Computer Security for Business Seminar References |
|||
1. Basic Computer Security Glossary of Terms - (Printer-friendly) This is an NSA (National Security Administration) Glossary of Terms
Used in Security and Intrusion Detection. In April of 1998, the NSA completed a
glossary of terms used in computer security and intrusion detection. The work,
done primarily by Greg Stocksdale of the
NSA Information Systems Security Organization, was comprehensive,
accurate and useful. Because of the value of a comprehensive glossary, the SANS
Institute is undertaking a community-wide program to expand and update the
glossary on a continuing basis.
Computer Security Predictions for 2003 Finally, a Real Return on Security Spending Change Your Company�s Culture to Combat Social Engineering Attacks Information Security Policy - This is a download site for TechRepublic for a set of guidelines for an Information Security Policy. Tech Republic requires you to join but it is free and has CIO level newsletters. The Slammer Blame Game - David Morgenstern fields reader comments about the SQL Slammer worm and its possible effects on remote-storage businesses. Who dropped the ball? The Spam Battle 2002: A Tactical Update - This paper presents an overview of the present state of the spam situation, with focus on the new fronts and tactics of the past two years. It briefly addresses the history of spam fighting by way of providing background, then presents policy and technical tools for the security-minded administrator to face these new fronts. 2001 Computer Loss Statistic Charts 3. Get More Security Information: At the heart of SANS are the many security practitioners in government agencies, corporations, and universities around the world who invest hundreds of hours each year in research and teaching to help the entire information security community. Details on computer incident response team can be found here. The Center for Internet Security is to help organizations around the world effectively manage the risks related to information security. CIS provides methods and tools to improve, measure, monitor, and compare the security status of your Internet-connected systems and appliances, plus those of your business partners. The "Top Twenty" automated scanning tool enables you to quickly and easily determine which vulnerabilities on the list are unpatched on your networks. You should check out this site if only to see the security awareness posters. This is focused on information security awareness. Native Intelligence, Inc. is a Maryland-based firm with a proven track record and excellent reputation for providing quality services to Government and private industry clients. Native Intelligence specializes in web-based training and awareness solutions. The CERT� Coordination Center (CERT/CC) is a center of Internet security expertise, located at the Software Engineering Institute, a federally funded research and development center operated by Carnegie Mellon University . Our information ranges from protecting your system against potential problems to reacting to current problems to predicting future problems. Our work involves handling computer security incidents and vulnerabilities, publishing security alerts, researching long-term changes in networked systems, and developing information and training to help you improve security at your site. Security Focus ensures the integrity of enterprises� assets through its SIA � Security Intelligence service. Established in February 1998, the NIPC 's mission is to serve as the U.S. government's focal point for threat assessment, warning, investigation, and response for threats or attacks against our critical infrastructures. These infrastructures, which include telecommunications, energy, banking and finance, water systems, government operations, and emergency services, are the foundation upon which our industrialized society is based. This White Paper explores the major components of a security assessment and how the offers of various security-consulting vendors differ. It explores issues of standardization, industry practice, organizational models, and risk measures. By combining these using a well-designed assessment methodology guided by a quality assessment tool, organizations can maximize the value they receive from a security assessment. |
|||