CIO-CSO Contacts and Preferred Sources
CXO Media Inc., publisher of
CIO and CSO magazines, and Darwinmag.com created a Reporters’ Resource: What
You Need to Know About Security. It addresses the key areas of security,
paying particular attention to business priorities, legal implications, and
new research findings about cybersecurity threats and attacks.
This page includes government
and nongovernmental contact information published in the original Resource
Guide
http://www.csoonline.com/info/reportersresource.pdf
ADDITIONAL INFORMATION
AVAILABLE AT THEIR WEBSITES:
www.cio.com/research/security |
www.CSOonline.com |
guide.darwinmag.com/technology
Government Resources
BUREAU OF INDUSTRY AND SECURITY
(BIS)
(formerly Bureau of Export Administration/BXA)
www.bis.doc.gov
The BIS’s mission is to advance U.S. national security, foreign policy and
economic interests. Its activity includes promoting federal initiatives and
public-private partnerships across industry sectors to protect the nation’s
critical infrastructures.
CRITICAL INFRASTRUCTURE
ASSURANCE OFFICE (CIAO)
www.ciao.gov
The CIAO (pronounced like the Italian word for good-bye) was created in
response to a Presidential Decision Directive (PDD-63) in May 1998 to
coordinate the federal government’s initiatives on critical infrastructure
assurance. The CIAO’s primary goals are to assess the U.S. government’s own
risk exposure and dependencies on critical infrastructure; raise awareness
and educate public understanding and participation in critical
infrastructure protection efforts; coordinate legislative and public affairs
to integrate infrastructure assurance objectives into the public and private
sectors; and coordinate and implement the national strategy.
ELECTRONIC CRIMES TASK FORCES
www.ectaskforce.org
On Oct. 26, 2001, President Bush signed into law the USA Patriot Act of
2001. As a result of this legislation, the Secret Service was mandated to
establish a nationwide network of Electronic Crimes Task Forces based upon
the New York Electronic Crimes Task Force model.
FEDERAL BUREAU OF INVESTIGATION
(FBI)
www.fbi.gov
The FBI’s mission is to uphold the law through the investigation of
violations of federal criminal law; to protect the United States from
foreign intelligence and terrorist activities; to provide leadership and law
enforcement assistance to federal, state, local and international agencies;
and to perform these responsibilities in a manner that is responsive to the
needs of the public and is faithful to the Constitution of the United
States.
Lawrence Berkeley National Labs
http://www.lbl.gov
Lawrence Livermore National Laboratory
http://www.llnl.gov
Los Alamos National Laboratory
http://www.lanl.gov
NASA http://www.nasa.gov
National Imaging & Mapping Agency
http://www.nima.mil
NATIONAL INFRASTRUCTURE
PROTECTION CENTER (NIPC)
www.nipc.gov
Established in February 1998, the NIPC’s mission is to serve as the U.S.
government’s focal point for threat assessment, warning, investigation, and
response for threats or attacks against our critical infrastructures (i.e.,
telecommunications, energy, banking and finance, water systems, government
operations and emergency services). The NIPC brings together representatives
from U.S. government agencies, state and local governments, and the private
sector in a partnership to protect the nation’s critical infrastructures.
National Institutes of Health
http://www.nih.gov
NATIONAL INSTITUTE OF JUSTICE (NIJ)
www.ojp.usdoj.gov/nij
NIJ is the research and development agency of the U.S. Department of Justice
and is the only Federal agency solely dedicated to researching crime control
and justice issues. In partnership with others, NIJ’s mission is to prevent
and reduce crime, improve law enforcement and the administration of justice,
and promote public safety.
NATIONAL INSTITUTE OF STANDARDS
AND TECHNOLOGY (NIST)
www.nist.gov
Founded in 1901, NIST is a nonregulatory federal agency within the U.S.
Commerce Department’s Technology Administration. NIST’s mission is to
develop and promote measurements, standards and technology to enhance
productivity, facilitate trade and improve the quality of life. The NIST
Laboratories conduct research that advances the nation’s technology
infrastructure and is needed by U.S. industry to continually improve
products and services.
National Oceanic & Atmospheric Administration
http://www.noaa.gov
NATIONAL SECURITY AGENCY (NSA)
www.nsa.gov
The NSA coordinates, directs and performs highly specialized activities to
protect U.S. information systems and produce foreign intelligence
information. A high-tech organization, NSA is on the frontiers of
communications and data processing.
OFFICE OF CYBERSPACE
SECURITY/NATIONAL SECURITY COUNCIL (NSC)
www.whitehouse.gov/nsc
The National Security Council is the president’s principal forum for
considering national security and foreign policy matters with his senior
national security advisors and cabinet officials. The council also serves as
the president’s principal arm for coordinating these policies among various
government agencies.
OFFICE OF HOMELAND SECURITY
www.whitehouse.gov/homeland
The mission of the office is to develop and coordinate the implementation of
a comprehensive national strategy to secure the United States from terrorist
threats or attacks. The office coordinates the executive branch’s efforts to
detect, prepare for, prevent, protect against, respond to and recover from
terrorist attacks (physical and cyber) within the United States.
OFFICE OF SCIENCE AND
TECHNOLOGY POLICY (OSTP)
www.ostp.gov
OSTP serves as a source of scientific and technological analysis and
judgment for the president with respect to major policies, plans and
programs of the federal government. Part of this office’s mission is to work
with the private sector to ensure federal investments in science and
technology contribute to economic prosperity, environmental quality and
national security.
PRESIDENT’S CRITICAL
INFRASTRUCTURE BOARD
www.cybersecurity.gov
Scope of the board, which consists of 25 federal agencies: The protection of
information systems for critical infrastructure, including emergency
preparedness communications, and the physical assets that support such
systems.
TECHNOLOGY ADMINISTRATION (TA)
www.ta.doc.gov
Part of the U.S. Department of Commerce, TA is a federal agency working to
maximize technology’s contribution to America’s economic growth. TA’s three
agencies include: the Office of Technology Policy (OTP), the National
Institute of Standards and Technology (NIST) and the National Technical
Information Service (NTIS).
TRANSPORTATION SECURITY
ADMINISTRATION (TSA)
www.tsa.dot.gov
The newly formed TSA is responsible for protecting the nation’s
transportation systems to ensure freedom of movement for people and
commerce. The TSA is charged with setting the standard for excellence in
transportation security through its people, processes and technologies.
U.S. Air Force http://www.af.mil
U.S. Air Force Office of Special Investigations OSI
http://www.dtic.mil/afosi/
U.S. Argonne National Laboratory
http://www.anl.gov
U.S. Army http://www.army.mil
U.S. Center for Disease Control
http://www.cdc.gov
U.S. Coast Guard
http://www.uscg.mil
U.S. Defense Advanced Research Projects Agency
http://www.darpa.mil
U.S. Defense Information Systems Agency
http://www.disa.mil
U.S. Department of Agriculture
http://www.usda.gov
U.S. Department of Commerce
http://www.doc.gov
U.S. DOD-CERT Computer Emergency Response Teams
http://www.cert.mil/misc/links.htm
U.S. DEPARTMENT OF JUSTICE
(DOJ)
www.usdoj.gov
The DOJ’s mission is to enforce the law and defend the interests of the
United States according to the law; provide federal leadership in preventing
and controlling crime; seek just punishment for those guilty of unlawful
behavior; to administer and enforce the nation’s immigration laws fairly and
effectively; and ensure fair and impartial administration of justice for all
Americans.
U.S. DEPARTMENT OF
TRANSPORTATION (DOT)
www.dot.gov
DOT regulates aviation consumer and economic issues and provides financial
assistance. The department issues the necessary implementing rules for
programs involving highways, airports, mass transit, the maritime industry,
railroads and motor vehicle safety.
U.S. Federal Aviation Administration
http://www.faa.gov
U.S. Federal Deposit Insurance Corporation
http://www.fdic.gov
U.S. Fish & Wildlife Service
http://www.fws.gov
U.S. Geological Survey
http://www.usgs.gov
U.S. House of Representatives
http://www.house.gov
U.S. Marine Corps.
http://www.usmc.mil
U.S. National Transportation & Safety Board
http://www.ntsb.gov
U.S. Navy http://www.navy.mil/
U.S. Office of Personnel Management
http://www.opm.gov
U.S. Postal Service
http://www.usps.gov
U.S. SECRET SERVICE (USSS)
www.secretservice.gov
Renown for its protection duties, the USSS is also responsible for the
enforcement of laws relating to counterfeiting of obligations and securities
of the United States, investigation of financial crimes (i.e., access device
fraud, financial institution fraud, identity theft, network intrusions,
insider threats, computer fraud, telecommunications fraud), and
computer-based attacks on our nation’s financial, banking and
telecommunications infrastructure.
U.S. Social Security Administration
http://www.ssa.gov
U.S. Special Operations Command
http://www.socom.mil
Non-Government Associations
CENTER FOR INTERNET SECURITY
(CIS)
www.cisecurity.org
CIS’s mission is to help organizations around the world effectively manage
the risks related to information security. The center provides methods and
tools to improve, measure, monitor and compare the security status of your
Internet-connected systems and appliances, plus those of your business
partners. CIS is not tied to any proprietary product or service. It manages
a consensus process whereby members identify security threats of greatest
concern, then participate in development of practical methods to reduce the
threats.
CERT COORDINATION CENTER AT
CARNEGIE-MELLON
www.cert.org
The CERT® Coordination Center (CERT/CC) is a federally funded research and
development center operated by Carnegie-Mellon University. CERT’s work
involves handling computer security incidents and vulnerabilities,
publishing security alerts, researching long-term changes in networked
systems, and developing information and training to help improve security on
websites.
INCIDENTS.ORG
www.incidents.org
Run by SANS, Incidents.org is a virtual organization of advanced intrusion
detection analysts, forensics experts and incident handlers from across the
globe. The organization’s mission is to provide real-time “threat-driven”
security intelligence and support to organizations and individuals.
Incidents.org’s most powerful tool for detecting rising Internet threats is
the Internet Storm Center.
INFORMATION TECHNOLOGY
ASSOCIATION OF AMERICA (ITAA)
www.itaa.org
ITAA is a trade association representing the broad spectrum of the
worldleading U.S. IT industry.
SANS (SYSTEM ADMINISTRATION,
NETWORKING AND SECURITY) INSTITUTE
www.sans.org
The SANS Institute was established in 1989 as a cooperative research and
education organization. The Institute enables security professionals,
auditors, systems and network administrators to share the lessons they are
learning and find solutions to the challenges they face. At the heart of
SANS are the many security practitioners in government agencies,
corporations and universities around the world who invest hundreds of hours
each year in research and teaching to help the entire information security
community.
Public/Private Partnerships
CRITICAL INFRASTRUCTURE
INFORMATION SHARING & ANALYSIS CENTERS (ISACS)
www.it-isac.org/
Established ISACS:
Electric Power: www.nerc.com
Emergency Law Enforcement:
http://www.nipc.gov/infosharing/infosharing.htm
Energy Oil & Gas:
www.energyisac.com
Financial Services:
www.fsisac.com
Information Technology:
www.it-isac.org
Transportation:
www.surfacetransportationisac.org
Water: www.amwa.net/isac
America’s critical infrastructures (i.e., energy and finance) provide
important functions and services. Because they are complex systems, the
effects of a terrorist attack can spread far beyond the direct target, and
reverberate long after the immediate damage encompasses a large number of
sectors. In an effort protect America’s critical infrastructures, PDD-63
recommended the establishment of ISACs. Sector ISACs consist of a secure
database, analytic tools, and information gathering and distribution
facilities that allow authorized individuals to submit either anonymous or
attributed reports about information and physical security threats,
vulnerabilities, incidents, and solutions. ISAC members also have access to
information and analysis relating to information provided by other members
and obtained from other sources, such as the U.S. government and law
enforcement agencies, technology providers, and security associations such
as CERT.
FORUM OF INCIDENT RESPONSE AND
SECURITY TEAMS (FIRST)
www.first.org
This coalition brings together a variety of computer security incident
response teams from government, commercial and academic organizations. FIRST
aims to foster cooperation and coordination in incident prevention, to
prompt rapid reaction to incidents, and to promote information sharing among
members and the community at large.
INFRAGARD
www.infragard.net
InfraGard is a cooperative undertaking between the U.S. government (led by
the FBI and the NIPC) and an association of businesses, academic
institutions, state and local law enforcement agencies, and other
participants dedicated to increasing the security of U.S. critical
infrastructures.
PARTNERSHIP FOR CRITICAL
INFRASTRUCTURE SECURITY (PCIS)
www.pcis.org
PCIS supports the information security, protection and assurance interests
of our nation’s critical infrastructures as defined in Presidential Decision
Directive-63 (PDD-63). It offers a unique opportunity for participants to
network with information security leaders from other industries and
government agencies and to plug into the latest developments on security
issues that affect both the public and private sectors.
NATIONAL CYBER SECURITY
ALLIANCE (NCSA)
www.staysafeonline.info
Comprising business and government organizations, the NCSA works to raise
awareness about the importance of protecting personal computers from online
intruders.
Additional Resources
BEST PRACTICES FOR SEIZING
ELECTRONIC EVIDENCE
www.treas.gov/usss/electronic_evidence.htm
This document was created during a joint project of the International
Association of Chiefs of Police and the U.S. Secret Service.
CIO CYBERTHREAT RESPONSE AND
REPORTING GUIDELINES
www.cio.com/research/security/incident_response.pdf
CIO magazine worked with the U.S. Secret Service, the FBI and industry
leaders to create guidelines for reporting security incidents—what to
report, who to report it to and how. This valuable document includes phone
numbers of federal and local law enforcement agencies and a reporting form
that business executives can use at their organization.
CIO MAGAZINE SECURITY AND
PRIVACY RESEARCH CENTER
www.cio.com/research/security
A collection of articles, guidelines and links for information security
issues from an executive perspective.
DEPARTMENT OF JUSTICE COMPUTER
CRIME & INTELLECTUAL
PROPERTY SECTION
www.cybercrime.gov
This website contains legal analysis and resources related to computer
crime, a how-to-report section and a comprehensive list of cybercrime cases
pending and resolved.
FEDERAL COMPUTER INCIDENT
RESPONSE CENTER (FEDCIRC)
www.fedcirc.gov
FedCIRC is the central coordination and analysis facility dealing with
computer security-related issues affecting the civilian agencies and
departments of the federal government.
NATIONAL INFORMATION ASSURANCE
PARTNERSHIP (NIAP)
niap.nist.gov
NIAP is a collaboration between the National Institute of Standards and
Technology (NIST) and the National Security Agency (NSA) in fulfilling their
respective responsibilities under the Computer Security Act of 1987. The
partnership, originated in 1997, combines the extensive security experience
of both agencies to promote the development of technically sound security
requirements for IT products and systems and appropriate metrics for
evaluating those products and systems. The long-term goal of NIAP is to help
increase the level of trust consumers have in their information systems and
networks through the use of cost-effective security testing, evaluation and
assessment programs. NIAP continues to build important relationships with
government agencies and industry in a variety of areas to help meet current
and future IT security challenges affecting the nation’s critical
information infrastructure.
NATIONAL STRATEGY FOR HOMELAND
SECURITY
www.whitehouse.gov/homeland/book/nat_strat_hls.pdf
On July 16, 2002, President George W. Bush released the first National
Strategy for Homeland Security. The purpose of the strategy is “to mobilize
and organize our nation to secure the U.S. homeland from terrorist attacks.”
The strategy also recommends certain actions to Congress, provides direction
to the federal government departments and agencies that have a role in
homeland security, and suggests steps that state and local government,
private companies and individual Americans can take to improve our security.
PRACTICES FOR PROTECTING
INFORMATION RESOURCES ASSETS (2000)
www.dir.state.tx.us/IRAPC/practices/index.html
Produced by the Texas Department of Information Resources, these guidelines
are intended to assist agencies and institutions of higher education to
achieve the goal of acceptable information resources risk management and to
meet the state’s standards for information security. Additionally, this and
future issues of these guidelines will introduce information protection
professionals and planners to a variety of approaches to protect their
agency’s information resources assets.
WASHINGTON INTERNET PROJECT
www.cybertelecom.org
The Washington Internet Project is a pro-bono effort dedicated to raising
awareness of and promoting participation in federal initiatives relevant to
the Internet. The Project provides timely notice of regulatory proceedings,
hearings, meeting, proposed legislation, and public notices. The Project
also provides forums where regulatory developments can be discussed and
debated. The Project is not involved in advocacy, lobbying, or
representation. It receives no funding or support. It has no staff. It is
made up entirely of the voluntary efforts of the participants.
|
