NIST 800-53 (INFORMATION SECURITY)

The selection and implementation of appropriate security controls for an information system4 or a system-of-systems5 are important tasks that can have major implications on the operations6 and assets of an organization7 as well as the welfare of individuals and the Nation. Security controls are the management, operational, and technical safeguards or countermeasures employed within an organizational information system to protect the confidentiality, integrity, and availability of the system and its information. There are several important questions that should be answered by organizational officials when addressing the security considerations for their information systems:
• What security controls are needed to adequately mitigate the risk incurred by the use of information and information systems in the execution of organizational missions and business functions?
• Have the selected security controls been implemented or is there a realistic plan for their implementation?
• What is the desired or required level of assurance (i.e., grounds for confidence) that the selected security controls, as implemented, are effective8 in their application?

Download NIST 800-53:

https://mega.co.nz/#!cpAnDDJY!0BmTJ7qbCWkEgQX_RXDkUeaPZs9GXD2IQKRd06lPEso

Read more »

Download Kali Linux Social Engineering

This book contains instructions on how to perpetrate attacks with Kali Linux. These tasks are likely to be illegal in your jurisdiction in many circumstances, or at least count as a terms of service violation or professional misconduct. The instructions are provided so that you can test your system against threats, understand the nature of those threats, and protect your own systems from similar attacks.

The information security environment has changed vastly over the years. Now, in spite of having security policies, compliance, and infrastructure security elements such as firewalls, IDS/IPS, proxies, and honey pots deployed inside every organization, we hear news about how hackers compromise secured facilities of the government or of private organizations because of the human element involved in each activity.

Typically, employees are not aware of the tricks and techniques used by social engineers in which they can be used as mediators to gain valuable information such as credit card details or corporate secrets. The security of the entire organization can be at stake if an employee visits a malicious website, answers a social engineer's phone call, or clicks on the malicious link that he/she received in their personal or company e-mail ID. This book discusses the different scenario-based social engineering attacks, both manual and computerized, that might render the organization's security ineffective.

This book is for security professionals who want to ensure the security of their organization against social engineering attacks. TrustedSec has come up with the wonderful tool Social-Engineering Toolkit (SET) with the vision of helping security auditors perform penetration testing against social engineering attacks. This book sheds light on how attackers get in to the most secured networks just by sending an e-mail or making a call.

Download Kali Linux Social Engineering

Read more »

Kali Linux : Assuring Security by Penetration Testing

Kali Linux is a penetration testing and security auditing platform with advanced tools to identify, detect, and exploit any vulnerabilities uncovered in the target network environment. Applying an appropriate testing methodology equipped with well-defined business objectives and a scheduled test plan will result in the robust penetration testing of your network.

Kali Linux – Assuring Security by Penetration Testing is a fully focused, structured book that provides guidance on developing practical penetration testing skills by demonstrating the cutting-edge hacker tools and techniques in a coherent step-by-step strategy. It offers all the essential lab preparation and testing procedures to reflect real world attack scenarios from your business perspective in today's digital age.

This book reveals the industry's best approach for logical and systematic penetration testing process. This book starts with lab preparation and testing procedures, explaining the basic installation and configuration setup, discussing different types of penetration testing, uncovering open security testing methodologies, and proposing the Kali Linux specific testing process. We shall discuss a number of security assessment tools necessary to conduct penetration testing in their respective categories (target scoping, information gathering, discovery, enumeration, vulnerability mapping, social engineering, exploitation, privilege escalation, maintaining access, and reporting), following the formal testing methodology. Each of these tools is illustrated with real-world examples to highlight their practical usage and proven configuration techniques. We have also provided extra weaponry treasures and key
resources that may be crucial to any professional penetration testers.

This book will serve as a single professional, practical, and expert guide to develop necessary penetration testing skills from scratch. You will be trained to make the best use of Kali Linux either in a real-world environment or in an experimental test bed.

Download Kali Linux E-Book

Read more »

Backtrack 5 Cookbook

BackTrack is a Linux-based penetration testing arsenal that aids security professionals in the ability to perform assessments in a purely native environment dedicated to hacking. BackTrack is a distribution based on the Debian GNU/Linux distribution aimed at digital forensics and penetration testing use. It is named after backtracking, a search algorithm.

BackTrack 5 Cookbook provides you with practical recipes featuring many popular tools that cover the basics of a penetration test: information gathering, vulnerability identification, exploitation, privilege escalation, and covering your tracks.

The book begins by covering the installation of BackTrack 5 and setting up a virtual environment in which to perform your tests. We then explore recipes involving the basic principles of a penetration test such as information gathering, vulnerability identification, and exploitation. You will further learn about privilege escalation, radio network analysis, Voice over IP (VoIP), password cracking, and BackTrack forensics.

This book will serve as an excellent source of information for the security professional and novice equally. The book offers detailed descriptions and example recipes that allow you to quickly get up to speed on both BackTrack 5 and its usage in the penetration testing field.

We hope you enjoy reading the book!

What this book covers
Chapter 1, Up and Running with BackTrack, shows you how to set up BackTrack in your testing environment and configure BackTrack to work within your network.
Chapter 2, Customizing BackTrack, looks at installing and configuring drivers for some of the popular video and wireless cards.
Chapter 3, Information Gathering, covers tools that can be used during the information gathering phase, including Maltego and Nmap.

Download E-Book Backtrack 5

Read more »

Backtrack 4 : Assuring Security by Penetration Testing

BackTrack is a penetration testing and security auditing platform with advanced tools to identify, detect, and exploit any vulnerabilities uncovered in the target network environment. Applying appropriate testing methodology with defined business objectives and a scheduled test plan will result in robust penetration testing of your network.

BackTrack 4: Assuring Security by Penetration Testing is a fully focused, structured book providing guidance on developing practical penetration testing skills by demonstrating the cutting-edge hacker tools and techniques in a coherent step-by-step strategy. It offers all the essential lab preparation and testing procedures to reflect real-world attack scenarios from your business perspective in today's digital age.

The authors' experience and expertise enables them to reveal the industry's best approach for logical and systematic penetration testing. The first and so far only book on BackTrack OS starts with lab preparation and testing procedures, explaining the basic installation and configuration set up, discussing types of penetration testing (black box and white box), uncovering open security testing methodologies, and proposing the BackTrack specific testing process. The authors discuss a number of security assessment tools necessary to conduct penetration testing in their respective categories (target scoping, information gathering, discovery, enumeration, vulnerability mapping, social engineering, exploitation, privilege escalation, maintaining access, and reporting), following the formal testing methodology. Each of these tools is illustrated with real-world examples to highlight their practical usage and proven configuration techniques. The authors also provide extra weaponry treasures and cite key resources that may be crucial to any professional penetration tester.

Download E-Book Backtrack 4

Read more »

ISO/IEC 20000 (IT Service Management System)

ISO/IEC 20000-1:2011 is a service management system (SMS) standard. It specifies requirements for the service provider to plan, establish, implement, operate, monitor, review, maintain and improve an SMS. The requirements include the design, transition, delivery and improvement of services to fulfil agreed service requirements.

ISO/IEC 20000-1:2011 can be used by:

• an organization seeking services from service providers and requiring assurance that their service requirements will be fulfilled;
• an organization that requires a consistent approach by all its service providers, including those in a supply chain;
• a service provider that intends to demonstrate its capability for the design, transition, delivery and improvement of services that fulfil service requirements;
• a service provider to monitor, measure and review its service management processes and services;
• a service provider to improve the design, transition, delivery and improvement of services through the effective implementation and operation of the SMS;
• an assessor or auditor as the criteria for a conformity assessment of a service provider's SMS to the requirements in ISO/IEC 20000-1:2011.

Download

ISO 20000-1:2011
https://mega.co.nz/#!40BA1LYZ!JQaahZ3DjM6xejBDGtxXn96MO6TVCBBPqhelG32OqSo

ISO 20000-2:2012 (Fake)
https://mega.co.nz/#!Z84BXSYa!KDT7uEqtqPBDdqqc4SbsZDdfFpoZuRxfPWFWKcfhKfI

Different version 2005 to 2011
https://mega.co.nz/#!FgQC0IhZ!OFDglAUTJGaciT7W-x8dEx3CfaJy4ZnPzj2zTrST4Z8 

Source :
http://rungga.blogspot.com/2013/04/download-iso-20000.html

Read more »

ISO 27001:2005

Information technology — Security techniques — Code of practice for information security management

1 Scope

This International Standard establishes guidelines and general principles for initiating, implementing, maintaining, and improving information security management in an organization. The objectives outlined in this International Standard provide general guidance on the commonly accepted goals of information security management.

The control objectives and controls of this International Standard are intended to be implemented to meet the requirements identified by a risk assessment. This International Standard may serve as a practical guideline for developing organizational security standards and effective security management practices and to help build confidence in inter-organizational activities.

2 Terms and definitions

For the purposes of this document, the following terms and definitions apply.

2.1 asset
anything that has value to the organization
[ISO/IEC 13335-1:2004]

2.2 control
means of managing risk, including policies, procedures, guidelines, practices or organizational
structures, which can be of administrative, technical, management, or legal nature
NOTE Control is also used as a synonym for safeguard or countermeasure.

2.3 guideline
a description that clarifies what should be done and how, to achieve the objectives set out in policies
[ISO/IEC 13335-1:2004]

2.4 information processing facilities
any information processing system, service or infrastructure, or the physical locations housing them

2.5 information security
preservation of confidentiality, integrity and availability of information; in addition, other properties,
such as authenticity, accountability, non-repudiation, and reliability can also be involved

2.6 information security event
an information security event is an identified occurrence of a system, service or network state indicating a possible breach of information security policy or failure of safeguards, or a previously
unknown situation that may be security relevant
[ISO/IEC TR 18044:2004]

Link Download

ISO 27000 =
https://mega.co.nz/#!MpBg0CJY!bSi17iV5JsuTmRZOrQYruWasiGMvpmvh8Ydq5-A72IE

ISO 27001 =
https://mega.co.nz/#!U0JRiCCR!UzIIUl4mTaobCNkZ32DqQxlytn5HEhMhV5VZwfxKaEo

ISO 27002 =
https://mega.co.nz/#!FkBllDwB!TrWa1G4014zmF3CmrgZn1QRiEZ1_AhLj1EANtLZHPEI

ISO 27003 =
https://mega.co.nz/#!VpBA1YhD!AzCQdnQwon_astnSZ4D9NyReOrUE-rg-mFgeLXu3XwM

ISO 27005 =
https://mega.co.nz/#!o0A31BAC!NBYshhXKcXE7_GpeUSh5pzhIHXRJb6XMIOxs3jbuQHg

ISO 27006 =
https://mega.co.nz/#!VtQHXLYY!QCNJpD9_C8VTLxU3A9_BMUnzuZ5XbdAQcWx0bzsb9wM


Please Follow Our Blog ^_^

Read more »

ISO 19011:2011 (Guidelines for auditing management systems)

1. Scope
This International Standard provides guidance on auditing management systems, including the principles of auditing, managing an audit programme and conducting management system audits, as well as guidance on the evaluation of competence of individuals involved in the audit process, including the person managing the audit programme, auditors and audit teams.

It is applicable to all organizations that need to conduct internal or external audits of management systems or manage an audit programme. The application of this International Standard to other types of audits is possible, provided that special consideration is given to the specific competence needed.

2. Normative references
No normative references are cited. This clause is included in order to retain clause numbering identical with other ISO management system standards.

3. Terms and definitions
For the purposes of this document, the following terms and definitions apply.

3.1. audit
systematic, independent and documented process for obtaining audit evidence (3.3) and evaluating it
objectively to determine the extent to which the audit criteria (3.2) are fulfilled.

4. Principles of auditing
Auditing is characterized by reliance on a number of principles. These principles should help to make the audit an effective and reliable tool in support of management policies and controls, by providing information on which an organization can act in order to improve its performance. Adherence to these principles is a prerequisite for providing audit conclusions that are relevant and sufficient and for enabling auditors, working independently from one another, to reach similar conclusions in similar circumstances.

Download

Read more »

ISO 19011:2002 (Guidelines for quality and/or environmental management systems auditing)

Guidelines for quality and/or environmental management systems auditing

1. Scope
This International Standard provides guidance on the principles of auditing, managing audit programmes, conducting quality management system audits and environmental management system audits, as well as guidance on the competence of quality and environmental management system auditors.

It is applicable to all organizations needing to conduct internal or external audits of quality and/or environmental management systems or to manage an audit programme. The application of this International Standard to other types of audit is possible in principle, provided that special consideration is paid to identifying the competence needed by the audit team members in such cases.

2. Normative references
The following normative documents contain provisions which, through references in this text, constitute provisions of this International Standard. For dated references, subsequent amendments to, or revisions of, any of these publications do not apply. However, parties to agreements based on this International Standard are encouraged to investigate the possibility of applying the most recent edition of the normative documents indicated below. For undated references, the latest edition of the normative document referred to apply. Members of ISO and IEC maintain registers of currently valid International Standards.

ISO 9000:2000, Quality management systems — Fundamentals and vocabulary
ISO 14050:2002, Environmental management — Vocabulary

3. Terms and definitions
For the purposes of this International Standard, the terms and definitions given in ISO 9000 and ISO 14050 apply, unless superseded by the terms and definitions given below. A term in a definition or note which is defined elsewhere in this clause is indicated by boldface followed by its entry number in parentheses. Such a boldface term may be replaced in the definition by its complete definition.

Download

Read more »

Self-Assessment Guide Using COBIT 5

COBIT Self-Assessment Guide: Using COBIT 5 is a "stand-alone" publication, which can be used by organisations to perform a less rigorous assessment of the capability of their IT processes. This may be a precursor to undertaking more rigorous, evidenced-based assessment. The approach is based on the COBIT Process Assessment Model (PAM): Using COBIT 5 in the COBIT assessment programme, but does not require evidentiary requirements in support of the self-assessment, nor does it require use of the COBIT PAM. Sufficient information from the COBIT PAM and a full self-assessment template have been provided to simplify the process, eliminating the need to reference the other two publications in the COBIT assessment programme. However, users are encouraged to refer to the COBIT PAM and the COBIT Assessor Guide: Using COBIT 5.

The COBIT Self-Assessment Guide: Using COBIT 5:

• Details how to perform a basic self assessment of an organization’s current IT process capability levels against COBIT 5
• Is based on the COBIT Process Assessment Model (PAM): Using COBIT 5 but is a stand-alone guide supporting the basic self assessment approach
• Defines roles and responsibilities for performing assessments
• Provides options for the scoping of assessments
• Defines the types of evidence that should be gathered
• Provides guidance on how to determine the capability level of an IT process

https://mega.co.nz/#!Bk41xCKQ!JGdiFlNKolZGuBm5cOMxTBVzf9ATeDsxOKQRKDUrc6Q

Read more »

ANSI TIA-942 (Telecommunications Infrastructure Standard for Data Centers)

The Telecommunications Industry Association's TIA-942 Telecommunications Infrastructure Standard for Data Centers is an American National Standard that specifies the minimum requirements for telecommunications infrastructure of data centers and computer rooms including single tenant enterprise data centers and multi-tenant Internet hosting data centers. The topology proposed in the standard was intended to be applicable to any size data center. The standard was first published in 2005, following on the structured cabling work defined in TIA/EIA-568, and is often cited by companies such as ADC Telecommunications and Cisco Systems. The standard was updated with an addendum ANSI/TIA-942-A-1 in April 2013 from the TR-42.1 engineering subcommittee.

The TIA-942 specification references private and public domain data centre requirements for applications and procedures such as:

• Network architecture
• Electrical design
• File storage, backup and archiving
• System redundancy
• Network access control and security
• Database management
• Web hosting
• Application hosting
• Content distribution
• Environmental control
• Protection against physical hazards (fire, flood, windstorm)
• Power management

ANSI TIA-942:
https://mega.co.nz/#!JhAH0BZJ!BRwKlqS36SVycFhia4T7HfK0HXaeXuaNxOmNwkihthc

Slide Presentation:
https://mega.co.nz/#!RkgDQaSB!HFTFmiv5wQ6OBD_rwrD4fnqGjNhRFRDfjPuxDLFn0I8

Read more »

Download Certified Ethical Hacker Version 8

To beat a hacker, you need to think like one! This is exactly what this class will teach you. It is the pinnacle of the most desired information security training program any information security professional will ever want to be in. To master the hacking technologies, you will need to become one.

The definition of an Ethical Hacker is very similar to a Penetration Tester. The Ethical Hacker is an individual who is usually employed with the organization and who can be trusted to undertake an attempt to penetrate networks and/or computer systems using the same methods and techniques as a Hacker.   

The Certified Ethical Hacker class will immerse the students into a hands-on environment where they will be shown how to conduct ethical hacking. They will be exposed to an entirely different way of achieving optimal information security posture in their organization; by hacking it! They will scan, test, hack and secure their own systems.

This is the worlds most advanced ethical hacking course with 19 of the most current security domains any ethical hacker will ever want to know when they are planning to beef up the information security posture of their organization. The goal of this course is to help you master an ethical hacking methodology that can be used in a penetration testing or ethical hacking situation. You walk out the door with hacking skills that are highly in demand, as well as the internationally recognized certified ethical hacker certification! This course prepares you for EC-Council Certified Ethical Hacker exam 312-50.

The most advanced ethical hacking course in the world that covers cutting edge of hacking technology. EC-Council researchers go deep underground covertly to extract advanced attacks and exploits. They analyze how hackers operate and present detailed illustrated hacking methodologies to defense community. The certified ethical hacker courseware is over 3,000 pages, covering 20 modules with comprehensive advanced hacking concepts, techniques, tips, tools and countermeasures.

The certified ethical hacker training class deals with real life scenario and real threats by real life experts in the field. Learn real life ethical hacking methodology beyond automated vulnerability scans and simple information security tests. The class is weaved around real-time information security incident and cases to inculcate a capability of making knowledgeable decisions while defending your organizations’ information resources.  

Gain global recognition as being a certified member of a globally recognized institution and attain the skills of a professional ethical hacker/penetration tester. The certified ethical hacker program provides you an industry standard information security curriculum and is accompanied by a highly sought-after certified ethical hacker certification that helps establish your career as an information security expert. 

Play with hacking tools that are used by the real attackers. The certified ethical hacker Tools DVDs included in the certified ethical hacker courseware kit contain over 24 GB of underground hacking and security tools that are not found in any other training course anywhere in the world. The EC-Council researchers report and update advanced hacking tools every day on the members portal and www.hackerjournals.com.

Get your hands dirty with actual hands on labs under the guidance of some of the best information security professionals in this space. The certified ethical hacker lab environment simulates a real time information infrastructure and facilitates an objective and modular learning. The result oriented, descriptive and analytical labs are designed by industry experts to reinforce the learning and demonstrate your proficiency in handling real time information security threats. 

Unlike other classes that provide courseware tightly coupled with the presentation and somewhat useless outside of that environment, EC-Council has always sought to provide reference material that continues to be valuable long after the course has concluded. The certified ethical hacker references to valuable resources including whitepapers, tools and videos are updated continuously and delivered across multiple channels to facilitate a comprehensive learning. To know more, visit our Resources page.

Download CEH Version 8

 

Read more »