SRA-111 – Introduction to Security and Risk Management

 

Resources

 

These Web-based resources are provided as value-added for SRA-111.  The resources are optional.

 

Penn State Resources

 

·         Penn State Center for Cyber-Security, Information Privacy and Trust - http://cybersecurity.ist.psu.edu/index.php

·         Penn State Cyber-Security Lab - http://s2.ist.psu.edu/ 

 

 

US Government Resources

 

NOTE: Some of these, such as NIST documents, may be listed below in topical areas.

 

·         NSA Information Assurance advice and resources - http://www.nsa.gov/ia/mitigation_guidance/index.shtml

·         US Computer Emergency Readiness Team -- http://www.us-cert.gov/

·         Complete list of NIST Information Security Publications -- http://csrc.nist.gov/publications/PubsTC.html

·         NICCS – National Initiative for Cybersecurity Careers and Studies - http://niccs.us-cert.gov/

 

 

Hacking Educational Resources

 

Security professionals must understand how systems are attacked and compromised in order to effectively protect those systems.  Following is a list of Web sites that provide learning resources for ethical hacking.

 

·         Hack This Site - https://www.hackthissite.org/

·         Hack This! - https://www.hackthis.co.uk/

·         Hack in the Box - http://www.hitb.org/

·         Hack a Day - http://hackaday.com/

·         Evil Zone - https://evilzone.org/

 

 

Blogs and Newsletters

 

·         Bruce Schneier Crypt-O-Gram -- http://www.schneier.com/crypto-gram.html

·         Secure State Blog -- http://blog.securestate.com/

·         Krebs on Security -- http://krebsonsecurity.com/

 

Topic 1 – Introduction to Information Security

 

http://www.isoc.org/internet/history/brief.shtml

http://www.isoc.org/internet/history/brief.shtml

http://www.microsoft.com/security/sdl/

http://www.csoonline.com/article/221739/what-is-a-chief-security-officer-

·         Top information security breaches in history

http://www.devry.edu/know-how/top-information-security-breaches-in-history/

 

·         A brief history of Information Security

http://www.lewisu.edu/academics/msinfosec/history.htm

 

·         Wikipedia – Information Security

http://en.wikipedia.org/wiki/Information_security

 

·         The 15 worst data security breaches of the 21’st Century

http://www.csoonline.com/article/700263/the-15-worst-data-security-breaches-of-the-21st-century

 

 

 

 

Topic 2 – The need for Security

 

http://www.cgisecurity.com/xss-faq.html

http://www.cert.org/governance/ges-xteam.html

https://buildsecurityin.us-cert.gov/bsi/articles/knowledge/sdlc/326-BSI.html

https://buildsecurityin.us-cert.gov/bsi/articles/knowledge/business/685-BSI.html

http://www.verizonbusiness.com/resources/reports/rp_2010-data-breach-report_en_xg.pdf

http://www.youtube.com/watch?v=fJyWngDco3g&list=FLIQk9hVzgU9CMmk8bT-e38w&index=224

·         SQL Injection – walking through walls (video)

http://www.youtube.com/watch?v=jMQ2wdOmMIA

 

 

Topic 3 - Legal, Ethical and Professional Issues in Information Security

 

http://www.eff.org/

http://www.educause.edu/EDUCAUSE+Review/EDUCAUSEReviewMagazineVolume41/PrivacySecurityAnOverview/158077

http://www.myflsunshine.com/sun.nsf/Pages/Law

http://news.cnet.com/2100-1023-978176.html

http://www.crunchgear.com/2010/07/26/now-legal-in-the-u-s-jailbreaking-your-iphone-ripping-a-dvd-for-educational-purposes/

 

 

Topic 4 - Risk Management

 

http://www.riskmetrics.com/press/articles/20090701_ipe

http://www.businessweek.com/managing/content/mar2009/ca2009036_914216.htm

http://www.isaca.org/Knowledge-Center/Research/ResearchDeliverables/Pagess/Aligning-COBIT-4-1-ITIL-V3-and-ISO-IEC-27002-for-BusinessBenefit.aspx

http://www.continuitycentral.com/feature0755.html

http://www.americanbanker.com/btn_issues/20_4/-308039-1.html

 

 

Topic 5 - Planning for Security

 

http://www.isaca.org/Knowledge-Center/COBIT/Pages/Overview.aspx

http://www.itil-officialsite.com/home/home.asp

http://www.securitygovernance.net/

http://managementhelp.org/plan_dec/str_plan/str_plan.htm

http://www.sans.org/reading_room/whitepapers/auditing/guide-security-metrics_55

 

 

Topic 6 - Security Tech: Firewalls and VPNs

 

http://www.vpnc.org/vpn-standards.html

http://www.secureworks.com/research/articles/proxies

http://www.pcmag.com/encyclopedia_term/0,2542,t%3Dfirewall&i%3D43218,00.asp

http://www.icsa.net/technology-program/ipsec

http://technet.microsoft.com/en-us/network/bb643123.aspx

 

 

Topic 7 - Security Tech: ID/PS and more

 

http://www.nessus.org

http://www.ethereal.com

http://www.digitalpersona.com

http://labrea.sourceforge.net/

http://netsecurity.about.com/cs/firewallbooks/a/aa050804.htm

 

 

Topic 8 – Cryptography

 

http://www.schneier.com

http://www.rsa.com/rsalabs/node.asp?id=2165

http://www.philzimmermann.com/EN/essays/WhyIWrotePGP.html

http://www.distributed.net/Main_Page

http://www.rsa.com/rsalabs/node.asp?id=2091

 

 

Topic 9 -- Physical Security

 

 

http://www.wikihow.com/Dumpster-Dive

http://www.slate.com/id/2124886/

http://www.smps.us/uninterruptible-power-supply.html

http://www.kiddefiresystems.com/utcfs/Templates/Pages/Template-50/0,8061,PageId=1084&siteId=383,00.html

http://www.wbdg.org/design/accommodate_needs.php

 

 

 Topic 10 -- Implementing Information Security

 

https://www.isc2.org/cap/Default.aspx

http://www.27000.org/ismsprocess.htm

http://www.isaca.org/Certification/CISA-Certified-Information-Systems-Auditor/What-is-CISA/Pages/default.aspx

http://collaborate.nist.gov/twiki-sggrid/pub/SmartGrid/MetricsMeasurementsModels/ISM3_-_ISM3_vs_ISO27001.pdf

https://www.pcisecuritystandards.org/

 

 

Topic 11 – Security and Personnel

 

http://www.isc2.org

http://www.isaca.org

http://www.informationshield.com

http://www.csoonline.com/article/632223/the-new-ciso-how-the-role-has-changed-in-5-years

http://www.csoonline.com/article/508544/what-is-a-cso-part-2

 

 

Topic 12 - Information Security Maintenance

 

http://www.jobprofiles.org/govcpolice1.htm

http://www.sans.org/reading_room/whitepapers/testing/

http://download.entrust.com/resources/download.cfm/20935/

http://www.hightechcrimeinstitute.com/

http://www.htcn.org/

 

 

 

Topic 13 – The Future of Information Security

 

 

 

 

Topic 12a – Malicious Software (Malware)