資訊安全管理相關資源

資訊安全管理因為科技的發展，資訊產品及環境既多樣又多變，需要涉獵知識是既要有深度更要有廣度，雖然說資安防護多是從技術面著手，組織重視的多是有關防毒與防駭等技術問題，雖然很重要，但是"人"往往都是資安問題的盲點，即使有再強的技術，卻疏於管理；防火牆再堅固，透過電子郵件社交工程入侵，完全不費吹灰之力，這些缺口都不是僅靠技術就能防護的，所以必須從資安管理、資安標準、資安治理架構、法令法規，駭客技術，防護機制，資安新知等各種面向來建構更為完善的資訊環境，這些都是資安及資訊從業人員需要了解的；唯有知己知彼，方能預知風險，加以控制，確保組織的核心業務及重要資產是安全無虞。

Government related website

National Information & Communication Security Taskforce

National Center for Security Technology
National Information and Communication Security Center
Information Security Governance Assessment
TWNCERT
TWCERT/CC

Standard related website

國家標準(CNS)網路服務系統
TAF財團法人全國認證基金會
全國法規資料庫
ISO (International Organization for Standardization)
ANSI(American National Standards Institute)
NIST.gov - Computer Security Division - Computer Security Resource Center

Operation Security

管理架構，資訊安全評估標準等相關資料
Common Criteria - The Common Criteria Portal
資訊安全評估標準，受信任運算系統評估標準，又簡稱橘皮書
Trusted Computer System Evaluation Criteria
系統安全工程暨能力成熟度
SSE-CMM Home Page
系統開發時有關安全內建的議題
Build Security In Home
威脅建模式一種有效的針對應用軟體安全的分析方法
Application Threat Modeling
Security Domain

Security information

iThome Security News
資安人科技網 Information Security
TWCERT/CC
Information Security Magazine
CSO Magazine
Security,Technology Design (有關資訊安全的產品評鑑，如存取控制，生物辨識，監控系統等)
SC Magazine,
Taiwan-OWASP
Freebuf

Security Blog

Infosecblog.antonaylward.com - System Integrity Without Integrity you don’t have Security
The Security Catalyst
Securitas Operandi™
i Security
Liquidmatrix Security Digest
Securitas Operandi™
The Security Catalyst
http--infosecblog.antonaylward.com - System Integrity Without Integrity you don’t have Security
contagio

Security management

Build Security In Home
Cyber Security Tips
ITIL® Home
The SABSA Institute - Enterprise Security Architecture
Cybersecurity Engineering in Company - SSE-CMM
ZIFA.com Zachman Institute for Framework Architecture
Disaster recovery tools, tips and techniques - SearchDisasterRecovery.com
Welcome to CERT
isc2 Security Transcents Technology