CompTIA Security_ Deluxe Study Guide_ SY0-201 - Emmett Dulaney [243]
CERT Coordination Center The CERT/CC is a federally sponsored partnership in conjunction with Carnegie Mellon University that provides Internet security expertise. CERT offers a wide variety of information about current threats and best practices in security. The website is http://www.cert.org. One of the most interesting pages you can find there details the steps to take to recover after your computer has been compromised; this is located at http://www.cert.org/tech_tips/win-UNIX-system_compromise.html.
Computer Security Institute Computer Security Institute (CSI) is a professional organization that offers national conferences, membership publications, and information on computer security issues. CSI is one of the oldest societies in this area. The website is http://www.gocsi.com.
European Institute for Computer Anti-Virus Research European Institute for Computer Anti-Virus Research (EICAR) is an association of European corporations, schools, and educators that are concerned with information security issues. The website is http://www.eicar.org.
LinuxSecurity The latest news and articles related to Linux security issues can be found here. The website is http://www.linuxsecurity.com.
McAfee Corporation McAfee is a leading provider of antivirus software. The company’s site provides information and updates for its software. The website is http://www.mcafee.com.
National Institute of Standards and Technology National Institute of Standards and Technology (NIST) is the governmental agency involved in the creation and use of standards. These standards are generally adopted by governmental agencies, and they are used as the basis for other standards. NIST has an organization specifically addressed to computer issues: the Computer Security Response Center (CSRC). The CSRC/NIST maintains a database of current vulnerabilities and other useful information. The website is http://www.csrc.nist.gov.
National Security Institute The National Security Institute (NSI) is a clearinghouse of information relating to security. This site offers a wealth of information on many aspects of physical and information security, including a free e-newsletter. The website is http://www.nsi.org.
SANS Institute The SysAdmin, Audit, Network, Security (SANS) Institute is a research and educational organization. SANS offers seminars, research, and other information relating to the security field. The website is http://www.sans.org.
Security Focus General news and information on security topics of all sorts are archived here. There is also a weekly newsletter that you can subscribe to. The website is http://www.securityfocus.com.
Symantec Corporation Symantec is a leading provider of antivirus software. Its website lists current threats, provides research abilities, and gives information about information security. The website is http://www.symantec.com.
Trade Publications
Numerous trade publications exist that address issues relating to security at different levels of difficulty. Some of these publications are good sources of overview information and case studies; others go into the theoretical aspects of security. Trade publications are good places to start in furthering your education. Remember that one of the most valuable jobs you perform is to consult for your organization on current issues in the field. Following is a brief list of trade publications you might find useful in your quest for knowledge and websites where you can subscribe:
2600: The Hacker Quarterly This interesting little magazine provides tips and information on computer security issues. Don’t let the name fool you—there is a wealth of information on current issues about security in this magazine. The website is http://www.2600.com.