CIO’s security section is a repository of up-to-date industry articles on data breaches, hacks, attacks, new research and global developments.
Slideshows, blogs, news articles, white papers, interviews, opinion pieces – there is an incredible rich portfolio of security, risk and compliance resources available on CSO’s site.
Dark Reading covers top stories in information security & cyber security. Topics often include attacks, breaches, application security, mobile, IoT, and threats.
Guardian Information Security Hub
One of the largest newspapers in Britain, The Guardian offers the latest on information security & cyber security. Articles are usually targeted to humans from all industry verticals and business impact / business value.
Homeland Security News Wire – Cybersecurity
Cybersecurity metrics are a big focus of this particular online publication. A number of topics that affect homeland security across all industry verticals and public life are covered.
A great online resource for the information security industry. The magazine contains news articles, white papers, and a list of upcoming events & conferences for the information security and cybersecurity industry.
SC Magazine (part of SC Media) supplies information security professionals with a wide range of business and technical information resources. You will discover news articles, product reviews, white papers, videos, interviews, opinion pieces and much more from this resource.
PC Magazine’s security section provides insights across a number of trending topics globally, including malware, mobile, threats, vulnerabilities and hacks.
Wired’s section on privacy, crime & security online contains insightful articles and resources. Many of the topics and stories covered focus from a national and international risk perspective.
Breaking In to Information Security
By Josh More and Anthony Stieber. This practical guide to starting a cyber security career includes a “level-up” gaming framework for career progression, with a “Learn, Do, Teach” approach through three tiers of InfoSec jobs. You’ll also find examples of specific roles and career paths in each job tier so you can identify and max out skills for the role you want.
By Shon Harris. The go-to resource for CISSP exam prep. Constantly updated, the guide includes everything you will need to prepare – exam tips, practice questions, training module, in-depth explanations – and covers all 10 CISSP domains. Available in digital and print formats.
Cryptography Engineering: Design Principles & Practical Applications
By Niels Ferguson, Bruce Schneier and Tadayoshi Kohno. A good foundational guide for those interested in practical cryptography. The authors cover many of the fundamentals – e.g. ciphers, message digests, key exchange, mathematics basics – and take a close look at the hardware, software and human issues involved in cryptography engineering. Advanced cryptographers will want to dig deeper.
By Bruce Schneier. Although it was first published in 2004, Schneier’s warnings are still relevant today. “Security is a process, not a product,” he reminds us, and people are invariably the weakest link. Do we have to sacrifice privacy for better security?
Cyber War: The Next Threat to National Security & What to Do About It
By Richard Clarke and Robert K. Knake. First published in 2010, Clarke and Knake’s book is a broadside against complacency in cyber defense. Clarke is the former National Coordinator for Security, Infrastructure Protection, and Counter-terrorism for the United States, and has much to say about cyber warfare, cyber terrorism and government policy.
Kingpin: How One Hacker Took Over the Billion-Dollar Cybercrime Underground
By Kevin Poulsen. Kingpin is the “made for Hollywood” story of Max Butler, a misfit and hacker who ended up gaining access to more than 1.8 million credit card accounts. A former hacker himself (he served 5 years in prison), Poulsen provides insights & perspectives that truly only hackers would know.
No Place to Hide: Edward Snowden, the NSA, and the U.S. Surveillance State
By Glenn Greenwald, Greenwald is a columnist for The Guardian and was one of Snowden’s key contacts in the leaking of classified U.S. government secrets.
The Practice of Network Security Monitoring: Understanding Incident Detection & Response
By Richard Bejtlich. A great technical primer with step-by-step instructions on how to deploy, build and run an NSM operation using open source software and vendor-neutral tools.
UTPA Center of Excellence in STEM Education
The U.S. Department of Defense awarded the University of Texas – Pan American $3.7 million to establish the Center of Excellence in STEM Education. The Center focuses on challenge-based instruction, and has excellent resources for students of all ages. For example, they hold a STEM summer camp, award scholarships, hold pre-college programs for young adults, and much more.
You’ll find a variety of helpful resources on Purdue’s Center for Education and Research in Information Assurance and Security website. These include an online collection of reports and papers, training products, an FTP archive and the Cassandra Vulnerability Tracking System.
CVE: Common Vulnerabilities & Exposures
CVE is a widely used dictionary of common identifiers for publicly known information security vulnerabilities and exposures. MITRE Corporation handles the system, with funding from the office of Cybersecurity and Communications at the U.S. Department of Homeland Security.
Created in response to the Li0n worm event in 2001, ISC is an all-volunteer effort dedicated to providing a free analysis and warning system to Internet users. To identify threats, every day ISC assembles millions of intrusion detection log entries from sensors covering over 500,000 IP addresses in over 50 countries.
National Centers of Academic Excellence (CAE) in Information Assurance (IA) / Cyber Defense (CD)
On this webpage, you’ll find a list of academic institutions that have distinguished themselves in cyber security education. Look for this designation when you’re comparing schools.
OVAL: Open Vulnerability & Assessment Language
OVAL is a community-developed language for determining vulnerability and configuration issues. Its goal is to standardize how to assess and report upon the machine state of computer systems throughout the world. Like CVE, OVAL is administered by the MITRE Corporation and funded by the office of Cybersecurity and Communications at the U.S. Department of Homeland Security.
Short for U.S. Computer Emergency Readiness Team, US-CERT is the 24/7 operational arm of the Department of Homeland Security’s NCCIC. It broadcasts vulnerability and threat information through the National Cyber Awareness System (NCAS), and operates a Vulnerability Notes Database.
U.S. Department of Homeland Security – Cybersecurity
The DHS’s section on cyber security includes the latest security testimonies from the House and Senate and a resource directory that includes statements and analytic reports.