Information & News Sources
In the course that I am taking, we are developing a threat modeling process that we can use for our respective organizations. One critical piece of threat modeling is having a listing of credible sources available to you; this list should contain sources that cover information on specific threat trends, vulnerability information, software and system updates, and other news related to security trends and major events. The benefit to this is that you always have a resource to go to when trying to threat model a system.
What I found useful was setting up a feed reader to monitor a variety of websites. Whenever an article is posted on any of the sites, its title and short description is posted to the feed. I use Feedly.com for this due to its ease of use to get started. Here is a listing of the feeds that I am currently watching:
- CIO Security
- Nextgov
- Naked Security
- SANS Internet Storm Center, InfoCON: green
- InfoSec Resources
- Schneier on Security
- Securelist – Information about Viruses, Hackers and Spam
- ZDNet security RSS
- Paul’s Security Weekly
- Metasploit
- Room362
- Security on TechRepublic
- Darknet – The Darkside
- Carnal0wnage & Attack Research Blog
- GDS Security
- MalwareTech
- PortSwigger Web Security Blog
- SANS Penetration Testing
- US-CERT Alerts
- Google Online Security Blog
- Offensive Security
- Dark Reading
- DigiNinja
- GNUCITIZEN
- Reiners’ Weblog
- SensePost Blog
- SkullSecurity
- TaoSecurity
- Trustwave SpiderLabs Blog
- WIRED
Note that not all of these are maintained daily or even weekly, but the total of these resources provides a great central location for the latest news in cyber security. The variety helps to ensure that a rounded and unbiased view is given for a large news item, and also helps makes sure that smaller announcements/discoveries/vulnerabilities appear in the feed as well. I would highly recommend creating your own feed with the sources that are important to you.