- CISSP Open Study Guide (www.cccure.org)
The CISSP Open Study Guide Web site includes many valuable study resources for the CISSP candidate, such as study guides, downloads, study presentations, online quizzes, books, news, and access to numerous study groups and discussion forums.
- Carnegie Mellon SEI CERT Coordination Center (www.cert.org)
The Carnegie Mellon Software Engineering Institute (SEI) Computer Emergency Response Team (CERT) Coordination Center includes information about vulnerabilities and fixes, incidents, and security practices and evaluations; offer survivability research and analisys; and provides training and education resources.
- Common Vulnerabilities and Exposures (cve.mitre.org)
The Common Vulnerabilities and Exposures (CVE) is a list, maintained by the MITRE Corporation, of standardized names for vulnerabilities and other information security exposures. You can download the CVE dictionary from this Web site.
- Hieros Gamos (HG) Guide (www.hg.org/compute.html)
This portal site, sponsored by Hieros Gamos (HG), includes a comprehensive guide to U.S. and international laws and regulations relevant to the computer industry.
- IFOSYSSEC (www.infosyssec.com)
IFOSYSSEC is the mother of all security Web sites and one of the largest security portals we've ever seen.
- National Institute of Standards and Technology (www.itl.nist.gov)
The U.S. National Institute of Standards and Technology (NIST) Information Technology Laboratory (ITL) provides access to NIST publications, guides, standards, toolkits, projects, and a wealth of other helpful information and security resources.
- Simovits Consulting (www.simovits.com/trojans.html)
This site hosts a database of Trojan horses sorted by ports, common name, file name, file size, actions, affested systems, country of origin, and programming language.
- Slashdot (slashdot.org)
News for nerds! Slashdot is not specifically a security Web site, but it is chockfull of good security news - the stuff you do not see on CNN. Come to this site to find out what is really happening on the Internet.
- The SANS Institute (www.sans.org
The SANS (Systems Administration, Networking, and Security) Institute sponsors the Global Information Assurance Certification (GIAC) program, a series of security certifications that have a more technical, hands-on focus than the CISSP certification. GIAC is an excellent complement to CISSP certification, and SANS offers a 40-percent discount on its GSEC (GIAC Security Essential Certification) certification for those who have CISSP certification.
This Web site also includes SANS conference schedules, an extremely helpful "Internet Storm Center" and security digest, the SANS online bookstore, various projects, resources, security links, sample security policies, white papers, GIAC student practicals, and security tools.
The site also features the SANS/FBI Top Twenty Vulnerabilities list. This list, cosponsored by the FBI, helps organizations prioritize security efforts by listing and describing the top 20 Internet security vulnerabilities in three categories: General Vulnerabilities, Windows Vulnerabilities, and UNIX Vulnerabilities.
- WindowSecurity Network Security Library (www.windowsecurity.com/whitepaper)
Do not be fooled by the name of the Web site - the Network Security Library deals with more than just Windows security issues. It is an excellent source of free online books, articles, FAQs, and how-to's on many subjects, including Windows, UNIX, Netware, firewalls, intrusion detection and prevention systems, security policy, the Internet, the National Computer Security Center (NCSC), the Department of Defense (DoD) Rainbow Series, harmless hacking, and many more.
- IT Governance Institute (www.itgi.org)
- IT Governance Ltd (the company) (www.itgovernance.co.uk)
- ISACA (formerly the Information Systems Audit and Control Association. CISA, CISM, CGEIT and CRISC certifications. Development of COBIT, ValIT, RiskIT, ITAF and BMIS) (www.isaca.org)
- Comprehensive library of ISO27001 books, tools and resources (www.itgovernance.co.uk/iso27001.aspx)
- Blogspot (alancalder.blogspot.com)
- International ISO27001 Certificate Register (www.iso27001certificates.com)
ISO27001 certification organizations
- United Kingdom Accreditation Service www.ukas.com
- BSI www.bsi-global.com
- Bureau Veritas Quality International (BVQI) www.bvqi.com
- DNV Certification Ltd www.dnv.com
- Lloyd’s Register Quality Assurance Ltd (LRQA) www.lrqa.com
- National Quality Assurance Ltd (NQA) www.nqa.com
- SGS Yarsley www.sgs.com
- (UK) Alliance Against Intellectual Property Theft www.allianceagainstintellectualpropertytheft.co.uk
- Anti-phishing Working Group www.antiphishing.org
- British Computer Society www.bcs.org
- Carnegie Mellon Software Engineering Institute Computer Emergency Response Team (CERT) Coordination Centre www.cert.org
- Centre for Education and Research in Information Assurance and Security www.cerias.purdue.edu
- (UK) Centre for the Protection of National Infrastructure www.cpni.gov.uk
- Common Vulnerabilities and Exposures www.cve.mitre.org
- (UK) Communications – Electronics Security Group www.cesg.gov.uk
- Communications Security Establishment www.cse-cst.gc.ca
- Computer Security Institute www.gocsi.com
- Computer Security Online www.compseconline.com
- Computer Security Resource Clearinghouse (US National Institute of Standards and Technology) www.csrc.nist.gov
- (US) Federal Computer Incident Response Center www.fedcirc.gov
- (UK) Federation Against Software Theft www.fast.org.uk
- Forum of Incident Response and Security Teams www.first.org
- GCHQ, Cheltenham www.gchq.gov.uk
- (US) General Accounting Office www.gao.gov
- Information Commissioner www.informationcommissioner.gov.uk
- Information Security Forum www.securityforum.org
- Information Systems Audit and Control Association www.isaca.org
- Information Systems Security Association www.issa.org
- (UK) INFOSEC Exhibition www.infosec.co.uk
- InfoSysSec, The Security Portal for Information System Security Professionals www.infosyssec.org
- Institute for Applied Network Security www.ianetsec.com
- Institute for Internal Auditors www.theiia.org
- International Computer Security Association www.truesecure.com
- International Information Systems Security Certification Consortium www.isc2.org
- Internet Security Alliance www.isalliance.org
- (US) National Infrastructure Protection Centre www.nipc.gov
- (UK) Patent Office www.patent.gov.uk
- SANS Institute www.sans.org
- Virus Bulletin www.virusbtn.com
- Microsoft, “Microsoft Security Development Lifecyle,” www.microsoft.com/security/sdl/default.aspx.
Accounting, finance and economics
- Association of Certified Chartered Accountants www.acca.org.uk
- Chartered Institute of Public Finance and Accountancy www.cipfa.org.uk
- (US) Federal Electronic Commerce Program Office www.egov.gov
- (UK) Financial Services Authority www.fsa.gov.uk
- (US) General Accounting Office www.gao.gov
- Institute of Chartered Accountants in England and Wales www.icaew.co.uk
- International Federation of Accountants www.ifac.org
- Organisation for Economic Co-operation and Development www.oecd.org
- (US) Securities and Exchange Commission www.sec.gov
- Securities Industry Association www.sia.com
Business, management and governance
- (US) Corporate Governance www.corpgov.net
- (UK) Criminal Records Bureau www.crb.gov.uk
- European Corporate Governance Institute www.ecgi.org/index.htm
- Internet Watch Foundation www.iwf.org.uk
- National Association of Corporate Directors www.nacdonline.org
- (UK) Office of Government Commerce www.ogc.gov.uk
- Project Management Institute www.pmi.org
Contingency planning and disaster recovery
- Business Continuity Information Centre www.businesscontinuityworld.com
- Disaster Recovery Information Exchange www.drie.org
- Disaster Recovery Journal www.drj.com
- Disaster Resource Guide Online www.disaster-resource.com
- Global Continuity www.globalcontinuity.com
- Global Information Network for the Business Continuity Community www.contingencyplanning.com
- Carnegie Mellon Software Engineering Institute www.sei.cmu.edu
- CIO magazine www.cio.com
- Computerworld magazine www.computerworld.com
- Data Warehousing Institute www.dw-institute.com
- (US) Federal Computer Week www.fcw.com
- Gartner Group Interactive www3.gartner.com/Init
- (US) Government Computer News www.gcn.com
- IDC www.idc.com
- Information Security Magazine www.infosecuritymag.com
- Information Technology Association of America www.itaa.org
- Information Technology Resources Board www.itrb.gov
- Information Week Online www.informationweek.com
- (US) Interagency Management Council www.imc.gov
- Internet Engineering Task Force (IETF) www.ietf.org
- TickIT www.tickit.org
- American Society for Industrial Security www.asisonline.org
- Risk Institute – Risk Management Resource Centre www.riskinstitute.org
- Society for Risk Analysis www.sra.org
- A Comparison of the Top Four Enterprise-Architecture Methodologies
- Survey of Architecture Frameworks
- How to bring TOGAF to life
- SOA Blueprint
- What Is SOA?
- SOA Principles
- SOA Methodology.com
- SOA Glossary
- SOA Training and Certifications
- SOA Manifesto
- blog.jjg.net Jesse James Garrett
- jnd.org Don Norman: Designing For People
- "Do Better Scrum", by Peter Hundermark, a CSC and CST in Africa and Brazil. Provides a set of tips and insights into how to do Scrum well. (Also available in Spanish.)
- "The Scrum Primer", by Pete Deemer, Gabrielle Benefield, Craig Larman, and Bas Vodde. An early description of Scrum, written in 2006 by a respected group of CST practitioners. Offers an in-depth introduction to the theory and practice of Scrum.
- "The Scrum Papers", compiled by Jeff Sutherland, one of the co-creators of Scrum. A collection of papers relating to the practice of scrum that covers the basics all the way up to advanced topics such as how to scale Scrum.
- Scrum topic pages, by CST Mike Cohn. An online overview of many of the Scrum basics.
- Simple Scrum, by Tobias Mayer. A domain-independent overview of the Scrum framework.
- Succeeding with Agile by Mike Cohn: http://www.amazon.com/Succeeding-Agile-Software-Development-Using/dp/032...
- Lean Software Development by Mary Poppendieck: http://www.amazon.com/Lean-Software-Development-Agile-Toolkit/dp/0321150...
- Kanban: http://www.amazon.de/Kanban-David-J-Anderson/dp/0984521402/ref=sr_1_1?s=...
- Lean from the Trenches: Managing Large-Scale Projects with Kanban: http://www.amazon.de/Lean-Trenches-Managing-Large-Scale-Projects/dp/1934...
- Agile Retrospectives by Esther Derby and Diana Larsen: http://www.amazon.com/Agile-Retrospectives-Making-Teams-Great/dp/0977616...
- Coaching Agile Teams by Lyssa Adkins: http://www.amazon.com/Coaching-Agile-Teams-ScrumMasters-Addison-Wesley/d...
- Gamestorming by Dave Gray: http://www.amazon.com/Gamestorming-Playbook-Innovators-Rulebreakers-Chan...
- User Stories Applied by Mike Cohn: http://www.amazon.com/User-Stories-Applied-Software-Development/dp/03212...
- Agile Planning and Estimation by Mike Cohn: http://www.amazon.com/Agile-Estimating-Planning-Mike-Cohn/dp/0131479415/...
- Made to Stick: Why Some Ideas Survive and Others Die: Why Some Ideas Take Hold and Others Come Unstuck: http://www.amazon.de/Made-Stick-Survive-Others-Unstuck/dp/0812982002/ref...
- Crossing the Chasm: Marketing and Selling Disruptive Products to Mainstream Customers:http://www.amazon.de/Crossing-Chasm-Disruptive-Mainstream-Essentials/dp/...
- The Servant Leader: How to Build a Creative Team, Develop Great Morale, and Improve Bottom-Line Performance http://www.amazon.com/The-Servant-Leader-Bottom-Line-Performance/dp/0761...
- Money for Nothing & Changes for Free: http://scrum.jeffsutherland.com/2008/08/agile-2008-money-for-nothing.html
- Pimp-Up your retrospective: http://retrospectivewiki.org/index.php?title=Main_Page
- Dan Pink video on Motivation: http://www.youtube.com/watch?v=u6XAPnuFjJc&feature=results_video&playnex...
- Enterprise Transition and others: http://www.slideshare.net/tumma72
- Growing DONE-How to Make the Definition of Done Work for Your Team:http://www.richardlawrence.info/2009/12/21/growing-done-how-to-make-the-...
- Building a Useful Task Board: http://www.richardlawrence.info/2011/11/21/building-a-useful-task-board/
- Creating a Team Working Agreement: http://www.gettingagile.com/2008/05/02/creating-a-team-working-agreement/
- It's Not Just Standing Up: Patterns for Daily Standup Meetings:http://martinfowler.com/articles/itsNotJustStandingUp.html
- Sprint Burndown: by hours or by story points?: http://scrum.jeffsutherland.com/2009/04/sprint-burndown-by-hours-or-by-s...
- How to Give a Great Sprint Demo: http://www.richardlawrence.info/2009/04/24/how-to-give-a-great-sprint-demo/
- Ask the Team!: http://www.agile42.com/en/blog/2011/05/05/ask-team/
- Synchronize Rather Than Overlap Sprints: http://www.mountaingoatsoftware.com/blog/synchronize-rather-than-overlap...
- Revive Your Daily Standup: http://www.agile42.com/en/blog/2012/05/29/revive-your-daily-standup/
- 10 kanban boards and their context: http://blog.crisp.se/2011/12/05/mattiasskarin/10-kanban-boards-and-their...
- Kanban, Flow and Cadence: http://availagility.co.uk/2008/10/28/kanban-flow-and-cadence/
- It’s a fine line between chatting and pairprogramming: If you don’t look closely it’s hard to see the difference between two programmers chatting or pair programming. Maybe you need to look closer. Or maybe not, you only need to look at the result.
- Succeeding with “Agile Fixed Price” projects Part 1: The Price is right! describes how you qualify, sell and manage projects with fixed-price contracts without losing your customer or going broke.
- Succeeding with “Agile Fixed Price” projects Part 2:”Do you want agility with that?”. They said XP and fixed-price would never work. They were right. But that doesn’t mean Agile and fixed-price don’t work. This paper describes how you can apply “agile” or “Lean Development” techniques to further improve your chances of successfully managing fixed-price projects.
- Bob the project manager thinks about systems is a short and simple introduction to Systems Thinking. It tells the story of Bob the project manager who, with the help of his mentor Jinnie, learns to apply Systems Thinking to the situations he encounters as a project manager.
- Going round and round and getting nowhere fast? in the Winter 2002 issue of Methods and Tools explores the way different software development methods use iteration and increments. The text proposes some heuristics to apply iterative and/or incremental techniques judiciously.
- Refactoring or Upfront Design? This paper was presented at the XP 2001 conference. It explores the tradeoffs to be made between doing a lot of analysis and design work upfront on the one hand, and refactoring iteratively and taking small incremental steps.
NoSQL Non-RDBMS Big data
- Finley, Klint; How Twitter Uses NoSQL, 2 January 2011, www.readwriteweb.com/cloud/2011/01/how-twitter-uses-nosql.php
- Dijcks, Jean-Pierre; Oracle: Big Data for the Enterprise, Oracle, October 2011, www.oracle.com/us/products/database/big-data-for-enterprise-519135.pdf
- Wiggins, Adam; SQL Databases Don’t Scale, 6 July 2009, http://adam.heroku.com/past/2009/7/6/sql_databases_dont_scale/
- Amazon Web Services, Case Studies, http://aws.amazon.com/solutions/case-studies/
- Hurst, Nathan; Visual Guide to NoSQL Systems, 15 March 2010, http://blog.nahurst.com/visual-guide-to-nosql-systems
- Finley, Klint; 5 Graph Databases to Consider, 20 April 2011, www.readwriteweb.com/cloud/2011/04/5-graph-databases-to-consider.php
- Survey Distributed Databases
- Marin Dimitrov's Comparison on PNUTS, Dynamo, Voldemort, BigTable, HBase, Cassandra and CouchDB May 2010
- Why Use HBase-1: from Million Mark to Billion Mark
- Why Use HBase-2: Demystifying HBase Data integrity, Availability and Performance
- Hadoop: Next-Generation Big Data Architectures by By Bill McColl 23 October 2010 about "Not Only Hadoop".
- MPI and BSP See wiki about Bulk Synchronous Parallel and Apache HAMA on Hadoop cluster.
- Article on the CAP theorem
- HP's take on CAP Theorem, a white paper entitled "There is no free lunch with distributed data"
- Computer Science Notes on Distributed Transactions and Network Partitions from University of Sussex
- Nice post by Jens Alfke on databases, scaling and Twitter.
- Pat Helland's Microsoft paper on distributed transactions and SOA called Data on the Outside versus Data on the Inside, which he later related to CAP Theorem here
- Another set of Computer Science course slides, this time from George Mason University in Virginia, on Distributed Software Systems and particularly CAP Theorem and the clash between ACID and BASE ideologies.
- Dan Pritchett of EBay has a nice presentation on BASE.