NIST, which is the old Department of Weights and Measures, is an agency of the US Government, a sub-department of the Chamber of Commerce. It is non-regulatory and it exists for the promotion of excellence in science and industry. It contains various departments related to Information Technology and IT Security and it publishes guides and standards that are indispensable from a security perspective.
In particular, the Computer Security Resource Center (CSRC) holds a collection of papers that describe security best practices, called NIST Special Publications (SPs). They also create security assessment tools.
The SANS Institute is a private for-profit training organization, known as one of the largest in the world for IT Security information and education. They maintain a wide variety of blogs aimed at all subcategories of IT and IT Security. They also maintain one of the largest archives of webcasts featuring the who’s who in Cybersecurity and Digital Forensics. Great information for folks new to the industry and expert and access to the vast majority of the content is free.
GIAC is an independent entity founded by The SANS Institute. It is one of the largest and most well-known sets of industry certifications, covering several major domains: Security Administration, Management, Auditing, Forensics, and others. They also maintain a reading room full of security white papers on numerous topics.
An online library from Carnegie Mellon's collaboration with the US Department of Homeland Security, containing loads of top-quality publications on all manner of security-related information.
Cybrary is possibly one of the best IT Security education sites on the internet. It contains full-length college course videos for everything from basic networking up to and including training for certifications, explanations of secure coding, penetration testing and everything else security related. The majority of it is free.
A British online portal for cybersecurity training and education. Similar to Cybrary.
A security-focused podcast produced by Steve Gibson and Leo Laporte, who also produces This Week in Tech (TWiT), the most listened-to podcast in the USA. It is long-running and crammed with excellent information. It is produced weekly and covers all topics from law, current events, to conference reviews and explanations of specific exploits as they are discovered in the world.
Brian Krebs, author of Spam Nation is also one of the better-known security bloggers in the world, having written over a thousand articles on security for The Washington Post as well as numerous articles elsewhere and this personal blog. He got into security when his personal home experiments with firewalls were overrun twice with a famous Chinese worm called The Lion Worm.
Another of the most famous security researchers on Earth, he’s written 13 books on the subject, is a fellow at Harvard, CTO at an IBM-owned security firm and a board member at the Electronic Frontier Foundation. His articles cover encryption, terrorism, and National Security and are absolutely informative and entertaining.
Possibly one of the biggest and least expensive resources for cybersecurity learning there is.[/vc_column_text][/vc_column][/vc_row]