Security Standards and Resources
ON THIS PAGE:
- Center for Internet Security (CIS): Establishes and promotes the use of consensus-based configuration benchmarks, audit tools and security metrics.
Note: All UC employees are eligible for membership.
- CERT: United States Computer Emergency Readiness Team. "US-CERT interacts with federal agencies, industry, the research community, state and local governments, and others to disseminate reasoned and actionable cyber security information to the public."
- Educause/Internet2 Information Security Guide: "Practical approaches to preventing, detecting, and responding to security problems in a wide range of higher education environments."
- SANS: SysAdmin, Audit, Network, Security. "... develops, maintains, and makes available at no cost, the largest collection of research documents about various aspects of information security, and it operates the Internet's early warning system - the Internet Storm Center."
- Georgia Tech Information Security Center. "Vision: Effective information security in the context of real-world problems will only be achieved through user-centered approaches that integrate technology research and policy research."
- NIST Special Publications: National Institute of Standards and Technology (NIST) Computer Security Resource Center Special Publications. "Special Publications in the 800 series present documents of general interest to the computer security community."
- OWASP: The Open Web Application Security Project. "The Open Web Application Security Project (OWASP) is a 501c3 not-for-profit worldwide charitable organization focused on improving the security of application software." OWASP "cheat sheets"
- Payment Card Industry (PCI) Data Security Standard (DSS): Requirements for any business that stores, processes or transmits payment cardholder data.
- REN-ISAC: Research and Education Networking Information Sharing and Analysis Center. "The REN-ISAC mission is to aid and promote cyber security operational protection and response within the higher education and research (R&E) communities."
- Identity Theft Resource Center: A compilation of data breaches confirmed by various media sources and/or notification lists from state governmental agencies
- Privacy Rights Clearinghouse: A chronology of data breaches reported in the United States involving personal information
- Open Security Foundation DataLoss DB: An international list of security breaches
Note: Registration is required to download some reports.
- Akamai's State of the Internet Report - focus on on denial of service (DoS) attacks
- Cisco Security Reports (current and archive)
- Cisco 2015 Midyear Security Report
- FireEye Annual Threat Report
- Georgia Tech 2016 Emerging Cyber Threats Report
- IBM 2015 Cyber Security Intelligence Index (pdf)
- Kaspersky Lab security predictions for 2016
- OWASP Top 10: The most critical web application security risks
- OWASP Top 10 Mobile Risks
- RSA Cybercrime Trends Report and Monthly Online Fraud Reports
- Symantec's Annual Internet Security Threat Report
- Symantec's Monthly Threat Report
- Symantec Security Predictions for 2016
- Sophos Security Threat Trends for 2015
- Verizon Data Breach Digest, 2016 - 18 representative case studies
- Verizon Data Breach Investigations Report
- Bruce Schneier's blog and Crypto-Gram newsletter: Current security news and discussions
- SANS NewsBites: "A semiweekly high-level executive summary of the most important news articles that have been published on computer security during the last week."
- SANS @Risk: The Consensus Security Alert: New security vulnerabilities discovered during the past week
- ThreatPost: The Kaspersky Lab Security News Service
Rev. Apr 2016