Dan Swanson’s Security Resources: #3

There are several ongoing, long-term security efforts worth examining. The National Institute of Standards and Technology (NIST) has published hundreds of guidance documents relating to all aspects of information security over the years. Just as importantly, they consistenly maintain the currency of their guidance. The Center for Internet Security (CIS) has developed dozens of consensus-based security benchmark checklists that can be used for securing various technologies commonly in place, in most organizations. CIS tools have been a world wide standard in “hardening” various technologies. And the U.S. Department of Homeland Security Build-Security-In (BSI) initiative is truly amazing, its an endless source of advice and guidance and needs to be visited frequently as new items are added regularly.

As always, I have also included a few topic-specific resources.


Good luck and have another great week.

Dan Swanson
[email protected]

1. Build Security In (BSI)
As part of the Software Assurance program, Build Security In (BSI) is a project of the Strategic Initiatives Branch of the National Cyber Security Division (NCSD) of the Department of Homeland Security (DHS). The Software Engineering Institute (SEI) was engaged by the NCSD to provide support in the Process and Technology focus areas of this initiative. The SEI team and other contributors develop and collect software assurance and software security information that helps software developers, architects, and security practitioners to create secure systems.

2. The Computer Security Division (CSD) of the National Institute of Standards and Technology (NIST), including the Federal Information Security Management Act (FISMA) library.
The mission of NIST’s Computer Security Division is to improve information systems security by:
• Raising awareness of IT risks, vulnerabilities and protection requirements, particularly for new and emerging technologies;
• Researching, studying, and advising agencies of IT vulnerabilities and devising techniques for the cost-effective security and privacy of sensitive Federal systems;
• Developing standards, metrics, tests and validation programs:
o to promote, measure, and validate security in systems and services
o to educate consumers and
o to establish minimum security requirements for Federal systems
• Developing guidance to increase secure IT planning, implementation, management and operation.

3. The SANS (SysAdmin, Audit, Network, Security) Institute
SANS is one of the most trusted and by far the largest source for information security training and certification in the world. It also develops, maintains, and makes available at no cost, the largest collection of research documents about various aspects of information security, and it operates the Internet’s early warning system, Internet Storm Center.

4. CERT’s Resiliency Engineering Research
The cornerstone of their research is the development of the CERT

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

IT World Canada in your inbox

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Latest Blogs

Senior Contributor Spotlight