888-PIVOT-POINT
Company Services Market Resources Contact Us Client Area
Resources
Links

We encourage you to visit these sites that we feel are some of the best resources for IT security information on the Web.


Security Frameworks and Best Practices

  • IT Infrastructure Library (ITIL) - ITIL® (the IT Infrastructure Library) is the most widely accepted approach to IT service management in the world. ITIL® provides a cohesive set of best practice, drawn from the public and private sectors internationally.


  • National Institute of Standards and Technology (NIST): Computer Security Resource Center – NIST's Computer Security Division develops standards, metrics, tests and validation programs to promote, measure, and validate security in systems and services, to educate consumers and to establish minimum security requirements for Federal systems.

    CSRC publishes a wide variety of Special Publications (SP's) on its standards and recommendations for securing a broad range of systems.

    All of the NIST: CSRC Special Publications (including draft versions) can be downloaded here (free).


  • ISO 17799 - ISO/IEC 17799 provides best practice recommendations on information security management for use by those who are responsible for initiating, implementing or maintaining Information Security Management Systems.


  • Federal Financial Institutions Examination Council (FFIEC) - A comprehensive set of best practice recommendations on information security utilized by examiners covering the banking industry, most notably: the Federal Reserve System (FRB), the Federal Deposit Insurance Corporation (FDIC), the National Credit Union Administration (NCUA), the Office of the Comptroller of the Currency (OCC), and the Office of Thrift Supervision (OTS).

    You can find the FFIEC Information Security Handbook here. (PDF, Adobe Reader or equivalent required.)


  • Control Objectives for Information Technology (COBIT) - The Control Objectives for Information and related Technology (COBIT) is a set of best practices (framework) for information technology (IT) management created by the Information Systems Audit and Control Association (ISACA), and the IT Governance Institute (ITGI) in 1992.

    COBIT provides managers, auditors, and IT users with a set of generally accepted measures, indicators, processes and best practices to assist them in maximizing the benefits derived through the use of information technology and developing appropriate IT governance and control in a company.


  • Open Web Application Security Project (OWASP) - An open-source application security project.

    The OWASP community includes corporations, educational organizations, and individuals from around the world. This community works to create freely-available articles, methodologies, documentation, tools, and technologies.

    We believe it is an excellent free resource for Application Security testing and best practices.


  • Open Source Security Testing Methodology Manual - The Open Source Security Testing Methodology Manual (OSSTMM) is a peer-reviewed methodology for performing security tests and metrics.


Architecture, Software (non-security), & Standards

Security News, Hacking, and Vulnerabilities

  • Slashdot.org - The home for up-to-the minute tech news on the Internet.

  • SecurityFocus.com - Originally Bugtraq, this site still has tons of security information.

  • itManagersJournal.com - Good site for tracking IT trends and decent product reviews.

  • Secunia.com - Advisory and Virus alert clearinghouse.

  • ISS.net - Commercial grade tools, alerts, and security whitepapers.

  • isc.sans.org - SANS Internet storm center tracks Internet-wide attacks and security events.

  • PacketStormSecurity.nl - The premier site for vulnerability information today.

  • AstaLaVista.box.sk - Older hacking site; still has useful information on systems that are 2+ years old.

  • WindowSecurity.com - Good info on Windows related security.

  • Knoppix-std.org - Bootable Linux CD, packed with tons of security related tools.

  • Insecure.org/nmap - The most commonly used port scanner on the Internet.

  • Nessus.org - The most commonly used vulnerability scanner on the Internet.


Virus Information

Client Software Firewall Information

Security Certifications

  • Global Information Assurance Certification (GIAC) - Founded by the SANS Institute, this certification addresses a broad range of skills.

  • CompTIA Security+ - This certification tests for security knowledge mastery of industry-wide topics.

  • TruSecure ICSA Certified Security Associate (TICSA) - This certification is a vendor-neutral measurement of proficiency and growth designed to validate and improve foundation-level IT security skills.

  • Security Certified Program - This program offers two certifications. The Security Certified Network Professional (SCNP) certification focuses on defensive security technologies, such as firewalls and intrusion detection. The Security Certified Network Architect (SCNA) concentrates on the advanced security skills and technologies of building trusted networks.

  • Systems Security Certified Practitioner (SSCP) - This certification focuses on practices, roles, and responsibilities as defined by experts from major information security industries.

  • Certified Information Systems Security Professional (CISSP) - This certification denotes a recognized mastery of an international standard for information security.



Copyright © 2000 - 2008 Pivot Point Security, Inc.   (Privacy)
Call toll-free 888-PIVOT-POINT / 888-748-6876   (Details)
Sign up for our
E-Mail Newsletter: