Securing the IT Network

• Assessing Security Vulnerabilities and Patching Australian Defense, 2011
• iOS5 Hardening Guide Australian Defense, 2012
• Minimizing Administrative Privileges – Australian Defense, 2011
• NSA Defense In Depth
• Top 4 Mitigation Strategies to Protect Sensitive Information, Australian Defense, 2011
• Top 35 Mitigation Strategies to Protect Sensitive Information, Australian Defense, 2011
• Top 35 Mitigation Strategies Summary, Australian Defense, 2011

Cloud Security

Citadel Guide

• Eight Security Concerns Before Jumping Into the Cloud, Citadel, 2012

Other Practices

• Amazon Web Services Risk and Compliance Whitepaper, 2012
• Security Guide: Cloud Security Alliance v3.0
• Cloud Controls Matrix — Cloud Security Alliance v1.2, 2011

Secure System Development

• Software Assurance Maturity Model
• Open Source Security Testing Methodology Manual
• OWASP ASVS Web Application Standard Release, 2009
• OWASP Top 10 – 2010

Additional Government Documents

• Definition of Cloud Computing, NIST-SP800-145, 2011
• Guide to Intrusion Detection and Prevention Systems, NIST-SP800-94, 2007
• Computer Security Incident Handling Guide, NIST-SP800-61, 2012
• Guide to Protecting Confidentiality of Personally Identifiable Information, NIST-SP800-122, 2010
• Guide to General Server Security, NIST-SP800-123, 2008
• Guidelines on Security and Privacy in Public Cloud Computing, NIST-SP800-144, 2001
• Guidelines for Securing Wireless Local Area Networks, NIST-SP800-153, 2012
• National Strategy for Trusted Identities in Cyberspace, 2010
• Guidelines on Cell Phone and PDA Security, NIST-SP800-124, 2008
• White House Cybersecurity Initiative
• NSA Information Assurance Roadmap, 2004
• Glossary of Key Information Security Terms, NIST-7298, 2006
• Building Information Security Awareness Program, NIST-SP800-50, 2003
• Information Categorization Guide Vol. 1, NIST-SP800-60, 2008
• Managing Risk from Information Systems, NIST-SP800-39, 2008
• Guide for Security Certification and Accreditation of Federal Information Systems, NIST-SP800-37, 2004
• Risk Management Guide for IT Systems, NIST-SP800-30, 2002
• Minimum Security Requirements for Federal Information and Information Systems, FIPS 200, 2006
• Standards for Security Categorization of Federal Information and Information Systems, FIPS PUB 999, 2002
• 60 Minutes Network Security Guide, NSA, 2002