Information Security Education and Training Resources, Policy
Development and Implementation
Center for Education and Research in Information Assurance
and Security, or CERIAS,
is the world's foremost University center for multidisciplinary
research and education in areas of information security.
Our areas of research include computer, network, and communications
security as well as information assurance.
Institute Online -- Cooperative Education The SANS (System
Administration, Networking, and Security) Institute is a
cooperative research and education organization through
which more than 96,000 system administrators, security professionals,
and network administrators share the lessons they are learning
and find solutions for challenges they face. SANS was founded
Security Awareness: A Case Study [ PDF - 834K ] Geza
Szenes, CISSP, Enbridge Pipelines Inc. "It has been
long recognized that the weakest link in protecting information
is not technology but rather people, specifically an understanding
of the importance of information security by the end user
community. The most cost effective way to instill information
security within the corporate culture is to implement an
awareness program. The presentation will provide an overview
of Enbridge’s awareness program, highlighting successes
and failures. Selected excerpts from a security training
video will also be shown to illustrate key points."
Security Institute Computer Security Institute (CSI)
is the world's leading membership organization specifically
dedicated to serving and training the information, computer
and network security professional. Since 1974, CSI has been
providing education and aggressively advocating the critical
importance of protecting information assets. CSI sponsors
two conference and exhibitions each year, NetSec in June
and the CSI Annual in November, and seminars on encryption,
intrusion management, Internet, firewalls, awareness, Windows
and more. CSI membership benefits include the ALERT newsletter,
quarterly Journal, and Buyers Guide. CSI also publishes
surveys and reports on topics such as computer crime and
information security program assessment (IPAK).
Madison University - Security Masters Program People
involved in information security must be able to understand
and systematically employ and manage Infosec concepts, principles,
methods, techniques, practices and procedures drawn from
U.S. statutes, current or pending. Infosec experts also
must understand procedures followed by the Department of
Defense, federal, state and local governments, industry
and businesses. The JMU Infosec program addresses these
issues with an emphasis on the environment in which the
class participants will function. The nature of information
security education demands expertise concentrated in areas
of information technologies, administrative operations,
and law and regulation. The JMU Master of Science in Computer
Science with a concentration in Information Security program
will deliver this to the graduate student. The program is
entirely Internet-based, with courses designed so that students
and professors can maximize use of their time asynchronously.
for Secure Information Systems Information is an important
strategic and operational corporate asset, and therefore,
there is a need to have adequate security measures which
can safeguard sensitive information. In spite of its importance,
there are no comprehensive research programs in information
system security at universities. The Center for Secure Information
Systems (CSIS) has been created to provide a dedicated environment
to encourage the development of expertise in both the theoretical
and applied aspects of information systems security.
Security Group Training Conference Computer Security
Group training conferences provide a forum for DOE and DOE
contractor personnel to share computer security information
and concerns. The program offers workshops, "how to" presentations,
reports from DOE Headquarters Offices of Information Management
and Safeguards and Security, keynote speakers, panel discussions,
birds-of-a-feather discussion groups, and presentations
on what's happening in the field of computer security.
Security Research Centre The Information Security Research
Centre (ISRC) was established within the Faculty of Information
Technology in 1988 in response to the escalating incidences
of computer crime worldwide. It has developed into one of
the leading international research centres in the area of
information security. Given the applied nature of this research
field, and the rapid development of the topic, the Centre’s
policy is to closely integrate its consultancy, research
and teaching activities. The ISRC has developed an extensive
program of education at both undergraduate and postgraduate
level, as well as industrial training short courses in information
security aimed at both public and private sectors over the
last 8 years
Security Group This Group offers an active research
environment with eight established academic posts and a
large number of research students, making it one of the
largest academic security groups in the world. The Group
regularly hosts international visitors and has close links
with leading companies in the area of Information Security.
It has recently established a smart card laboratory with
support from Gemplus and Hewlett-Packard.
DEVELOPMENT AND IMPLEMENTATION
IT Security Policies & Computer Security Standards:- introduces
an approach to easing the problem of organization wide implementation
Software, Inc.: Information Security Policies Made Easy by
Charles Cresson Wood, CISA, CISSP, noted international information
security consultant and researcher.
BS 7799 Security Standard & Compliance: BS 7799, first
published in February 1995, is a comprehensive set of controls
comprising best practices in information security. BS 7799 is
intended to serve as a single reference point for identifying
a range of controls needed for most situations where information
systems are used in industry and commerce, and to be used by large,
medium and small organizations. It was significantly revised and
improved in May 1999.
Security Standard: Compliance & Positioning: What it
is and how to achieve BS7799 compliance - a starting point.
Effective, Tailored Information Security Policy:- 20th NISSC
Internet Technical Security Policy Panel
and Information Security: draft chapter intended to be part
of the NIST Computer Security Handbook.
Policy Guide: manual with sample policies. Topics include:
Email; Internet Usage; Personal Computer Usage; Information Security;
and Document Retention.
Policies: resource usage and security policy for the University
Embrace your Policies - Discussion of the importance of security
policy acceptance to overall security.
Security Policies Require Frequent Reviews: Companies have
the best intentions when drafting their initial IT security policies.
However, most policies collect dust.
Enterprise Security: overview of all factors which should
go into to the design of a security policy.
Ethics in an Information-based Society - Part 1 of a series
of articles on the problems faced when attempting to include a
code of ethics in a computer security policy.
Does the Code of Ethics Relate to Security? - Part 2 of this
series of including ethics in security policy writing provides
examples of the broad range of potential situations which may
be faced by system/security administrators.
Security Cookbook guide to computer & network security
with a strong focus on writing and implementing security policy.
This is primarilyfor security managers and system administrators.
Security: security policies and baseline standards information.
Security Policy: A Technical Guide: NIST Special Publication
Security Policy Development - How to write an effective network
security policy. This is Part 4 of a 5 part tutorial on Internet
and network security.
17799 Standard: ISO17799 Compliance & Positioning: ISO
17799 security standard: How to achieve full ISO17799 compliance
Security: Locking In To Policy - Article discussing the importance
of drafting a policy comparable to the talk about security and
maintaining it once it is in place. (March 21, 1998)
One Security Tool? Policy! - A collection of tips from some
of the most successful security policies. (June 7, 1999)
Para-Policy: " Policy is the often over-looked component
of all good corporate information security programs."
Over Policing - It's easy to develop e-mail and Internet policies,
but education and documentation are crucial to their success.
(Site Security Handbook): guide to developing computer security
policies and procedures for sites that have systems on the Internet.
Security Policy: Policy is the foundation upon which all
information security efforts are built.
Desktop Workstations: what should be in a usage policy and
how to implement and enforce the workstation usage policy once
it is documented and management approval received.
- How to Develop a Network Secuity Policy White Paper: for
business executives, and others, who want to know more about Internet
and internetworking security, and what measures you can take to
protect your site.
- Acceptable Use Policy - While there are many categories
of security policy and each is important, some are conceivably
more critical as they provide the foundation for many other sections
of the policy. Perhaps no category does more to provide that foundation
than that of acceptable use.
Security Policy Development: Rob McMillan outlines the importance
and characteristics of a good security policy.