The Information Assurance Technical Framework (IATF) document was developed to help a broad audience of users both define and understand their technical needs as well as to select approaches to meet those needs.  The intended audience includes system security engineers, customers, scientists, researchers, product and service vendors, standards bodies, and consortia.  The objectives of the IATF include raising the awareness of information assurance (IA) technologies, presenting the IA needs of information system (IS) users, providing guidance for solving IA issues, and highlighting gaps between current IA capabilities and needs. 

Information Security Handbook: A Guide for Managers

This Information Security Handbook provides a broad overview of information security program elements to assist managers in understanding how to establish and implement an information security program. Typically, the organization looks to the program for overall responsibility to ensure the selection and implementation of appropriate security controls and to demonstrate the effectiveness of satisfying their stated security requirements.

The purpose of this publication is to inform members of the information security management team (agency heads; chief information officers [CIOs]; senior agency information security officers [SAISOs], also commonly referred to as Chief Information Security Officers [CISOs]; and security managers) about various aspects of information security that they will be expected to implement and oversee in their respective organizations. In addition, the handbook provides guidance for facilitating a more consistent approach to information security programs across the federal government.

The OWASP Guide to Building Secure Web Applications v2 (OWASP Development Guide for short) was announced at Black Hat in Las Vegas in late July 2005. The original OWASP Development Guide has become a staple diet for many web security professionals. Since 2002, the initial version was downloaded over 2 million times. Today, the Development Guide is referenced by many leading government, financial, and corporate standards and is the Gold standard for web application security. The Development Guide is aimed at architects, developers, consultants and auditors and is a comprehensive manual for designing, developing and deploying secure web applications.

Network Security Policy:Best Practices White Paper (CISCO)

Without a security policy, the availability of your network can be compromised. The policy begins with assessing the risk to the network and building a team to respond. Continuation of the policy requires implementing a security change management practice and monitoring the network for security violations. Lastly, the review process modifies the existing policy and adapts to lessons learned.

NIST Special Publication on Intrusion Detection Systems

Intrusion detection systems (IDSs) are software or hardware systems that automate the process of monitoring the events occurring in a computer system or network, analyzing them for signs of security problems. As network attacks have increased in number and severity over the past few years, intrusion detection systems have become a necessary
addition to the security infrastructure of most organizations. This guidance document is intended as a primer in intrusion detection, developed for those who need to understand what security goals intrusion detection mechanisms serve, how to select and configure intrusion detection systems for their specific system and network environments, how to
manage the output of intrusion detection systems, and how to integrate intrusion detection
functions with the rest of the organizational security infrastructure.

Guidelines on Cell Phone and PDA Security

The use of handheld devices has rapidly grown in recent years due to their convenience and inexpensiveness when compared to laptop or notebook computers.  These devices are no longer viewed as coveted gadgets for early technology adopters; instead, they have become indispensable tools that provide competitive advantages for the mobile workforce and individual users.  Because of their pervasiveness in society, the security implications of these devices are a growing concern for many organizations and the impetus behind this document.

Guide to General Server Security

An organization’s servers provide a wide variety of services to internal and external users, and many servers also store or process sensitive information for the organization.  Some of the most common types of servers are Web, email, database, infrastructure management, and file servers.  This publication addresses the general security issues of typical servers.