E.1 Professional OrganizationsYou may find the following organizations helpful. The first few provide newsletters, training, and conferences. FIRST organizations may be able to provide assistance in an emergency. E.1.1 Association for Computing Machinery (ACM)The Association for Computing Machinery is the oldest of the professional computer science organizations. It publishes many scholarly journals and annually sponsors dozens of research and community-oriented conferences and workshops. The ACM also is involved with issues of education, professional development, and scientific progress. It has a number of special interest groups (SIGs) that are concerned with security and computer use. These include the SIGs on Security, Audit, and Control; the SIG on Operating Systems; the SIG on Computers and Society; and the SIG on Software Engineering. Contact the ACM at:
The ACM has an extensive set of electronic resources, including information on its conferences and special interest groups. The information provided through its web site is especially comprehensive and well-organized: The ACM has a U.S. Public Policy committee that comments on pending legislation affecting security, privacy, and usability. Many of the items it is concerned with should also be of concern to those interested in security. Its web site is at: E.1.2 American Society for Industrial Security (ASIS)The American Society for Industrial Security is a professional organization for those working in the security field. ASIS has been in existence for 40 years and has 32,000 members worldwide as of 2002. Its 25 standing committees focus on particular areas of security, including computer security. The group publishes a monthly magazine devoted to security and loss management. ASIS also sponsors meetings and other group activities. Membership is open only to individuals involved with security at a management level. Contact ASIS at:
E.1.3 Computer Security Institute (CSI)The Computer Security Institute was established in 1974 as a multiservice organization dedicated to helping its members safeguard their electronic data processing resources. CSI sponsors workshops and conferences on security, publishes a research journal and a newsletter devoted to computer security, and serves as a clearinghouse for security information. The Institute offers many other services to members and the community on a for-profit basis. Of particular use is an annual Computer Security Buyer's Guide that lists sources of software, literature, and security consulting. Contact CSI at:
E.1.4 Electronic Frontier Foundation (EFF)EFF advocates and litigates for civil liberties and freedom on the Internet. Although its concerns are considerably broader than security, EFF maintains an interesting archive of privacy- and security-related documents at http://www.eff.org/Privacy. Contact EFF at:
E.1.5 Electronic Privacy Information Center (EPIC)EPIC is a public-interest research center that studies electronic privacy issues. EPIC litigates and advocates for privacy and civil liberties. Contact EPIC at:
E.1.6 High Technology Crimes Investigation Association (HTCIA)The HTCIA is a professional organization for individuals involved with the investigation and prosecution of high-technology crime, including computer crime. There are chapters throughout the United States and in many other countries. Contact HTCIA at:
E.1.7 Information Systems Security Association (ISSA)The ISSA is an international organization of information security professionals and practitioners. It provides education forums, publications, and peer interaction opportunities that enhance the knowledge, skill, and professional growth of its members. They publish a magazine and sponsor conferences and workshops. Chapters can be found throughout the U.S. and around the world. Contact ISSA at:
E.1.8 International Information Systems Security Certification Consortium, Inc.The (ISC)2 is an international organization that supervises the CISSP and SSCP professional certifications. The Certified Information Systems Security Professional and Systems Security Certified Practitioner designations are widely accepted as standard levels of certification of those working in security. The organization requires certificants to subscribe to a professional code of conduct and undergo continuing education after passing the initial tests. Contact (ISC)2 at:
(ISC)2's web site is at: E.1.9 The Internet SocietyThe Internet Society sponsors many activities and events related to the Internet, including an annual symposium on network security. Information is available at the Society's U.S. or European headquarters at:
The Society can also be contacted electronically at:
E.1.10 IEEE Computer SocietyWith nearly 100,000 members, the Computer Society is the largest society of the Institute of Electrical and Electronics Engineers (IEEE). It too is involved with scholarly publications, conferences and workshops, professional education, technical standards, and other activities designed to promote the theory and practice of computer science and engineering. The IEEE-CS also has special-interest groups, including a Technical Committee on Security and Privacy, a Technical Committee on Operating Systems, and a Technical Committee on Software Engineering. Contact the Computer Society at:
The Computer Society's Technical Committee on Security and Privacy has a number of resources, including an online newsletter at: E.1.11 IFIP, Technical Committee 11The International Federation for Information Processing, Technical Committee 11, is devoted to research, education, and communication about information systems security. The working groups of the committee sponsor various activities, including conferences, throughout the world. Contact the committee at: (Follow the links for security or for TC 11.) E.1.12 Systems Administration and Network Security (SANS)SANS conducts workshops and conferences around the U.S. to provide continuing education in various aspects of system administration and security. This includes training in intrusion detection, firewalls, and general security. The organization also provides various online newsletters and alerts, plus some self-paced instruction. Contact SANS and get more information via their web site at: E.1.13 USENIX/SAGEThe USENIX Association is a nonprofit education organization for users of Unix and Unix-like systems. The Association publishes a magazine, sponsors numerous conferences, and has representatives on international standards bodies. The Association sponsors an annual workshop on Unix security and another on systems administration, plus many conferences dealing with security-related information. SAGE stands for the Systems Administrators Guild. It is a special technical group of the USENIX Association. To join SAGE, you must also be a member of USENIX. Contact USENIX and SAGE at:
|