Credible Sources of Security Information

Security professionals should create a list of sources to gather information on issues such as threats, vulnerabilities, updates and security news.  Over the years I have found several resources that have provided me a wealth of information and in some cases even provided me with some much needed humor.  Here are a few of the sites that you might want to check out:

WEB REFERENCES

Naked Security (available on the web at http://nakedsecurity.sophos.com/ or via twitter feed) provides information on issues related to computer security including news, opinions and advice in the United States and abroad.  The information posted contains both facts and opinions.  The information is generally well written and I have found that the references are current and factual.  I follow Naked Security on Twitter to assure that I have the latest information.

The Department of Homeland Security (DHS) provides a daily report of security information relating to a variety of industries including: Production Industries; Sustenance and Health; Service Industries; and Federal and State.  This report is available to anyone with internet access.  The report can be downloaded from http://www.dhs.gov/dhs-daily-open-source-infrastructure-report. DHS reports are available for a period of 10 days before they are replaced.  Sources for information are listed so the reader can verify posted data. 

SC Magazine provides a wealth of information.  URL:  http://www.scmagazine.com/.  The information provided includes current news, blogs and white papers.  I have used information from the site as references and have not been disappointed by the information posted on the website.  SC Magazine also publishes a magazine.

Kim Kommando is a wonderful resource for information. She writes for USA Today and she has a website (URL: http://www.komando.com). Her style of writing is informative for people with a variety of levels of experience with security information. She is my hero.  I appreciate that she has the ability to provide information in a way that most people can comprehend.  I often encourage users who proclaim they don't understand technology to subscribe to her email list.

Symantec is an excellent source of information with regard to virus and malware threats.  Symantec's website is available at http://symantec.com

Verizon is another great source of information, namely for their annual Data Breach Investigations Report.  The report focuses on threats to information security around the world.  The report    Download the 2013 report at:  http://www.verizonenterprise.com/DBIR/2013/.

GROUPS

There are several technology groups that meet where members (and in some cases guests) can gain knowledge and meet other security professionals:

InfraGard is an organization founded by the FBI that promotes the sharing of information by it's members.  The organization vets members prior to allowing them to join and requires members to follow an established code of ethics.  Vetting membership and requiring members to agree to the code of ethics a sense of confidentiality so data can be shared.  InfraGard provides a wealth of information to members in face to face chapter meetings as well as information available from the secure website.  The InfraGard website is available at:   https://www.infragard.org/. 

NebraskaCERT is an organization in Omaha whose goal is to share information with individuals interested in Information Security.  The group hosts meetings throughout the year to provide information or introduce information to security professionals.  The website to gather information is:  http://www.nebraskacert.org/

You may wonder how security professionals determine which information is credible.  My best advice is to verify information before acting on it.  Check with multiple sources to validate and verify information.