This page contains links to common information security websites, regulatory documents, security best practices, and audit guidance.
Documents: Blog Downloads (compliancequickstart.com)
Federal
Vulnerability Notifications
Federal
- NIST SP800-53 Database
- STIG Viewer http://iase.disa.mil/stigs/stig_viewing_guidance.html
- http://www.cnss.gov/full-index.html
- Federal Information Processing Standards (FIPS): FIPS 199 -- Security Categorization | FIPS 200 -- Minimum Security Controls
- NIST Special Publications: SP 800-30 -- Risk Assessment | SP 800-37 -- Risk Management Framework | SP 800-53 Rev 4 -- Security Controls | SP 800-53A -- Security Controls Assessement | SP 800-60 Vol 1 -- Security Categorization | SP 800-60 Vol 2 -- Security Categorization | SP 800-137 -- Continuous Monitoring
- Committee on National Security Systems (CNSS): CNSSP 22 -- Risk Management Policy for NSS | CNSSI 1253 -- Security Categorization and Control Selection for NSS)
- Department of Defense Instructions: CNSSI 1253 -- Security Categorization and Control Selection for NSS) | DoDI 8510.01 -- (DIACAP)
- Federal Information Security Management Act (FISMA): FISMA Implementation Project (NIST) | Federal Risk and Authorization Management Program (FedRAMPSM) | Federal Cloud Strategy
- Thank you IA Security Solutions for a great concise list.
- Common Regulations and Standards SOX | GLBA | FFIEC | Basel II | FCRA | HIPAA | NERC | NRC | CFAA | FISMA | FRCP | FISCAM | Privacy Act of 1974 | Safe Harbor | NYSE | PCI-DSS | COSO
- Audit Practices and Guides | ISO 27001:2005 | ISO/IEC 27002-2005 | OGC ITIL | BCI | CobiT | ISACA | AICPA | ISACA | OECD
- PCI-DSS Compliance Checker: http://www.vmware.com/products/datacenter-virtualization/pci-compliance-checker/overview.html
- VMware Hardening Guidelines: http://www.vmware.com/products/datacenter-virtualization/vsphere-compliance-checker/overview.html
- The Sarbanes-Oxley Act
- Gramm-Leach-Bliley Act
- Basel II: International Convergence of Capital Measurement and Capital Standards
- Fair Credit Reporting Act
- Health Insurance Portability and Accountability Act
- North American Electric Reliability Corporation Critical Infrastructure Protection Cyber Security Standards
- NRC Regulations (10 CFR) § 73.54
- Computer Fraud and Abuse Act
- Federal Information Security Management Act
- Federal Rules of Civil Procedure
- Federal Information System Controls Audit Manual
- Privacy Act of 1974
- US Department of Commerce EU Safe Harbor Privacy Principles
- NYSE Listed Company Manual
- PCI-DSS (Payment Card Industry Data Security Standard)
- COSO Enterprise Risk Management Integrated Framework
- ISO 27001:2005, Information Security Management Systems - Requirements
- ISO/IEC 27002-2005 Code of practice for information security management
- OGC ITIL: Security Management
- Business Continuity Institute (BCI) Good Practice Guidelines, 2005
- CobiT 4.1
- ISACA IS Standards, Guidelines, and Procedures for Auditing and Control Professionals, May 15, 2009
- AICPA Incident Response Plan: Template for Breach of Personal Information
- ISACA Cross-Border Privacy Impact Assessment
- OECD Principles of Corporate Governance, 2004
- OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data
- AICPA Audit and Accounting Guides
- DOT Physical Security Survey Checklist
- US-CERT: http://www.us-cert.gov/ncas
- Security Focus Bugtraq: http://www.securityfocus.com
- Microsoft: http://go.microsoft.com/fwlink/?LinkId=51352
- Secunia: http://secunia.com/advisories/mailing_lists
Audit
| Business
Continuity Planning | Development
and Acquisition | E-Banking | Information
Security | Management
| Operations
| Outsourcing
Technology Services | Retail
Payment Systems | Supervision
of Technology Service Providers | Wholesale
Payment Systems
- CIS Compliance (avinetworks.com): https://avinetworks.com/docs/22.1/cis-compliance
- All Industries - VMware Industry Solutions: https://blogs.vmware.com/industry-solutions/
- VMware | The Cloud Platform Tech Zone: https://core.vmware.com/
- VMware Customer Connect | Get Personalized Support Quickly and Easily | VMware Support: https://customerconnect.vmware.com/
- Supporting JADC2 and JWCC | vmware.com: https://engage.vmware.com/dod/supporting-jadc2-and-jwcc
- VMware PGP Public Key for Security Alerts (1055): https://kb.vmware.com/kb/1055
- Signup for Advisories (vmware.com): https://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce
- Fulldisclosure Info Page (nmap.org): https://nmap.org/mailman/listinfo/fulldisclosure
- VMware Ports and Protocols: https://ports.esp.vmware.com/
- Public Sector | VMware Tanzu: https://tanzu.vmware.com/industries/public-sector
- Trust Center (vmware.com): https://www.vmware.com/products/trust-center.html
- Compliance Solutions (vmware.com): https://www.vmware.com/resources/security/compliance-solutions.html
- Advisories (vmware.com): https://www.vmware.com/security/advisories
- Security Technical Implementation Guides (STIGs) | VMware: https://www.vmware.com/security/certifications/stigs.html
- Compliance and Cyber Risk Solutions (vmware.com): https://www.vmware.com/solutions/compliance-cyber-risk.html
- Risk Management & Compliance Solutions | VMware: https://www.vmware.com/solutions/compliance-risk-management.html
- Government IT Solutions | Federal Support | VMware: https://www.vmware.com/solutions/industry/federal-government-it-solutions.html
- General Lifecycle Support Policy (vmware.com): https://www.vmware.com/support/policies/eos.html
- VMware Support Policies: https://www.vmware.com/support/policies/eos_vi.html
- VMware External Vulnerability Response and Remediation Policy: https://www.vmware.com/support/policies/security_response.html
- Certifications - VMware Security: https://www.vmware.com/support/support-resources/certifications.html
- VMware Support Offerings & Services: https://www.vmware.com/technical-resources/security/index.html
- E-mail: security@vmware.com
- Product Security Center: http://tools.cisco.com/security/center/home.x
- Security Policy and Advisories: There are several ways to stay connected and informed about the latest security vulnerability information from Cisco. To subscribe to the mailing list, send an e-mail message to cust-security-announce-join@cisco.com. (The content of the message does not matter.) You will receive confirmation, instructions, and a list policy statement. For a full list of options, including RSS, view their product security policy: http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html#rsvifc
- Certifications: http://www.cisco.com/web/strategy/government/sec_cert.html
- Compliance: http://www.cisco.com/web/strategy/index.html
- Export and Contract Compliance: http://www.cisco.com/web/about/doing_business/legal/global_export_trade/general_export/contract_compliance.html
- Cyber Risk Reports: http://tools.cisco.com/security/center/cyberRiskReport.x
- Services (FW, SLB, IPS/IDS): http://www.cisco.com/en/US/solutions/ns340/ns414/ns742/ns743/ns994/landing_ntwk_services.html
- Security and Virtualization: http://www.cisco.com/en/US/docs/solutions/Enterprise/Data_Center/DC_3_0/dc_sec_design.html
- Data Center Security: http://www.cisco.com/en/US/netsol/ns750/networking_solutions_sub_program_home.html
- Data Center Design Zone: http://www.cisco.com/en/US/netsol/ns743/networking_solutions_program_home.html
- Product Security Center: http://www.emc.com/products/security/index.htm
- Advisories: http://www.emc.com/contact-us/contact/product-security-response-center.htm
- Subscribe to both EMC Security Advisories All EMC Products - Current Year and relevant product-specific documents on Powerlink. Click the lightning bolt (i.e. Alert Me) icon next to the Product documents of choice to add it to your Alerts Portlet. You can choose to be notified by email and/or each time you login to Powerlink.
- Certifications: http://www.emc.com/products/external-security-validation.htm
- Compliance: Organized under specific Business Needs: http://www.emc.com/solutions/index.htm
- Security Solutions: http://www.emc.com/security/index.htm
JOBS
- https://www.cyberseek.org/heatmap.html
- Check out salary data using Payscale, Glassdoor, Indeed, and Salary to see the median pay for your industry, position, and location. You can also use Glassdoor's Know Your Worth tool. PayScale offers its free report PayScale's Salary Survey with data covering your salary range based on position, skills, education, and experience.
