ACSA Information Security Bookshelf

The ACSA Information Security Bookshelf is intended to be a virtual extension to a security professional's shelf of information security books, reports, and other references. ACSA sees this bookshelf being used as a source of readings for self-study and for courses. The goal of the bookshelf is to supplement physical holdings with items that are out of print or difficult to obtain for any reason.


This is the homepage for SANS - a leading provider of computer security training and resources. This page offers ideas for research topics, papers, and contains many resources useful to computer security students.

Information Security Magazine

This is an excellent online magazine containing well written short articles pertaining to computer security in the real world.


This is the homepage for the Carnegie Mellon Software Engineering Institute's Computer Emergency Response Team Coordination Center. Several good papers and other resources can be found here.

Secure Coding Practices

This web site exists to support the development of secure coding standards for commonly used programming languages such as C and C++ and is maintained by CERT.

Information Systems Audit and Control Association

This is the homepage for the Information Systems Audit and Control Association with access to on line articles published in their "Control" magazine. A good resource for MIS students.

Risk Assessment Studies

This is a good resource for Risk Assessment studies. This web site has a GAO Information Assurance Risk Assessment document draft that contains a set of best practices.

IBM Intrusion Detection Resource

A good IBM Resource for Intrusion Detection information.

IEEE Search Engine

An excellent search engine for IEEE journals.

National Information Assurance Training and Education Consortium

National Information Assurance Training and Education Consortium (NIATEC) is a consortium of academic, industry, and government organizations to improve the literacy, awareness, training and education standards in Information Assurance. As the federally designated cornerstone for essential education and training components of a strong Information Assurance initiative, the mission is to establish an effective Information Assurance infrastructure for academic, industry and government organizations.

Rainbow Series Documents

This site contains electronic copies of the NSA produced Rainbow series of security documents. It includes the Orange Book for Trusted Computer System Evaluation Criteria, Network Security Guidelines, and other guidelines. While most of these are now out of date, they offer a very good historical perspective.

DoD and Federal Government Policy links:

A large number of IA policies and useful government documentation has been compiled by the Information Assurance Branch of the Information Technology School at Fort Gordon GA.

Marcus J. Ranum's Website

This site has a number of useful papers and insights into Computer Security. This is Marcus Ranum's home site - he can be considered one of the developers of the firewall.