(ISC) 2 s Global Online Resource Guide for Today s Information Security Professional. Content Submission Criteria

Transcription

1 (ISC) 2 s Global Online Resource Guide for Today s Information Security Professional Content Submission Criteria Thank you for your interest in the (ISC) 2 Global Online Resource Guide for Today s Information Security Professional. All editorial data listed in the guide is carefully vetted by our editorial team in order to ensure that only the most relevant information is included. When considering data for submission to the guide, please use the recommendations outlined in this Content Submission Criteria Reference Document. If you adhere to the following guidelines, your submission will likely be accepted for inclusion. The Editorial Team reserves the right to accept or decline content submissions if deemed inappropriate or unacceptable for any reason. In the event that your submission is declined, please refer to the Reasons for Declined Submission on page 7 for possible reasons. (ISC) 2 s Global Online Resource Guide editorial content includes 5 categories. Details to each section can be found on the following pages: o Educational Resources 1 o Events 2 o Publications 3 o Online Resources 4 o Associations/Organizations 6 Data in each content category is specifically described below, and includes a sample listing that outlines both mandatory and optional information fields. Educational Resources: The Resource Guide includes accredited educational institutions that provide undergraduate and/or graduate courses that support the continuing professional development of the information security workforce. Most institutions offer a number of courses to information security (INFOSEC) and information technology (IT) students, and several grant degrees in these disciplines. Trade schools and other institutions that offer system management or other technical training and certification may be included if it is an organized program that is not tied to one vendor product or product line. (For example, do not include Microsoft University Online ) The Websites provided should help the prospective student locate the information on INFOSEC and IT programs readily. Therefore, please provide the link to the program, curriculum or department that offers the relevant coursework. Links to the home page of large institutions or universities will not meet this requirement. Simon Fraser University School of Computing Science Burnaby, British Columbia, Canada [Institution Name] [Department or School focused on INFOSEC] [City, State/Province, Country Physical Location] [URL to Website that includes information security program at the educational institution] 1

2 Mandatory Content for Educational Resources: Institution Name Location [Region, Country, and City] Website link Optional/Recommended Content Additions (if available): Name of Dept. or School within institution focused on Information Security education Unaccredited institutions or those not recognized by the national academic community Vendor-owned or operated educational training programs or training centers that focus on one product or vendor product line One-time courses to be held by regional or national associations or organizations (conferences can be included in the events section below) Online learning programs that are NOT associated with an accredited academic institution (college, university, or registered trade school) Events: Online submissions for this section should include trade shows, conferences, organized user group meetings, and other publicly advertised gatherings that support the information security community. Most events are open to the public; some charge a fee for attendance while others do not. Some events may require membership in professional organizations, such as many IEEE functions. Many events are produced by media companies that also publish one or several periodicals for this community, and these should be considered for inclusion in your submission Information Assurance Workshop [Event Name] February 7-10, 2005 [Event Dates] Marriott Philadelphia Downtown [Event Venue/Site] Philadelphia, Pennsylvania, USA [Location, including City, State/Province, and Country] [URL/Website for specific event or event producer] EXPO COMM Mexico 2005 February 8-11, 2005 Centro Banamex Mexico City, Mexico Mandatory Content for Event Resources: Event Name Event Dates [If exact dates are not known, month only for the event will suffice] Geographic Location [Including City, State/Province, and Country] Venue [Hotel, Convention Center, or other Physical location for conference/trade show] Website link [For specific event or event producer] Optional/Recommended Content Additions (if Available): Event Theme or Tagline 2

3 Vendor-hosted events that are focused on sales of specific products and services offered to the information security community. These marketing events for one or several vendors should not be considered in this collection of professional events. For example, a seminar hosted by Symantec about new security strategies, however worthwhile, should not be included in this listing. Events that have not yet determined dates, location, or content these can be added as details are defined later in the year and reviewed for appropriateness Closed events that are not accessible to INFOSEC professionals. Events that require membership in a professional organization or fee to attend are acceptable, but we do not wish to publish events that most of our audience cannot consider attending. Publications: Publications should be focused on information technology and information security, and must be published on a regular basis. One-time publications or those produced by vendors to support sales should not be included. Online submissions may include PRINT and ONLINE publications, including daily, weekly, monthly or quarterly periodicals. Academic monographs published on an established schedule also may be considered, as long as the publication schedule is regular, rather than ad hoc. If a publication is offered in only one language that is not English, please specify the available language of the publication, or if it is available in English and other languages, that also is helpful. Computerworld [Publication Name] [Website Link for specific publication or publisher] Mandatory Content for Publications: Choose the proper location [Region] Publication Name Website Link for specific publication or publisher Optional/Recommended Content Additions: Publication Subtitle Language Publications online or in print versions that are not issued on a regular basis, set schedule, or other industry norm. Periodic newsletters should be carefully considered before including them in this listing of professional publications. Publications that do not address INFOSEC issues, technology, or education for the target audience in some significant way Vendor publications that focus on a specific company s products, employees, seminars, etc. 3

4 Online Resources: Online submissions in this section can cover a broad range of topics, tools, and other reference materials available to users online. The Websites provided must be available to the public and cannot require password or other encrypted access. The objective of this section is to make the information security professional community and those who support it aware of the vast array of valuable resources online to support everything from education, to research, to improving security operations in diverse enterprises. Note of caution on Website length: Do not include URLs/Website links that are of unusual length or complexity. If a Website link exceeds one line, it should not be submitted, as it is considered too complex for reader ease of use or reference. Online resources included in the Resource Guide are categorized into several groups. Please provide your online submissions with an indication of WHICH category applies to each online resource recommended for inclusion in the guide. The five categories for Online Resources are listed below along with samples for each. 1) Government Online Resources (sorted by country name) Many government Websites provide helpful information of use to security professionals. These resources may include reference materials and services, including security standards, best practices, and national cyber security policies and guidelines. The following samples show how government agencies may be listed. The overall objective is to give the Resource Guide user a quick idea of what is available, who offers the information, and how to access it. U.S. Government Sites: U.S. Department of Homeland Security [Government Agency Name] [Public access Website] The U.S. Computer Emergency Readiness Team [Government Sub-Department Name] The National Cyber Security Response System [Purpose or Information Available] [Public access Website] 2) Organizational Security Resources Online A range of organizations provide resources online to INFOSEC professionals. These sites can be used to locate membership opportunities, review technical reports and white papers, and browse discussion of current issues of interest to the security community. (Many of these resources use the.org designation) IEEE Computer Society Technical Committee on Security and Privacy International Information Systems Security Certification Consortium (ISC) 2 4

5 World Wide Web Consortium, W3C Security Resources No vendors are to be included in this section. 3) Educational Resources Online These selected educational organizations have assembled tools and online resource libraries for information security professionals. Through these sites, users can identify available academic programs, review current academic research, review INFOSEC glossaries, and track security incidents and reporting. Many of these Websites feature link libraries to additional valuable resources. American Association of Community Colleges Association of Universities and Colleges in Canada 4) For Consumers, Families, and Educators A number of Websites provide guidance to consumer, parents, children, and educators to ensure they employ and teach best practices and safe access to online information. These sites include significant, practical reference materials and online security guidance for these groups. CyberSmart! School Program Educational Technology Clearinghouse Internet Safety Student Sites Federal Bureau of Investigation (FBI) A Parent s Guide to Internet Safety (English and Spanish versions) 5) Industry Portals Resources Online Online portals provide an efficient means of sharing voluminous information about information security concerns, alerts, lessons learned, and strategies for risk mitigation. A number of organizations and independent security professionals host Websites that include discussion of the latest security updates, warnings, glossaries, and other valuable reference material for INFOSEC professionals and the security community at large. Do not include links to private vendor sites, with the exception of product- or service- neutral information that is provided on corporate sites. Where a vendor site includes a helpful list of useful links, definitions, relevant article on a security topic, or other broadly useful, unbiased content, it may be considered for this Industry Portals section. The Association for Computing Machinery Portal Linux Security Information 5

6 SearchSecurity.com Links Mandatory Content for Online Resources: Choose the proper category for your submission. Choose the proper location [Region and Country] Web Link Title [What is offered at the link provided and by who] Website link [Must be publicly accessible] Optional/Recommended Content Additions (if available): Website Subtitle Language Vendor Websites that include only company and product specific information Excessively long or complex Website references (see note above) Links to sites that are not publicly available without a password or other encryption Website links that have not been tested for accuracy, relevance, and currency Associations/Organizations: This guide should include associations and organizations that are considered a professional resource to the information security community. All of these groups offer some type of INFOSEC education and information as part of their annual agendas, meetings, and publications, and many offer opportunities for individual membership, professional networking, access to custom research, and special events. AFCEA International Fairfax, Virginia USA [Organization Name] [Website for organization/association] [including city, state/province, and country] OASIS (Organization for the Advancement of Structured Information Standards) Billerica, Massachusetts Mandatory Content for Online Resources: Organization/Association name Organization Website City, state/province, and country Vendor user groups that are focused on promoting specific hardware, software, or services of one or selected firms Organizations whose sole purpose is to serve one vendor or a limited vendor population Organizations or associations who are closed or are not accepting future memberships for INFOSEC professionals 6

7 Reasons for Declined Submission The Editorial Team reserves the right to accept or decline content submissions if deemed inappropriate or unacceptable for any reason. In the event that your submission is declined, please reference the possible reasons for decline listed below or review the editorial content criteria for each section as detailed in this document. Possible reasons for a declined submission: - The listing does not address information security issues, technology or education for the target audience in a significant way. - The listing/modification is too vendor specific. The guide does not include listings specific to vendor user groups that are focused on promoting specific hardware, software or services of one or selected firms. - The listing/modification is too specific to one industry or location (i.e. a security software event or a local chapter meeting). - The listing URL is overly complex, broken and/or required a password for entry. - The listing does not have an ongoing life cycle (i.e. one-time academic courses or publications). - The listing organization offers a closed membership or is not accepting future memberships for information security professionals. - The listing/modification contains inappropriate language. - The listing is already in the guide. To submit content for consideration or to update an existing listing, simply go to and register as a contributor. Once registered, you will be able to submit content according to the provided content categories. Your submission will then be vetted by the Resource Guide Editorial Team and be 1) posted for inclusion or 2) declined. Please note that our Editorial Team will notify you should your listing be declined for any reason. You will then have the opportunity to make the appropriate edits to the listing and resubmit for consideration. Again, thank you for taking the time to submit your listing/modification. We rely on your input to update our content and would encourage you to submit any listing that qualifies based on the criteria. 7