Information Systems Security

IT Security- Chief Information Officer DOT

• Additional DOT IT Security Guidance- DIRMM Chapter 11
  • Guide to Risk Assessment Planning
  • Guide to Incident Handling Planning
  • Guide to Physical-Environmental Security Planning
  • Guide to Continuity of Operations Planning
  • Guide to Establishing an Information System Protection Program
  • Guide to Developing an Information Systems Security Plan
  • Guide to Certification - Accreditation of Information Systems
  • Guide to Personnel Security Planning
  • Guide to Protecting Information Technology
  • Guide to Information Protection for Senior Management
  • Guide to Information Protection for Users
  • Guide to Information Protection for Contractors

The United States General Accounting Office

• Special Collections:
  • Terrorism
  • Homeland Security
• Computer Security: Improvements Needed to Reduce Risk to Critical Federal Operations and Assets. GAO-02-231T  November 9, 2001.  Abstract
• Information Security: Code Red, Code Red II, and SirCam Attacks Highlight Need for Proactive Measures. GAO-01-1073T  August 29, 2001.  Abstract
• Homeland Security: Challenges and Strategies in Addressing Short- and Long-Term National Needs. GAO-02-160T  November 7, 2001.  Abstract
• Homeland Security: A Risk Management Approach Can Guide Preparedness Efforts. GAO-02-208T  October 31, 2001.  Abstract
• Homeland Security: Key Elements of a Risk Management Approach. GAO-02-150T  October 12, 2001.  Abstract
• Aviation Security: Vulnerabilities in, and Alternatives for, Preboard Screening Security Operations. GAO-01-1171T  September 25, 2001.  Abstract

NIST Computer Security Division 893 and CSRC Computer Security Resouce Center

• Vulnerability & Threat Portal
• Federal Agencies Security Practices
  •  
  • Other Security Practices links
• U.S. Computer Security Government Links
• Professional Organization Computer Security Links
• Computer Security Standards Links

Chief Information Officers Council [CIOC]

• Best Practices - Contacts - Federal Best Security Practices Site
• Progress of the Best Security Practices Subcommittee
• Information Technology Security Assessment Framework, November 28, 2000 (Security, Privacy, and Critical Infrastructure Committee)

Internet Security Task Force

• Internet Security Task Force - Initial Recommendations For Conducting Secure eBusiness

Internet Engineering Task Force - Security Area

CIAO Critical Infrastructure Assurance Office

The SANS Institute

• The Twenty Most Critical Internet Security Vulnerabilities (Updated)
• Consensus List of The Top Ten Internet Security Threats
• Center for Internet Security  - Minimum Standards
• Step-by-Step Guides

CERT Coordination Center

• CERT Statistics
• Vulnerabilities, Incidents & Fixes
• Security Practices & Evaluations
• Survivability Research & Analysis

National Infrastructure Protection Center (NIPC) - hackers

• Executive Order on Critical Infrastructure Protection in the Information Age - 10/16/2001

Microsoft TechNet - Security Tools

Company Directory - Security - companies offering products and services for network security