INTERNATIONAL STANDARDS
- Information Security Management Systems (ISMS), ISO 27000 Series
The ISO27k Implementers Forum is an online group composed of over 1000 practitioners working on ISMS have recently UPDATED their ISO27k toolkit and made available for free and download. Strongly suggested that you visit the site.
- Organizations claiming to have been certified with ISO27001 must be verified at Certificate Register
- Information security guidance for banks is a good and informative reference, developed and made available online by FFIEC for financial institution to meet its business objectives by implementing business systems with due consideration of information technology related risks to the organization, business and trading partners, technology service providers and customers.
- Payment Card Industry Security Standards Council is an open global forum for the ongoing development, enhancement, storage, dissemination and implementation of security standards for account data protection, which is at the moment, beneficial to financial institutions worldwide with the utilization and adoption of its data security standards version 1-1 including qualified security assessor's (QSA) validation requirement. PCI DSS version 1-2 is out October 1, 2008. There is also a video presentation made available by Foundstone particularly for PCI DSS compliance in software development.
- Improving the Information Security Risk Assessment Process
- Recommendation for Creating a Comprehensive Framework for Risk Management and Compliance in the Financial Services and Insurance Industries
- Financial Impact of Cyber Security provided for FREE by ANSI and ISA. You may need to create a free account to download this.
- Information Security Management Maturity Model
- Site Security Handbook
- Expectations for Computer Security Incident Response
- Recommended Internet Service Provider Security Services and Procedures
- Guidelines for Evidence Collection and Archiving
- Internet Security Glossary
SURVEYS & POLLS
* Dr. Bert-Jaap Koops - Crypto Law Survey and The Crypto Controversy. A Key Conflict in the Information Society, his PhD thesis.
SYSTEMS CRITERION & SOLUTIONS
- Considerations in developing firewall selection criteria
ONLINE RESOURCES, TUTORIALS & WORKSHOPS
- A tutorial on Protecting Personal Information: A Guide for Business made available by Federal Trade Commission
- Information Security Online Dictionary
- SANS Sample Security Policy Templates
BRAND SPECIFIC PRACTICES & PROCEDURES
Cisco Systems
- Security Center and its Guide to Harden IOS Devices
Microsoft
- Microsoft Security Central