Thursday, October 1, 2009

Sources on "Best Practise" security

I had a question on 'best practise information security' today by a family member and it then occured to me that unless you're in the know, the sources for "best practise" security aren't actually listed anywhere. It's all stored on a series of disparate sources with nothing to unify them.

If information is intended to be free, why isn't this stuff more widely communicated to the non-security folk out there? Anyone would think we're trying to keep this stuff to ourselves in an effort to prop up our industry.

For example, there is no wikipedia entry on "best practise information security".

So my question is - what sources do YOU consider to be definitive when it comes to information security "best practise"?

I'll get the ball rolling with a few:
  • NIST,
  • CIS,
  • NSA.gov,
  • Standards (ISO/AS/NZ),
  • OWASP.
Anyone?

- J.

1 comment:

Serg said...

I generally coll my kousin Yuri; best hacker back in da mother country and ask him about da common attacks. Than, I just reverze teh logikh and BAM, Yuri and his mate Dimitry can no lonker breach my anti-Soviet network.