Cesare Gallotti, consultancy on information security, data protection, quality, IT Service Management, Business Continuity, Privacy

Cesare Gallotti

Table of contents:

• Information Security
• IT Service Management
• Standards
• Products marksand safety
• Informatics
• Dictionaries
• Download

Information Security

Usually, in Internet, information security is confused with IT security. On the latter subject, the most important websites are:

• www.sans.org, the SANS Institute gives access to different resources (the Internet Storm Center and the Reading Room) including the subscription to the Newsbyte newsletter.
• www.schneier.com, website of one of the most famous experts in IT security. The Crypto-Gram newsletter is recommended.

Organizations

• csrc.nist.gov, the NIST is concerned with the IT security of US Government agencies and publishes very interesting standards and guidelines.
• http://www.commoncriteriaportal.org, the official site for Common Criteria for IT Security Evaluation (ISO/IEC 15408).
• http://nsi.org, the National Security Engineering Institute publishes documents about IT and not-IT security.
• www.trustedcomputinggroup.org, the Trusted Computing Group.
• www.bsi.de, the German BSI publishes a very popular IT Security baseline.
• www.cesg.gov.uk, the UK information security agency.
• www.cse-cst.gc.ca, the Canadian Communications Security Establishment.
• www.cisecurity.org, the Center for Internet Security publishes interesting configuration baselines for the hardening of IT systems.
• www.dsd.gov.au, the Australian Defence Signals Directorate (DSD).
• enisa.europa.eu, the European Network and Information Security Agency is the competence center of the UE and manages various IT security related projects.
• www.pcisecuritystandards.org, Payment Card Industry publishes the PCI standards.

Security and auditing

• www.aiea.it, the Associazione Italiana IS Auditor is one of the Isaca Italian chapters.
• www.isaca.org, the Information Systems Audit and Control Association.
• http://www.theiia.org/, the Institute of Internal Auditors.

Risk Assessment methodologies

• www.clusif.asso.fr, the Clusif (Club de la Sécurité de l'Information Français), among other interesting documents, publishes the Mehari methodology in English and French.
• www.aexis.de, the RA2 developer.
• www.cramm.com, dedicated to the CRAMM methodology for information security risk assessment, probably the most popular one.
• www.cert.org/octave, where the Octave methodology for information security risk assessment is available.
• enisa.europa.eu/rmra/h_home.html, the Enisa webpage dedicated to risk assessment methodologies.
• www.csi.map.es/csi/pg5m20.htm, for the Magerit methodology.

Business Continuity Management

• www.clusit.it/bci/, the Business Continuity Institute publishes the very interesting Good Practice Guidelines, based on BS 25999.
• www.contingencyplanning.com, dedicated to BCM and DRP.

Virus and Anti-virus

• www.f-secure.com/v-descs/, the virus encyclopedia of F-Secure.
• www.mcafee.com/us/threat_center/default.asp, the virus encyclopedia of McAfee.

Cryptography

• www.rsa.com , RSA is the most famous crypto company and publishes very interesting links and a FAQ document.
• htheory.csail.mit.edu, the CRYPTO Bibliography of MIT.
• www.semper.org/sirene/outsideworld/standard.html, dedicated to cryptography standards.
• rechten.uvt.nl/koops/cryptolaw/, with regulatory references for the use of cryptography in all the Countries of the world.
• www.emvco.com, the EMVCo was created in 1999 by Europay International, MasterCard and Visa for the EMV smart cards requirements.
• Websites of researchers:
  
  • www.esat.kuleuven.ac.be/~bosselae/, of Antoon Bosselaers.
  • www.esat.kuleuven.ac.be/~preneel/, of Bart Preneel.
  • www-cse.ucsd.edu/users/mihir/, of Mihir Bellare.
  • www.cs.auckland.ac.nz/~pgut001/, of Peter Gutmann.
  • www.cl.cam.ac.uk/users/rja14/, of Ross Anderson.

Other information security websites, alphabetically ordered:

• http://portal.acm.org, the Association for Computing Machinery.
• http://advice.networkice.com/Advice/default.htm, ISS database.
• www.all.net, website of Fred Cohen & associates, with lots of useful papers.
• www.astalavista.com, one of the most famous hackers portal.
• www.boran.com/security, with and interesting "IT Security Cookbook" .
• www.cl.cam.ac.uk/Research/Security/tamper/, of the University of Cambridge TAMPER Laboratory, specialized in hardware security.
• www.earthlink.net, with an interesting spyware scanner on www.earthlink.net/spyaudit.
• www.epm.ornl.gov/~dunigan/ and www.cs.utk.edu/~dunigan/, of Tom Dunigan.
• www.guidancesoftware.com, for the forensics software EnCase.
• www.hackerscatalog.com, with books related to hacking.
• www.infosyssec.net, IT security website.
• www.iritaly.org, of the the IRItaly (Incident Response Italy) project.
• www.isc2.org, of the CISSP (Certified Information Systems Security Professional) certification programme.
• www.lavasoft.de/, an anti-trackware products vendor.
• http://ist.mit.edu/security, the internal IT security website of MIT, with useful templates and links.
• nvd.nist.gov the US National Vulnerability Database.
• www.osvdb.org, the Open Source Vulnerability Database.
• http://www.owasp.org, the Open Web Application Security Project (OWASP).
• www.rspa.com, with links for Risk Analysis.
• security.vt.edu, the internal website of Virginia University (USA) with useful templates.

IT Service Management

• www.itil-officialsite.com, the ITIL official website, controlled by OCG.
• www.itsmfi.org, the official site of the IT Service Management Forum.
• http://technet.microsoft.com/en-us/library/cc506049.aspx, website for the Microsoft Operation Framework (MOF).
• www.toolselector.com, presents a list of tools for ITSM implementation.
• www.pinkelephant.com/PinkVerify/PinkVERIFYTools.htm, presents the tools for ITSM implementation verified by Pink Elephant; it is not complete.

Standards

Organizations for standardization

• www.iso.ch, the International Organization for Standardization.
• www.accredia.it, the Italian accreditation body.
• www.uni.com, the Ente Nazionale Italiano di Unificazione.
• www.european-accreditation.org, the European co-operation for Accreditation.
• www.tc176.org/Interpre.asp, with ISO 9001 comments.
• www.bsi-global.com, of BSI, the British Standard Institute.
• www.nssn.org, a search engine for standards.
• www.wssn.net, the World Standards Services Network (WSSN).


ISO/IEC 27001


• www.iso27001certificates.com, the international register for ISO/IEC 27001 certificates (but not as accurate as national accreditation bodies registers).


ISO/IEC 20000


• http://www.isoiec20000certification.com, the official site for the ISO/IEC 20000 (former BS 15000) certification.
• www.itsmf.org, the official website of the IT Service Management Forum.

Other organizations for standardization

• http://www.faqs.org/rfcs/rfc-titles.html, the RFC Index.
• www-01.ibm.com/software/rational/uml/, the UML Resource Center.
• http://www.informatik.uni-bremen.de/uniform/, about formal methods for software development.
• www.methodware.com, with lots of links.
• www.qual-it-consulting.it, about SPICE standard and ISO SC7 projects.
• www.sei.cmu.edu/managing/index.html, the Security Institute of the Canergie Mellon University, where Capability Maturity Models are developed.
• sisyphus.cit.gu.edu.au, the Software Quality Institute.
• web.ansi.org, ANSI.
• www.etsi.org, the European Telecommunications Standards Institute.

Products marksand safety

• www.newapproach.org/, UE website for the harmonized standards.
• http://europa.eu.int/comm/enterprise/nando-is/home/index.cfm, with Nando, the database for accredited bodies for products marking.

Informatics

• photo.net/sql/, SQL for Web Nerds .
• lynx.isc.org, for Lynx, the text browser.
• www.bruceeckel.com, of Bruce Eckel, about programming languages.
• www.computerhope.com/msdos.htm, about MS-DOS.

Dictionaries

Informatics related dictionaries

• http://whatis.techtarget.com
• www.webopedia.com
• http://foldoc.org
• whitepapers.zdnet.com, with guides.
  

Other dictionaries

• www.yourDictionary.com
• www.business.com, for business.
• mathworld.wolfram.com, maths encyclopaedia.
• iate.europa.eu/iatediff, the UE multi languages database.

Download

• www.cs.wisc.edu/~ghost/gsview/, for Ghost Script Viewer.
• www.miktex.org, the MiKTeX Project Page, for a LaTeX distribution.
• www.tug.org/, the TeX Users Group Home Page.
• www.winedt.com/, for a good TeX editor.
• ftp://ftp.simtel.net/pub/, the Simtel FTP public directory.

Back to Table of Contents