On-line Resources


  • CISSP Open Study Guide (www.cccure.org)
    The CISSP Open Study Guide Web site includes many valuable study resources for the CISSP candidate, such as study guides, downloads, study presentations, online quizzes, books, news, and access to numerous study groups and discussion forums.
  • Carnegie Mellon SEI CERT Coordination Center (www.cert.org)
    The Carnegie Mellon Software Engineering Institute (SEI) Computer Emergency Response Team (CERT) Coordination Center includes information about vulnerabilities and fixes, incidents, and security practices and evaluations; offer survivability research and analisys; and provides training and education resources.
  • Common Vulnerabilities and Exposures (cve.mitre.org)
    The Common Vulnerabilities and Exposures (CVE) is a list, maintained by the MITRE Corporation, of standardized names for vulnerabilities and other information security exposures. You can download the CVE dictionary from this Web site.
  • Hieros Gamos (HG) Guide (www.hg.org/compute.html)
    This portal site, sponsored by Hieros Gamos (HG), includes a comprehensive guide to U.S. and international laws and regulations relevant to the computer industry.
  • IFOSYSSEC (www.infosyssec.com)
    IFOSYSSEC is the mother of all security Web sites and one of the largest security portals we've ever seen.
  • National Institute of Standards and Technology (www.itl.nist.gov)
    The U.S. National Institute of Standards and Technology (NIST) Information Technology Laboratory (ITL) provides access to NIST publications, guides, standards, toolkits, projects, and a wealth of other helpful information and security resources.
  • Simovits Consulting (www.simovits.com/trojans.html)
    This site hosts a database of Trojan horses sorted by ports, common name, file name, file size, actions, affested systems, country of origin, and programming language.
  • Slashdot (slashdot.org)
    News for nerds! Slashdot is not specifically a security Web site, but it is chockfull of good security news - the stuff you do not see on CNN. Come to this site to find out what is really happening on the Internet.
  • The SANS Institute (www.sans.org
    The SANS (Systems Administration, Networking, and Security) Institute sponsors the Global Information Assurance Certification (GIAC) program, a series of security certifications that have a more technical, hands-on focus than the CISSP certification. GIAC is an excellent complement to CISSP certification, and SANS offers a 40-percent discount on its GSEC (GIAC Security Essential Certification) certification for those who have CISSP certification.
    This Web site also includes SANS conference schedules, an extremely helpful "Internet Storm Center" and security digest, the SANS online bookstore, various projects, resources, security links, sample security policies, white papers, GIAC student practicals, and security tools.
    The site also features the SANS/FBI Top Twenty Vulnerabilities list. This list, cosponsored by the FBI, helps organizations prioritize security efforts by listing and describing the top 20 Internet security vulnerabilities in three categories: General Vulnerabilities, Windows Vulnerabilities, and UNIX Vulnerabilities.
  • WindowSecurity Network Security Library (www.windowsecurity.com/whitepaper)
    Do not be fooled by the name of the Web site - the Network Security Library deals with more than just Windows security issues. It is an excellent source of free online books, articles, FAQs, and how-to's on many subjects, including Windows, UNIX, Netware, firewalls, intrusion detection and prevention systems, security policy, the Internet, the National Computer Security Center (NCSC), the Department of Defense (DoD) Rainbow Series, harmless hacking, and many more.

IT governance

ISO27001 certification organizations

Information security

Accounting, finance and economics

Business, management and governance

Contingency planning and disaster recovery

Information technology

Risk management

Enterprise architecture

User Experience


NoSQL Non-RDBMS Big data

System Administration Resources