|Standards and Related Documents||Commercial Companies & Resources|
Standards and Related Documents
- ISO/IEC 15408: Evaluation criteria for IT Security
: equivalent to NIST’s Common Criteria (CC) Version 2.1
: downloadable from ISO’s Publicly Available Standards Page
- ISO/IEC 13335: Guidelines for the management of IT Security (GMITS)
- ISO/IEC TR 13335-1: 1996 Part 1: Concepts and models for IT Security
- ISO/IEC TR 13335-2: 1997 Part 2: Managing and planning IT Security
- ISO/IEC TR 13335-3: 1998 Part 3: Techniques for the management of IT Security
- ISO/IEC TR 13335-4: 2000 Part 4: Selection of safeguards
- ISO/IEC WD 13335-5: 1999 Part 5: Management guidance on network security
- BS 7799 – The Standard for Information Security Management from BSI
- ISO/IEC 17799:2000 / BS 7799-1:1999 – Code of practice for information security management
- BS 7799-2:1999 – Specification for Information Security Management Systems
- DISC PD 3000 Information Security Management: An Introduction
- DISC PD 3001 Preparing for BS7799 Certification
- DISC PD 3002 Guide to BS7799 Risk Assessment and Risk Management
- DISC PD 3003 Are you ready for a BS7799 Audit?
- DISC PD 3004 Guide to BS7799 Auditing
- DISC PD 3005 Selecting BS7799 Controls
- Summary of controls used in BS 7799 and their relationship to CID protective mechanisms by Fred Cohen & Associates
- Toward Standardization of Information Security: BS 7799, Timothy Stacey, SANS Institute Information Security Reading Room, September 22, 2000.
- CobiT: Control Objectives for Information and related Technology (3rd Ed., July 2000)
- Executive Summary (23 pages)
- Framework (75 pages)
- Management Guidelines (129 pages) (ppt presentation)
- Control Objectives (155 pages)
- Audit Guidelines (ISACA members only)
- Implementation Tool Set (92 pages)
- Control Objectives for Enterprise Governance (54 pages, Discussion Document)
- Information Systems Audit and Control Association (ISACA)
- IT Governance Institute
- Related IETF RFCs
- Best Current Practice (BCP)
- For Your Information (FYI)
- RFC 3013(BCP0046): Recommended Internet Service Provider Security Services and Procedures, T.Killalea, November 2000.
- RFC 2504(FYI0034): Users’ Security Handbook, E.Guttman, L.Leong and G.Malkin, February 1999.
- RFC 2196(FYI0008): Site Security Handbook, B.Fraser, September 1997.
- NIST Special Publications
- Draft: Implementing Internet Firewall Security Policy (18 pages), April 1998 (local copy).
- Draft: Internet Security Policy: A Technical Guide (multi-parts), July 1997 (local copy).
- SP 800-18: Guide for Developing Security Plans for Information Technology Systems (101 pages), December 1998 (local copy).
- SP 800-14: Generally Accepted Principles and Practices for Securing Information Technology Systems (60 pages), September 1996 (local copy).
- SP 800-12: Introduction to Computer Security: The NIST Handbook (290 pages), October 1995 (local copy).
Commercial Companies & Resources
- SecurityPortal: Feature Archives
- SecurityFocus: Bugtraq Archive, Security Library
- INFOSYSSEC The Security Portal for Information System Security Professionals
- Help Net Security
- Security Informer
- SecuritySearch.Net searchable directory of IT security web sites
- Internet/Network Security one of the About Network[Consulting/Managed Security Services]
- IT Consulting one of the About Network
- BORAN Consulting: IT Security Cookbook
- Avolio Consulting
- Core Competence A full-service internetworking, broadband, security, and network management consulting firm
- Fred Cohen & Associates
- Rysavy Research consulting in data communications
- MSP Association
- AT&T Information Security Center Consulting Group
- IBM Global Services
- Lucent Worldwide Services Security Consulting
- PGP Security Professional Services: Product Consulting, Custom Security Consulting, Remote-Managed Services, etc.
- myCIO.com Online and onsite managed security services
- Counterpane Internet Security Managed security monitoring services
- Internet Security Systems (ISS) Managed security services & Consulting
- WatchGuard Technologies LiveSecurity Service
- Gamma Secure Systems Limited ITSEC and ISO/IEC 17799 (formerly BS7799)
- Pentasafe Security Technologies (formerly Baseline Doftware), Information Security Policy[Market Research & Analysis]
- Aberdeen Group
- ARC Group
- Arther D Little
- Arthur Andersen
- Cahners In-Stat Group
- Datacomm Research Company
- Dittberner Associates
- Ernst & Young
- Evans Data Corporation
- Forrester Research
- Frost & Sullivan
- Gartner Group (Dataquest is a unit of Gartner Group)
- Giga Information Group
- Hurwitz Group
- Infonetics Research
- Insight Research Corporation
- Meta Group
- Miercom product tests
- Jupiter Research Internet commerce
- Patricia Seybold Group e-business
- Tolly Group product tests
- TowerGroup financial services
- YANKEE Group[Other Resources]
- MITRE’s Information Security Technical Center
- CIO Council Federal Best Security Practices (BSPs)
- CERT Coordination Center
- SANS Institute Online
- IBM Security
- ISP-Planet’s Managed Security Services Page
- Audit Net links, tools and resources developed for the benefit of the Audit Profession
- Risk Analysis Resource
- The Power Issue, NetworkWorld, Julie Bort, December 22, 2003.
- 2003: Enterprise product reviews, Infoworld, December 19, 2003.
- Infosec is news: in the year of the worm, Ben Rothke, SCmagazine, December 19, 2003.
- Time to act: New challenges in 2004, Marcia Savage, SCmagazine, December 19, 2003.
- InfoWorld’s anniversary: 25 years of technology, InfoWorld, December 16, 2003.
- Introducing Defense-in-Depth to a Small ISP, Rodney Anderson, SANS Reading Room, November 12, 2003. (local copy)
- Computer and Communications Security, MCI Worldcom, November 2003. (local copy)
- Widgets Won’t Fly, STEPHEN NORTHCUTT, InformationSecurity, November 2003.
- The State of IT Security 2003, Scott Berinato, CIO magazine, October 2003.
- We Asked, You Told: Our Second Annual Reader Survey, David Joachim, NetworkComputing, October 30, 2003. (local copy)
- Survey and Analysis of Security Issues in the U.S. Banking and Finance Sector, ISTS(Institute For Security Technology Studies), September 2003. (local copy)
- Network Security: Submarine Warfare, DAN HOUSER, InformationSecurty, August 2003.
- Why Your Network May Not Be As Secure As It Should Be – How Simplifying Can Make Your Network More Secure, eSoft, Inc., August 1, 2003. (local copy)
- IT Spending Outlook – As of Third Quarter 2003, Unisys, July 1, 2003. (local copy)
- Secured View: System Development Maintenance, Avinash Kadam, Networkmagazineindia, July 2003.
- Exposing the Future of Internet Security, Robert Clyde, Extremetech, April 8, 2003. (printerble version)
- 10 Hottest Technologies, Telecommunications Magazine, April 2003.
- Reassessing security: New tools and techniques, Network World’s Special Report, February 12, 2003. (local copy)
- The Sad And Increasingly Deplorable State Of Internet Security, David Piscitello and Stephen Kent, Business Communication Review, February 2003. (local copy)
- Secure physical infrastructure too, Avinash Kadam, Networkmagazineindia, February 2003.
- Secure to the Core, Greg Shipley, NetworkComputing, January 23, 2003. (local copy)
– Tactical Security 101, Greg Shipley, NetworkComputing, January 23, 2003. (local copy)
- Trends in Security Technology, META Group Inc., January 2003. (local copy)
- Trustworthy Computing in 2002, Chris Pike, Newsforge, January 02, 2003.
- Privacy and Data Protection: Mitigating the risks of information exposure, Waveset, 2003. (local copy)
- Get ready to fight future threats, Jon Tullett, SCmagazine, December 2002.
- Information Technology – Essential But Vulnerable:Internet Security Trends, Richard D. Pethia, CERT/CC, November 19, 2002.
- Network Security Perimeters, Network World’s Special Report, November 04, 2002. (local copy)
- Computer Network And Security, SSN School of Advanced Software Engineering, October 10, 2002. (local copy)
- Does Size Matter?, Andrew Briney & Frank Prince, 2002 ISM(INFORMATION SECURITY MAGAZINE) Survey, September 2002. (local copy)
- Strategies & Issues: Thwarting Insider Attacks, Jim Carr, NetworkMagazine, September 4, 2002.
- An Introduction to Network Security in Embedded Devices, Wind River Systems, August 31, 2002. (local copy)
- Introduction to Network Security(Version 1.0), CMS consulting, August 29, 2002. (local copy)
- Test Center Research Report: Security, Infoworld, August 16, 2002.
- Secure Infrastructure Design, CERT/CC, August 12, 2002. (local copy)
- Security? The Challenges Of Today And Tomorrow, Ian Kilpatrick, Wick Hill Group, August 2002.
- Looking beyond firewalls for security, NetworkWorld, July 29, 2002.
– Other content security angles
– Questions to ask when selecting content security products
- IT Security: Closing the Dollar Gap, NCR Corporation, July 1, 2002. (local copy)
- Perimeter Defense Model for Security, Adam Lipson, SCmagazine, June 2002.
- Security Architecture: Layered Insecurity, Richard Mackey, Infosecurity Magazine, June 2002.
- Information Security Midyear 2002 Update: An Overview for Network Executives, NetworkWorld’s Special Report, June 2, 2002. (local copy)
- Simplicity and Awareness ? Keys to Network Security, Richard Bejtlich, Business Briefing, 2002. (local copy)
- SECURITY : OUTTA SITE, Jayne Parkhouse, SCmagazine, May 2002.
- Ensure the Reliability, Security, and Performance of Your Network, Sprint, April 30, 2002. (local copy)
- Understanding the Gaps in Network Security – How Comprehensive Content Monitoring is Raising the Bar, Vericept, April 1, 2002. (local copy)
- Analysis of Return on Investment for Information Security, Getronics, April 2002. (local copy)
- The Most Commonly Overlooked Security Holes, Todd Lawson, SCmagazine, January 3, 2002.
- Why Your Network May Not Be As Secure As It Should Be : How Simplifying Can Make Your Network More Secure, eSoft, Inc., January 1, 2002. (local copy)
- Cryptographic software solutions and how to use them, Kurt Seifried, Serifried.org, 2001.
- The Value of a Layered Security System, Buky Carmeli, SCmagazine, November, 2001.
- The 60 Minute Network Security Guide(First Steps Towards a Secure Network Environment), National Security Agency, October 16, 2001. (local copy)
- Liability and Computer Security: Nine Principles, Ross Anderson, Cambridge University, October, 2001. (local copy)
- Protecting information from exposure, Kurt Seifried, Serifried.org, September 10, 2001.
- Call to Action, CERIAS(The Center for Education and Research in Information Assurance and Security) at Purdue University, September, 2001. (local copy)
- Protecting yourself on the Internet, Advosys consulting, August 2001. (local copy)
- Security’s Best Friend, George V. Hulme, Informationweek, July 16, 2001
- Top 10 Security Mistakes, Computer World, July 09, 2001.
- Extended Description Techniques for Security Engineering, Guido Wimmel and Alexander Wieintner, Informatik, June 2001. (local copy)
- CERT O1 System and Network Security Practices, Julia Allen, NCISSE 2001: 5th National Colloquium for Information Systems Security Education, May 22-24, 2001. (local copy).
- Security Trends for 2001, CNET, provided by Giga Information Group.
- Network Security at the Dawn of the New Millenium – A Report on the State of Internet Security, Brett Glass, BoardWatch, January 2001.
- Expert Predictions for Security Trends In 2001, SANS SECURITY, Dec. 2000 (local copy)
- Integrated Security Suites, Mike Fratto, Network Computing, December 4, 2000.
- The Process of Security, BRUCE SCHNEIER, Information Security Magazine, April 2000.
- Hammering Out a Secure Framework (Evaluation of Security frameworks; Checkpoint’s OPSEC & Network Associates’ Active Security) Mike Fratto, Network Computing, January 24, 2000.
- The State of Security 2000, Philip Carden, Mike Fratto, Peter Morrissey, Robert Moskowitz and Greg Shiply, Network Computing, October 4, 1999.
- Foundations of Enterprise Network Security, Frederick M. Avolio, Data Security Management, February 1999.
- Security of the Internet, Cert CC, 1997.
- The IT Security Cookbook by S. Boran; 한글 번역본.
- Secure Execution Via Program Shepherding Vladimir Kiriansky, Derek Bruening, Saman Amarasinghe, Massachusetts Institute of Technology, July 2002. (local copy)
- Twenty Don’ts for ASP Developers Mark Burnett, SecurityFocus, July 3, 2002.
- Secure Coding David Wong, SecurityFocus, June 20, 2002.
- Security: Source Access and the Software Ecosystem Craig Mundie, Advanced Strategies and Policy Microsoft Corporation, June 2002. (local copy)
- Security and open source Roger Needham, HelpNet-security, June 2002.
- Security Standards Lawrence M. Walsh, Infosecuritymagazine, March 2002.
– Other Security Standards.
- Standard Expectations Lawrence M. Walsh, Infosecuritymagazine, March 2002.
- On the Importance of Secure Coding Hagai Bar-El, SecurityFocus, March 2002. (local copy)
- 4 Steps to Improved Security: Prevention, Detection, Forensics and Response, Jim Cavanagh, The Consultant-Registry, February 2002. (local copy)
- Network Security: The Business Value Proposition, Jim Cavanagh, The Consultant-Registry, January 2002. (local copy).
- Security and Desktop Client Architectures: The Road Ahead Wyse Technology Inc., January 1, 2002. (local copy)
- Security in Open versus Closed Systems – The Dance of Boltzmann, Coase and Moore Ross J. Anderson, Cambridge University, 2002. (local copy)
- Secure Programming Standards Methodology Manual Victor A. Rodriguez and Peter Vincent Herzog, Razvan Peteanu, October, 2001. (local copy)
- Windows patch management tools, Mandy Andress, Network World, March 03, 2003.
- Middle Managers, Bruce Boardman, NetworkComputing, February 6, 2003. (local copy)
- Hire Authorities, Jonathan Feldman, NetworkComputing, July 22, 2002. (local copy)
– IT, Dotted and Crossed: Contracting with Consultants, Sean Doherty, NetworkComputing, July 22, 2002. (local copy)
- New Security Threats – Stronger Defenses, Mike Fratto, NetworkComputing, May 6, 2002. (local copy)
- Small Gains Add Up to Big Benefits, Bruce Boardman, NetworkComputing, May 6, 2002. (local copy)
- Connect the Dots, Greg Shipley, NetworkComputing, March 25, 2002. (local copy)
- Security Information Management Tools: NetForensics Leads a Weary Fleet, Greg Shipley, NetworkComputing, March 25, 2002. (local copy)[Enterprise Security]
- Human Factors in Information Security, Gary Hinson, SecurityWriter, November 2003. (local copy)
- Enterprise Security: Who Do You Trust?, DAVID BIANCO, InformationSecurity, October 2003.
- Reducing “Human Factor” Mistakes, Dancho Danchev, EBCVG, August 04, 2003.
- Best Practices For Supporting Home Users, Matthew Tartaro, NetworkComputing, June 13, 2003. (local copy)
- Cover Story: Enterprise Security, Brian Pereira, NetworkmagazineIndia, April 2003.
– Information Security: A new approach
– Setting up defenses
– Security gets more defined
- Security Patch Management, International Network Services, March 2003. (local copy)
- Emerging Threats to the Employee Computing Environment, Websense, February 2003. (local copy)
- Enterprise Security: Moving From Chaos To Control With Integrated Security Management From Netiq, NetIQ, December 9, 2002. (local copy)
- Best Practices For Securing Enterprise Networks, David M. Piscitello and Lisa Phifer, December 2002. (local copy)
- Security Framework: Defining an enterprise-wide Security Framework, Rahaju Pal & Dhawal Thakker, Networkmagazineindia, November 2002.
- The Secure Enterprise : Practical advice for locking down enterprise nets, Special Report, NetworkWorld, October 21, 2002. (local copy)
– Practical patch management, Steve Ulfelder
– Security central, Paul Desmond
– Identity management begins with the humble password, Julie Bort
– Containing vulnerabilities, Bob Violino.
- Business-Driven Security: A Risk Mitigation Approach, TruSecure® Corporation, September 1, 2002. (local copy)
- Challenges and Requirements of Enterprise Security; an IDC White Paper Sponsored by Unisys, Unisys, September 1, 2002. (local copy)
- Security: Defending the extended enterprise, NetworkWorld, July 29, 2002. (local copy).
– Fortifying the firewall, Bob Violino
– Time for a new security model, Julie Bort
– The promise of all-in-one security, Jennifer Jones
– Cybersecurity law: What’s at stake?, Stewart Baker and Melanie Schneck
- Strategic Directions: the Secure Enterprise, CXO Media, May 4, 2002. (local copy)
- Enterprise Application Security Integration, Quadrasis, April 2002. (local copy).
- Corporate Countermeasures & Security Tools, Aim Publications LLC., January 1, 2002. (local copy).
- Enterprise Security: Chinks in the armor, Brian Pereira, Networkmagazineindia, December 2001.
– Security Assessment Methodology
– Enterprise Security Software
– Wake up to information security
- 5 Steps to Enterprise Security – Step 5: Vigilance, Peter Coffee, eWeek, December 10, 2001
- 5 Steps to Enterprise Security – Step 4: Response, Jim Rapoza, eWeek, December 03, 2001.
- 5 Steps to Enterprise Security – Step 3: Detection, Cameron Sturdevant, eWeek, Novemebr 26, 2001.
- 5 Steps to Enterprise Security – Step 2: Prevention, Timothy Dyck, eWeek, Novemebr 19, 2001.
- 5 Steps to Enterprise Security – Step 1: Assessment, Peter Coffee, eWeek, Novemebr 12, 2001.
- How to prevent corporate snooping, Auerbach Analysis, TechRepublic, November 27, 2001.
- Basic Security Checklist for Home and Office Users, Anton Chuvakin and Ken Dunham, SecurityFocus, November 05, 2001.
- Meeting the Security Challenges of Today’s Distributed Enterprise: Moving beyond Desktop and Server Protection to Enterprise-Level Centralized Control, Stonesoft Inc., March 1, 2001. (local copy)
- Improving Enterprise Security with Ecora’s Configuration Auditor, Andy Evans, Ecora Corp., April 30, 2001. (local copy)
- Security for Today’s Enterprise, The Applied Technology Group, Technology Guide Series, 2001 (local copy).
- Best Practices, Andrew Conry-Murray, Network Magazine, February 5, 2001.
- Best Practices in Network Security, Frederick M. Avolio, Network Computing, March 20, 2000.
- Best Practices for Enterprise Security, Microsoft TechNet.
- Mastering the Fundamentals: Part 1, Part 2, Part 3, RICHARD MACKEY and JONATHAN GOSSELS, Information Security Magazine, 2000.
- An Overview of Corporate Information Security – Combining Organisational, Physical & IT Security, S.Boran, Securityportal, December 13, 1999.
- The Survivor’s Guide to 2004, Mike Lee, NetworkComputing, December 16, 2003. (local copy).
– Business Strategy, David Joachim (local copy)
– Security, Mike Fratto (local copy)
– Network and Systems Management, Bruce Boardman (local copy)
– Mobile and Wireless, Dave Molta (local copy)
– Converged Voice, Video and Data, Sean Doherty (local copy)
– Storage and Servers, Steven Schuchart Jr. (local copy)
– Infrastructure, Peter Morrissey (local copy)
– Business Applications, Lori MacVittie (local copy)
– That was Now, This is Then, Fritz Nelson (local copy)
- VA Scanners Pinpoint Your Weak Spots, Kevin Novak, NetworkComputing, June 26, 2003. (local copy).
– Are You Vulnerable?, Greg Shipley, NetworkComputing, June 26, 2003. (local copy)
- Buying Spree, Andrew Briney and Frank Prince, InformationSecurity, May 2003. (local copy).
- The 9th Annual Well-Connected Awards, Mike Lee, Network Computing, May 1, 2003. (local copy)
– Well-Connected Awards: Security, Mike Fratto (local copy)
– Well-Connected Awards: Management, Bruce Boardman (local copy)
– Well-Connected Awards: Mobile, Dave Molta (local copy)
– Well-Connected Awards: Digital Convergence, Sean Doherty (local copy)
– Well-Connected Awards: Business Applications, Lori MacVittie (local copy)
– Well-Connected Awards: Infrastructure, Peter Morrissey (local copy)
– Well-Connected Awards: Storage, Steven Schuchart Jr. (local copy)
- 2003 Products Of The Year, Network Magazine, April 27, 2003.
- RSA Security 2003 IT Security Survey, The Emmes Group, April 2003. (local copy).
- The Survivor’s Guide to 2002: Introduction, Jim Hutchinson, NetworkComputing, December 17, 2001.
–Security (local copy)
*Online Only : Rational Responses to Irrational Events
–Network & Systems Management (local copy)
*Online Only : Waiting on Standards
–Mobile & Wireless Technology (local copy)
*Online Only : The Year That Was
–Digital Convergence (local copy)
–Service providers & Outsourcing (local copy)
–Business Applications (local copy)
–Infrastructure (local copy)
–Data Management & Storage (local copy)
– What it Takes to Survive a Walk on the Vendor Side-Corporate Profiles (local copy)
– 2002-The Drive to Thrive-Full Nelson
– Counting Down to 2002-The Inside Story
- 2001 Industry Survey, Andy Briney, InformationSecurity, October 04, 2001. (local copy).
-Survey archive : 2000, 1999, 1998
- Teleworking Top 10, STEVE JANSS, Network World, March 12, 2001.
- Shopping for speed, STEVE JANSS, Network World, April 16, 2001.
- Protecting the homefront, STEVE JANSS, Network World, May 14, 2001.[Management]
- eEye® Digital Security Whitepaper – Implementing a Successful Risk Assessment Strategy for Regulatory Compliance, eEye Digital Security, December 1, 2003. (local copy)
- Application Development Technology and Tools: Vulnerabilities and threat management with secure programming practices, a defense in-depth approach, Vilas Ankolekar, SANS Reading Room, November 10, 2003. (local copy)
- A Hidden Security Danger: Network Timing – The Role of Accurate Timing in Reducing Network Security Risk, Symmetricom, Inc., November 1, 2003. (local copy)
- Vulnerability Management: Tools, Challenges and Best Practices, Cathleen Brackin, SANS Reading Room, October 15, 2003. (local copy)
- Security Risk Management-Strategies for Managing Vulnerabilities and Threats to Critical Digital Assets, Foundstone, Inc., October 1, 2003. (local copy)
- Network Configuration Management – An Innovative, Additional Layer of Security, Voyence, September 8, 2003. (local copy)
- Vulnerabilities &; Vulnerability Scanning, Ken Houghton, SANS Reading Room, September 8, 2003. (local copy)
- Network- and Host-Based Vulnerability Assessments: An Introduction to a Cost Effective and Easy to Use Strategy, Ragi Guirguis, SANS Reading Room, September 8, 2003. (local copy)
- Proactive Security Policy Enforcement: A Practical Approach, NetIQ, September 2003. (local copy)
- A Security Guide For Acquiring Outsourced Service, Bee Tiow, SANS Reading Room, August 19, 2003. (local copy)
- Information Security: Managing Risk with Defense in Depth, Kenneth Straub, SANS Reading Room, August 12, 2003. (local copy)
- Basic: Vulnerability Assessment, Loyal A. Moses, HelpNet-Security, August 7, 2003. (local copy)
- Demonstrating ROI for Penetration Testing, Part Four, Marcia J. Wilson, SecurityFocus, October 7, 2003.
- Demonstrating ROI for Penetration Testing, Part Three, Jody Melbourne and David Jorm, SecurityFocus, August 20, 2003.
- Demonstrating ROI for Penetration Testing, Part Two, Marcia J. Wilson, SecurityFocus, August 4, 2003.
- Demonstrating ROI for Penetration Testing, Part One, Marcia J. Wilson, SecurityFocus, July 24, 2003.
- Risk Management Principles for Electronic Banking, Basel Committee, July 2003. (local copy)
- Guidelines for Security Vulnerability (version 1.0), OIS(Organization for Internet Safety), July 28, 2003. (local copy)
- Policy that lives, Illena Armstrong, SCmagazine, July 2003.
- Building and Implementing a Successful Information Security, Dancho Danchev, WindowsSecurity.com, 2003. (local copy)
- Auditing Web Site Authentication, Part Two, Mark Burnett, SecurityFocus, May 5, 2003.
- Auditing Web Site Authentication, Mark Burnett, SecurityFocus, April 24, 2003.
- Introduction to Simple Oracle Auditing, Pete Finnigan, SecurityFocus, April 29, 2003.
- Implementing Basic Security Measures, Mislav Gluscevic, HelpNet-Security, April 14, 2003.
- Presenting Security to Management and the Business, Charles Hornat, SecurityWriters, March 30, 2003.
- Strengthening Network Security with Automated Security Audits, Qualys, March 18, 2003. (local copy)
- Writing Information Security Policies – Sample chapter 7 “Email Security Policies”, Berislav Kucan, HelpNet-Seurity, March 11, 2003. (local copy)
- Strategies & Issues: Cost-Cutting Strategies at Mission Control, Doug Allen, Network Magazine, March 05, 2003.
- Watching the Watchers, Carole Fennelly, InformationSecurity, March 2003.
- Implementing Network Configuration Management, Network World Special Report, March 3, 2003. (local copy)
- Tips and Tricks Guide to Network Configuration Management, AlterPoint, February 2003. (local copy)
- Managing Information Security Risks: The OCTAVE Approach – Sample chapter 9 entitled “Conducting the Risk Analysis”, Berislav Kucan, HelpNet-Security, February 6, 2003. (local copy)
- Vulnerability Testing: Keeping a tight ship, Illena Armstrong, SCmagazine, Febrauary 2003.
- Danger money: The challenge of risk management, Richard Starnes, SCmagazine, Febrauary 2003.
- The Definitive Guide to Enterprise Manageability, NetIQ, January 1, 2003.
-Chapter 1: Microsoft’s Management Offerings, (local copy)
-Chapter 2: CCM for The Desktop, (local copy)
-Chapter 3: SMS as a solution, (local copy)
-Chapter 4: Backing up the Datacenter, (local copy)
-Chapter 5: Maintaining the Datacenter, (local copy)
-Chapter 6: MOM Implementation, (local copy)
-Chapter 7: Extended Management Packs for MOM, (local copy)
- Configuration Management, the Foundation for Effective Service Management, AlterPoint, November 2002. (local copy)
- How to Do a Complete Automated Risk Assessment: A Methodology Review, RiskWatch, November 1, 2002. (local copy)
- Risk Management & Security, RiskWatch, November 1, 2002. (local copy)
- How Effective is your Security Policy, Brian Pereira, Networkmagazineindia, November 2002.
- Security Policies: The right approach, Brian Pereira, Networkmagazineindia, November 2002.
- Writing an Information Security Policy, Avinash Kadam, Networkmagazine India, October 2002.
- 6 Myths About Security Policies, Al Berg, InformationSecurity, October 2002.
– Automating Policies, Andrew Briney
- Risk Assessment without Pain, RiskWatch, October 1, 2002. (local copy)
- Managed Vulnerability Assessment, Qualys, Technical Whitepaper, September 2002. (local copy)
- Strengthening Network Security With Web-Based Vulnerability Assessment, Qualys, Technical Whitepaper, September 2002. (local copy)
- Efficient Risk Management, ClearCommerce Corporation, September 1, 2002. (local copy)
- Assessing Internet Security Risk, Part Five: Custom Web Applications Continued, Charl van der Walt, SecurityFocus, October 8, 2002.
- Assessing Internet Security Risk, Part Four: Custom Web Applications, Charl van der Walt, SecurityFocus, October 3, 2002.
- Assessing Internet Security Risk, Part Three: an Internet Assessment Methodology Continued, Charl van der Walt, SecurityFocus, July 30, 2002.
- Assessing Internet Security Risk, Part Two: an Internet Assessment Methodology, Charl van der Walt, SeucirtyFocus, July 15, 2002.
- Assessing Internet Security Risk, Part One: What is Risk Assessment?, Charl Van der Walt, SecurityFocus, June 11, 2002.
- Security Scanning is not Risk Analysis, Laura Taylor, IntranetJournal, July 14, 2002.
- Understanding Vulnerability Assessment: A Guide to Managing Network Vulnerabilities, Qualys, July 08, 2002. (local copy)
- Making Security Policies Effective, BindView Development Corporation, July 1, 2002. (local copy)
- More Enforceable Security Policies, Lujo Bauer, Jarred Ligatti and David Walker, Princeton University, June 17, 2002. (local copy)
- From Business Policy to Network Policy, Steve House and Frank Cabri, SCmagazine, June 2002.
- Graphical Risk Analysis (GRA): A Methodology To Aid In Modeling Systems For Information Security Risk, Omar A. Herrera R., Securityfocus, 2002. (local copy)
- Design of a Role-based Trust-management Framework, Ninghui Li, John C. Mitchell & William H. Winsborough, Stanford Univ., 2002. (local copy)
- Approaches to choosing the strength of your security measures, Anton Chuvakin, Ph.D., LinuxSecurity, January 28, 2002.
- SAS IT Security Management, SAS Institute, January 2002. (local copy)
- Security Vulnerability Audit: Assessing Your Organization’s Security, Jim Cavanagh, The Consultant-Registry, January 2002. (local copy)
- Threats & Vulnerabilities: Security and Your Business, Jim Cavanagh, The Consultant-Registry, December 2001. (local copy).
- A Short Primer for Developing Security Policies(Presentation), SANS Institute, December 2001. (local copy)
- Management Planning Guide for Information Systems Security Auditing, National State Auditors Association and the U.S. General Accounting Office, December 10, 2001. (local copy)
- The Dawn of Electronic Risk Management, e-Security, Inc., Executive White Paper, December 1, 2001. (local copy)
- Vulnerability Assessment Guide, Symantec, White paper, November 2001. (local copy)
- Enforcing a corporate security policy, Rakesh Raghudharan, November 2001.
- Asset management: Know what you want, Maggie Biggs, ZDnet, November 20, 2001.
- Manage risks of free IM usage to gain business value, Maurene Grey and Robert Batchelder, TechRepublic, November 16, 2001.
- CrossNodes Product Briefing: Systems Management on Steroids Dayna Delmonico, Earthweb, October 29, 2001.
- CrossNodes Briefing: Framework Management Gerald Williams, Earthweb, October 22, 2001.
- Enforcing Your Bullet-Proof Security Policy Elizabeth Ferrarini, Earthweb, October 09, 2001.
- Establish a Bullet-Proof Security Policy Elizabeth Ferrarini, Earthweb, October 04, 2001.
- Introduction to Security Policies, Part Four: A Sample Policy Charl van der Walt, Securuty Focus, October 22, 2001.
- Introduction to Security Policies, Part Three: Structuring Security Policies Charl van der Walt, Securuty Focus, October 09, 2001.
- Introduction to Security Policies, Part Two: Creating a Supportive Environment, Charl van der Walt, Security Focus, September 24, 2001.
- Security Management: Making Sense Of Events, BCR, September 2001, King, Christopher M. (local copy).
- Enterprise Security Assessment, Sprint, August 2001. (local copy).
- Introduction to Security Policies, Part One: An Overview of Policies, Charl van der Walt, Securit Focus, August 27, 2001.
- CrossNodes Briefing: Is Your Network Directory-Enabled? Gerald Williams, Earthweb, October 08, 2001.
- Quality Assurance checklist for outsourced projects TechRepublic, 2001. (local copy).
- OCTAVE Threat Profile (14 pages), C. Alberts and A. Dorofee, CMU/SEI, Cert/CC, April 27, 2001. (local copy).
- Protection Information Assets in a Dangerously Connected World IntraLinks Whitepaper, April 16, 2001. (local copy)
- A framework for e-mail and Internet usage policies for your enterprise, Paul Baldwin, TechRepublic, January 22, 2001
- The five fundamentals of IT consulting, Rick Freedman, TechRepublic, January 22, 2001.
- Managed Security Monitoring: Network Security for the 21st Century, Bruce Schneier, Counterpane, 2001. (local copy)
- Acceptable Use Policy, Keith Palmgren, Securityportal, November 03, 2000.
- Risk-Assessment Strategies, Brooke Paul, Network Computing, October 30, 2000.
- Emerging Technology: Create Order with a Strong Security Policy, Network Magazine, 07/10/00.
- ESM (Enterprise Security Management), ASAP, Dale Gardner, Information Security Magazine, June 2000.
- Secure Strategies – Audits, Assessments & Tests (Oh, My): Part 1, Part 2, Part 3, Part 4, Information Security Magazine, 2000
- Developing and Implementing Organizational Policy – Chapter from The NCSA Guide to Enterprise Security (McGraw Hill, 1996), M.E. KABAY, Information Security Magazine, March 2000 (local copy).
- Practices for Securing Critical Information Assets (98 pages), CIAO (Critical Infrastructure Assurance Office), January 2000 (local copy).
- Information Security Risk Assessment: Practices of Leading Organizations (50 pages), GAO (General Accounting Office), GAO/AIMD-00-33, November 1999 (local copy).
- Threat and Risk Assessment Working Guide (132 pages), Government of Canada (GOC), Communications Security Establishment (CSE), October 1999 (local copy).
- Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE) Framework, Version 1.0 (84 pages), C.J.Alberts, S.G.Behrens, R.D.Pethia and W.R.Wilson, Carnegie Mellon Software Engineering Institute, CMU/SEI-99-TR-017, June 1999 (local copy).
- Executive Guide: Information Security Management: Learning From Leading Organizations (69 pages), GAO (General Accounting Office), GAO/AIMD-98-68, May 1998 (local copy).
- Survivable Network Systems: An Emerging Discipline (51 pages), R.J.Elison et al., CMU/SEI-99-TR-013, November 1997 (revised: May 1999) (local copy).
- Network Security Policy: Best Practices White Paper, Cisco White Paper.
- Got Discipline?, Mike Fratto, NetworkComputing, May 29, 2003. (local copy).
– Policy Enforcers, Mike Fratto, NetworkComputing, May 29, 2003. (local copy).
- Outsourcing Managed Security Services, CERT/CC, January 21, 2003.
- In depth: Outsourcing security may fit smaller businesses, Auerbach Analysis, TechRepublic, December 25, 2001
- So Now You’re Faced with Managing Security?, Laura Taylor, IntranetJournal, Novemebr 2001.
- Proactive vs. Reactive Security, Richard Steinberger, Vigilante.com, October 2001.
- QUANTIFYING INFOSECURITY, Information Security Magazine, September 2001.
- Five-Star Service, Network Computing, August 27, 2001. (local copy).
- Managing Managed Security, Information Security Magazine, January 2001.
- What To Look For In A Managed Security Provider, ISP-Palnet, November 13, 2000.
- Offer Managed Security, Anti-Virus Services: Partner with myCIO.com, ISP-Palnet, September 7, 2000.
- SECURITY STRATEGIES – A Welcome Intrusion (managed Intrusion-Detection services), InternetWeek, May 29, 2000.
- Best-of-Breed Platform For Managed Security Services, ISP-Palnet, February 10, 2000.
- Outsourcing Security, Network Magazine, 02/01/00.
- Protecting Your Organization From Electronic Message Viruses, Security Focus, May 30, 2001.
- Secure online behavior
- Secure Online Behavior: Developing Good Security Habits, Sunil Hazari, Security Focus, May 28, 2001.
- Secure Online Behavior, Part II: Secure E-Mail Behavior, Sunil Hazari, Security Focus, June 20, 2001.
- Secure Online Behavior, Part Three: Using the World Wide Web, Sunil Hazari, Security Focus, July 02, 2001.