Computer Security for Business Seminar References

Basic Computer Security Glossary of Terms


Useful Articles and Websites

Get More Security Information

1. Basic Computer Security Glossary of Terms - (Printer-friendly)

This is an NSA (National Security Administration) Glossary of Terms Used in Security and Intrusion Detection. In April of 1998, the NSA completed a glossary of terms used in computer security and intrusion detection. The work, done primarily by Greg Stocksdale of the NSA Information Systems Security Organization, was comprehensive, accurate and useful. Because of the value of a comprehensive glossary, the SANS Institute is undertaking a community-wide program to expand and update the glossary on a continuing basis.

2. Useful Articles and Websites:

Computer Security Predictions for 2003

Finally, a Real Return on Security Spending

Change Your Company�s Culture to Combat Social Engineering Attacks

Information Security Policy - This is a download site for TechRepublic for a set of guidelines for an Information Security Policy. Tech Republic requires you to join but it is free and has CIO level newsletters.

Help, we�ve been hacked!

The Slammer Blame Game - David Morgenstern fields reader comments about the SQL Slammer worm and its possible effects on remote-storage businesses. Who dropped the ball?

The Spam Battle 2002: A Tactical Update - This paper presents an overview of the present state of the spam situation, with focus on the new fronts and tactics of the past two years. It briefly addresses the history of spam fighting by way of providing background, then presents policy and technical tools for the security-minded administrator to face these new fronts.

Lifting Laptops

Laptop Theft

2001 Computer Loss Statistic Charts

3. Get More Security Information:

At the heart of SANS are the many security practitioners in government agencies, corporations, and universities around the world who invest hundreds of hours each year in research and teaching to help the entire information security community. Details on computer incident response team can be found here.

The Center for Internet Security is to help organizations around the world effectively manage the risks related to information security. CIS provides methods and tools to improve, measure, monitor, and compare the security status of your Internet-connected systems and appliances, plus those of your business partners. The "Top Twenty" automated scanning tool enables you to quickly and easily determine which vulnerabilities on the list are unpatched on your networks.

You should check out this site if only to see the security awareness posters. This is focused on information security awareness. Native Intelligence, Inc. is a Maryland-based firm with a proven track record and excellent reputation for providing quality services to Government and private industry clients. Native Intelligence specializes in web-based training and awareness solutions.

The CERT� Coordination Center (CERT/CC) is a center of Internet security expertise, located at the Software Engineering Institute, a federally funded research and development center operated by Carnegie Mellon University . Our information ranges from protecting your system against potential problems to reacting to current problems to predicting future problems. Our work involves handling computer security incidents and vulnerabilities, publishing security alerts, researching long-term changes in networked systems, and developing information and training to help you improve security at your site.

Security Focus ensures the integrity of enterprises� assets through its SIA � Security Intelligence service.

Established in February 1998, the NIPC 's mission is to serve as the U.S. government's focal point for threat assessment, warning, investigation, and response for threats or attacks against our critical infrastructures. These infrastructures, which include telecommunications, energy, banking and finance, water systems, government operations, and emergency services, are the foundation upon which our industrialized society is based.

This White Paper explores the major components of a security assessment and how the offers of various security-consulting vendors differ. It explores issues of standardization, industry practice, organizational models, and risk measures. By combining these using a well-designed assessment methodology guided by a quality assessment tool, organizations can maximize the value they receive from a security assessment.