-
Table of Contents
-
Overview
- What Is Information Security?
- Common Body of Knowledge (CBK) Definitions
- A Functional Definition of Security
- Security Web Site Favorites
- The Complexity of Hacking
- The Ten Commandments of Information Security
- Evangelizing IT Security: Why is There a Need?
- Three Reasons Why Users Won't Buy Into Security
- What Should Security Look Like?
- Eight Controversial Myths of Personal Computer Security
- Summary
- Web Application Security
- Operating System Security
- Network Security
- Hardening Your System
- Wireless Security
- Mobile Security
- Data Forensics
- Legal and Ethical Issues of Security
- Home User Security
-
Overview
-
Additional Resources
- Job Security for the IT Security Industry
- A Biased Book Review: Chained Exploits: Advanced Hacking Attacks from Start to Finish
- Security of Mechanical Locks
- Information Security in Academics
- Holiday Security: Hackers Don’t Take Holidays
- Gary McGraw on Building Secure Software
- Gary McGraw on Exploiting Online Games
- A Student-Hacker Showdown at the Collegiate Cyber Defense Competition
- The Collegiate Cyber Defense Competition Year 3: Revenge of the Red Cell
- Questions from RSA 2007
- How to Steal 80,000 Identities in One Day
Overview
Last updated May 23, 2003.
If there's one subject that rivets the attention of the tech community, it's information security (infosec). This once obscure discipline has risen from its humble geek beginnings to become the top player in the information industry (with the possible exception of gaming). All fragging aside, there are many vendors, consultants, businesses, and even home users (at least, those who understand the critical nature of information security) desperately searching for the knowledge to keep their computer systems secure. To that end, this branch of InformIT is dedicated to nothing but security and will provide you with several layers of information.
By far, the majority of this overview is centered on the Common Body of Knowledge (CBK). This method of categorizing security issues is one of the most widely accepted formal descriptions of information security in existence. However, based on the material available at InformIT, and the general suggestions and requests that we've seen, using the CBK's 10 security domains for this Guide didn't seem appropriate. Instead, we chose our outline using the categories listed below. To help you draw a link between our list and the CBK, we've supplied the intended direction and subject matter we expect our sections to touch on as defined by the CBK.
| Security Reference Guide Section |
Common Body of Knowledge (CBK) |
| Application Security |
Application and System Development/Operations |
| Operating System Security |
Access Control Systems/Security Architecture/Operations |
| Network Security |
Telecom and Network/Operations |
| Hardening Your System |
Operation Security/Application and System |
| Wireless Security |
Telecom and Network/Hardening/Operations |
| Legal and Ethical Issues of Security |
Legal |
Choosing this structure took much reader feedback and internal debate. We found several competing methods by which information system security can be categorized and defined. However, when trying to fit these groupings into interests that InformIT readers seemed to have, we determined that no existing definition fit. As a result, we combined and merged several different perspectives of information security to create our structure.
We admit that our list is by no means complete, or even comprehensive. This is just the starting point on which we'll build, with your help. Over time, this list will grow and evolve. Please feel free to contact us or InformIT with comments or suggestions. (Please, tell us what you want to know. It would make our jobs a lot easier!)
