Information Security Blog
(ISC)² CyberExchange is an online community that allows members to share security awareness tools with general public.
Materials are available in a variety of formats (posters, brochures, presentations, etc), and address topics like networking security, identity theft, Internet privacy, disaster recovery, emerging security threats, mobile security, software development and secure website design.
A short booklet with excellent ideas for presenting security to the boardroom. Only 16 pages/slides and covers the following mission critical information security issues:
- Security is a Boardroom Issue
- Cost of Ignoring Security
- Well-Organized and Focused Cybercriminals
- Increasing Insider Threats
- Borderless Enterprise
- Emergence of the Borderless Enterprise
- Traditional Security No Longer Works
- Policy and Process Reign Supreme
- The Security Role of the CEO
7 Things Every CEO Should Know About Security by Lumension Security
Australian Government’s Office of Privacy Comissioner just released the Guide to handling personal information security breaches.
The aim of this voluntary guide is to provide general guidance on key steps and factors for agencies and organisations to consider when responding to a personal information security breach.
Such document is a must in any security specialist’s toolbox.
Much has been written about DNS flaw discovered by Dan Kaminsky. Probably one of my favorites is the least serious one: a poem by Christofer Hoff – The DNS Debacle In Poetic Review:
A few months ago
Kaminsky discovered a flaw.
It was with DNS,
It was nasty and raw
He decided than rather
to disclose all at once
he’d instead only tell people
who’d fix it in monthsSo some meetings were had
and work soon began
vendors wrote patches
coordinated by Dan
On a more serious note, here is a neat illustrated explanation of Kaminsky’s DNS Vulnerability.
Steve recommended this book long time ago and I should have listened to him:
<CISSP Certification All-in-One Exam Guide, 4th Ed.by Shon Harris. This is much easier reading than the Official (ISC)2 Guide to the CISSP CBK. One can actually have some fun preparing for the CISSP exam.
Google released one of its internal security tools to open source community – ratproxy, a passive web application security assessment tool, designed to transparently analyze legitimate, browser-driven interactions with a tested web property and automatically pinpoint, annotate, and prioritize potential flaws or areas of concern.
In September 2000, professor Ros Anderson and his associates published a paper titled: “Memorability and Security of Passwords – Some Empirical Results.” Eight years later, there are still some useful lessons that can be learned. I find them useful when writing password policies and educating users.
”[...] uers can’t remember strong passwords and that the passwords they can remember are easy to guess. [...] However [...] passwords based on mnemonic phrases are just as hard to crack as random passwords yet just as easy to remember as naive user selections.[...]
Infosecurity Europe launched an online interactive security forum for the Infosecurity industry: Infosecurity Adviser.
News and information on qualifications and career paths, jobs, product reviews and ask expert advice, as well as the current thinking from many of the leading players in the industry, from Analysts and Vendors to End-users and Consultants.
In 2005 the IT Governance Institute (ITGI) published a paper titled Information Security Governance: Guidance for Boads of Directors and Executive Management. Although a little old, still very good reading.
del.icio.us 
digg it