The following links belong to security frameworks that can help organizations to ensure that they comply with federal regulations.
The Committee of Sponsoring Organizations’ (COSO) mission is to provide thought leadership through the development of comprehensive frameworks and guidance on enterprise risk management, internal control and fraud deterrence designed to improve organizational performance and governance and to reduce the extent of fraud in organizations.
Control Objectives for Information and related Technology (COBIT) is an IT governance framework and supporting toolset that allows managers to bridge the gap between control requirements, technical issues and business risks. COBIT enables clear policy development and good practice for IT control throughout organizations. COBIT emphasizes regulatory compliance, helps organizations to increase the value attained from IT, enables alignment and simplifies implementation of the COBIT framework.
ISO is a non-governmental organization that forms a bridge between the public and private sectors. On the one hand, many of its member institutes are part of the governmental structure of their countries, or are mandated by their government. On the other hand, other members have their roots uniquely in the private sector, having been set up by national partnerships of industry associations.
OCTAVE defines the essential components of a comprehensive, systematic, context-driven information security risk evaluation. By following the OCTAVE Method, an organization can make information-protection decisions based on risks to the confidentiality, integrity, and availability of critical information technology assets. The operational or business units and the IT department work together to address the information security needs of the enterprise.
The Information Technology Infrastructure Library (ITIL) is the most widely adopted approach for IT Service Management in the world. It provides a practical, no-nonsense framework for identifying, planning, delivering and supporting IT services to the business.
SABSA is a proven framework and methodology for Enterprise Security Architecture and Service Management used successfully by numerous organisations around the world. Now used globally to meet a wide variety of Enterprise needs including Risk Management, Information Assurance, Governance, and Continuity Management, SABSA has evolved since 1995 to be the ‘approach of choice’ for commercial organisations and Government alike. SABSA ensures that the needs of your enterprise are met completely and that security services are designed, delivered and supported as an integral part of your business and IT management infrastructure. Although copyright protected, SABSA is an open-use methodology, not a commercial product.
IEEE is the world’s largest professional association dedicated to advancing technological innovation and excellence for the benefit of humanity. IEEE and its members inspire a global community through IEEE’s highly cited publications, conferences, technology standards, and professional and educational activities.
ACM is widely recognized as the premier membership organization for computing professionals, delivering resources that advance computing as a science and a profession; enable professional development; and promote policies and research that benefit society.
PMI is the world’s leading not-for-profit membership association for the project management profession, with more than half a million members and credential holders in more than 185 countries. Our worldwide advocacy for project management is supported by our globally-recognized standards and credentials, our extensive research program, and our professional development opportunities.
We have listed the following links to help our customers, readers and users alike to associate with some of the best websites for cyber security threats and tips.
CVE® International in scope and free for public use, CVE is a dictionary of publicly known information security vulnerabilities and exposures.CVE’s common identifiers enable data exchange between security products and provide a baseline index point for evaluating coverage of tools and services.
The Hacker News (THN) offers a wide variety of services that include penetrating testing, network vulnerability assessments, security training and vulnerability assessment product installation. Our company’s goal is to help and assist our customers in becoming security conscious.
Dark Reading is a comprehensive news and information portal that focuses on IT security, helping information security professionals manage the balance between data protection and user access. We are a part of TechWeb, a unit of United Business Media (UBM), which serves the information and business needs of 10,000,000 business technology decision-makers like you that who use our websites, attend our events, utilize our services and read our magazines. To learn more about TechWeb and how we can help drive your business, go to techweb.com/aboutus. Dark Reading is a member of the TechWeb Business Technology Network, a family of IT-oriented Websites and print publications led by InformationWeek, one of the industry’s most popular IT publications. To learn more about InformationWeek and the Business Technology Network, go to http://www.informationweek.com
International in scope and free for public use, CWE™ provides a unified, measurable set of software weaknesses that is enabling more effective discussion, description, selection, and use of software security tools and services that can find these weaknesses in source code and operational systems as well as better understanding and management of software weaknesses related to architecture and design.
The Web Application Security Consortium (WASC) is 501c3 non profit made up of an international group of experts, industry practitioners, and organizational representatives who produce open source and widely agreed upon best-practice security standards for the World Wide Web.
As an active community, WASC facilitates the exchange of ideas and organizes several industry projects. WASC consistently releases technical information, contributed articles, security guidelines, and other useful documentation. Businesses, educational institutions, governments, application developers, security professionals, and software vendors all over the world utilize our materials to assist with the challenges presented by web application security.
Volunteering to participate in WASC related activities is free and open to all.
Cyber Security Tips describe and offer advice about common security issues for non-technical computer users.
SANS is the most trusted and by far the largest source for information security training and security certification in the world. It also develops, maintains, and makes available at no cost, the largest collection of research documents about various aspects of information security, and it operates the Internet’s early warning system – the Internet Storm Center.
Created in May 2010 for the purpose of highlighting recent news, legislation, events and information on security, defense and technology, CybersecurityNews.org is not affiliated with any organization, business or institution.
The MMPC blog (http://blogs.technet.com/mmpc) was launched in June 2008 and provides a real-time method for the Microsoft Malware Response Center to communicate with customers. Topics include day-to-day, “behind the scenes” information about new, emerging and interesting malware threats as well as other research topics in the computer security field.
NVD is the U.S. government repository of standards based vulnerability management data. This data enables automation of vulnerability management, security measurement, and compliance. NVD includes databases of security checklists, security related software flaws, misconfigurations, product names, and impact metrics.
The Center for Internet Security (CIS) is a not-for-profit organization focused on enhancing the cyber security readiness and response of public and private sector entities, with a commitment to excellence through collaboration. Through its three divisions–Security Benchmarks, Multi-State ISAC and Cybersecurity Workforce Development–CIS serves as a central resource in the development and delivery of high-quality, timely products and services to assist our partners in government, academia, the private sector and the general public in improving their cyber security posture.
The Department of Homeland Security has a vital mission: to secure the nation from the many threats we face. This requires the dedication of more than 230,000 employees in jobs that range from aviation and border security to emergency response, from cybersecurity analyst to chemical facility inspector. Our duties are wide-ranging, but our goal is clear – keeping America safe.
CSO provides news, analysis and research on a broad range of security and risk management topics. Areas of focus include information security, physical security, business continuity, identity and access management, loss prevention and more.
Infosec Island combines the benefits of personalized services with profiles of companies or organizations and their unique network and technology installations. This enables the delivery of high value-added information, advice, security alerts, tools and services that are relevant to its members.
The Open Source Security Testing Methodology Manual (OSSTMM) is a peer-reviewed methodology for performing security tests and metrics. The OSSTMM test cases are divided into five channels (sections) which collectively test: information and data controls, personnel security awareness levels, fraud and social engineering control levels, computer and telecommunications networks, wireless devices, mobile devices, physical security access controls, security processes, and physical locations such as buildings, perimeters, and military bases.
From the Internet to the iPod, technologies are transforming our society and empowering us as speakers, citizens, creators, and consumers. When our freedoms in the networked world come under attack, the Electronic Frontier Foundation (EFF) is the first line of defense. EFF broke new ground when it was founded in 1990 — well before the Internet was on most people’s radar — and continues to confront cutting-edge issues defending free speech, privacy, innovation, and consumer rights today. From the beginning, EFF has championed the public interest in every critical battle affecting digital rights.
SANS Institute Computer Forensics
US-CERT’s mission is to improve the nation’s cybersecurity posture, coordinate cyber information sharing and proactively manage cyber risks to the nation while protecting the constitutional rights of Americans. US-CERT vision is to be a trusted global leader in cybersecurity – collaborative, agile, and responsive in a complex environment.
CSET is a desktop software tool that guides users through a step-by-step process to assess their control system and information technology network security practices against recognized industry standards. The output from CSET is a prioritized list of recommendations for improving the cybersecurity posture of the organization’s enterprise and industrial control cyber systems. The tool derives the recommendations from a database of cybersecurity standards, guidelines, and practices. Each recommendation is linked to a set of actions that can be applied to enhance cybersecurity controls.
CSET has been designed for easy installation and use on a stand-alone laptop or workstation. It incorporates a variety of available standards from organizations such as National Institute of Standards and Technology (NIST), North American Electric Reliability Corporation (NERC), International Organization for Standardization (ISO), U.S. Department of Defense (DoD), and others. When the tool user selects one or more of the standards, CSET will open a set of questions to be answered. The answers to these questions will be compared against a selected security assurance level, and a detailed report will be generated to show areas for potential improvement. CSET provides an excellent means to perform a self-assessment of the security posture of your control system environment.
Special Publications in the 800 series present documents of general interest to the computer security community. The Special Publication 800 series was established in 1990 to provide a separate identity for information technology security publications. This Special Publication 800 series reports on ITL’s research, guidelines, and outreach efforts in computer security, and its collaborative activities with industry, government, and academic organizations.
Published by @HTTPError418 at Twitter
The Ethical Hacker Network is the brainchild of Donald C. Donzal of The Digital Construction Company. While looking for information on advancing one’s career in the security arena of IT, he found that there was no single place to find and cross reference information on the numerous credentials now available. Security is the hot topic of the day, and there is a plethora of information out there. Don saw this as an opportunity and launched CSP Mag.
Although ideas for both CSP Mag and EH-Net came simultaneously, Don concentrated on the former. Now that CSP Mag’s numbers are becoming quite respectable and the community continues to grow and morph the site, it then became time to focus on the latter.
With the same focus on the free and open exchange of information, we all strive for EH-Net to follow in the successful footsteps of CSP Mag.
Security news – virus, worm, Trojan, hacker, malware, phishing, DDoS, disaster recovery, data protection, network and server security.
Published by @StopMalvertisin at Twitter
StopMalvertising.com offers unique technical support services, educational training, targeted resources and information to defend your home or workplace against Malvertising threats. We believe that raising awareness on current Malvertising practices and tracking their related Malware Trends is an essential function towards predicting and preventing future exploits.
In-depth articles, interviews, and analysis from InfoSec Institute Staff.
Published by @securityninja at Twitter
Developed by Realex Payments this website bring you the latest information and advancements in the area of secure web application development as well as general information security and compliance guidance.
Published by @SearchSecurity at Twitter
IT security pros turn to SearchSecurity.com and Information Security Magazine Online for the information they require to keep their corporate data, systems and assets secure. We’re the only information resource that provides immediate access to breaking industry news, virus alerts, new hacker threats and attacks, security certification training resources, security standard compliance, webcasts, white papers, podcasts, Security Schools, a selection of highly focused security newsletters and more — all at no cost. Nowhere else will you find such a highly targeted combination of resources specifically dedicated to the success of today’s IT-security professional.
Published by @yo9fah at Twitter
Articles about Windows, Linux, amateur radio, computers, internet, browsers, antivirus, firewall, free software, operating system installation, IT news, etc.
Published by @Fabiothebest89 at Twitter
Ethical hacking, Pen testing, IT security
Published by @RealSecurity at Twitter
This website provides you with useful resources and information on computer security. It contains over 100 links to useful security related resources, including articles and guides on malware prevention, protection, tips, and more. It also contains information on how you can protect and secure your computer and the data stored on it.
Published by @malwaregroup at Twitter
The initial aim of MalwareGroup was to consolidate information from various resources listed below. Next logical progression will be to start doing some data-mining and provide API access to other researchers.
The Exploit Database (EDB) – an ultimate archive of exploits and vulnerable software. A great resource for penetration testers, vulnerability researchers, and security addicts alike. Our aim is to collect exploits from submittals and mailing lists and concentrate them in one, easy to navigate database.
Experience the industry’s most realistic training on penetration testing as taught by the Offensive Security Training team. You will gain practical experience in how to conduct real world exploitation with the world’s leading Penetration Distribution – BackTrack Linux. Learn why Offensive Security is the most respected name in information security training in the world. The only official BackTrack training available, written and taught directly from the developers.
Welcome to Backtrack-Linux.org, home of the highest rated and acclaimed Linux security distribution to date. BackTrack is a Linux-based penetration testing arsenal that aids security professionals in the ability to perform assessments in a purely native environment dedicated to hacking.
Nmap (“Network Mapper”) is a free and open source (license) utility for network exploration or security auditing.
The Open Web Application Security Project (OWASP) is a 501c3 not-for-profit worldwide charitable organization focused on improving the security of application software. Our mission is to make application security visible, so that people and organizations can make informed decisions about true application security risks. Everyone is free to participate in OWASP and all of our materials are available under a free and open software license.
The Social-Engineering Toolkit (SET) is a python-driven suite of custom tools which solely focuses on attacking the human element of pentesting. It’s main purpose is to augment and simulate social-engineering attacks and allow the tester to effectively test how a targeted attack may succeed. Currently SET has two main methods of attack, one is utilizing Metasploit payloads and Java-based attacks by setting up a malicious website (which you can clone whatever one you want) that ultimately delivers your payload. The second method is through file-format bugs and e-mail phishing. The second method supports your own open-mail relay, a customized sendmail open-relay, or Gmail integration to deliver your payloads through e-mail. The goal of SET is to bring awareness to the often forgotten attack vector of social-engineering.
The Metasploit® Framework is a free, open source penetration testing solution developed by the open source community and Rapid7. It is the de-facto standard for penetration testing with more than one million unique downloads per year and the world’s largest, public database of quality assured exploits.
SecurityFocus was formed with the idea that community needed a place to come together and share its collected wisdom and knowledge. At SecurityFocus, the community has always been our primary focus. The SecurityFocus website now focuses on a few key areas that are of greatest importance to the security community.
Packet Storm has been a cornerstone on the Internet since 1998 and is visited monthly by over 190 countries. The site is meant to provide a unique service to everyone on the Internet – shedding full light on real security issues that may affect them. It is home to system administrators who need to keep their network up to date, security researchers who discover and report new findings, governments and corporations that need to understand current events, security vendors that want to develop new signatures for their software, and many others. Get involved and help secure the world.
I am an Ethical Hacking for Computer Security student at a British University. The purpose of this blog is to document my thoughts, findings and experiments related to ethical hacking and information security.
Security and hacking videos for FREE
Welcome to Irongeek.com, Adrian Crenshaw’s Information Security site (along with a bit about weightlifting and other things that strike my fancy). As I write articles and tutorials I will be posting them here. If you would like to republish one of the articles from this site on your webpage or print journal please e-mail me. Enjoy the site and write us if you have any good ideas for articles or links.
Security flow and exploits blog.
Shell-Storm.org tries to recreate a database of papers vulnerability/security. You can contact Shell-Storm.org for submit your papers, you copyright.
SecurityReason is one of the most expending organization associating the best foreign professionals whose ambition is to improve the security level of the most popular web applications.
Your source for Information Security Related information!
Don`t Learn to HACK – Hack to LEARN. That`s our motto and we stick to it, we are all about Ethical Hacking, Penetration Testing & Computer Security. We share and comment on interesting infosec related news, tools and more. Follow us on RSS or Twitter for the latest updates.
Dan Kaminsky has been a noted security researcher for over a decade, and has spent his career advising Fortune 500 companies such as Cisco, Avaya, and Microsoft. Dan spent three years working with Microsoft on their Vista, Server 2008, and Windows 7 releases.
Dan is best known for his work finding a critical flaw in the Internet’s Domain Name System (DNS), and for leading what became the largest synchronized fix to the Internet’s infrastructure of all time. Of the seven Recovery Key Shareholders who possess the ability to restore the DNS root keys, Dan is the American representative. Dan is presently developing systems to reduce the cost and complexity of securing critical infrastructure.
The ultimate archive of exploits and vulnerable software and a great resource for vulnerability researchers and security professionals. Our aim is to collect exploits from submit tals and various mailing lists and concentrate them in one, easy to navigate database. This was written for educational purpose. Use it at your own risk. Author will be not responsible for any damage.
Published by @ChrisJohnRiley at Twitter
Published by @SpiderLabs at Twitter
Official Blog of Trustwave’s SpiderLabs – SpiderLabs is an elite team of ethical hackers, investigators and researchers at Trustwave advancing the security capabilities of leading businesses and organizations throughout the world.
Published by @Jhaddix at Twitter
Welcome to SA. We’re about cool sh*t… mostly related to offsec.
Published by @silascutler at Twitter
Cyber Security, Forensics and Vulnerability Research…
Published by @SecurityXploded at Twitter
SecurityXploded is a popular Infosec Research & Development portal delivering the latest information in various areas of security such as Anti-Spyware, Reverse Engineering, Cryptography, Password Recovery, Network security, Forensics etc. So far it has published 50+ research articles and 75+ FREE security softwares. Most of these softwares have been listed and received top awards from leading download sites including Softpedia, BrotherSoft, CNet Download etc.
Published by @ihackcharities at Twitter
A big database for Google hacks provided by Johnny I Hack Stuff.
Published by @dinodaizovi at Twitter
This blog will be about vulnerabilities, exploits, reverse engineering, forensics, cybercrime, snake-oil security products, the security industry, and whatever else I feel like ranting about. The opinions expressed here are my own and do not reflect the opinions, positions, or anything else of my current or past employers, clients, teachers, parents, and/or pets.
Published by @Blackploit at Twitter
This site provides exploits and many hacking tutorials.
A valuable information source for Vulnerability Analysts and Penetration Testers alike.
Published by @Xc0resecurity at Twitter
Excellent blog & Website for zeroday exploits, scripts and many security material.
Published by @carnal0wnage at Twitter
Excellent blog for hacking tutorials, exploits and many security material
Published by @malc0de at Twitter
Excellent blog for hacking tutorials, exploits, scripts and many security material<
Published by @l0t3k at Twitter
Excellent website for hacking tutorials, exploits, scripts, tools download and many security material
This blog attempts to focus mostly on applications and utilities that are released as freeware. If you can become proficient at using these freely available tools and understand the concepts behind them, you should have little difficulty learning commercial networking and security applications when the time comes.
Websites that contain free open-source tools or any information or interesting technology in the fieald of digital forensics
Published by @sansforensics at Twitter
Every organization will eventually deal with cyber-crime. Fraud, intrusion, insider threat, phishing and other cyber-crimes are now a fact of life. If you are an IT or law enforcement professional and don’t know how to look for and sort out these cases — your skills are becoming less valuable every day. SANS developed this site and the related resources to provide a ‘home’ for those that are focused on computer forensics. You can find advice, research, training, and other resources to unravel incidents and fight crime.
SANS is the most trusted and by far the largest source for information security training and certification in the world. It also develops, maintains, and makes available at no cost, the largest collection of research documents about various aspects of information security.
Published by @DFMag at Twitter
Digital Forensics Magazine is a quarterly features and news magazine from the world of computer and cyber crime and digital forensics. The content published in the magazine is all technically reviewed and carries a certain weight of quality that other trade magazines or webzines don’t offer.
Published by @andrewsmhay at Twitter
Published by @lennyzeltser at Twitter
Lenny’s blog, covering a wide range of information security and IT topics. Check it out.
Check out Lenny’s cheat sheets with tips for incident response and other information security topics.
Learn to turn malware inside-out at Lenny’s SANS Institute course on analyzing malicious code.
Websites that contain free open-source tools for the forensics, security and pentest fields may be posted in here.
cAfee is committed to your security and provides an assortment of free McAfee tools to help in your software development. Simply select a tool and download it for free. For more details, read the McAfee Software Free Tools End User License Agreement.
Published by @lnxg33k at Twitter
Cool hacking tools, scripts and more
Published by @MarioVilas at Twitter
Cool hacking tools, scripts and more
The site don’t have much information. You will have to check it for your self.
As a part of our collaboration with the cyber security community, we have added the following section presenting interesting links contributed to us by different people around the world. If you know of any link within the cyber security field that is also not listed here already, please feel free to email the link to email@example.com stating your name and the entity that you represents and we will be glad to review that link and add it to our list as necessary.
Near field communication, abbreviated NFC, is a form of contactless communication between devices like smartphones or tablets. Contactless communication allows a user to wave the smartphone over a NFC compatible device to send information without needing to touch the devices together or go through multiple steps setting up a connection. Fast and convenient, NFC technology is popular in parts of Europe and Asia, and is quickly spreading throughout the United States.
Class level: 9th grade
Organization:Brighter Futures Charter School
Did you like this page? Please tell your friends on social network by recommending this page.