Over the years we have developed a rich list of Internet Web resources, which we offer here to you, split between two web pages. The Technical Interest Links page includes resources of more specific or technical interest. Each resource includes the Web title, a brief summary, and the actual URL.
We will continue to add to this list from time-to-time. New resources will be highlighted for 30 days so you can more easily spot them. Please use the Contact form to send along any Web resources that you recommend for addition to this list.
NIST CSRC — U.S. Government resource
The National Institute of Standards (NIST) Computer Security Division’s (CSD) Computer Security Resource Center (CSRC) facilitates broad sharing of information security tools and practices, provides a resource for information security standards and guidelines, and identifies key security web resources to support users in industry, government, and academia. CSRC is the primary gateway for gaining access to NIST computer security publications, standards, and guidelines plus other useful security-related information.
U.S. Secret Service — U.S. Government resource
The U.S. Secret Service is involved in stopping financial institution fraud, computer and telecommunications fraud, false identification documents, access device fraud, advance fee fraud, electronic funds transfers and money laundering as it relates to the agency’s core violations. state and local law enforcement, but also prosecutors, private industry and academia. The common purpose is the prevention, detection, mitigation and aggressive investigation of attacks on the nation’s financial and critical infrastructures. The Secret Service’s ECTF and Electronic Crimes Working Group initiatives prioritize investigative cases that involve electronic crimes.
Information Shield — Policy development
Information Shield claims to provides time-saving products and services to help build, update and maintain information security and data privacy policies.
CVE — Dictionary of security vulnerabilities
Common Vulnerabilities and Exposures (CVE®) is a dictionary of common names (i.e., CVE Identifiers) for publicly known information security vulnerabilities. CVE’s common identifiers make it easier to share data across separate network security databases and tools, and provide a baseline for evaluating the coverage of an organization’s security tools. If a report from one of your security tools incorporates CVE Identifiers, you may then quickly and accurately access fix information in one or more separate CVE-compatible databases to remediate the problem.
PWC — 2014 CIO Global Digital Survey
Learn what factors are transforming the global digital banking landscape and the 6 imperatives banks will need to consider to be successful in this 2014 version of PWC’s annual survey.
All.Net — Index of security topic links
Clearinghouse website managed by Fred Cohen & Associates.
ASIS International — Security organization
ASIS is an organization for security professionals, dedicated to increasing their effectiveness and productivity by developing educational programs and materials that address broad security interests. ASIS also advocates the role and value of the security management profession to business, the media, government entities, and the public.
Common Criteria — IT Security product assurance
Organization formed to ensure that evaluations of Information Technology (IT) products and protection profiles are performed to high and consistent standards and are seen to contribute significantly to confidence in the security of those products and profiles; to improve the availability of evaluated, security-enhanced IT products and protection profiles; to eliminate the burden of duplicating evaluations of IT products and protection profiles;to continuously improve the efficiency and cost-effectiveness of the evaluation and certification/validation process for IT products and protection profiles.
Business Continuity Institute — Professional organization
Business Continuity is the capability of the organization to continue delivery of products or services at acceptable predefined levels following a disruptive incident. Business Continuity Management is a holistic management process that identifies potential threats to an organization and the impacts to business operations those threats, if realized, might cause, and which provides a framework for building organizational resilience with the capability of an effective response that safeguards the interests of its key stakeholders, reputation, brand and value-creating activities.
IEEE — Professional organization
IEEE has as its core purpose to foster technological innovation and excellence for the benefit of humanity. Significant contributions to defining and setting international technical standards.
ANSI — Professional organization
A U.S. standards institute that oversees the creation, promulgation and use of thousands of norms and guidelines that directly impact businesses in nearly every sector. ANSI is also actively engaged in accrediting programs that assess conformance to standards. ANSI is the official U.S. representative to the International Organization for Standardization (ISO),
OWASP — Professional organization
The Open Web Application Security Project (OWASP) is a worldwide not-for-profit charitable organization focused on improving the security of software, who’s mission is to make software security visible, so that individuals and organizations worldwide can make informed decisions about true software security risks.
The Honeynet Project — Professional organization
The Honeynet Project is a leading international non-profit security research organization, dedicated to investigating the latest attacks and developing open source security tools to improve Internet security.
Qualys SSL Labs — SSL server test
This free online service performs a deep analysis of the configuration of any SSL web server on the public Internet.
Secunia — Personal Software Inspector [MS Win]
A personal vulnerability scanner, from a Danish company, that scans non-Microsoft software on your system and identifies programs in need of security updates.
Sophos — Security tools
Various tools, free and paid, for network, end-user, and server protection, including firewall, secure WiFi, secure web and email gateways, anti-virus and file encryption.
Gizmo — Encryption is Not Enough
Guidelines for choosing file encryption software.
AxCrypt — Password protected file encryption [MS Win]
Open source file encryption software interacting with Windows to compress, encrypt, decrypt, store, send and work with individual files.
Wikipedia — Firesheep
Firesheep is an extension for the Firefox web browser that uses a packet sniffer to intercept unencrypted cookies from websites such as Facebook and Twitter.
BestVPNProvider — Compare VPN service providers
Website that lists, summarizes features and shows pricing for many VPN providers.
ITSHidden VPN — A VPN service
A VPN service with servers in the U.S., the U.K. and the Netherlands. Free and paid options.
SecureKISS — A VPN service
A VPN service headquartered in Ireland. Free and paid options.
Virtual Private Network Wiki — Compare VPN service providers
A wiki that lists, summarizes features and shows pricing for many VPN providers. Most updates are 2012 or earlier, so the site is a bit out of date.
TOR — Internet location masking service
Tor is a network of virtual tunnels (VPN) that allows people and groups to improve their privacy and security on the Internet.
HotSpot Shield — A VPN service
A VPN service with servers in the U.S., U.K. and Japan. Free and paid options.
VyprVPN — A VPN service
A VPN service with servers in many countries around the world. No free option.
GhostPath — A VPN service
A VPN service with servers in 43 countries. No free option.
HideMyAss — A VPN service
A VPN service with servers in 150 countries. No free option.
WiTopia — A VPN service
A VPN service with servers in many countries. No free option.
Polipo — A caching web proxy
Polipo is a small and fast caching web proxy (a web cache, an HTTP proxy, a proxy server).
Sandboxie — Questionable software sanbox [MS Win]
Sandbox is software that lets you run programs independent of the rest of your system. That way they can’t infect, access, or otherwise interfere with your Windows installation. It’s also used for testing apps you aren’t sure of.
CC Enhancer — Extends program support for CCleaner [MS Win]
CCEnhancer is a small tool which adds support for over 1,000 new programs into the popular program CCleaner, which scans your computer and clears out junk files.