Table of Contents

Introduction Preface...1 Websites Center for Internet Security......2 NIST3 True Crypt.4 OWASP5 Periodical Index Web of Science.6 Professional Journal The International Journal of Information Security Science...7 Government Resources Catalog of U.S. Government Publications..8 Statistical Abstract of the United States....9

Preface
Audience: This guide is intended to be used as a resource by undergraduate level students at the Penn State University involved in the security risk analysis major. This guide may also be used by students in a related field or as a reference for incoming students interested in joining the College of Information Science and Technology. Contents: This guide contains a collection of online resources that are both applicable and beneficial for undergraduate security risk analysis students. These sources can be used in many ways to help further your education here at Penn State. Whether you use this guide to help you study, find sources, or just to keep up on security topics and techniques, this guide may serve as a valuable resource throughout your collegiate career. The types of resources described in this guide include: Organization: Periodical index Professional journal Government catalog publication Statistical Abstract of the United States Websites

This resource guide is organized by the type of resource (see above content section to see the types of resources). Within each respective section, you will find the corresponding abstracts of the resources. The guide starts with some websites that are more low level in nature and progresses to the government resources that are more technical in nature towards the end of the document. At the top right hand corner of each page there is a recommendation section. Here you will find corresponding SRA major options indicating which resources will be most beneficial to you (depending upon your major option). This guide will use the abbreviations of the major names in the recommendations section or All Options if the resource is beneficial to all SRA majors. For clarification, the majors and abbreviations are listed below: Intelligence Analysis and Modeling (IAM) Information and Cyber Security (ICS) Social Factors and Risk (SFR)

Assumptions:

This guide assumes that the readers have a basic understanding of security risk analysis and its applications. This includes things like encryption, risk analysis, and social factors. Also, this guide assumes the reader is familiar with Penn State classes (ex. IST 301) and has an internet connection.

Tips:

The table of contents and the recommendations section of each abstract should be used to navigate the document quickly. Also, it is best to access these guides on a device that can download .pdf files as some of these resources can be used to locate specific articles and reference documents.

Website

Recommendations: ICS, SFR

Center for Internet Security

Location: http://www.cisecurity.org/
Description: The Center for Internet Security website is a great resource for undergraduate SRA students because it offers insight into personal cyber security through many different forms and even allows you to grade your own security practices. On the home page, click Resources & Publications. Once youre here, you will see the resources are split into three sections: Security benchmarks, Multi-Site Information Sharing & Analysis (MS-ISAC), and Trusted Purchasing Alliance. The security benchmarks section has information about security benchmarks and tools to measure where you stand in regards to these benchmarks. The MS-ISAC resource has great daily tips, advisories, news, and guides in regards to cyber security. The trusted purchasing alliance resource can be used to find good security software and offers training after purchasing a membership. Tips: To search the CIS website for particular knowledge, use the search bar in the top righthand corner

Use this site to keep up on current cyber advisories so that you dont become a victim of current threats; this can be embarrassing and costly!

The security benchmarks assessment tool is the best way to grade your current internet security practices

Website

Recommendations: All Options

National Institute of Standards and Technology (NIST)

Location: www.nist.gov Description: NIST is a non-regulatory federal agency within the U.S. Department of Commerce. They write documents in the technology administration field that set measures and standards for industry and government run programs. NISTs mission statement is the following: Promote U.S. innovation and industrial competitiveness by advancing measurement science, standards, and technology in ways that enhance economic security and improve our quality of life. NIST is best known for being the owners and operators of our countries atomic clock used by the army and other national security organizations. However, as an SRA student at Penn State, this resource will be valuable to you for different reasons. Namely, NIST produces publications related to information security that are used across the country as a baseline for security measurements and application. You will use NIST documents throughout your college career in IST/SRA in classes like IST 456 and SRA 221. To access these documents, go to the home page and then follow these directions: Under Subject Areas on the left hand side of the screen choose Information Technology This page has a number of resources such as the Cybersecurity Framework and the Computer Security Resource Center. When one of these links is followed it will take you to a page related to this topic. Once you reach one of these pages, you will find resources, groups, news, and most importantly, publications related to the topic. Tips: To access the Computer Security Resource Center instantly go to http://csrc.nist.gov/ If you select A-Z Site Index on the home page you will find a list of projects, topics, and programs that NIST has produced publications about 3

Website

Recommendations: ICS

True Crypt
Location: http://www.truecrypt.org/
Description: True Crypt is first and foremost an open-source encryption software. This means you can download True Crypt software from the website for free! However, the website itself is more than just a software download. If you go to the documentation page, the side scroll bar has the contents of a manual that will teach you all you need to know about different types of encryption. This site is great for SRA students to learn and experiment with different encryption and hash algorithms which will help you throughout your network security classes at Penn State, especially IST 451. Tips: If you are thinking about downloading the software, check out the Screenshots tab at the top of the page. This will give a visual of what the software looks like and how it works.

The FAQ or frequently asked questions tab is also useful if you are wondering about the details of the software download

To download the software click the Downloads tab and download the most recent version of the True Crypt software

Website

Recommendations: ICS, IAM

The Open Web Application Security Project (OWASP)

Location: https://www.owasp.org/index.php/Main_Page
Description: This website is first and foremost a wiki for all things related to information security software and application security. Anybody can become a member of the website for free and post information on the website. OWASPs core purpose is to drive visibility and evolution in the safety and security of the worlds software. You can come to this website and search the wiki for all types of information related to encryption, decryption, governance, information management, and current security practice. This resource will be beneficial for classes like SRA 220 and IST 456. There are discussion boards on all security related topics as well. On the main page, use the search bar to find current wikis. From there, you can find discussion boards related to the topic. OWASP holds security conferences around the nation as well.

Tips: In order to find out about OWASP events go to the home page and scroll down on the home page until you see a list labeled Global OWASP Events

Search Guide to Cryptography to find a good resource for students of SRA interested in cryptography

Periodical Index

Recommendations: All Options

Web of Science
Location:
http://apps.webofknowledge.com.ezaccess.libraries.psu.edu/WOS_GeneralSearch_input.do?product =WOS&search_mode=GeneralSearch&SID=4ElqoDriBGgrpPrdJhR&preferencesSaved=

Description: Web of Science is a periodical index which means that it is a resource that allows to find periodical articles by subject or author. Web of Science has plenty of security related documents. This is a great website to use when doing research for a project. In order to use the website, you simply search using the Basic Search bar right on the home page. You can refine your search by field, topic, and timespan. Once you search for an article you will come to a page with a list of documents. Once you get to this page, you can begin browsing articles that are of interest to you. Start by clicking the View Abstract button to see a small but detailed description of the article. After finding an article you want to read, click the Full Text button. Tips: To order your search results, use the Sort By drop down bar at the top of the page. This will allow you to sort using things like publication date, times cited, and relevance to your search. Selecting a research domain on the left hand side of the results page will weed out all articles that are not related to the domain you want to use

Some articles require an account to view; To make an account, go to the upper right corner of the website and choose Sign In and you will prompted to make an account or sign in.

Journal

Recommendations: All options

International Journal of Information Security Science

Location: http://www.ijiss.org/ijiss/index.php/ijiss

Description: The international journal of information security science is a quarterly published journal and is very useful for all SRA students or students interested in information security. The journal is established to keep you informed about recent developments, techniques and technologies in information security science and engineering. The journal has articles related to many different security related topics including securing networks, computers, databases, coding, digital forensics, surveillance technology, and even artificial intelligence. This can be a great resource to find scholarly articles for IST or SRA related research papers. The journal archives are easily accessible from the top menu.

Tips: Click search on the top of the page to search for a certain topic

If you would like to search by the most current there click the CURRENT tab

Once you select an article it will give you an abstract and a link to the full text of the journal article

Government Resource

Recommendations: All Options

Catalog of U.S. Government Publications

Location: http://catalog.gpo.gov
Description: The Catalog of U.S. Government Publications provides the opportunity to search through federal publications. Most of these publications are available online and can be a great reference tool when doing research for term papers. To search the catalog, simply type one or two keywords. For example, if you search Information Security and hit Go you will see your results. The first result in this search is a publication written by congress with the help of the Committee on Homeland Security and is named Critical Infrastructure Research and Development Act of 2013. As an SRA major it is important to stay well informed about current legislation related to information security as many of the jobs you might apply for are with large government agencies such as the NSA, CIA, FBI, and Homeland Security. This catalog can be very useable to all options within the SRA major. Tips: You can change the sort options of the catalog by selecting your desired primary key (Title, Year, Author, SuDoc Number) at the top of the page

Also at the top of the page are display options. If you would like to display more or less of each article in your search results click Extended or Brief

If you are having trouble finding an article or you want to find a specific article you can use the advanced search. Click Advanced at the top of the screen to get to the advanced search page.

Government Resource

Recommendations: All Options

Statistical Abstract of the United States

Location: http://www.census.gov/compendia/statab/
Description: The Statistical Abstract of the United States is a statistical summary of our countrys organization collected by the Census Bureau. This resource can be used to fine documents that contain statistics about a particular topic. In security risk analysis, it is very important to be able to understand and analyze statistics. To find abstracts related to SRA, go to the Browse Sections and choose Information & Communications. Under the Internet Publishing and Broadcasting and Internet Usage section, you will find statistics about internet usage. Under the National Security & Veterans Affairs section, you will find statistics about all things related to homeland security. For example, if you wanted to find out statistics about prohibited items seized in airports, you would view the Prohibited Items Intercepted at U.S Airport Screening Checkpoints file. Click on either the Excel of PDF file to download and analyze the statistics. Tips: You must use this resource on a device that supports PDF or Excel files

If you do not find articles you need in the above mentioned sections, you can use the search bar in the upper right hand corner of the page to find related statistics

If you want to find stats from previous versions of the abstract, click the Earlier Editions tab and select the year you want to find statistics about