Home · About · A-Z Index · Search · Contacts · Press · Register · Login

Security Forum


Return to Security home page
Current work:

- Managers Guides

- MGIS

- Data Privacy

- PKI

- Guide to PKI

- Identity Mgt

- Access Control

- Security Patterns

- Secure Messaging

Strategy/Roadmap

Useful links:

Security topics

Info sources

Liaisons

How we work

Open Group Security Standards/Guides

IT Security - information sources

This page give an extensive list of references to information on IT security subjects. The range and depth of this information is enormous, reflecting the number of organizations and discussion forums involved, and the variety of books, standards, papers, etc. available. To assist you in navigating to what you are seeking, the following groupings are used:

  • Organizations & Associations
  • Standards
  • Publications
  • Policy Management
  • Risk Assessment

Organizations and Associations

ABA ISC: American Bar Association, Information Security Council
http://www.abanet.org/

ACSE: Applied Computer Security Associates
http://www.acsac.org

ANSI: the American National Standards Institute,
http://www.ansi.org/home.html

ASIS: American Society for Industrial Security
http://www.asisonline.org

BSI: British Standards Institute
http://www.bsi-global.com/

Computerworld Security Knowledge Center http://www.computerworld.com/securitytopics/security/

CIO.com
http://www.cio.com Has an "Analyst Corner", and other areas that address security issues. A few samples are listed here:
-  /analyst/072701_giga.html outlines eight steps for companies to follow when building a comprehensive security strategy.
-  /security/edit/security_abc.html gives an ABC guide to the essentials of information security
-  /research/legal/edit/030102_eu.html explains why European privacy laws are also important to US organizations.

CIS: Center for Internet Security
http://www.cisecurity.org

COBIT: the Information Systems Audit and Control Association (ISACA), http://www.isaca.org/cobit.htm

CSIS: Center for Secure Information Systems
http://www.isse.gmu.edu/~csis

HTCIA: High Technology Crime Investigation Association
http://htcia.org

IACSS: International Association for Computer Systems Security, Inc.
http://www.iacss.com/

IEEE: Institute of Electrical and Electronics Engineers, Inc.
http://www.ieee.org/index.html

IETF: the Internet Engineering Task Force
http://www.ietf.cnri.reston.va.us/home.html

IFIP: International Federation for Information Processing (IFIP) Technical Committee 11 (TC-11) on Security and Protection in Information Systems
http://www.ifip.tu-graz.ac.at/TC11/

I2SF: International Information Security Foundation
http://w3.mit.edu/security/www/gassp1.html

ISACA: Information Systems Audit and Control Association
http://www.isaca.org

iSPEC: International Society for Professionals in E-Commerce
http://www.ispec.org/

ISSA: Information Systems Security Association, Inc.
http://www.issa-intl.org/

ISC2: International Information Systems Security Certification Consortium
http://www.isc2.org/

ISO: the International Standards Organization
http://www.iso.ch/welcome.html

IT Governance Institute
http://www.itgovernance.org/

JTC1: Joint Technical Committee 1 (JTC 1) and TAG (Technical Advisory Group)
http://www.jtc1tag.org

NCITS: National Committee for Information Technology Standards (formerly X3); Technical Committee T4
http://www.ncits.org/

National Classification Management Society, Inc.
http://www.classmgmt.com

NCPEC: National Coalition for the Prevention of Economic Crime
http://www.ncpec.org

NIST (U.S.National Institute of Standards and Technology)http://csrc.nist.gov
"Contingency Planning Guide For Information Technology Systems," edited by Elizabeth Lennon, at http://csrc.nist.gov/publications/nistpubs

NSFF: Network Security Framework Forum
http://www.nsff.org

NSI: National Security Institute
http://www.nsi.org >

NW3: National White Collar Crime Center
http://www.nw3c.org/

OECD: Organization for Economic Cooperation and Development
http://www.oecd.org/

Partnership for Critical Infrastructure Security (PCIS) -US Government:
http://www.pcis.org/
See also
http://www.whitehouse.gov/pcipb/

PKI Forum
http://www.pkiforum.org

SANS: System Administration, Networking, and Security Institute
http://www.sans.org

The Open Group
http://www.opengroup.org/security

W3C: The World Wide Web Consortium
http://www.w3c.org

Standards

ANSI: http://webstore.ansi.org/ansidocstore
Select the NCITS (Information Technology) standards category, then select "Standards search" and do a "Lookup" on "security". This produces an extensive list of standards.

BSI: http://www.bsi-global.com/Information+Security+Homepage/index.xalter
BS7799 - Toward Standardization of Information Security.

ISACA: http://wwwisaca.org/
Provides access to their COBIT
(Control Objectives for Information and related Technology), their Standards for Information Systems Control Professionals (http://www.isaca.org/standard/stand3.htm), and their K-NET repository of information.

NIST CSD (Computer Security Division)
Various standards documents available from links at http://csrc.nist.gov/

SANS Institute
Various standards documents available from links at
http://www.sans.org/

Publications

(I2SF) - Sponsored Committee to Develop and Promulgate Generally Accepted System Security Principles (GASSP). http://web.mit.edu/security/www/GASSP/GASSP.DOC

ISACA:
Provides access to their
K-NET repository of information at http://www.isaca.org/.

SANS Institute
Various documents available from links at
http://www.sans.org/ .
SANS is particularly useful for accessing publications on legal issues -
http://www.sans.org/infosecFAQ/legal/legal_list.htm as well as other topics linked from this page.

NIST CSD
Various documents available from links at http://csrc.nist.gov/publications/

Security Cookbook - Published by The Center for Internet Security
http://www.internetweek.com/story/INW20010718S0011

Taking Steps Toward a Security Posture - Published by the Giga Information Group
http://www.cio.com/analyst/072701_giga.html

Policy Management

Axent Technologies, http://www.axent.com
Product: Enterprise Security Manager

BindView Development Corporation, http://www.bindview.com
Product: bv-Control and bv-Admin

BMC Software, http://www.bmc.com
Products: BMC Control-SA

Computer Associates, http://www.ca.com
Products: eTrust product line: e-Business Security Management suite

e-Security Inc., http://www.esecurityinc.com
Product: Open e-Security Platform (OeSP) suite

Evidian, http://www.evidian.com
Product: AccessMaster suite

Tivoli, http://www.tivoli.com
Product: Tivoli SecureWay suite

Risk Assessment

Intrusion.com, http://www.intrusion.com
Product: Kane Security Analyst

Internet Security Systems (ISS), http://www.iss.net
Products: ISS Security Scanner

Network Associates Inc., http://www.nai.com
Product: CyberCop Scanner

Updates
To request additions, deletions and amendments to this page, please contact Ian Dobson.

Events

Next meeting
Past meetings

Other Conferences and Shows

Members Only

Enter Here

Who to Contact

Enter Here


Home · Contacts · Legal · Copyright · Members · News
© The Open Group 1995-2012  Updated on Tuesday, 13 July 2004