DID YOU KNOW?
InfraGard is a partnership between the FBI and members of the private sector. The InfraGard program provides a vehicle for seamless public-private collaboration with government that expedites the timely exchange of information and promotes mutual learning opportunities relevant to the protection of Critical Infrastructure. With thousands of vetted members nationally, InfraGard's membership includes business executives, entrepreneurs, military and government officials, computer professionals, academia and state and local law enforcement; each dedicated to contributing industry specific insight and advancing national security.
NIST Computer Security Resource Center
For 20 years, the Computer Security Resource Center (CSRC) has provided access to NIST's cybersecurity- and information security-related projects, publications, news and events. CSRC supports stakeholders in government, industry and academia—both in the U.S. and internationally.
US CERT | Computer Emergency Readiness Team
The National Cybersecurity and Communications Integration Center (NCCIC) is the Nation’s flagship cyber defense, incident response, and operational integration center. Our mission is to reduce the Nation’s risk of systemic cybersecurity and communications challenges.
NIST Special Publication 800-53 (security controls)
This NIST SP 800-53 database represents the security controls and associated assessment procedures defined in NIST SP 800-53 Revision 4 Recommended Security Controls for Federal Information Systems and Organizations.
(ISC)2 - International Information Systems Security Certification Consortium
Headquartered in the United States and with offices in London, Hong Kong and Tokyo, the International Information Systems Security Certification Consortium, Inc., (ISC)²®, is the global, not-for-profit leader in educating and certifying information security professionals throughout their careers. We are recognized for Gold Standard certifications and world class education programs.
AISP - Association of Information Security Professionals
To promote, develop, support and enhance the integrity, technical competence, management expertise, status and interests of information security professionals in Singapore.
Center for Internet Security
The Center for Internet Security, Inc. (CIS) is a 501c3 nonprofit organization focused on enhancing the cyber security readiness and response of public and private sector entities, with a commitment to excellence through collaboration. CIS provides resources that help partners achieve security goals through expert guidance and cost-effective solutions.
CIS Critical Security Controls (SANS)
The CIS Critical Security Controls are a recommended set of actions for cyber defense that provide specific and actionable ways to stop today's most pervasive and dangerous attacks. A principal benefit of the Controls is that they prioritize and focus a smaller number of actions with high pay-off results. The Controls are effective because they are derived from the most common attack patterns highlighted in the leading threat reports and vetted across a very broad community of government and industry practitioners.
CSA - Cloud Security Alliance
The Cloud Security Alliance (CSA) is a not-for-profit organization with a mission to promote the use of best practices for providing security assurance within Cloud Computing, and to provide education on the uses of Cloud Computing to help secure all other forms of computing. The Cloud Security Alliance is led by a broad coalition of industry practitioners, corporations, associations and other key stakeholders.
CVE - Common Vulnerabilities and Exposure
CVE® is a list of entries—each containing an identification number, a description, and at least one public reference—for publicly known cybersecurity vulnerabilities. CVE Entries are used in numerous cybersecurity products and services from around the world, including the U.S. National Vulnerability Database (NVD)
Cyber, Space & Intelligence Association
Cyber, Space, & Intelligence Association was founded in early 2011 to provide an environment for a vital flow of ideas between national security thought leaders in Government, Industry, and Congress focused Cyber, Space, and Intelligence challenges and opportunities.
EWF - Executive Women's Forum on Information Security, Risk Management & Privacy
The Executive Women's Forum is the largest member organization serving emerging leaders as well as the most prominent and influential female executives in the Information Security, Risk Management and Privacy industries.
FIRST - Forum of Incident Response and Security Teams
FIRST is the Forum of Incident Response and Security Teams. The idea of FIRST goes back until 1989, only one year after the CERT(r) Coordination Center was created after the infamous Internet worm. Back then incidents already were impacting not only one closed user group or organization, but any number of networks interconnected by the Internet.
IAPP - International Association of Privacy Professionals
The IAPP is the largest and most comprehensive global information privacy community and resource. Founded in 2000, the IAPP is a not-for-profit organization that helps define, support and improve the privacy profession globally.
IASAP - International Association of Security Awareness Professionals
Formed in 2012, the International Association of Security Awareness Professionals is an independent 501(c)6 non-profit association comprised of corporate members. Member participants are professionals who manage information security awareness programs for their organizations and are responsible for everyday awareness operations.
IETF RFCs | Internet Engineering Task Force
RFCs cover many aspects of computer networking, including protocols, procedures, programs, and concepts, as well as meeting notes, opinions, and sometimes humor. Below are links to RFCs, as available from ietf.org and from rfc-editor.org. Note that there is a brief time period when the two sites will be out of sync. When in doubt, the RFC Editor site is the authoritative source page.
International Association for Cryptologic Research
The International Association for Cryptologic Research (IACR) is a non-profit scientific organization whose purpose is to further research in cryptology and related fields. Cryptology is the science and practice of designing computation and communication systems which are secure in the presence of adversaries.
Internet Security Alliance
ISA was founded in 2000 in collaboration with Carnegie Mellon University. ISA membership is open to public and privately held entities and currently has substantial participation from the aviation, banking, communications, defense, education, financial services, health care, insurance, manufacturing, security and technology industries.
As an independent, nonprofit, global association, ISACA engages in the development, adoption and use of globally accepted, industry-leading knowledge and practices for information systems. Previously known as the Information Systems Audit and Control Association, ISACA now goes by its acronym only, to reflect the broad range of IT governance professionals it serves.
ISF - Information Security Forum
The ISF is the world's leading authority on information risk management. A not-for-profit organization, we supply authoritative opinion and guidance on all aspects of information security. We deliver practical solutions to overcome the wide-ranging security challenges that impact business information today.
ISFS - Information Security & Forensics Society
Information Security and Forensics Society (ISFS) was registered under the Hong Kong Societies Ordinance in May 2000. Our mission is to advocate and enforce professionalism, integrity and innovation in Information Security and Computer Forensics in Hong Kong and the surrounding region.
ISRA - Information Security Research Association
The Information Security Research Association (commonly known as ISRA) is a registered non-profit organization focused on various aspects of Information Security including security research and cyber security awareness activities.
ISSA - Information Systems Security Association
Developing and Connecting Cybersecurity Leaders Globally - ISSA is the community of choice for international cybersecurity professionals dedicated to advancing individual growth, managing technology risk and protecting critical information and infrastructure.
ISO/IEC 27000 family - Information security management systems
The ISO/IEC 27000 family of standards helps organizations keep information assets secure. Using this family of standards will help your organization manage the security of assets such as financial information, intellectual property, employee details or information entrusted to you by third parties. ISO/IEC 27001 is the best-known standard in the family providing requirements for an information security management system (ISMS).
NIST Cybersecurity Framework
This voluntary Framework consists of standards, guidelines, and best practices to manage cybersecurity-related risk. The Cybersecurity Framework’s prioritized, flexible, and cost-effective approach helps to promote the protection and resilience of critical infrastructure and other sectors important to the economy and national security.
National Association of ISACs
The mission of the National Council of ISACs (NCI) is to advance the physical and cyber security of the critical infrastructures of North America by establishing and maintaining a framework for valuable interaction between and among the ISACs and with government. Members of the Council are the individual Information Sharing and Analysis Centers (ISAC) that represent their respective sectors.
National Cyber Security Alliance
NCSA's mission is to educate and therefore empower a digital society to use the Internet safely and securely at home, work, and school, protecting the technology individuals use, the networks they connect to, and our shared digital assets.
OWSAP - Open Web Application Security Project
OWASP is an open community dedicated to enabling organizations to conceive, develop, acquire, operate, and maintain applications that can be trusted. All of the OWASP tools, documents, forums, and chapters are free and open to anyone interested in improving application security. We advocate approaching application security as a people, process, and technology problem because the most effective approaches to application security include improvements in all of these areas.
SANS Information Security Training
SANS is the most trusted and by far the largest source for information security training in the world. We offer training through several delivery methods - live & virtual, classroom-style, online at your own pace or webcast with live instruction, guided study with a local mentor, or privately at your workplace where even your most remote colleagues can join in via Simulcast. Our computer security courses are developed by industry leaders in numerous fields including cyber security training, network security, forensics, audit, security leadership, and application security.