General Computer Security Awareness

Advanced Persistent Threat (APT) Simulation

Purple Teaming

Internet of Things (IoT)


Transport Layer Security (TLS) and Secure Sockets Layer (SSL)

News items of interest

Taxonomies and Ontologies for Information Security

Authentication/Authorization/Accounting (AAA) services and Role-Based Access Control (RBAC)/Identity management

Security Tools

    • About active responses in OSSEC, by Stjepan Groš, August 12, 2012

Social Engineering

Industrial Control Systems (ICS) security

Mobile/Smartphone Security

QR codes as attack vector

QR, take me someplace. Safe?

Interesting reading about hacker culture, sociology, attacks, etc.

iPhone security

International Standards

Security Vulnerabilities


Inadequate/improper destruction of data

Interesting Security Research

Governmental activity on cybercrime, Information Assurance, etc.

General Accounting Office reports

General Accounting Office (GAO) reports/testimony [ Note: Printed reports can be `ordered for FREE`_ online.]

  • GAO-07-65 – INFORMATION SECURITY: Agencies Need to Develop and Implement Adequate Policies for Periodic Testing, October, 2006

  • GAO-06-811 – INFORMATION SECURITY: Coordination of Federal Cyber Security Research and Development, September, 2006

  • GAO-05-231 – INFORMATION SECURITY: Emerging Cybersecurity Issues Threaten Federal Information Systems, May 13, 2005

  • GAO-05-482 – INFORMATION SECURITY: Internal Revenue Service Needs to Remedy Serious Weaknesses over Taxpayer and Bank Secrecy Act Data, April 15, 2005

  • GAO-05-567T – Information Security: Department of Homeland Security Faces Challenges in Fulfilling Statutory Requirements, by Gregory C. Wilshusen, director, information security, before the Subcommittee on Management, Integration, and Oversight, House Committee on Homeland Security, April 14, 2005

  • GAO-04-699T – CRITICAL INFRASTRUCTURE PROTECTION: Establishing Effective Information Sharing with Infrastructure Sectors, testimony by Robert F. Dacey, Director, Information Security, before a joint hearing of the Subcommittee on Infrastructure and Border Security and the Subcommittee on Cybersecurity, Science, and Research and Development, House Select Committee on Homeland Security, April 21, 2004

  • GAO-04-628T –CRITICAL INFRASTRUCTURE PROTECTION: Challenges and Efforts to Secure Control Systems, testimony by Robert F. Dacey, director, Information Security, before the Subcommittee on Technology, Information Policy, Intergovernmental Relations, and the Census, House Committee on Government Reform, March 30, 2004

  • GAO-04-354 – CRITICAL INFRASTRUCTURE PROTECTION: Challenges and Efforts to Secure Systems, March 15, 2004

  • GAO-01-208t – HOMELAND SECURITY: A Risk Management Approach Can Guide Preparedness Efforts

  • GAO-04-140T – CRITICAL INFRASTRUCTURE PROTECTION: Challenges in Securing Control Systems,October 1, 2003

  • GAO-01-323 – CRITICAL INFRASTRUCTURE PROTECTION: Significant Challenges in Developing National Capabilities, April 25, 2001

  • GAO/T-AIMD-00-229 – CRITICAL INFRASTRUCTURE PROTECTION: Comments on the Proposed Cyber Security Information Act of 2000, June 22, 2000

  • GAO/T-AIMD-181 – CRITICAL INFRASTRUCTURE PROTECTION: “ILOVEYOU” Computer Virus Highlights Need for Improved Alert and Coordination Capabilities, May 18, 2000

  • GAO/T-AIMD-171 – INFORMATION SECURITY: “ILOVEYOU” Computer Virus Emphasizes Critical Need for Agency and Governmentwide Improvements, May 10, 2000

  • GAO/T-AIMD-00-7 – CRITICAL INFRASTRUCTURE PROTECTION: Fundamental Improvements Needed to Assure Security of Federal Operations, October 6, 1999

  • GAO/T-AIMD-99-223 – INFORMATION SECURITY: Recent Attacks on Federal Web Sites Underscore Need for Stronger Information Security Management, June 24, 1999

  • GAO/AIMD-99-47 – INFORMATION SECURITY: Many NASA Mission-Critical Systems Face Serious Risk, May 1999

  • GAO/AIMD-98-145 – COMPUTER SECURITY: Pervasive, Serious Weaknesses Jeopardize State Department Operations, May 1998

  • GAO/AIMD-98-155 – AIR TRAFFIC CONTROL: Weak Computer Security Practices Jeopardize Flight Safety, May 1998

  • GAO/T-AIMD-98-170 – INFORMATION SECURITY: Serious Weaknesses Put State Department and FAA Operations at Risk, May 1998

  • GAO/AIMD-98-68 – EXECUTIVE GUIDE: Information Security Management – Learning From Leading Organizations, May 1998

  • GAO/HR-97-1 – HIGH RISK SERIES: An Overview, February 1997

  • GAO/HR-97-9 – HIGH RISK SERIES: Information Management and Technology, February 1997

NIST Computer Security Standards, Checklists, and Special Publications

Security Policy/Incident Response

Secure Email


I didn’t like it on my breakfast plate as a kid, I don’t like it in my inbox now!