I think you'll agree that either being a security administrator or managing security administrators requires that you continually add new information to your base of knowledge. Lots of resources are available for you to use to gather more information. Some of the resources are well-known and others are either relatively new or remain a bit obscure for whatever reasons. This week, I want to share with you a resource that you might not be aware of but that's worth checking into.
Information Security Writers (Infosec Writers) is a Web site at which you can find numerous technical papers and essays, all of which of course pertain to information security. The site was originally launched in 2000 as the Security Writers Guild. Since that time, the site has obviously changed names, and the content has grown.
The site hosts a library of technical papers written by various contributors who want to share their knowledge with the community at large. Categories in the Web site's Text Library include Email Security; Exploitation/Vulnerability; Firewall & Perimeter Protection; Forensics; General Security Concepts & Misc.; Honeypots; Information Assurance; Intrusion Detection; Malware/Malicious Code; Network Devices, Protocols & Traffic; Organizational Security; Security Tools; and Wireless Security.
For some examples of the types of papers that you might find at the site, check the Latest Articles section of the Infosec Writers home page. Some recently published papers are "Securing Mac OS X" by Stephen de Vries, "Shadow Software Attack" by Angelo Rosiello, "The Increasing Risks of Internet Computing" by Greg Greer, "Information Systems Misuse--Threats & Countermeasures" by Vijay Gawde, and "Non Conventional Virus Attack" by Raul Alvarez.
Another item of interest that you can find at the site is "Hitchhiker's World," which is a Web-based magazine. As far as I can determine, the magazine isn't published at any particular interval, however the next version is due to be released July 27. You might want to read some or all of the previous editions; if you find the content useful, you can mark your calendar to read the upcoming edition.
If you know of other security-related Web sites that others might not be aware of and you want to share their names with the readers of this newsletter, please send me an email and let me know about them.