Industry and Higher Education Security Standards and Related Resources

• Center for Internet Security (CIS): Establishes and promotes the use of consensus-based configuration benchmarks, audit tools and security metrics.
  Note: All UC employees are eligible for membership.
• CERT: United States Computer Emergency Readiness Team. "US-CERT interacts with federal agencies, industry, the research community, state and local governments, and others to disseminate reasoned and actionable cyber security information to the public."
• Educause/Internet2 Information Security Guide: "Practical approaches to preventing, detecting, and responding to security problems in a wide range of higher education environments."
• Georgia Tech Information Security Center. "Vision: Effective information security in the context of real-world problems will only be achieved through user-centered approaches that integrate technology research and policy research."
• NIST Special Publications: National Institute of Standards and Technology (NIST) Computer Security Resource Center Special Publications. "Special Publications in the 800 series present documents of general interest to the computer security community."
• OWASP: The Open Web Application Security Project. "The Open Web Application Security Project (OWASP) is a 501c3 not-for-profit worldwide charitable organization focused on improving the security of application software."
• Payment Card Industry (PCI) Data Security Standard (DSS): Requirements for any business that stores, processes or transmits payment cardholder data.
• REN-ISAC: Research and Education Networking Information Sharing and Analysis Center. "The REN-ISAC mission is to aid and promote cyber security operational protection and response within the higher education and research (R&E) communities."
• SANS: SysAdmin, Audit, Network, Security. "... develops, maintains, and makes available at no cost, the largest collection of research documents about various aspects of information security, and it operates the Internet's early warning system - the Internet Storm Center."

---

Data Breach Compilations

• Identity Theft Resource Center: A compilation of data breaches confirmed by various media sources and/or notification lists from state governmental agencies
• Privacy Rights Clearinghouse: A chronology of data breaches reported in the United States involving personal information

---

Security Trends

• Georgia Tech Emerging Cyber Threats Report 2012 (summary and link to full report)
• Kaspersky Cyberthreat Forecast for 2012
• McAfee 2012 Threats Predictions
• RSA Cybercrime Trends Report and Monthly Online Fraud Reports
• Symantec Security Threat Report
  • 2011 Report
  • 2010 Ponemon/Symantec Study: U.S. Cost of a Data Breach
• Sophos Security Threat Report
  
  • 2013 Threat Report
  • 2012 Threat Report
  • 2011 mid-year report
• Verizon Data Breach Report
  • 2012 Data Breach Investigations Report
  • 2011 Data Breach Investigations Report

---

Cyber Security News

• Bruce Schneier's blog and Crypto-Gram newsletter: Current security news and discussions
• SANS NewsBites: "A semiweekly high-level executive summary of the most important news articles that have been published on computer security during the last week."
• SANS @Risk: The Consensus Security Alert: New security vulnerabilities discovered during the past week
• ThreatPost: The Kaspersky Lab Security News Service

---

Rev. December 2012