Services Winn Schwartau InfosecGate Home Site Map Contact
Interpact Security Awareness For Today's Business
Corporate Overview
Interpact's Services and Solutions
Security Awareness Training
Security Awareness Artwork
Interpact's Associates
Press Room
Contact Us
Winn Schwartau
Winn Schwartau: Speaker and Writer
Schwartau's Publications
Schwartau's  Schedule
Infosec Gateway

Security Awareness Promotional Art



Information Security Education and Training Resources, Policy Development and Implementation

The Center for Education and Research in Information Assurance and Security, or CERIAS, is the world's foremost University center for multidisciplinary research and education in areas of information security. Our areas of research include computer, network, and communications security as well as information assurance.

SANS Institute Online -- Cooperative Education The SANS (System Administration, Networking, and Security) Institute is a cooperative research and education organization through which more than 96,000 system administrators, security professionals, and network administrators share the lessons they are learning and find solutions for challenges they face. SANS was founded in 1989.

Information Security Awareness: A Case Study [ PDF - 834K ] Geza Szenes, CISSP, Enbridge Pipelines Inc. "It has been long recognized that the weakest link in protecting information is not technology but rather people, specifically an understanding of the importance of information security by the end user community. The most cost effective way to instill information security within the corporate culture is to implement an awareness program. The presentation will provide an overview of Enbridge’s awareness program, highlighting successes and failures. Selected excerpts from a security training video will also be shown to illustrate key points."

Computer Security Institute Computer Security Institute (CSI) is the world's leading membership organization specifically dedicated to serving and training the information, computer and network security professional. Since 1974, CSI has been providing education and aggressively advocating the critical importance of protecting information assets. CSI sponsors two conference and exhibitions each year, NetSec in June and the CSI Annual in November, and seminars on encryption, intrusion management, Internet, firewalls, awareness, Windows and more. CSI membership benefits include the ALERT newsletter, quarterly Journal, and Buyers Guide. CSI also publishes surveys and reports on topics such as computer crime and information security program assessment (IPAK).

James Madison University - Security Masters Program People involved in information security must be able to understand and systematically employ and manage Infosec concepts, principles, methods, techniques, practices and procedures drawn from U.S. statutes, current or pending. Infosec experts also must understand procedures followed by the Department of Defense, federal, state and local governments, industry and businesses. The JMU Infosec program addresses these issues with an emphasis on the environment in which the class participants will function. The nature of information security education demands expertise concentrated in areas of information technologies, administrative operations, and law and regulation. The JMU Master of Science in Computer Science with a concentration in Information Security program will deliver this to the graduate student. The program is entirely Internet-based, with courses designed so that students and professors can maximize use of their time asynchronously.

Center for Secure Information Systems Information is an important strategic and operational corporate asset, and therefore, there is a need to have adequate security measures which can safeguard sensitive information. In spite of its importance, there are no comprehensive research programs in information system security at universities. The Center for Secure Information Systems (CSIS) has been created to provide a dedicated environment to encourage the development of expertise in both the theoretical and applied aspects of information systems security.

Computer Security Group Training Conference Computer Security Group training conferences provide a forum for DOE and DOE contractor personnel to share computer security information and concerns. The program offers workshops, "how to" presentations, reports from DOE Headquarters Offices of Information Management and Safeguards and Security, keynote speakers, panel discussions, birds-of-a-feather discussion groups, and presentations on what's happening in the field of computer security.

Information Security Research Centre The Information Security Research Centre (ISRC) was established within the Faculty of Information Technology in 1988 in response to the escalating incidences of computer crime worldwide. It has developed into one of the leading international research centres in the area of information security. Given the applied nature of this research field, and the rapid development of the topic, the Centre’s policy is to closely integrate its consultancy, research and teaching activities. The ISRC has developed an extensive program of education at both undergraduate and postgraduate level, as well as industrial training short courses in information security aimed at both public and private sectors over the last 8 years

Information Security Group This Group offers an active research environment with eight established academic posts and a large number of research students, making it one of the largest academic security groups in the world. The Group regularly hosts international visitors and has close links with leading companies in the area of Information Security. It has recently established a smart card laboratory with support from Gemplus and Hewlett-Packard.


Applying IT Security Policies & Computer Security Standards:- introduces an approach to easing the problem of organization wide implementation

Baseline Software, Inc.: Information Security Policies Made Easy by Charles Cresson Wood, CISA, CISSP, noted international information security consultant and researcher.

The BS 7799 Security Standard & Compliance: BS 7799, first published in February 1995, is a comprehensive set of controls comprising best practices in information security. BS 7799 is intended to serve as a single reference point for identifying a range of controls needed for most situations where information systems are used in industry and commerce, and to be used by large, medium and small organizations. It was significantly revised and improved in May 1999.

BS7799 Security Standard: Compliance & Positioning: What it is and how to achieve BS7799 compliance - a starting point.

Building Effective, Tailored Information Security Policy:- 20th NISSC Internet Technical Security Policy Panel

Computer and Information Security: draft chapter intended to be part of the NIST Computer Security Handbook.

Computer Policy Guide: manual with sample policies. Topics include: Email; Internet Usage; Personal Computer Usage; Information Security; and Document Retention.

Computing Policies: resource usage and security policy for the University of Pennsylvania.

Editorial: Embrace your Policies - Discussion of the importance of security policy acceptance to overall security.

Effective Security Policies Require Frequent Reviews: Companies have the best intentions when drafting their initial IT security policies. However, most policies collect dust.

Enhancing Enterprise Security: overview of all factors which should go into to the design of a security policy.

Generalizing Ethics in an Information-based Society - Part 1 of a series of articles on the problems faced when attempting to include a code of ethics in a computer security policy.

How Does the Code of Ethics Relate to Security? - Part 2 of this series of including ethics in security policy writing provides examples of the broad range of potential situations which may be faced by system/security administrators.

IT Security Cookbook guide to computer & network security with a strong focus on writing and implementing security policy. This is primarilyfor security managers and system administrators.

Information Security: security policies and baseline standards information.

Internet Security Policy: A Technical Guide: NIST Special Publication

Internet/Network Security Policy Development - How to write an effective network security policy. This is Part 4 of a 5 part tutorial on Internet and network security.

ISO 17799 Standard: ISO17799 Compliance & Positioning: ISO 17799 security standard: How to achieve full ISO17799 compliance

Network Security: Locking In To Policy - Article discussing the importance of drafting a policy comparable to the talk about security and maintaining it once it is in place. (March 21, 1998)

Number One Security Tool? Policy! - A collection of tips from some of the most successful security policies. (June 7, 1999)

Para-Protect's Para-Policy: " Policy is the often over-looked component of all good corporate information security programs."

Policy Over Policing - It's easy to develop e-mail and Internet policies, but education and documentation are crucial to their success.

RFC2196 (Site Security Handbook): guide to developing computer security policies and procedures for sites that have systems on the Internet.

Securify Security Policy: Policy is the foundation upon which all information security efforts are built.

Securing Desktop Workstations: what should be in a usage policy and how to implement and enforce the workstation usage policy once it is documented and management approval received.

Security - How to Develop a Network Secuity Policy White Paper: for business executives, and others, who want to know more about Internet and internetworking security, and what measures you can take to protect your site.

SecurityPortal - Acceptable Use Policy - While there are many categories of security policy and each is important, some are conceivably more critical as they provide the foundation for many other sections of the policy. Perhaps no category does more to provide that foundation than that of acceptable use.

Site Security Policy Development: Rob McMillan outlines the importance and characteristics of a good security policy.



Contact Interpact How to Contact Interpact, Inc.

Please contact us for further information about Interpact Inc.'s Security Awareness Programs or Winn Schwartau's services as a writer, speaker, and educator in the field of information security:

Winn Schwartau, President and CEO
Kelley Walker, Development 727.796.8484 727.393.6361
Betty G. O'Hearn, Marketing



Copyright © 2000-2001 Interpact, Inc. All Rights Reserved
For comments about this page, contact: Kelley Walker, Interpact, Inc.
Copyright PolicyPrivacy Policy

Interpact Inc Security Awareness

Check out our FREE security awareness promotional art.  Download your copies today!