INFORMATION SECURITY PORTAL
Below is links to different frameworks to help ensure a high information security level.
The OWASP Top 10 is a powerful awareness document for web application security. It represents a broad consensus about the most critical security risks to web applications. Project members include a variety of security experts from around the world who have shared their expertise to produce this list.
The Common Weakness Enumeration (CWE™) Top 25 Most Dangerous Software Errors (CWE Top 25) is a demonstrative list of the most widespread and critical weaknesses that can lead to serious vulnerabilities in software. These weaknesses are often easy to find and exploit.
The CWE Top 25 is a community resource that can be used by software developers, software testers, software customers, software project managers, security researchers, and educators to provide insight into some of the most prevalent security threats in the software industry.
SKF is a fully open-source Python-Flask web-application that uses the OWASP Application Security Verification Standard to train you and your team in writing secure code, by design.
The Center for Internet Security Critical Security Controls for Effective Cyber Defense is a publication of best practice guidelines for computer security.
The guidelines consist of 20 key actions, called critical security controls (CSC), that organizations should implement to block or mitigate known attacks.
ISO/IEC 27000 “provides an overview of information security management systems” (and hence the ISO27k standards), and “defines related terms”. The ISO/IEC27000 consists of several different parts, e.g. ISO/IEC 27001 (information security management system) and ISO/IEC 27005 (guidelines for information security risk management).
Certification to ISO/IEC 27001 is possible but not obligatory, some organizations choose to implement the standard in order to benefit from the best practice it contains.
MSB's (informationsecurity.se) method for systematic information security work is aimed at those who work with information security in an organization, regardless of the business area and size of the organization. The method should be used if your organization is in the starting pits to introduce the systematic working method, but also if your organization already has a lot in place.
The method is based on the standard ISO/IEC 27001 Information security management system.
Welcome to the SANS Security Policy Resource page, a consensus research project of the SANS community. The ultimate goal of the project is to offer everything you need for rapid development and implementation of information security policies. You'll find a great set of resources posted here already, including policy templates for twenty-seven important security requirements.
The Framework for Improving Critical Infrastructure Cybersecurity (Framework) is published by the National Institute of Standards and Technology (NIST).The document provides a comprehensive treatment of identity management and additional description of how to manage supply chain cybersecurity.
The NIST Privacy Framework is a voluntary tool developed in collaboration with stakeholders intended to help organizations identify and manage privacy risk to build innovative products and services while protecting individuals’ privacy.