In the world of IT security, threats are constantly evolving and shifting. It’s critical to stay abreast of the current (and hopefully future) threat landscape. If you’re not staying current, then you’ve already lost.
Keeping up to date with security threats will help you mount more effective defenses and also help you educate your users by spreading the word about attacks and scams. User education is an important yet often overlooked element of IT security. Train users to avoid being easy prey and save yourself from having to clean up the resulting mess. This is especially important in the case of phishing scams.
Here are nine good resources that will keep you informed about current security threats. The goal of this list is not to repeat a bunch of resources that we’ve all heard about before. It’s a given that every security vendor has its own blog and newsletter; reading them regularly is a good idea.
Security Bloggers Network is a huge network of security bloggers covering a wide variety of topics. While not every blog is a hidden gem, there are certainly enough that provide quality news and analysis. The thing to do is subscribe to the RSS feed so you don’t have to go out and discover new sources; now they’ll come right to you. Warning: The onslaught of security news may seem a little overwhelming at times.
Brian Krebs, a reporter for The Washington Post for 14 years, writes KrebsonSecurity. He has also written well over 1,000 blog posts for the Security Fix blog. He covers security news and investigations quite deeply and in a timely manner.
Uncommon Sense Security is run by security expert Jack Daniel. He updates his blog about once a week and isn’t afraid to let readers know what he really thinks about a topic. His postings about trust and privacy are particularly useful.
Facecrooks.com is a great way to stay current on the security threats found on Facebook. Learn about the latest scams and hoaxes so you can teach your users to steer clear of them.
Darknet is a blog that focuses on ethical hacking, penetration testing and computer security. The premise is that by hacking, you can learn to think like a hacker and therefore defeat the hacker. The site has won lots of awards and has a loyal reader base. The content is deep, interesting and well explained.
StaySafeOnline is a resource provided by the National Cyber-Security Alliance (NCSA) with a goal of creating an empowered and secure digital society through content, community, communication, commerce, and connectivity. Straightforward postings are split into categories such as social networking, data privacy, and mobile. Every two weeks the site posts a wrap-up of important security news stories that are a great way to keep up-to-date for those tasked with assessing and managing cyber risk.
Internet Storm Center is probably the most well known and highly trafficked site on this list. I felt that I had to include it on this list because it is beyond helpful in terms of the timeliness and depth of security-related content. Daily ISC StormCast podcasts and a constant stream of threat-related news are the most helpful bits of information you’ll find here.
Pauldotcom is the home of Paul Asadoorian’s weekly podcast "Security Weekly" and provides the latest news and in depth technical segments with a humorous slant. The podcast runs live every Thursday night at 6 p.m. EST.
CyberCrime & Doing Time is one of my personal favorites. Gary Warner provides deep information about evolving threats, cyber crime and legal issues related to security. Posts are both news related and educational. Gary does a great job dissecting threats and offering step-by-step analyses of what they do.
Matthew David Sarrel is executive director of Sarrel Group, an editorial services, product test lab and information technology consulting company. He is a contributing editor for PC Magazine, a contributing analyst for GigaOM and a frequent contributor to the Internet.com family of sites. Previously, he was a technical director for PC Magazine Labs, where he led all testing conducted by the Applications, Enterprise and Development Software, OS and Utilities, Network Infrastructure and Wireless LAN teams. His career also includes stints as an executive at two Internet startups and as director of IT for the New Jersey Medical School National Tuberculosis Center.