Links
This page contains links to Web sites that contain information covering various topics related
to security and compliance. If you don't find what you need contact us at
info@GuideMarkSecurity.com so we can assist you.
-
APWG
The Anti-Phishing Working Group (APWG) is the global pan-industrial and law enforcement
association focused on eliminating the fraud and identity theft that result from phishing,
pharming and email spoofing of all types.
-
CERT
CERT, the home of the well-known CERT(R) Coordination Center, is located at
Carnegie Mellon University's Software Engineering Institute.
They study internet security vulnerabilities, research long-term changes in networked
systems, and develop information and training to help you improve security.
-
CERT - OCTAVE
OCTAVE® (Operationally Critical Threat, Asset, and Vulnerability EvaluationSM) is a suite
of tools, techniques, and methods for risk-based information security strategic assessment
and planning.
-
CVE - Common Vulnerabilities and Exposures
CVE® International in scope and free for public use, CVE is a dictionary of publicly known
information security vulnerabilities and exposures. CVE's common identifiers enable data
exchange between security products and provide a baseline index point for evaluating coverage
of tools and services.
-
FTC
The FTC deals with issues that touch the economic life of every American. It is
the only federal agency with both consumer protection and competition jurisdiction
in broad sectors of the economy. The FTC site has lots of good information including an informative and well made
video titled "Protecting Personal Information: A Guide for Business".
-
Insecure.Org
Nmap Free Security Scanner, Tools and Hacking resource.
-
IT Governance
This site is the U.S. one-stop-shop for a wide range of corporate and IT governance
information, guidance, books, tools and distance learning.
-
IT Security
IT Security is a news and information publication covering all aspects of the
IT Security marketplace. It was recently acquired by Tippit Inc. and has been
re-launched as the premier source worldwide for IT Security information. The
site provides original content covering viruses, vulnerabilities, news, events
and background information in the market. It has strong relationships with
members of the IT Security community and is rapidly building a unique,
high-quality community of users and vendors.
-
National Vulnerability Database
NVD is the U.S. government repository of standards based vulnerability management
data represented using the Security Content Automation Protocol (SCAP). This data
enables automation of vulnerability management, security measurement, and compliance.
NVD includes databases of security checklists, security related software flaws,
misconfigurations, product names, and impact metrics.
-
NIST
Founded in 1901, NIST is a non-regulatory federal agency within the U.S. Department
of Commerce. NIST's mission is to promote U.S. innovation and industrial
competitiveness by advancing measurement science, standards, and technology
in ways that enhance economic security and improve our quality of life.
-
NST - Network Security Toolkit
Free Open Source Security Toolkit. The toolkit was designed to provide easy access
to best-of-breed Open Source Network Security Applications and should run on most
x86/x86_64 platforms.
-
OVAL
Open Vulnerability and Assessment Language (OVALĀ®) is an international, information
security, community standard to promote open and publicly available security content,
and to standardize the transfer of this information across the entire spectrum of
security tools and services. OVAL includes a language used to encode system details,
and an assortment of content repositories held throughout the community. The language
standardizes the three main steps of the assessment process: representing configuration
information of systems for testing; analyzing the system for the presence of the specified
machine state (vulnerability, configuration, patch state, etc.); and reporting the results
of this assessment. The repositories are collections of publicly available and open content
that utilize the language.
-
SANSTM Institite
The SANS (SysAdmin, Audit, Network, Security) Institute was established in 1989 as
a cooperative research and education organization. Its programs now reach more than
165,000 security professionals around the world. The site has information about
certifications, standards, training, white papers,
information security plan development
and
security policy design.
-
SecurityDocs.com
SecurityDocs.com is a directory of information security articles, white papers, and
other documents that information security professionals find useful.
-
SecuritySearch.com
IT security pros turn to SearchSecurity.com and Information Security Magazine Online
for the information they require to keep their corporate data, systems and assets secure.
-
US-CERT
US-CERT is charged with providing response support and defense against cyber attacks
for the Federal Civil Executive Branch (.gov) and information sharing and collaboration
with state and local government, industry and international partners.
-
US-CERT, Cyber Security Tips
Cyber Security Tips describe and offer advice about common security issues for
non-technical computer users.
|
|