Information System Security Graduate School Research Sources
Ranked #51,650 in How-To, #530,796 overall
Students enrolled in programs at institutions of higher education complete many projects while pursuing their respective degrees. I am presently enrolled in a Master of Science in Information Technology program with a specialization in Information Security (InfoSec). This lense will highlight the online sources that I have consulted to fulfill my program requirements. I may also list some sources that are available in print but the focus of this lense will be online sources.
Last Edited April 5, 2008
Last Edited April 5, 2008
Table of Contents
Security Organizations
Professional affiliations are resume boosters for any career minded individual. The following security organizations may be of interest to professionals and students involved in the security industry.
- Information Systems Security Association
- The ISSA is an unbiased third party organization made up solely of security practitioners and, as such, is not motivated by politics or profits; only the ethical professionalism of our members and their dedication to protecting information resources in a professional manner.
- International Biometric Industry Association
- The International Biometric Industry Association (IBIA) is a non-profit organization based in Washington DC that promotes biometrics as the most effective means of individual identification.
- Security Hardware Dealers Association
- The Security Hardware Dealers Association (SHDA) is a cooperative organization comprised of dealers and manufacturers of hardware components used for physical security.
- Center for Internet Security - Standards
- Benchmark Version Updated Windows XP Professional SP1/SP2 2.01 09/09/2005 Windows Server 2003 2.0 11/21/2007 Windows 2000 Professional 2.2.1 12/17/2004 Windows 2000 Server 2.2.1 12/17/2004 Windows 2000 1.2.2 02/04/2005 Windows NT 1.05
- NIST.gov - Computer Security Division - Computer Security Resource Center
- This is the NIST.gov Computer Security Division and CSRC website. The Computer Security Division is involved with many different projects. CSRC also provides many webpages based on these projects. To learn more about the work we do, visit our website.
- Introduction to NSA/CSS
- Education and Training Page
- ISO.org
- International Standards Organization
- SANS Institute - Network, Security, Computer, Audit Information & Training
- The SANS Institute, offering computer security training for system administrators, computer security professionals, and network administrators, is a cooperative research and education organization that has many consensus projects to return computer security information to the community.
- Security Industry Association - About: About SIA
- Industrial Security organization promoting training and certification.
- Web Security Context Working Group
- Web Security Context Working GroupFrom our charter: The
mission of the Web Security Context Working Group is to
specify a baseline set of security context information that should be
accessible to Web users, and practices for the secure and usable presentation
of this information, to enable users to - ISICA
- ISACA got its start in 1967, when a small group of individuals with similar jobs-auditing controls in the computer systems that were becoming increasingly critical to the operations of their organizations-sat down to discuss the need for a centralized source of information and guidance in the field. In 1969, the group formalized, incorporating as the EDP Auditors Association. In 1976 the association formed an education foundation to undertake large-scale research efforts to expand the knowledge and value of the IT governance and control field.
Incedent Handling and Reporting
The following resources may prove useful to individuals who have discovered an intrusion and must handle or report the incident.
- United States Computer Emergency Readiness Team
- The United States Computer Emergency Readiness Team (US-CERT) is a partnership between the Department of Homeland Security and the public and private sectors. Established in 2003 to protect the nation's Internet infrastructure, US-CERT coordinates defense against and responses to cyber attacks across the nation.
- Analysis of the Incident Handling Six-Step Process
- This webpage provices an analisys of the six-step process of incident handling as presented by Jim Murray to the Global Information Assurance Certification (GIAC).
Information System Security Certifications
Certifications in Information System Security are provided by a nymber of organizations. The two most well known organizations are the (ISC)²® and the GIAC. These two organizations offer the Certified Information System Security Professional (CISSP) and GIAC Silver certifications, respectively. Information on the certifications is available from the following links:
- ISC2.org
- (ISC)²® offers the CISSP, ISSAP, ISSMP, ISSEP, CAP, and SSCP certifications.
- Global Information Assurance Certification
- The GIAC certifications cover four Information Security disciplines, including: Security Administration, Management, Auditing and Software Security.
Certification Guides
CISSP Certification All-in-One Exam Guide, Fourth Edition
Amazon Price: $50.39 (as of 07/11/2009) 
Official (ISC)2 Guide to the CISSP CBK ((Isc)2 Press Series)
Amazon Price: $59.16 (as of 07/11/2009)
Operating System Security
Every operating system has vulnerabilities specific to the system. Here are some OS specific security resources classified by OS.
Apple OS
Contrary to popular belief, The MAC OS is not invulnerable. The following sources provide insight into how to maintain security on Apple systems.
- Apple Mailing Lists
- Mailing list from Apple providing security notifications.
- Developer Connection
- Apple website providing links to Apple related security articles.
Unix OS
UNIX has probably been around longer than any of the most popular current operating systems and as such has also been a target for the longest time. However, UNIX is also known as one of the most secure operating systems. Following are some links to UNIX resources.
- Matt's Unix Security Page
- This website published by a UNIX professional over a 10 year period provides many useful links desling with UNIX security.
- Unix Security
- This site comprises some usefull tools and tips for UNIX administrators.
- UNIX Security Checklist
- This checklist provided by CERT.org provides a comprehensive guide for ensuring the security of UNIX based systems.
Windows OS
As the most popular operating system in production today, Microsoft Windows is also known, rightly or wrongly as the least secure. We wind up with a collection of resources to aid in locking down Windows systems.
- WindowsSecurity.com
- A comprehensive cololection of articles and tools covering the current Microsoft releases and some older ones.
- A Home User's Security Checklist
- This checklist provided by Security Focus guides the home user through the steps to protect a personal implementation of Microsoft Windows.
- Secure your IIS Servers
- Microsoft Internet Information Server (IIS) comprises a number of known vulnerabilities and exploits. Secure your Web server against these known IIS vulnerabilities.
Information Security News
The field of Information System Security is constantly changing in response to new vulnerabilities, exploits, and threats. Following the current events is one of the best ways to stay abreast of those changes. Here are some of the most reputable sources of news in the InfoSEC INDUSTRY.
- SANS Top-20 2007 Security Risks (2007 Annual Update)
- The SANS Institute releases an annual update for the top 20 security risks. This is the update for 2007.
- The Internet Storm Center
- The SANS Internet Storm Center provides a snapshot of the current Internet security level providing insight into what to watch out for.
- Security Focus
- Security Focus is probably the premeir news site for the Information System Security professional.
- AEP debuts network access control appliance - Network World
- AEP Networks at Interop this week is announcing NACPoint, an appliance that guards against improperly configured computers attaching to networks.
Know the Enemy
When fighting a battle, the wise commander gets to know his enemy. This book demonstrates the tools and tricks that hackers use to exploit systems and how to protect those systems. This book is a required textbook for one of my security classes.
Hacking Exposed 5th Edition: Network Security Secrets And Solutions
Amazon Price: $40.62 (as of 07/11/2009)
Reader Feedback
Like this lens? Want to share your feedback, or just give a thumbs up? Be the first to submit a blurb!
Interviews
- The Net is now the weakest link
- Interview with the Symantec CEO.
None
- Computer Security Institute
- Computer Security Institute (CSI) provides education on information, computer and network security, through conferences (NetSec and Annual), seminars/training, membership association, newletter and publications.
Computer and Security Legislation
Threats and Vulnerabilities
This section provides research sources relation to Information Security threats and vulnerabilities.
- IBM Internet Security Systems Ahead of the Threat
- Internet Security Systems' X-Force organization delivers the latest information on Internet threats and vulnerabilities through notifications, such as X-Force Protection Advisories and Alerts. Along with information about the threat, these notifications provide customers with information about how IBM ISS products and services can protect against the threat.
- SANS Institute - Red Teaming: The Art of Ethical Hacking
- This paper justifies the need for Red Teaming which is a process designed to detect network and system vulnerabilities and test security by taking an attacker-like approach to system/network/data access, to provide an accurate situational awareness for network/system security.
- Smashing the Stack For Fun and Profit
- A hacker article describing a stack buffer overflow vulnerability in great detail.
by Hagrid
M. J. Rauch is a Senior Systems Engineer for a local consulting firm in Northwest Ohio and a Graduate Student in IT/InfoSec. He has over 20 years of... (more)
