Organizations

• CERT/CC (CERT Coordination Center)
  Based in Carnegie Mellon University, CERT/CC is well-known for their up-to-date security advisories. It also studies Internet security vulnerabilities, publish security alerts and white papers and provide training materials.
  
  
  
• SingCERT (Singapore Computer Emergency Response Team)
  SingCERT is a joint effort by the Infocomm Development Authority (IDA) and the Centre for Internet Research. SingCERT aims to facilitate the detection, resolution and follow-up of computer security incidents in Singapore.
  
  
  
• AusCERT (Australian Computer Emergency Response Team)
  AusCERT provides a single, trusted point of contact in Australia for the Internet community to deal with computer security incidents. It has a comprehensive amount of information to assist users secure their systems.
  
  
  
• CSI (Computer Security Institute)
  Computer Security Institute (CSI) is the world's leading membership organization providing security education to computer security professionals. It also publishes surveys and reports on topics such as computer crime and information security program assessments.
  
  
  
• ISC2 (International Information Systems Security Certifications Consortium)
  (ISC)2 is the organization that issues the CISSP and SSCA certifications. It is a non-profit organization dedicated to maintaining a common body of knowledge for Information Security, certifying industry professionals and practitioners to an international IS standard, and administering training and certification examinations.
  
  
  
• SANS Institute
  SANS Institute is a research and education organization offering security alerts and news updates, special research projects and publications, in-depth education and certification. Its well-known for its Global Information Assurance Certification (GIAC).
  
  
  
• CVE (Common Vulnerabilities and Exposures)
  CVE aims to standardize the names for all publicly known vulnerabilities and security exposures. CVE¹s content results from the collaborative efforts of the CVE Editorial Board, which includes representatives from numerous information security-related organizations.
  
  
  
• IT Audit
  ITAudit.org is a top information technology resource for IT auditors. The ITAudit Forum aims to promote a better understanding of IT among audit professionals. It provides a forum for auditors and IT auditors worldwide to share information.
  
  
  
• CERIAS (Center for Education and Research in Information Assurance and Security)
  CERIAS is one of the world's foremost centers for multidisciplinary research and education in areas of information security. Its areas of research include computer, network, and communications security as well as information assurance.
  
  
  
• ISSA (Information Systems Security Association)
  ISSA is a non-profit international organization of information security professionals and practitioners. It provides education forums, publications and peer interaction opportunities that enhance the knowledge, skill and professional growth of its members.
  
  
  
• ISACA (Information Systems Audit and Control Association & Foundation)
  Founded in 1969, ISACA is a recognized leader in IT governance, control and assurance. It sponsors international conferences, administers the well-respected CISA (Certified Information Systems Auditor) certification process, and develops information systems (IS) auditing and control standards.
  
  
  
• Special Interest Group in Security and Information inteGrity (SIG^2)
  SIG^2 is a Singapore non-profit organization started by a group of security professionals. SIG^2 intends to encourage active interest and promote awareness of Information Security in Singapore, provide a forum for sharing of knowledge and information, promote communication among security professionals and conduct education for members of the public.

Security Portals

• SecurityFocus
  A leading security site offering security advice and up-to-date information.
  
  
  
• SecuritySearch
  A comprehensive security portal that provides daily security news, and introduces new security tools, vulnerabilities, whitepapers, books and new security products.
  
  
  
• Securiteam
  This site focuses primarily on publishing system and application vulnerabilities and exploits.
  
  
  
• Infosyssec
  The one stop shop for all Internet security related information. A very comprehensive destination.
  
  
  
• Helpnet Security
  A well maintained security portal that is frequently updated with the latest security news, vulnerabilities and security tools.
  
  
  
• PacketStorm
  PacketStorm created a storm in the security industry a few years ago with its vast collection of security and hacking tools.
  
  
  
• Windows Operating System Security
  One of the best security sites on Windows security. Fresh security columns are churned out frequently and mailing lists are available for security enthusiasts.
  
  
  
• Win NT, Win 2000, and Win XP Security Tips
  A very good site for newbie and experienced Windows administrators alike who are interested in learning about Windows security.
  
  
  
• Hacker's Club
  As the name suggests, this site contains mainly cracking tools and information on hacking and securing concepts. Suitable for security geeks.
  
  
  
• Whitehats
  This site is maintained by Max Vision and is very proactive in the intrusion detection field, primarily with the Snort IDS. In addition, the hosted forums provide a wealth of information network defense, penetration testing and intrusion detection.
  
  
  
• Bugtraq
  Although Bugtraq may not be a security portal, it is worth mentioning here because it is the champion for disclosing security vulnerabilities found in applications and systems. As a result, these actions has caused vendors to take security problems seriously.
  
  
  
• NT Bugtraq
  NT Bugtraq's mission is similar to its Bugtraq cousin. However, it concentrates solely in Windows NT, Windows 2000, Windows XP and related applications.
  
  

Vendor Specific Security Alerts

• Microsoft Security Bulletins
• Sun Microsystems Security Mailing Lists
• Hewlett-Packard Security Alerts
• Compaq Security Services
• RedHat Linux Security Alerts
• IBM AIX Service and Support
• Cisco Security Advisories
• SGI Security Advisories
• Debian Linux Security Bulletin
• SuSE Linux Security Bulletin
• OpenBSD Security Mailing Lists
• FreeBSD Security Services
• NetBSD Security Services

Publications

• SC InfoSecurity Magazine
  SC InfoSecurity Magazine is a leading computer security magazine in UK and Europe.
  
  
  
• 2600 Magazine
  2600 is a long running underground magazine that covers computer and telco security.
  
  
  
• Information Security Magazine
  Information Security magazine is published monthly by TruSecure, formerly known as ICSA.net.
  
  
  
• Network World Fusion
  Network World is an established networking magazine with a comprehensive IT security section

Note : Links will open in a new browser window. Please note that SIG^2 does not endorse and is not responsible for the contents or privacy practices of any external linked site or any link contained in a linked site.

Updated: 30/12/2002
webmaster@security.org.sg