Information Systems Security

IT Security- Chief Information Officer DOT

bulletAdditional DOT IT Security Guidance- DIRMM Chapter 11
bulletGuide to Risk Assessment Planning
bulletGuide to Incident Handling Planning
bulletGuide to Physical-Environmental Security Planning
bulletGuide to Continuity of Operations Planning
bulletGuide to Establishing an Information System Protection Program
bulletGuide to Developing an Information Systems Security Plan
bulletGuide to Certification - Accreditation of Information Systems
bulletGuide to Personnel Security Planning
bulletGuide to Protecting Information Technology
bulletGuide to Information Protection for Senior Management
bulletGuide to Information Protection for Users
bulletGuide to Information Protection for Contractors

The United States General Accounting Office

bulletSpecial Collections:
bulletTerrorism
bulletHomeland Security
bulletComputer Security: Improvements Needed to Reduce Risk to Critical Federal Operations and Assets. GAO-02-231T  November 9, 2001.  Abstract
bulletInformation Security: Code Red, Code Red II, and SirCam Attacks Highlight Need for Proactive Measures. GAO-01-1073T  August 29, 2001.  Abstract
bulletHomeland Security: Challenges and Strategies in Addressing Short- and Long-Term National Needs. GAO-02-160T  November 7, 2001.  Abstract
bulletHomeland Security: A Risk Management Approach Can Guide Preparedness Efforts. GAO-02-208T  October 31, 2001.  Abstract
bulletHomeland Security: Key Elements of a Risk Management Approach. GAO-02-150T  October 12, 2001.  Abstract
bulletAviation Security: Vulnerabilities in, and Alternatives for, Preboard Screening Security Operations. GAO-01-1171T  September 25, 2001.  Abstract

NIST Computer Security Division 893 and CSRC Computer Security Resouce Center

bulletVulnerability & Threat Portal
bulletFederal Agencies Security Practices
bullet 
bulletOther Security Practices links
bulletU.S. Computer Security Government Links
bulletProfessional Organization Computer Security Links
bulletComputer Security Standards Links

Chief Information Officers Council [CIOC]

bulletBest Practices - Contacts - Federal Best Security Practices Site
bulletProgress of the Best Security Practices Subcommittee
bulletInformation Technology Security Assessment Framework, November 28, 2000 (Security, Privacy, and Critical Infrastructure Committee)

Internet Security Task Force

bulletInternet Security Task Force - Initial Recommendations For Conducting Secure eBusiness

Internet Engineering Task Force - Security Area

CIAO Critical Infrastructure Assurance Office

The SANS Institute

bulletThe Twenty Most Critical Internet Security Vulnerabilities (Updated)
bulletConsensus List of The Top Ten Internet Security Threats
bulletCenter for Internet Security  - Minimum Standards
bulletStep-by-Step Guides

CERT Coordination Center

bulletCERT Statistics
bulletVulnerabilities, Incidents & Fixes
bulletSecurity Practices & Evaluations
bulletSurvivability Research & Analysis

National Infrastructure Protection Center (NIPC) - hackers

bulletExecutive Order on Critical Infrastructure Protection in the Information Age - 10/16/2001

Microsoft TechNet - Security Tools

Company Directory - Security - companies offering products and services for network security