Disclosing our sources

These are some of the key resources we use routinely to find out about and learn from information security incidents:

• Google, of course.  We search often using the Google toolbar in our browser.  We have learnt to craft more effective queries by exploiting Google’s search syntax including the advanced search functions. 
  
  
• Google Alerts are a helpful way to trawl the Web daily for specific news and tidbits relevant to the monthly topics, especially since we discovered how to integrate alerts into our RSS/blog reader …
  
  
• Google Reader is, currently, our RSS/blog reading weapon of choice.  Have you spotted the not-too -subtle pattern here?  Google rocks! 
  
  
• Hyperlinks embedded within other sources.
  
  
• Blogs, particularly information security blogs from information security gurus and respected tech journalists, but sometimes we enjoy naïve or counter-cultural blogs, even those from the Dark Side, the hacker underground (as in ‘know your enemy’!).
  
  
• Information security newsgroups, discussion forums or email reflectors.
  
  
• Academic and trade journals, such as EDPACS, ISSA Journal and (ISC)² Journal.
  
  
• Industry associations, meetings and peers.
  
  
• Magazines such as Hackin9 and ClubHACK.
  
  
• General news media – yes, even TVNZ, the BBC, CNN and others occasionally highlight information security incidents or issues that haven’t already come to our attention elsewhere, albeit rather superficially.
  
  
• Information security surveys such as those from Secunia, CSI and PwC (including the biannual breaches survey).  While these sometimes describe interesting incidents, they tend not to be very recent.  Surveys are of more use for their information about information security threats.

What do you use?