Disclosing our sources
These are some of the key resources we use routinely to find out about and learn from information security incidents:
- Google, of course. We search often using the Google toolbar in our browser. We have learnt to craft more effective queries by exploiting Google’s search syntax including the advanced search functions.
- Google Alerts are a helpful way to trawl the Web daily for specific news and tidbits relevant to the monthly topics, especially since we discovered how to integrate alerts into our RSS/blog reader …
- Google Reader is, currently, our RSS/blog reading weapon of choice. Have you spotted the not-too -subtle pattern here? Google rocks!
- Hyperlinks embedded within other sources.
- Blogs, particularly information security blogs from information security gurus and respected tech journalists, but sometimes we enjoy naïve or counter-cultural blogs, even those from the Dark Side, the hacker underground (as in ‘know your enemy’!).
- Academic and trade journals, such as EDPACS, ISSA Journal and (ISC)2 Journal.
- Industry associations, meetings and peers.
- Information security surveys such as those from Secunia, CSI and PwC (including the biannual breaches survey). While these sometimes describe interesting incidents, they tend not to be very recent. Surveys are of more use for their information about information security threats.