PCSinet's Resource Center

There are many useful security and audit links on the Web. The following are just a few.

• SANS (SysAdmin, Audit, Network, Security)
  The most trusted and by far the largest source for information security training and certification in the world. It also develops, maintains, and makes available at no cost, the largest collection of research documents about various aspects of information security, and it operates the Internet's early warning system - Internet Storm Center. The SANS (SysAdmin, Audit, Network, Security) Institute was established in 1989 as a cooperative research and education organization. Its programs now reach more than 165,000 security professionals, auditors, system administrators, network administrators, chief information security officers, and CIOs who share the lessons they are learning and jointly find solutions to the challenges they face. At the heart of SANS are the many security practitioners in government agencies, corporations, and universities around the world who invest hundreds of hours each year in research and teaching to help the entire information security community.

• CVE
  A list of standardized names for vulnerabilities and other information security exposures - CVE aims to standardize the names for all publicly known vulnerabilities and security exposures.

• Centers for Medicare & Medicaid Services (CMS)
  The Centers for Medicare & Medicaid Services (CMS) administers the Medicare program, and works in partnership
  with the States to administer Medicaid, the State Children's Health Insurance Program (SCHIP), and health insurance portability standards. CMS is responsible for the administrative simplification standards from the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and quality standards in health care facilities through its survey and certification activity.

• Department of Homeland Security

• National Cyber Security Division -- United States Computer Emergency Readiness Team (US-CERT)
  Provides timely data about current and emerging computer threats and vulnerabilities as well as general
  advice about protecting computers and networks. Technical and non-technical information available as
  email alert service or via the website (www.us-cert.gov).

• Federal Bureau of Investigation

• FBI Washington Field Office's Infrastructure Protection and Computer Intrusion Squad

• InfraGard

• Internet Fraud Complaint Center

• The Awareness of National Security Issues and Response (ANSIR) Program

• U.S. Department of Justice

• Computer Crime and Intellectual Property Section (CCIPS)

• Federal Law Enforcement's Position on Encryption Security Focus

• Critical Infrastructure Assurance Office

• Defense Information Systems Agency

• CERT Coordination Center

• Federal Computer Incident Response Capability (FedCIRC)
  FedCIRC is the central coordination and analysis facility dealing with computer security related issues affecting the civilian agencies and departments of the Federal Government.

• Forum of Incident Response and Security Teams (FIRST)

• US Department of Commerce

• National Institute of Standards and Technology (NIST), Computer Security Division

• ICAT Vulnerability Database
  The NIST, Computer Security Division provides users a service in obtaining information on computer vulnerabilities. The ICAT is a searchable index of information on computer vulnerabilities. It provides search capability at a fine granularity and links users to vulnerability and patch information.
  
• Computer System Security and Privacy Advisory Board (CSSPAB)
  Use the Department of Commerce "search" for information on encryption issues.

• Federal Trade Commission
  Use FTC "search" function for information on issues relating to consumer protection, business guidance, antitrust/competition, and privacy concerns

• Better Business Bureau and Fraud
  Review these two, respected, private sector organizations and their "search" functions for information on issues relating to consumer protection, business guidance, antitrust/competition, and privacy concerns.

• Center for Education and Research in Information Assurance and Security (CERIAS)
  A new center with a comprehensive approach to network and computer security issues.

• National Security Institute (NSI)
  A leading Internet resource for the security professional.