We've received a lot of requests for the resources we described during our recent Security 101: Getting on the Right Track, Right Away webcast. In addition to an archive of the webcast, here are the books, websites, and other resources that will help you get started in IT security:
- CISSP All-in-One Exam Guide by Shon Harris : Start here with Harris's primer on all things security
- TCP/IP Illustrated by Richard Stevens : Use this as a reference when examining packets.
- Building Internet Firewalls by Elizabeth Zwicky : The value here is fundamental concepts, not specifics about certain firewalls.
- Securing Windows NT/2000 Servers for the Internet by Stefan Norberg : An old but good text providing fundamental concepts for hardening Windows systems.
- Hardening Windows Systems by Roberta Bragg : A more recent complement to Norberg.
- WireShark (www.wireshark.org/download.html) Examine packets (use with "TCP/IP Illustrated", above)
- Superscan (www.mcafee.com/us/downloads/free-tools/superscan.aspx)
- Nessus (http://www.nessus.org/) and/or Nmap (http://insecure.org/) : Vulnerability scanners
- Sysinternals (http://www.microsoft.com/technet/sysinternals/default.mspx) : Variety of utilities
- PGP (www.pgp.com) : Encryption, documentation is highly recommended, basically a primer on encryption.
Recommended Security News:
- SANS Internet Storm Center (http://isc.sans.org/)
- SecurityFocus (http://www.securityfocus.com/)
- FS-ISAC : Financial Services Information Sharing and Analysis Center ($$$) (http://www.fsisac.com/)
- Department of Homeland Security (http://www.dhs.gov/)
- US-CERT (http://www.us-cert.gov/)
Regulations and Standards:
- FFIEC (http://www.ffiec.gov/)
- COBIT (www.isaca.org/cobit/)
- NIST (http://csrc.nist.gov)
- ISO 17799 (ISO/IEC 27002:2005) (http://17799.standardsdirect.org/)
- SANS Top 20 (www.sans.org/top20/)
- SANS @Risk Newsletter (www.sans.org/newsletters/risk/)
- BugTraq (www.securityfocus.com/archive/1)
- CVE (http://cve.mitre.org)
- Vulnwatch (http://seclists.org/vulnwatch)
Local Chapter Organizations:
Magazines and Publications:
- Information Security Magazine (searchsecurity.techtarget.com/)
- CSO Magazine (www.csoonline.com/)
- SC Magazine (www.scmagazine.com)
- ISSA Journal (www.issa.org/?page=ISSAJournal)
- Financial IT Security (www.financialitsecurity.com)