Several websites actively track security issues. This list provides you with the major providers
of security information on the Web. Many of these organizations also provide newsletters and
mailings to announce changes or security threats:
Center for Education and Research in Information Assurance and Security (CERIAS)
CERIAS is an industry-sponsored center at Purdue University that is focused on technology and
related issues. CERIAS provides news and information on technology threats. The website is
CERT Coordination Center The CERT/CC is a federally sponsored partnership in conjunction
with Carnegie Mellon University that provides Internet security expertise. CERT offers a
wide variety of information about current threats and best practices in security. The website is
Computer Security Institute (CSI) CSI is a professional organization that offers national conferences,
membership publications, and information on computer security issues. CSI is one of
the oldest societies in this area. The website is www.gocsi.com.
European Institute for Computer Anti-Virus Research (EICAR) EICAR is an association
of European corporations, schools, and educators that are concerned with information security
issues. The website is www.eicar.org.
McAfee Corporation McAfee is a leading provider of antivirus software. The companyís site
provides information and updates for its software. The website is www.mcafee.com.
National Infrastructure Protection Center (NIPC) The NIPC is a government agency concerned
with protecting the infrastructure of the United States. This includes Internet and other
technology areas. NIPC provides a wide variety of information, including international threats
and terrorist concerns. The website is www.nipc.gov.
National Institute of Standards and Technology (NIST) NIST is the governmental agency
involved in the creation and use of standards. These standards are generally adopted by governmental
agencies, and they are used as the basis for other standards. NIST has an organization
specifically addressed to computer issues: the Computer Security Response Center
(CSRC). The CSRC/NIST maintains a database of current vulnerabilities and other useful
information. The website is www.csrc.nist.gov.
National Security Institute (NSI) The NSI is a clearinghouse of information relating to security.
This site offers a wealth of information on many aspects of physical and information security. The
website is www.nsi.org.
SANS Institute The SysAdmin, Audit, Network, Security (SANS) Institute is a research and
educational organization. SANS offers seminars, research, and other information relating to the
security field. The website is www.sans.org.
Symantec Corporation Symantec is a leading provider of antivirus software. Its website lists
current threats, provides research abilities, and gives information about information security.
The website is www.symantec.com.
TruSecure TruSecure is a managed security organization that has been involved in security
since 1989. Its site provides a number of white papers, technical briefings, and other information
relevant to the computer security field. The website is www.truesecure.com.
Numerous trade publications exist that address issues relating to security at different levels of
difficulty. Some of these publications are good sources of overview information and case studies;
others go into the theoretical aspects of security. If you donít understand an article or paper,
trade publications are good places to start in furthering your education. Remember that one of
the most valuable jobs you perform is to consult for your organization on current issues in the
field. Following is a brief list of trade publications you may find useful in your quest for knowledge
and websites where you can subscribe:]
2600: The Hacker Quarterly This interesting little magazine provides tips and information
on computer security issues. Donít let the name fool youóthis is a wealth of information on current
issues in security. The website is www.2600.com.
Certification Magazine Certification Magazine covers the broad field of certification. It also
does features on the pros and cons of various certifications, and it contains articles related to the
computer profession. The website is www.certmag.com.
CIO CIO is a monthly publication that specializes in IT management issues and that periodically
offers security-related articles. Itís oriented toward IT management, and the presentations
tend to be high level. The website is www.cio.com.
CSO Magazine CSO is a monthly magazine focused on security executives. The website is
Information Security Magazine Information Security Magazine is a monthly publication that
focuses on computer security issues. The website is www.infosecuritymag.com.
InformationWeek InformationWeek addresses management and other issues of information
technology. This magazine provides updates in the field of technology. The website is
InfoWorld InfoWorld deals with PC issues from an IT management perspective. This magazine
offers regular articles on security and related topics. The website is www.infoworld.com.
Microsoft Certified Professional Magazine MCP Magazine is intended for certified Microsoft
professionals. It provides a wealth of technical articles, as well as general interest articles for
computer professionals. The website is www.mcpmag.com.
Windows & .NET Magazine Windows & .Net Magazine primarily focuses on issues
relating to Microsoft operating systems. It presents a number of general interest and security
articles, and itís one of the more technical magazines on Microsoft products. The website
sitesother, sitesseveral, websites, actively, provides, providers, organizations, newsletters, mailings, assurance, cerias, sponsored, purdue, website, www, edu, cert, coordination, cc, federally, partnership, conjunction, carnegie, mellon, expertise, offers, variety, practices, org, institute, csi, conferences, membership, publications, societies, gocsi, european, eicar, association, corporations, educators, mcafee, corporation, provider, antivirus, software, updates, infrastructure, nipc, includes, areas, terrorist, gov, nist, governmental, creation, generally, agencies, addressed, csrc, maintains, database, vulnerabilities, nsi, clearinghouse, relating, wealth, aspects, sans, sysadmin, audit, educational, seminars, symantec, lists, abilities, trusecure, technical, briefings, relevant, truesecure, fa, numerous, levels, difficulty, sources, overview, studies, theoretical, furthering, consult, quest, subscribe, hacker, quarterly, certification, features, pros, cons, various, certifications, contains, articles, profession, certmag, cio, monthly, publication, specializes, periodically, oriented, presentations, cso, executives, csoonline, focuses, infosecuritymag, informationweek, addresses, infoworld, pc, topics, microsoft, certified, mcp, professionals, mcpmag, primarily, operating, products, winnetmag,