CYBR-650
We can almost anything on the web so it is the same for IT Security related information. As a Security Professional, you might want to limit your resources to credible sources. Below are some of the list that you should know as a security professional.
Vendor websites - Vendor websites are one of the best resources to investigate to find out about the possible vulnerabilities. Vendor sites will provide you the security advisory notices with instruction on how to fix the issue. They also provide you latest patches/service pack. You can subscribe their newsletter so you are one of the first ones to know about the new products or security vulnerabilities. If your network is Windows related then you may want to visit http://technet.microsoft.com If you are using Unix, Linux and Mac OS then you have to visit their websites.
National Vulnerability Database (NVD) - NVD is U.S. government repository of standards based vulnerability management data and it is under NIST's Computer Security Division. It supports the U.S. government many agencies like OSD, DHS, NSA, DISA, and NIST's Information Security Automation Program. NVD data helps to enable the automation of vulnerability management, security measurement, and compliance. It provides CVE vulnerabilities, checklists, US-CERT alerts and vulnerability notes. It provides CVE vulnerabilities with the CVSS score with rankings of Low, Medium, and High.
United States Computer Emergency Readiness Team (US-CERT) - US-CERT is another government entity under the Department of Homeland Security's (DHS) National Protection and Programs Directorate (NPPD). It was created to protect Internet infrastructure against cyber attacks. It is responsible for analyzing and reducing cyber threats, vulnerabilities, informing cyber threat warning information, and coordinating incident response activities. You can subscribe to their bulletins to get the latest information regarding the cyber attacks and security. You can also report cyber incident or software vulnerability through their website.
SANS Institute - SANS was established in 1989 as a cooperative research and education organization. It is a one of the most trusted source for computer security, training, certification, and research. It provides training in the diverse field of security administration, forensics, and auditing. It maintains the largest collection of research documents related to information security for free. It maintains the Internet's early warning system called Internet Storm Center (ISC). ISC provides a free analysis and warning services to fight back against the attackers. It also founded Global Information Assurance Certification (GIAC) certification entity which helps validate the skills of information security professionals.
Antivirus Solution provider - There are many excellent antivirus solution providers like Symantec, McAfee, and Kaspersky. They have a website where you can find the latest threat activity. For example, Symantec has a page dedicated to Security Response at http://www.symantec.com/security_response/ It provides information on how to protect from security threats that include malware, security risks, vulnerabilities, and spam. It has a listing of known threats and risks with detailed information like what type of threat it is, threat assessment when it was discovered, what type of systems are affected and how it can be resolved.
No comments:
Post a Comment