threat post (kaspersky)
news summaries at internet storm center (isc – sans)
latest security news at infosec industry
naked security (sophos)
security on network world from IDG
cso online from IDG
security management on ASIS
NIST CSRC – The Computer Security Resource Center (CSRC) facilitates broad sharing of information security tools and practices, provides a resource for information security standards and guidelines, and identifies key security web resources to support users in industry, government, and academia. CSRC is the primary gateway for gaining access to NIST computer security publications, standards, and guidelines plus other useful security-related information.
(ISC)2 – (ISC)² is an international nonprofit membership association focused on inspiring a safe and secure cyber world. Best known for the acclaimed Certified Information Systems Security Professional (CISSP) certification, (ISC)² offers a portfolio of credentials that are part of a holistic, programmatic approach to security.
ISACA – As an independent, nonprofit, global association, ISACA engages in the development, adoption and use of globally accepted, industry-leading knowledge and practices for information systems. Previously known as the Information Systems Audit and Control Association, ISACA now goes by its acronym only, to reflect the broad range of IT governance professionals it serves.
SANS – SANS is the most trusted and by far the largest source for information security training and security certification in the world. It also develops, maintains, and makes available at no cost, the largest collection of research documents about various aspects of information security, and it operates the Internet’s early warning system – the Internet Storm Center.
OWASP – The Open Web Application Security Project (OWASP) is a worldwide not-for-profit charitable organization focused on improving the security of software.
Cloud Security Alliance – The Cloud Security Alliance (CSA) is the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment.
ISF – The Information Security Forum founded in 1989, the Information Security Forum (ISF) is an independent, not-for-profit organisation with a Membership comprising many of the world’s leading organisations featured on the Fortune 500 and Forbes 2000 lists. ISF is dedicated to investigating, clarifying and resolving key issues in information security and risk management, by developing best practice methodologies, processes and solutions that meet the business needs of ISF members.
ISSA – The Information Systems Security Association (ISSA)® is a not-for-profit, international organization of information security professionals and practitioners. It provides educational forums, publications, and peer interaction opportunities that enhance the knowledge, skill, and professional growth of its members.
FIRST – FIRST is the Forum of Incident Response and Security Teams. The idea of FIRST goes back until 1989, only one year after the CERT(r) Coordination Center was created after the infamous Internet worm. Back then incidents already were impacting not only one closed user group or organization, but any number of networks interconnected by the Internet.
Since 1990, when FIRST was founded, its members have resolved an almost continuous stream of security-related attacks and incidents including handling thousands of security vulnerabilities affecting nearly all of the millions of computer systems and networks throughout the world connected by the ever growing Internet.
CIS – The Center for Internet Security (CIS) is a 501(c)(3) organization dedicated to enhancing the cybersecurity readiness and response among public and private sector entities. Utilizing its strong industry and government partnerships, CIS combats evolving cybersecurity challenges on a global scale and helps organizations adopt key best practices to achieve immediate and effective defenses against cyber attacks. CIS is home to the Multi-State Information Sharing and Analysis Center (MS-ISAC), CIS Security Benchmarks, and CIS Critical Security Controls. To learn more follow CIS on Twitter at @CISecurity.
ISF – Founded in 1989, the Information Security Forum (ISF) is an independent, not-for-profit organisation with a Membership comprising many of the world’s leading organisations featured on the Fortune 500 and Forbes 2000 lists. ISF is dedicated to investigating, clarifying and resolving key issues in information security and risk management, by developing best practice methodologies, processes and solutions that meet the business needs of Members.
ISA – The International Society of Automation (www.isa.org) is a nonprofit professional association that sets the standard for those who apply engineering and technology to improve the management, safety, and cybersecurity of modern automation and control systems used across industry and critical infrastructure. Founded in 1945, ISA develops widely used global standards; certifies industry professionals; provides education and training; publishes books and technical articles; hosts conferences and exhibits; and provides networking and career development programs for its 40,000 members and 400,000 customers around the world. Click here for more on the ISA62443 standard.
NCSA – The National Cyber Security Alliance (NCSA), a 501c(3) non-profit founded in 2001, is a public private partnership, working with the Department of Homeland Security (DHS), private sector sponsors (founding sponsors included Symantec, Cisco Systems, Microsoft, SAIC, EMC, McAfee), and nonprofit collaborators to promote cyber security awareness for home users, small and medium size businesses, and primary and secondary education. The NCSA’s mission is to empower and support digital citizens to use the Internet securely and safely, protecting themselves and the cyber infrastructure. The About page of NCSA
FISSEA – The Federal Information Systems Security Educators’ Association (FISSEA), founded in 1987, is an organization run by and for information systems security professionals to assist federal agencies in meeting their information systems security awareness, training, education, and certification responsibilities. FISSEA conducts an annual fee-based conference and free workshops during the year. Please join the “FISSEA Community of Interest” on GovLoop, to pose questions and receive feedback from colleagues.
ISRA – The Information Security Research Association (commonly known as ISRA) is a registered non-profit organization focused on various aspects of Information Security including security research and cyber security awareness activities. Officially registered in the year 2010, the Information Security Research Association has established itself as the leading security research organization in the Industry.
ISRA is active in spreading information security awareness and its members have conducted and delivered a large number of information security awareness seminars and campaigns across various geographical locations. As part of this initiative, ISRA observes the first Thursday of every august as the Information Security day. Information Security Research is another domain that is actively supported by ISRA. Students chapter of ISRA are operating at various colleges with this objective.
CISSP – Certified Information Systems Security Professional. The vendor-neutral CISSP certification is the ideal credential for those with proven deep technical and managerial competence, skills, experience, and credibility to design, engineer, implement, and manage their overall information security program to protect organizations from growing sophisticated attacks.
CISM – Certified Information Security Manager (CISM) is a certification for information security managers awarded by ISACA (formerly the Information Systems Audit and Control Association). The intent of the certification is to provide a common body of knowledge for information security management. The CISM focuses on information risk management as the basis of information security. It also includes material on broader issues such as how to govern information security as well as on practical issues such as developing and managing an information security program and managing incidents. The point of view in the certification is that of widely accepted cross-industry best practices, where information security gets its justification from business needs. The implementation includes information security as an autonomous function inside wider corporate governance. [Wikipedia]
CISA – Certified Information Systems Audior (CISA) is a globally recognized certification for IS audit control, assurance and security professionals. Being CISA-certified showcases your audit experience, skills and knowledge, and demonstrates you are capable to assess vulnerabilities, report on compliance and institute controls within the enterprise.
CRISC – Certified in Risk and Information Systems Control (CRISC) is the only certification that prepares and enables IT professionals for the unique challenges of IT and enterprise risk management, and positions them to become strategic partners to the enterprise.
SANS GSEC – Security Essentials (GSEC); Security Professionals that want to demonstrate they are qualified for IT systems hands-on roles with respect to security tasks. Candidates are required to demonstrate an understanding of information security beyond simple terminology and concepts.
CASP – CompTIA Advanced Security Practitioner (CASP) meets the growing demand for advanced IT security in the enterprise. Recommended for IT professionals with at least 5 years of experience, CASP certifies critical thinking and judgment across a broad spectrum of security disciplines and requires candidates to implement clear solutions in complex environments.
Security+ – CompTIA Security+ is the certification globally trusted to validate foundational, vendor-neutral IT security knowledge and skills. As a benchmark for best practices in IT security, this certification covers the essential principles for network security and risk management – making it an important stepping stone of an IT security career.
CCSP – Certified Cloud Security Professional. The CCSP credential from (ISC)2 is designed for experienced information security professionals with at least five years of full-time IT experience, including three years of information security and at least one year of cloud security experience. The CCSP credential is suitable for mid-level to advanced professionals involved with IT architecture, web and cloud security engineering, information security, governance, risk and compliance, and even IT auditing.
CSA/CCSK – As cloud computing shows itself to be the future of information technology, several studies have pointed to the necessity of addressing the IT industry’s skills gap and training professionals in both cloud computing and security. Since Cloud Security Alliance first released the Certificate of Cloud Security Knowledge (CCSK) in 2010, thousands of IT and security professionals have taken the opportunity to upgrade their skillsets and enhance their careers by obtaining the CCSK.
ECSA – EC-Council Certified Security Analyst (ECSA)
CEH – v8 – A Certified Ethical Hacker (CEH) is a skilled professional who understands and knows how to look for weaknesses and vulnerabilities in target systems and uses the same knowledge and tools as a malicious hacker, but in a lawful and legitimate manner to assess the security posture of a target system(s). The CEH credential certifies individuals in the specific network security discipline of Ethical Hacking from a vendor-neutral perspective.
CHFI v8 – The Certified Hacking Forensic Investigator (CHFI) program certifies individuals in the specific security discipline of computer forensics from a vendor-neutral perspective. The CHFI certification will fortify the application knowledge of law enforcement personnel, system administrators, security officers, defense and military personnel, legal professionals, bankers, security professionals, and anyone who is concerned about the integrity of the network infrastructure.
CCFP – Certified Cyber Forensics Professional by (ISC)2. The evolving field of cyber forensics requires professionals who understand far more than just hard drive or intrusion analysis. The field requires CCFP professionals who demonstrate competence across a globally recognized common body of knowledge that includes established forensics disciplines as well as newer challenges, such as mobile forensics, cloud forensics, anti-forensics, and more. The CCFP credential indicates expertise in forensics techniques and procedures, standards of practice, and legal and ethical principles to assure accurate, complete, and reliable digital evidence admissible in a court of law. It also indicates the ability to apply forensics to other information security disciplines, such as e-discovery, malware analysis, or incident response. In other words, the CCFP is an objective measure of excellence valued by courts and employers alike.
CISSP – ISSAP – Information Systems Security Architecture Professional. CISSP-ISSAP requires a candidate to demonstrate 2 years of professional experience in the area of architecture and is an appropriate credential for Chief Security Architects and Analysts who may typically work as independent consultants or in similar capacities. The architect plays a key role within the information security department with responsibilities that functionally fit between the C-suite and upper managerial level and the implementation of the security program. The candidate would generally develop, design, or analyze the overall security plan.
CISSP-ISSMP – Information Systems Security Management Professional. A CISSP-ISSMP establishes, presents, and governs information security programs demonstrating management and leadership skills. Typically the ISSMP certification holder or candidate will construct the framework of the information security department and define the means of supporting the group internally. ISSMPs have a far more well-rounded and complete comprehension of information security than other popular management credentials.
CISSP-ISSEP – Information Systems Security Engineering Professional. This CISSP-ISSEP concentration was developed in conjunction with the U.S. National Security Agency (NSA) providing an invaluable tool for any systems security engineering professional. ISSEP is the guide for incorporating security into projects, applications, business processes, and all information systems. Security professionals are hungry for workable methodologies and best practices that can be used to integrate security into all facets of business operations.
C|CISO – Certified Information Security Officer. The EC-Council CCISO Body of Knowledge covers all five the CCISO Information Security Management Domains in depth and was written by seasoned CISOs for current and aspiring CISOs. Domain 1 covers the Policy, Legal, and Compliance aspects of Governance. Domain 2 delves into the all-important topic of audit management from the CISO’s perspective and also covers IS controls. Domain 3 covers the Role of the CISO from a Project and Operations Management perspective. Domain 4 summarizes the technical aspects that CISOs manage in their day-to-day jobs, but from an executive standpoint. Domain 5 is all about Strategic Planning and Finance – crucial areas for C-Level executives to understand in order to succeed and drive information security throughout their organizations.
L|PT – Licensed Penetration Tester. To earn the prestigious EC-Council LPT (Master) Credential, you must successfully pass our most challenging practical exam available. The LPT (Master) practical exam is the capstone to EC-Council’s entire information security track; from the Certified Ethical Hacker Program (C|EH) to theEC-Council Certified Security Analyst (E|CSA) Program. It all culminates with the ultimate test of your career as a penetration tester – the Licensed Penetration Tester practical exam. You will need to demonstrate a mastery of the skills required to conduct a full blackbox penetration test of a network provided to you by EC-Council on our cyber range, iLabs. You will follow the entire process taught to you through Ethical Hacking and Security Assessment, taking you from reconnaissance, scanning, enumeration, gaining access, maintaining access, then exploiting vulnerabilities that you will have to seek out in a network that only a true professional will be able to break. EC-Council will provide the entire cyber-range through its cloud based cyber range, iLabs. All toolsets are provided to you – you bring the skill.
OSCP – The Offensive Security Certified Professional (OSCP) is the companion certification for our Penetration Testing with Kali Linux training course and is the world’s first completely hands-on offensive information security certification. The OSCP challenges the students to prove they have a clear and practical understanding of the penetration testing process and life-cycle through an arduous twenty-four (24) hour certification exam. An OSCP has demonstrated their ability to be presented with an unknown network, enumerate the targets within their scope, exploit them, and clearly document their results in a penetration test report.
CGEIT – Certified in Governance of Enterprise IT (CGEIT) recognizes a wide range of professionals for their knowledge and application of enterprise IT governance principles and practices. As a CGEIT certified professional, you demonstrate that you are capable of bringing IT governance into an organization—that you grasp the complex subject holistically, and therefore, enhance value to the enterprise.
SANS GIAC Certifications – Click here for the list of all GIAC certifications.
The Guardian Blog on Security
Krebs on Security
Various Blogs on SANS
Motherboard / Vice Blog
US-CERT : United States Computer Emergency Readiness Team. US-CERT strives for a safer, stronger Internet for all Americans by responding to major incidents, analyzing threats, and exchanging critical cybersecurity information with trusted partners around the world.