Computer Security Information

Standards

• NIST Special Publication 800-53 (Rev. 4), Security and Privacy Controls for Federal Information Systems and Organizations (2014) [PDF]
• NIST Special Publication 800-53A (Rev. 4), Assessing Security and Privacy Controls for Federal Information Systems and Organizations (2014) [PDF]
• NIST Special Publication 800-39, Managing Information Security Risk: Organization, Mission, and Information System View (2011) [PDF]
• DoD 8570.01-M, Information Assurance Workforce Improvement Program (2012) [PDF]
• Federal Information Security Management Act (FISMA) Implementation Project
• National Checklist Program Repository

Dealing with Virus Infections, Spyware, Spam, and Phishing

• Five Privacy Tips to help you protect your privacy and your personal data.
• University of Michigan Information Security Policies (Login required)
• Safe Computing at the University of Michigan:
  • Anti-Virus Protection at U-M.
  • Protect Yourself & the University from Spear Phishing (video)
• Why Phishing Works: A great paper on "what makes a bogus website credible."
• Why am I getting all this spam and what can I do about it at the U of M?

Encryption

• Microsoft Password Checker
• Windows Encrypting File System overview.
• BitLocker vs. EFS.

Network and Workstation Security

• Remote Desktop with TS Gateway: Use this method to connect to your Windows PC from home. This is the method required by CMT.
• Windows 7 Security
• SANS Institute: Critical Security Controls (v.5)
• Internet Risks: Some things to consider when you have sensitive data on a workstation that is connected to the internet. This document was developed for users of HRS restricted data, but it is applicable to HRS staff members as well.
• Home Network Security: Thinking about doing HRS work at home? Before you begin, you should read and understand the security issues involved.
• Information from ISR: CMT Statements on: Identity Theft, Spam Prevention, Peer-to-Peer Networks and File Sharing, Email Fraud and other Computing Risks, and Unlawful peer-to-peer file sharing over the Internet.

Security Resource Sites

• Bruce Schneier's Web Log: "When people want to know how security really works, they turn to Schneier."
• SecurityFocus is a vendor-neutral site that provides objective, timely and comprehensive security information to all members of the security community, from end users, security hobbyists and network administrators to security consultants, IT Managers, CIOs and CSOs.
• CERT: "Anticipating and solving the nation's cybersecurity challenges".
• Internet Storm Center: The latest Internet threats (see image link, below).
• Department of Homeland Security Daily Open Source Infrastructure Report