- CERT/CC (CERT
Based in Carnegie Mellon University, CERT/CC is well-known for their
up-to-date security advisories. It also studies Internet security vulnerabilities,
publish security alerts and white papers and provide training materials.
(Singapore Computer Emergency Response Team)
SingCERT is a joint effort by the Infocomm Development Authority (IDA)
and the Centre for Internet Research. SingCERT aims to facilitate the
detection, resolution and follow-up of computer security incidents in
(Australian Computer Emergency Response Team)
AusCERT provides a single, trusted point of contact in Australia for
the Internet community to deal with computer security incidents. It
has a comprehensive amount of information to assist users secure their
- CSI (Computer
Computer Security Institute (CSI) is the world's leading membership
organization providing security education to computer security professionals.
It also publishes surveys and reports on topics such as computer crime
and information security program assessments.
- ISC2 (International
Information Systems Security Certifications Consortium)
(ISC)2 is the organization that issues the CISSP and SSCA certifications.
It is a non-profit organization dedicated to maintaining a common body
of knowledge for Information Security, certifying industry professionals
and practitioners to an international IS standard, and administering
training and certification examinations.
- SANS Institute
SANS Institute is a research and education organization offering security
alerts and news updates, special research projects and publications,
in-depth education and certification. Its well-known for its Global
Information Assurance Certification (GIAC).
- CVE (Common
Vulnerabilities and Exposures)
CVE aims to standardize the names for all publicly known vulnerabilities
and security exposures. CVE¹s content results from the collaborative
efforts of the CVE Editorial Board, which includes representatives from
numerous information security-related organizations.
- IT Audit
ITAudit.org is a top information technology resource for IT auditors.
The ITAudit Forum aims to promote a better understanding of IT among
audit professionals. It provides a forum for auditors and IT auditors
worldwide to share information.
(Center for Education and Research in Information Assurance and Security)
CERIAS is one of the world's foremost centers for multidisciplinary
research and education in areas of information security. Its areas of
research include computer, network, and communications security as well
as information assurance.
- ISSA (Information
Systems Security Association)
ISSA is a non-profit international organization of information security
professionals and practitioners. It provides education forums, publications
and peer interaction opportunities that enhance the knowledge, skill
and professional growth of its members.
- ISACA (Information
Systems Audit and Control Association & Foundation)
Founded in 1969, ISACA is a recognized leader in IT governance, control
and assurance. It sponsors international conferences, administers the
well-respected CISA (Certified Information Systems Auditor) certification
process, and develops information systems (IS) auditing and control
Interest Group in Security and Information inteGrity (SIG^2)
SIG^2 is a Singapore non-profit organization started by a group of security
professionals. SIG^2 intends to encourage active interest and promote
awareness of Information Security in Singapore, provide a forum for
sharing of knowledge and information, promote communication among security
professionals and conduct education for members of the public.
A leading security site offering security advice and up-to-date information.
A comprehensive security portal that provides daily security news, and
introduces new security tools, vulnerabilities, whitepapers, books and
new security products.
This site focuses primarily on publishing system and application vulnerabilities
The one stop shop for all Internet security related information. A very
- Helpnet Security
A well maintained security portal that is frequently updated with the
latest security news, vulnerabilities and security tools.
PacketStorm created a storm in the security industry a few years ago
with its vast collection of security and hacking tools.
- Windows Operating
One of the best security sites on Windows security. Fresh security columns
are churned out frequently and mailing lists are available for security
- Win NT, Win 2000,
and Win XP Security Tips
A very good site for newbie and experienced Windows administrators alike
who are interested in learning about Windows security.
- Hacker's Club
As the name suggests, this site contains mainly cracking tools and information
on hacking and securing concepts. Suitable for security geeks.
This site is maintained by Max Vision and is very proactive in the intrusion
detection field, primarily with the Snort IDS. In addition, the hosted
forums provide a wealth of information network defense, penetration
testing and intrusion detection.
Although Bugtraq may not be a security portal, it is worth mentioning
here because it is the champion for disclosing security vulnerabilities
found in applications and systems. As a result, these actions has caused
vendors to take security problems seriously.
- NT Bugtraq
NT Bugtraq's mission is similar to its Bugtraq cousin. However, it concentrates
solely in Windows NT, Windows 2000, Windows XP and related applications.
Vendor Specific Security Alerts
- SC InfoSecurity
SC InfoSecurity Magazine is a leading computer security magazine in
UK and Europe.
- 2600 Magazine
2600 is a long running underground magazine that covers computer and
Information Security magazine is published monthly by TruSecure, formerly
known as ICSA.net.
Network World Fusion
Network World is an established networking magazine with a comprehensive
IT security section