• Reports, Documents for Discussion and Comments
• IETF Security related activity and information
• Other Standards
• Other Information Resources
• Security BCP, Audit, Risk Assessment and Security Policy Management
• Information pages at European CERTs
• Forums and Mailing lists
• Legal issues

Reports, Documents for Discussion and Comments

CERT Security Practices and Evaluations

Organizational Models for Computer Security Incident Response Teams (CSIRTs)
Georgia Killcrece, Klaus-Peter Kossakowski, Robin Ruefle, Mark Zajicek. CMU/SEI-2003-HB-001. December 2003 -http://www.sei.cmu.edu/publications/documents/03.reports/03hb001.html

• Intrusion Detection FAQ by SANS Institute [ Version 1.80 ]

CVE list is a list of standardised names for Vulnerabilities and other Information Security Exposures aimed to easy sharing data across separate vulnerability databases and security tools. The content of CVE is a result of a collaborative effort of the CVE Editorial Board of many security-related organizations such as security tool vendors, academic institutions, and government as well as other security experts.

NIST Recommendation: SP 800-51. Use of the Common Vulnerabilities and Exposures (CVE) Vulnerability Naming Scheme, September 2002

Information Protection Center (IPC) Operations Blueprint by Andrew Mackie (2001)

ICMP Usage in Scanning or Understanding some of the ICMP Protocol’s Hazards, by Ofir Arkin, 2000 (PDF, PostScript)

Site Security and Incidents Response related RFCs

RFC 2196. Site Security Handbook (replaces the now obsolete RFC1244)
RFC 2350. Expectations for Computer Security Incident Response (June 1998)
RFC 2505. Users' Security Handbook (Feb 1999)
RFC 2828. Internet Security Glossary
RFC3013.  Recommended Internet Service Provider Security Services and Procedures
RFC3067. Incident Object Description and Exchange Format (IODEF) Requirements
RFC3227. Guidelines for Evidence Collection and Archiving

Current IETF Working Groups

INCH-WG (Extended Incident Handling) - Security Area

The purpose of the Incident Handling (inch) working group is to define data formats for communication between a CSIRT and its constituency, a CSIRT and parties involved in an incident investigation and between collaborating CSIRTs sharing information.
This format will support the now largely human-intensive dimension of the incident handling process. It will represent the product of various incremental data gathering and analysis operations performed by a CSIRT from the time when the system misuse was initially reported (perhaps by an automated system) till ultimate resolution.
Specifically, the working group will address the issues related to representing: the source(s) and target(s) of system misuse, as well as the analysis of their behavior; the evidence to support any analysis results; a scheme to document the incident investigation and analysis process; and constructs to facilitate the exchange of security information across administrative domains (e.g., internationalization, data sensitivity).  The WG will investigate the information model needed to support the typical, operational workflow of the incident handling processes found at Internet Service Providers; Managed Security Service Providers; Risk Analysis vendors; and traditional, internal CSIRTs.

IDWG (Intrusion Detection Exchange Format)  - Security Area

Scope of IDWG is to define data formats and exchange procedures for sharing information of interest to intrusion detection and response systems, and to management systems which may need to interact with them. Issues are rather related to operation level than to application. WG Activity contributed by specialists from ISS, Boeing Co, IBM, CyberSafe Corporation, Nokia and some Universities.

Computer Systems Security documents
Rainbow Series Library

The Common Criteria VERSION 2.1/ISO IS 15408 (MIL site; Common Criteria Project at NIST; International Common Criteria Project Home page)
The Common Criteria (CC) is presented as a set of distinct but related parts as identified below.

• CCIMB-99-031. Part 1: Introduction and general model, Version 2.1, 99/031
It defines general concepts and principles of IT security evaluation and presents a general model of evaluation. Part 1 also presents constructs for expressing IT security objectives, for selecting and defining IT security requirements, and for writing high-level specifications for products and systems. In addition, the usefulness of each part of the CC is described in terms of each of the target audiences.
• CCIMB-99-032. Part 2: Security functional requirements, Version 2.1, 99/032
Part 2, Security functional requirements, establishes a set of security functional components as a standard way of expressing the security functional requirements for Targets of Evaluation (TOEs). Part 2 catalogues the set of functional components, families, and classes.
• CCIMB-99-033. Part 3: Security assurance requirements, Version 2.1, 99/033
Establishes a set of assurance components as a standard way of expressing the assurance requirements for TOEs. Part 3 catalogues the set of assurance components, families, and classes. Part 3 also defines evaluation criteria for Protection Profiles (PPs) and Security Targets (STs) and prevents evaluation assurance levels that define the predefined CC scale for rating assurance for TOEs, which is called the Evaluation Assurance Levels (EALs).

NIST CSRC Publications

Computer Incident Advisory Capability (CIAC)
CIAC provides on-call technical assistance and information to Department of Energy (DOE) sites faced with computer security incidents. 

Internet Security Systems, Inc. - X-Force Allert and Advisories List

Security Focus Vulnerability Database

NTBugtraq Vulnerability Database

Latest virus info from Network Associates

SECURITY at ITWorld.com
Authentication - PKI - Biometric - Encryption - Intrusion - Prevention - Firewalls
 

Unsolicited Commercial Email (Spam) - Technical and Legal issues

• RIPE Anti-Spam Working Group
• EuroCAUCE Homepage - The European Coalition Against Unsolicited Commercial Email

Security BCP, Audit, Risk Assessment and Security Policy Management

The ISO 17799 Service & Software Directory - http://www.iso17799software.com/

Internet Security Auditing Class - http://www.porcupine.org/auditing/
On April 30th, 1996, Dan Farmer (Sun Microsystems) and Wietse Venema (Eindhoven University) presented a full-day free class on security auditing before an audience of 200 in Santa Clara (CA).

RUSecure™ - Information Security Officer's Manual - the ISO Manual
http://www.eon-commerce.com/rusecure

The Security Audit and Internal Audit Shop - http://www.security-audit-internal-audit.com/

Evaluation download - http://www.computer-security-policies.com/down.htm

IBM Security Solutions -  http://www-306.ibm.com/software/tivoli/solutions/security/

Cisco Security Best Practices Whitepaper - http://www.cisco.com/en/US/tech/tk869/tk769/technologies_white_paper09186a008014f945.shtml
Cisco Security Advisories and Notes - http://www.cisco.com/en/US/products/products_security_advisories_listing.html

How to Find Security Holes - http://www.canonical.org/~kragen/security-holes.html

Sun Software Security Audit page - http://wwws.sun.com/software/security/audit/

JANET-CERT: Security Information pages

• Summary and index of computer security documents.
• Bibliography of computer security documents.
• Advice and tools for improving the security of computer systems and networks.
• Links to other computer security related sites.
• Guidance on investigating DDoS incidents by UKERNA

• CERT-NL Security bulletins
• CERT-NL Informational Bulletins

CHIHT (Clearinghouse for Incident Handling Tools)

SecurityFocus Mailing Lists Aarchives

SANS newsletters and digests

Computer law and legislature in European countries at EuroCERT site

Crypto Law Survey by Bert-Jaap Koops

ICRI, Interdisciplinary Center for Law and IT (Belgium)

World Cryptography Survey by Global Internet Liberty Campaign