Home Page Submissions Content About the Founder Contact Us
U.S.
 
Secure Your Computer
Personal Security
Disaster Preparedness
Homeland Security
Security Awareness Tips
 
Security Awareness Program
Security Awareness Training
INFOSEC Professional
INFOSEC Program
INFOSEC Auditing
Risk Management
Insider Threat
Incident Response
Free Resources
Security Awareness Day


 

Free Resources


Security News and Alerts - Gideon T. Rasmussen
It can be difficult to keep up with new security threats and vulnerabilities. Newsletters, advisories and groups are an effective way to cover a wide variety of developments with limited effort.

U.S. Sentencing Commission - Federal Sentencing Guidelines Manuals
The USSG provides minimum sentences for federal crimes. Chapter eight contains sections which apply to corporate employees.

Recently Prosecuted Computer Cases - U.S. Department of Justice
This page provides a summary of recently prosecuted computer cases. Many cases have been prosecuted under the computer crime statute, 18 U.S.C. §1030. This listing is a representative sample; it is not exhaustive.


Information Security Surveys

2007 CSI Computer Crime and Security Survey (30 pages)
The Computer Security Institute (CSI) today released its 2007 report with news that the average annual loss reported by U.S. companies in the 2007 CSI Computer Crime and Security Survey more than doubled, from $168,000 in last year's report to $350,424 in this year's survey. This ends a five-year run of lower reported losses.

Deloitte 2007 Security Survey (48 pages)
The fifth annual Global Security Survey benchmarks IT security in the financial services industry. It reveals the “Security Paradox” – a situation in which Business Executives are becoming more aware of IT Security issues, but where support for a solution still lies with the IT department. This is highlighted by the fact that only 63% of respondents have an information security strategy, and only 10% have information security led by a business line leader.

The Global State of Information Security 2007 - CSO, CIO & PWC (11 pages)
This worldwide study represents a broad range of industries in private- and public-sector organizations. The results are based on the responses of 7,791 CEOs, CFOs, CIOs, CSOs, and vice presidents and directors of IT and information security from 50 countries.

2007 E-Crime Watch Survey
The CERT Insider Threat Team has teamed with the U.S. Secret Service and CSO magazine to conduct, analyze, and publish findings from an annual E-Crime Watch survey from research that was conducted to attempt to identify electronic crime fighting trends and techniques, including best practices and emerging trends.

2008 Data Breach Investigations Report - Verizon
The "2008 Data Breach Investigations Report" spans four years and more than 500 forensic investigations involving 230 million records, and analyzes hundreds of corporate breaches including three of the five largest ones ever reported. This first-of-its-kind study, conducted by Verizon Business Security Solutions investigative experts, also found that 73 percent of breaches resulted from external sources versus 18 percent from insider threats, and most breaches resulted from a combination of events rather than a single hack or intrusion.


Operating System Hardening

Benchmarking Tools - The Center For Internet Security
The CIS vulnerability assessment tools provide a quick way to evaluate systems and networks, comparing their security configurations against the CIS benchmark hardening standards. They automatically create reports that guide users and system administrators to secure both new installations and production systems. CIS tools are also effective for monitoring systems to assure that security settings continuously conform with CIS Benchmark configurations. CIS offers tools and benchmark standards for Win2K, NT, Solaris, Linux, HP-UX, Cisco IOS and Oracle databases.

Security Recommendation Guides - National Security Agency
NSA provides hardening standards for Windows Server 2003, Win2K, WinXP, NT and Cisco IOS.

Solaris Hardening Document - Gideon T. Rasmussen
"This document details the configuration, hardening, monitoring and vulnerability assessment of the Solaris operating system. It can also be used as a configuration standard, providing a baseline to audit against. It is important to understand the configurations at a granular level to troubleshoot outages. Installs and hardening can be automated with Jumpstart and the Solaris Security Toolkit (respectively)."


Physical Security

GAO Technologies to Secure Federal Buildings (72 pages)

U.S. Army - Physical Security - FM 3-19.30 (317 pages)

NIST ADP Physical Security & Risk Management (106 pages)

Sun Microsystems Data Center Site Planning Guide (106 pages)


Security Policy Templates

SANS Security Policy Project

WindowSecurity.com Policy & Standards - Internet Security Policy


Copyright © 2003 - 2008 - USSecurityAwareness.org - All rights reserved - Legal Notices