• Technical Note: Applying FSQ Engineering Foundations to Automated Calculation of Program Behavior February 2003 (pdf)
• Paper: Trustworthy Refinement through Intrusion-Aware Design (TRIAD): An Overview February 2003 (pdf)
• Technical Note: Flow-Service-Quality (FSQ) Engineering: Foundations for Network System Analysis and Development. June 2002 (pdf)
• Paper: Overview of The Survivable Systems Analysis Method. September 2000
• Presentation: The Survivable Network Analysis Method: Assessing Survivability of Critical Systems (pdf)
• Technical Report: Survivable Network Analysis Method. September 2000 (pdf)
• Technical Report: A Case Study in Survivable Network System Analysis. September 1998 (pdf)
• Technical Report: Survivable Network System Analysis: A Case Study, (condensed version of SEI Technical Report CMU/SEI-98-TR-014, ESC-TR-98-014) published in July/August 1999 issue of IEEE Software (pdf)
• Tutorial: The Survivable Network Analysis Method: Assessing Survivability of Critical Systems (pdf)
• Paper: Systematic Generation of Stochastic Diversity as an Intrusion Barrier in Survivable Systems Software

Models and Templates

• Technical Report: Life-Cycle Models for Survivable Systems October 2002 (pdf)
• Technical Note: Can We Ever Build Survivable Systems from COTS Components? December 2001 (pdf)
• Technical Report: Foundations for Survivable System Development: Service Traces, Intrusion Traces, and Evaluation Models October 2001 (pdf)
• Technical Note: Architectural Refinement for the Design of Survivable Systems October 2001 (pdf)
• Technical Note: Attack Modeling for Information Security and Survivability. March 2001 (pdf)
• Technical Report: A Simulation Model for Managing Survivability of Networked Information Systems. December 2000 (pdf)
• Paper: A Research Agenda for Survivable Systems, published in the Proceedings of the Third Information Survivability Workshop (ISW 2000), October 24-26, 2000 (pdf).
• Paper: Life-Cycle Models for Survivable Systems, published in the Proceedings of the Third Information Survivability Workshop (ISW 2000), October 24-26, 2000 (pdf)
• Paper: Life-Cycle Considerations for Survivable Systems, Cutter IT E-Mail Advisor, Vol. 10, no. 1 (January 2000)
• Paper: Survivability through Intrusion-Aware Design (pdf)
• Presentation: Lifecycle Models for Survivable Systems (pdf)

Analysis & Trends

• Presentation: Can Secure Systems be Built Using Today's Development Processes? Summary (pdf) | Panel Presentation June 2004 (pdf)
• Special Report: International Liability Issues for Software Quality July 2003 (pdf)
• Special Report: Tracking and Tracing Cyber-Attacks: Technical Challenges and Global Policy Issues November 2002 (pdf)
• Presentation: Protection of Critical Infrastructures: A New Perspective (ppt)
  A member of the CERT Analysis Center delivered this presentation at SC2002 in Baltimore.
• Paper: Models of Information Security Trend Analysis April 2002 (pdf)
• Presentation: Cyber Crime and Legislation February 2002 (ppt)
• Presentation: Cyberterrorism Fall 2001 (ppt)
• Technical Report: The Survivability of Network Systems: An Empirical Analysis. December 2000 (pdf)
• Technical Report: rlogin(1): The Untold Story. November 1998 (pdf)
• Technical Report: A Common Language for Computer Security Incidents. Sandia Report prepared by Sandia National Laboratories. October 1998 (pdf)
• Paper: An Analysis of Security Incidents on the Internet 1989-1995 April 1997
• Paper: Countering Cyber War Winter 2001-2002 (pdf)
• Paper: Intelligence Analysis for Internet Security

Other Survivability Information and Projects

Master's Theses

David Fisher and Howard Lipson were advisors for the following Master's theses:

• Survivability of the U.S. Electric Power Industry. May 2000 (pdf)
  Imju Byon
• Survivability Requirements for the U.S. Health Care Industry. May 2000 (pdf)
  Jose Caldera
• Study of the Interdependencies Within the Banking and Finance Infrastructure for Survivability Research. December 1999 (pdf)
  Yen-Ming Chen

Articles by the Research Staff

• Countering Cyber War. NATO Review, Winter 2001/2002 (pdf)
  Timothy Shimeall, Phil Williams, Casey Dunlevy
• Malicious IT Roundtable: Roundtable on Information Security Policy. IEEE Software, July 2000 (pdf)
  Attendees: Tim Shimeall, conducted by Dr. Nancy Mead
• Defending Yourself: The Role of Intrusion Detection Systems. IEEE Software, September/October 2000 (pdf)
  John McHugh, Alan Christie, Julia Allen

Software Engineering Institute:

Software Engineering Institute
Carnegie Mellon University

CMMI

Engineering

CIAC

CIAC provides on-call technical assistance and information to Department of Energy (DOE) sites faced with computer security incidents. This central incident handling capability is one component of all encompassing service provided to the DOE community. The other services CIAC provides are: awareness, training, and education; trend, threat, vulnerability data collection and analysis; and technology watch. This comprehensive service is made possible by a motivated staff with outstanding technical skills and a customer service orientation.

CIAC was established in 1989 to serve the DOE Community. CIAC is one of two oldest response teams and is recognized nationally and internationally for its contributions to the Internet community. CIAC is a founding member of FIRST, the Forum of Incident Response and Security Teams, a global organization established to foster cooperation and coordination among computer security teams worldwide.

WEBSITE-INDEX

CIAC Bulletins

C-Notes

Bundesamt für Sicherheit in der Informationstechnik

IT-Grundschutzhandbuch BSI

Sicherheit im Internet

Public Key Infrastructure (PKI) Umfangreiche Linksammlung zu diesem Thema

Fachgruppe Security der Schweizer Informatiker Gesellschaft

Vertrauensbildung im Electronic Commerce von Christine Wunderli, Urs E. Zurfluh, Henrik Czurda; Erstveröffentlichung im Rahmen der SIS2000

Ein Gateway zur sicheren Kopplung von E-Mail-Systemen an das Internet von Harald Weidner, Urs E. Zurfluh; Erstveröffentlichung im Rahmen der SIS2000

Cryptographic Key Recovery: Ein Beitrag zur Entspannung der Kryptographiediskussion von U. Belser, B. Federspiel, Th. Kessler, Ch. Kobel, D. Maurer, R. Oppliger, M. Schnyder, A. Thorn, G. Trenta, H. Walter

Distributed Systems Security: Sicherheits-Framework für Anwendungen in vernetzten Systemen von A. Beuchat, B. Federspiel, M. Isler, D. Maurer, A. Thorn, G. Trenta.

Sans Institute Top 20

The Center for Internet Security

IT-Audit

IT-Governance Portal

DFN Workshop 2005

• The Honeynet Project: Trends and Activities
  Lance Spitzner (Honeynet Project)
  Vortragsfolien PDF
• Das deutsche Honeynet-Project
  Thorsten Holz (German Honeynet-Project)
  Vortragsfolien PDF
• Sichere E-Mail-Lösungen auf Domänenbasis
  Stephan Wappler (Noventum)
  Vortragsfolien PDF
• Fremdzertifikate durch PKI-Kooperationen
  Henning Mohren (Fernuniversität Hagen)
  Vortragsfolien PDF
• Windows Eventlog in der forensischen Analyse
  Andreas Schuster (Deutsche Telekom)
  Vortragsfolien PDF
• Botnetze
  Tom Fischer (RUS-Cert)
  Vortragsfolien PDF
• Schutz kleiner Netze mit einer virtuellen DMZ
  Tillmann Werner (CERT-Bund)
  Vortragsfolien PDF
• DNS for fun and profit
  Peter Koch (DENIC eG)
  Roy Arends (Telematika Instituut)
  Vortragsfolien PDF
  Komplettes Paper PDF
• Neighbourhood Watch
  Jens Grabarske (DFN-CERT)
  Vortragsfolien PDF
• Neues zum Thema Trusted Computing
  Wilhelm Dolle (interActive Systems GmbH)
  Vortragsfolien PDF
• WLAN-Security - W(EP | PA | PA2)
  Matthias Hofherr (GeNUA mbH)
  Vortragsfolien PDF

Der DFN-Zusatz-Service zum Herunterladen: Empfohlene Security-Tools, Dokumente, Referenzen, Standards und Advisories - auch anderer Computer-Notfallteams. Den Index der Dateien finden Sie unter ftp://ftp.cert.dfn.de/pub/ls-lR.

News, Magazines and Resource Links

cnn.com computing, www.cnn.com/tech/computing

Computer Crime and Intellectual Property Section (CCIPS), an up-to-date site listing computer intrusion cases prosecuted in the US and including case details, damage and punishment, www.cybercrime.gov/cccases.html

e-commerce Times, www.ecommercetimes.com/news

Gartner Security & Privacy, www4.gartner.com/ 1_researchanalysis/focus/security_fa.html

High Tech Crime Consortium, www.hightechcrimecops.org/links.htm

Information Security Magazine, www.infosecuritymag.com

Infosyssec, the security portal for information system security professionals, www.infosyssec.net/infosyssec/index.html

Intelligence Online, the latest political and business intelligence news, www.intelligenceonline.com/

IT World—Newsletter, www.itworld.com

Network Computing, www.nwc.com

Security Focus, www.securityfocus.com

Security Management On-Line, www.securitymanagement.com

Security Search, The Internet Security Resource, www.securitysearch.net

TechRepublic, www.techrepublic.com/index.jhtml?_requestid=284

Windows and .NET Magazine Network—Security Administrator, www.ntsecurity.net

Mailing Lists

CERT (Computer Emergency Response Team), www.cert.org

Computer and Internet Security Resources, www.virtuallibrarian.com/legal/ccmailing.html

Computer Privacy Digest, www.uwm.edu/Org/comp-privacy/

FAQs, frequently asked questions on IT security, especially UNIX, www.faqs.org/faqs/computer-security

Internet Security Systems Alerts and Advisories, bvlive01.iss.net/issEn/delivery/xforce/alerts.jsp

Neohapsis archives and lists, contains numerous security and audit mailing lists including SANS and network computing alerts, Neohapsis.com

US and Canadian Governments

Computer Crime and Intellectual Property Section (CCIPS), Criminal Division, US Department of Justice, www.cybercrime.gov

Computer Incident Advisory Capability CIAC, US Department of Energy, www.ciac.org

National Institute of Standards and Technology (NIST), an agency of the US Commerce Department's Technology Administration, www.csrc.nist.gov

Safe Harbor, US Department of Commerce, www.export.gov/safeharbor

US Government Computer News (GCN), www.gcn.com/index.html

US National Criminal Justice Reference Center (Justice Department), www.ncjrs.org/alphtitl.html

US National Infrastructure Protection Center, www.nipc.gov

US National Security Agency, includes US government policy on IT information, data, cryptoplogy, etc., www.nsa.gov

US Office of the National Counter Intelligence Executive, the Computer Security Resource Center within the Computer Security Division of the Information Technology Laboratory at the National Institute of Standards and Technology (NIST), www.ncix.gov/pubs/index.html

Associations and Organizations

Anti Virus Information Exchange Network, www.avien.org

Applied Computer Security Associates, www.acsac.org/acsa

Association for Computing Machinery, www.acm.org

Better Business Bureau Online, www.bbbonline.org/businesses

Center for Internet Security, www.cisecurity.org

CERIAS, a center for multidisciplinary research and education in areas of information security, Purdue University, www.cerias.purdue.edu

CISSP OSG, the Certified Information Systems Security Professional study site, www.cccure.org

Communications Management Association (CMA), www.thecma.com

Computer Security Institute, www.gocsi.com

Cotse, The Computer Professional's Reference, www.cotse.com/home.html

CyberAngels, www.cyberangels.org

Cyberspace Policy Institute, www.cpi.seas.gwu.edu

Federal Information Systems Security Educators' Association, www.csrc.nist.gov/organizations/fissea/index.html

Financial Services Technology Consortium, www.fstc.org

HackerWatch, an antihacker online community, www.hackerwatch.org

Information Assurance Advisory Council (UK), www.iaac.org.uk

Information Security Interest Group (ISIG), www.isig.org.au

Information Systems Audit and Control Association (ISACA), www.isaca.org

Information Systems Security Association (ISSA), www.dev.issa.org

Information Technology Association of America, www.itaa.org

Institute of Communications, Arbitration and Forensics, www.theicaf.com

Institute of Internal Auditors (IIA), www.theiia.org/iia/index.cfm

International Crime Prevention through Environmental Design (CPTED) Association, www.cpted.net

International Centre for Security Analysis (ICSA), www.icsa.ac.uk/Main/home-frame.htm

Internet Engineering Task Force, www.ietf.org

IT Governance Institute, www.ITgovernance.org

Joint Security Industry Council (UK), www.psiact.org.uk/index.htm

National Colloquium for Information Systems Security Education, www.ncisse.org

National Electronic Authentication Council (NEAC), www.noie.gov.au/projects/consult/NEAC/index.htm

Open Mobile Alliance, www.wapforum.org

SANS Institute, www.sans.org

TRUSTe (privacy resource site), www.truste.org/index.html

21st Century Money, Banking & Commerce, highlights financial service's developments and trends, including new structures for transactions and ventures, the growth of electronic banking and e-cash, that will shape the future of banking, www.ffhsj.com/bancmail/bancpage.htm

Standards

European Telecommunications Standards Institute (ETSI), www.etsi.org

International Standards, www.isostandards.com.au

Standards Australia, www.standards.com.au

UK Computer Laws and Regulations, www.ja.net/cert/

General Interest

AntiOnline, www.antionline.com/index.php

Cartome, www.cartome.org

Common Vulnerabilities and Exposures (CVE), a list of standardized names for vulnerabilities and other information security exposures, cve.mitre.org/about/

Computer Forensics, www.computer-forensics.com

Cryptome, www.cryptome.org

Dshield, Distributed Intrusion Detection System, www.dshield.org

Honeynet Project, a nonprofit research group of 30 security professionals dedicated to information security, www.project.honeynet.org

Internet.org, the Internet's Threat Monitor, www.incidents.org

IT Security Awareness, Carnegie Mellon, Software Engineering Institute, www.sei.cmu.edu/publications/documents/99.reports/99tr017/99tr017abstract.html

National Fraud Information Center, www.fraud.org

Native Intelligence Inc., www.nativeintelligence.com

SecuritySearch.Net—The Internet Security Resource, www.securitysearch.net

Spam Cop, www.spamcop.net

Special technical site—Port Numbers and Assignments, www.iana.org/assignments/port-numbers

Technical Surveillance Counter Measures, www.tscm.com

Vmyths.com—Truth About Computer Virus Myths and Hoaxes, www.vmyths.com

Web Accessibility Initiative, www.w3.org/WAI/

World Information Technology and Services Alliance (WITSA), www.witsa.org/papers/cip.htm