Cesare Gallotti, consultancy on information security, data protection, quality, IT Service Management, Business Continuity, Privacy
Cesare Gallotti, Lead Auditor 27001, Lead Auditor 20000, Lead Auditor 9001
Table of contents:
Usually, in Internet, information security is confused with IT security. On the latter subject, the most important websites are:
- www.sans.org, the SANS Institute gives access to different resources (the Internet Storm Center and the Reading Room) including the subscription to the Newsbyte newsletter.
- www.schneier.com, website of one of the most famous experts in IT security. The Crypto-Gram newsletter is recommended.
- csrc.nist.gov, the NIST is concerned with the IT security of US Government agencies and publishes very interesting standards and guidelines.
- http://www.commoncriteriaportal.org, the official site for Common Criteria for IT Security Evaluation (ISO/IEC 15408).
- http://nsi.org, the National Security Engineering Institute publishes documents about IT and not-IT security.
- www.trustedcomputinggroup.org, the Trusted Computing Group.
- www.bsi.de, the German BSI publishes a very popular IT Security baseline.
- www.cesg.gov.uk, the UK information security agency.
- www.cse-cst.gc.ca, the Canadian Communications Security Establishment.
- www.cisecurity.org, the Center for Internet Security publishes interesting configuration baselines for the hardening of IT systems.
- www.dsd.gov.au, the Australian Defence Signals Directorate (DSD).
- enisa.europa.eu, the European Network and Information Security Agency is the competence center of the UE and manages various IT security related projects.
- www.pcisecuritystandards.org, Payment Card Industry publishes the PCI standards.
Security and auditing
Risk Assessment methodologies
Business Continuity Management
Virus and Anti-virus
Other information security websites, alphabetically ordered:
- http://portal.acm.org, the Association for Computing Machinery.
- http://advice.networkice.com/Advice/default.htm, ISS database.
- www.all.net, website of Fred Cohen & associates, with lots of useful papers.
- www.astalavista.com, one of the most famous hackers portal.
- www.boran.com/security, with and interesting "IT Security Cookbook" .
- www.cl.cam.ac.uk/Research/Security/tamper/, of the University of Cambridge TAMPER Laboratory, specialized in hardware security.
- www.earthlink.net, with an interesting spyware scanner on www.earthlink.net/spyaudit.
- www.epm.ornl.gov/~dunigan/ and www.cs.utk.edu/~dunigan/, of Tom Dunigan.
- www.guidancesoftware.com, for the forensics software EnCase.
- www.hackerscatalog.com, with books related to hacking.
- www.infosyssec.net, IT security website.
- www.iritaly.org, of the the IRItaly (Incident Response Italy) project.
- www.isc2.org, of the CISSP (Certified Information Systems Security Professional) certification programme.
- www.lavasoft.de/, an anti-trackware products vendor.
- http://ist.mit.edu/security, the internal IT security website of MIT, with useful templates and links.
- nvd.nist.gov the US National Vulnerability Database.
- www.osvdb.org, the Open Source Vulnerability Database.
- http://www.owasp.org, the Open Web Application Security Project (OWASP).
- www.rspa.com, with links for Risk Analysis.
- security.vt.edu, the internal website of Virginia University (USA) with useful templates.
IT Service Management
Organizations for standardization
- www.iso.ch, the International Organization for Standardization.
- www.accredia.it, the Italian accreditation body.
- www.uni.com, the Ente Nazionale Italiano di Unificazione.
- www.european-accreditation.org, the European co-operation for Accreditation.
- www.tc176.org/Interpre.asp, with ISO 9001 comments.
- www.bsi-global.com, of BSI, the British Standard Institute.
- www.nssn.org, a search engine for standards.
- www.wssn.net, the World Standards Services Network (WSSN).
- www.iso27001certificates.com, the international register for ISO/IEC 27001 certificates (but not as accurate as national accreditation bodies registers).
- http://www.isoiec20000certification.com, the official site for the ISO/IEC 20000 (former BS 15000) certification.
- www.itsmf.org, the official website of the IT Service Management Forum.
Other organizations for standardization
- http://www.faqs.org/rfcs/rfc-titles.html, the RFC Index.
- www-01.ibm.com/software/rational/uml/, the UML Resource Center.
- http://www.informatik.uni-bremen.de/uniform/, about formal methods for software development.
- www.methodware.com, with lots of links.
- www.qual-it-consulting.it, about SPICE standard and ISO SC7 projects.
- www.sei.cmu.edu/managing/index.html, the Security Institute of the Canergie Mellon University, where Capability Maturity Models are developed.
- sisyphus.cit.gu.edu.au, the Software Quality Institute.
- web.ansi.org, ANSI.
- www.etsi.org, the European Telecommunications Standards Institute.
Products marksand safety
Informatics related dictionaries
Back to Table of Contents
Cesare Gallotti - Ripa di Porta Ticinese 75 - 20143 Milano - P. IVA 06342760961