Home Page Submissions Content About the Founder
Secure Your Computer
Personal Security
Disaster Preparedness
Homeland Security
Security Awareness Tips
Security Awareness Program
INFOSEC Professional
INFOSEC Auditing
Risk Management
Insider Threat
Incident Response
Free Resources
Security Awareness Day


Free Resources

Rob Slade's Security Glossary
"This glossary concentrates on usage of terms. Capitalization and spelling generally follows the most common usage, except where such usage can be shown to be based on a specific error. Acronyms and phrases have the definition placed with the most commonly used form: for example, in most cases the phrase "denial of service" is used unless it has been previously defined in an article as the acronym "DoS," whereas the acronym "DDoS" is almost universally used in preference to the phrase "distributed denial of service." In all cases an attempt has been made to have a link from the lesser used form to the definition." Alternate link: http://victoria.tc.ca/int-grps/books/techrev/secgloss.htm

Security News and Alerts - Gideon T. Rasmussen
It can be difficult to keep up with new security threats and vulnerabilities. Newsletters, advisories and groups are an effective way to cover a wide variety of developments with limited effort.

U.S. Sentencing Commission - Federal Sentencing Guidelines Manuals
The USSG provides minimum sentences for federal crimes. Chapter eight contains sections which apply to corporate employees.

Recently Prosecuted Computer Cases - U.S. Department of Justice
This page provides a summary of recently prosecuted computer cases. Many cases have been prosecuted under the computer crime statute, 18 U.S.C. §1030. This listing is a representative sample; it is not exhaustive.

Information Security Surveys

2006 CSI/FBI Computer Crime and Security Survey (30 pages)
The Computer Security Institute (CSI) with the participation of the San Francisco Federal Bureau of Investigation's (FBI) Computer Intrusion Squad today released its 2006 report citing that virus attacks are the leading cause of financial losses. The top four categories -- virus attacks, unauthorized access to networks, lost/stolen laptops or mobile hardware and theft of proprietary information or intellectual property -- according to the 2006 Computer Crime and Security Survey, account for more than 74 percent of financial loss.

Deloitte 2006 Security Survey (44 pages)
The 2006 Global Security Survey, produced by the member firms of Deloitte Touche Tohmatsu, is the fourth annual assessment of the state of information security across the world. Among the compelling findings: attacks are becoming more sophisticated — in some cases leading to government intervention; identity theft is increasingly conducted by professional hackers; and business continuity management is essential in planning for the unexpected. The study incorporates feedback from chief information security/chief security officers, their designates and security management teams at more than 150 global financial institutions from Asia Pacific, EMEA, Latin America/Caribbean and North America.

State of Information Security 2005 Report - CIO & PWC (8 pages)
This worldwide study represents a broad range of industries. The results are based on the responses of more than 8,200 CEOs, CFOs, CIOs, CSOs, and vice presidents and directors of IT and information security from 63 countries.

2005 E-Crime Watch Survey - CERT (19 pages)
The E-Crime Watch survey results reveal the fight against electronic crimes (e-crimes) may be paying off. Thirteen percent (13%) of the 819 survey respondents—more than double the 6% from the 2004 survey—report the total number of e-crimes (and network, system or data intrusions) decreased from the previous year; 35% report an increase in e-crimes and 30% report no change. Almost one third (32%) of respondents experienced fewer than 10 e-crimes (versus the 25% reported in 2004), while the average number of e-crimes per respondent decreased to 86 (significantly less than 136 average reported in the 2004 survey).

Operating System Hardening

Benchmarking Tools - The Center For Internet Security
The CIS vulnerability assessment tools provide a quick way to evaluate systems and networks, comparing their security configurations against the CIS benchmark hardening standards. They automatically create reports that guide users and system administrators to secure both new installations and production systems. CIS tools are also effective for monitoring systems to assure that security settings continuously conform with CIS Benchmark configurations. CIS offers tools and benchmark standards for Win2K, NT, Solaris, Linux, HP-UX, Cisco IOS and Oracle databases.

Security Recommendation Guides - National Security Agency
NSA provides hardening standards for Windows Server 2003, Win2K, WinXP, NT and Cisco IOS.

Solaris Hardening Document - Gideon T. Rasmussen
"This document details the configuration, hardening, monitoring and vulnerability assessment of the Solaris operating system. It can also be used as a configuration standard, providing a baseline to audit against. It is important to understand the configurations at a granular level to troubleshoot outages. Installs and hardening can be automated with Jumpstart and the Solaris Security Toolkit (respectively)."

Physical Security

GAO Technologies to Secure Federal Buildings (72 pages)

U.S. Army - Physical Security - FM 3-19.30 (317 pages)

NIST ADP Physical Security & Risk Management (106 pages)

Security Policy Templates

SANS Security Policy Project

WindowSecurity.com Policy & Standards - Internet Security Policy

Copyright © 2003 - 2006 - USSecurityAwareness.org - All rights reserved - Legal Notices