Security & Intrusion 2007
Cop

Protecting Security

( physical + cyber) infrastructure

the role of biology
Thief

Technologies for Managing Security

"Trust but verify" - Ronald Regan

Security Assessment

Password cracking and password strength checking (biometrics authentication)
 

Access control (biometrics authentication)
 

User account restrictions ("dormant user accounts")
 

System vulnerability
 

Data confidentiality
 

Virus checking

Intrusion monitoring

  

For details, please read:

"The Practical Intrusion Detection Handbook" by Paul E. Proctor - (2001 Prentice Hall PTR, Upper Saddle River, NJ, U.S.A.) at http://www.practicalsecurity. the On the web site, visit the sections "Links" organized in the following categories: (i) Intrusion Detection Web Sites, (ii) Vulnerability Links, (iii) Incident Response Centers, (iv) U.S. Government Web-Sites, (v) Hacker Security Sites, (vi) Organizations, (vii) Security Mailing Lists.

Definition of:

  • Intrusion detection systems : Systems that collect information from a variety of system and network sources, and then analyze the information for signs of intrusion and misuse;
  • Intrusion: Attacts originating outside the organization;
  • Misuse: Attacks originating inside the organization

as reported on the book (page 7).

"The ultimate Computer Security Survey" by James L. Schaub and Ken D. Biery (1995), Butterworth-Heinemann (Boston)

Electronic Crimes Task Force at http://www.ectaskforce.org

References for computerprocessing of pictorial information at  http://fas.sfu.ca:70/0/cs/people/Faculty/Li/personal/Rosenfeld/1993/1993

Eye Location Using Genetic Algorithm by Jeffrey Huang and Harry Wechsler (1999)

Biometrics at the Frontiers: Assessing the Impact on Society -  from The European Commission - Joint Research Centre (DG JRC) - Institute for Prospective Technological Studies

Definition of Biometrics

The term "biometrics" is derived from the Greek words bio (life) and metric (to measure)

Biometrics is "the automatic recognition of a person using distinguishing traits

Any automatically measurable, robust and distinctive physical characteristic or personal trait that can be used to identify an individual or verify the claimed identity of an individual

"Overview of Biometrics" Novell. 26 June 2002 at: http://developer.novell.com/research/appnotes/2001/july/01/a0107013.htm

"Biometrics - A look at facial recognition" by J.D. Woodward, Jr., Christopher Horn, Julius Gatune, and Aryn Thomas (prepared for the Virginia State Crime Commission), RAND Public Safety and Justice (2003)

"The role of facial recognition biometrics in the security industry" by Richard Penman at http://www.geocities.com/penmanre/Research/FacialRecognitionBiometrics.htm

"Biometropolis"

Technologies for Access Control

Solutions

Players

Biopassword LoOn - Behavioral biometric measurement

NetNanny (U.S.A.- Canada)

Fingerprint authentication (PC-Card fingerprint scanner) (inexpensive, secure, easy to use, but different conditions could be interfere) - Physiological biometric measurement

AuthenTec (Melbourne, FL, U.S.A.)

Johnson's Cross Match Technologies (CMT) (Palm Beach Gardens, FL, U.S.A.)

 

Digital Persona (Redwood City, Ca, U.S.A.
 

Ethentica (Lake Forest, CA, U.S.A.)
 

Identix (Sunnyvale, CA, U.S.A.)
 

Saflink (Redmond, WA, U.S.A.)

Fingerprint authentication (ID Mouse) (inexpensive, secure, easy to use, but different conditions could be interfere) - Physiological biometric measurement

Siemens (Germany)

Biometrics products based on iris scanning (very accurate, expensive) - Physiological biometric measurement

Argus Solutions (Australia) http://www.argus-solutions.com

Aurora Computer Services Ltd (Northampton, U.K.)

Eye Ticket Corp. (Virginia, U.S.A.)

Iridian Technologies [(formerlyIriScan, Inc.) Marlton, NJ, U.S.A. and Geneva, Switzerland

Saflink (Redmond, WA, U.S.A.)]

LG Electronics (South Korea) - Iris Technology Division (LG's ®IrisAccess 3000) http://www.lgiris.com/

Biometrics products based on retinal scanning (very accurate, expensive) - Physiological biometric measurement. This method examines the blood vessel patterns in the retina, located in the back of the eye. Retinal is more intrusive than iris recognition.

Eyedentify, Inc. (Delaware, U.S.A.)

Microvision, Inc. (WA, U.S.A.) (RSD = Retinal Scanning Display)

Retinal Technologies, Inc. (MA, U.S.A.)

Facial recognition (inespensive, but the conditions might be appropriate) - Physiological biometric measurement  Facial images are converted to templates. All the approaches produce mathematical representation of facial characteristics [ influence of disturbance factors on actual face recognition algorithms. This includes problems that arise from the person itself (mimic etc.), photographic factors (contrast, resolution, over- and underexposure, blur, etc.) and view problems (non front view, head rotation, etc.)].

 

Acsys Biometrics Corp. (Burlington, Ontario, Canada) http://www.acsysbiometricscorp.com

AuthX, Inc. (Westfield,NJ, U.S.A.) ( http://www.authx.com ) (self authenticating photo ID systems)

BioID AG (Berlin, UE, with subsidiaries in U.S.A. (Raleigh, NC) and Taipei (Taiwan) ( http://www.bioid.com )

Cognitec FaceVACS-Entry at http://www.cognitec-systems.de

ImageWare Systems (ImageWare's Face ID system uses Visionics'Facelt Identification SDK) (San Diego, CA, U.S.A.) ( http://www.iwsinc.com )

Imagis Technologies Inc. (Vancouver, British Columbia) ( http://imagistechnologies.com )

Neven Vision at http://www.nevenvision.com

Saflink (Redmond, WA, U.S.A.)

Viisage (Littleton, MA, U.S.A.)

Vision-Sphere Technologies, Inc.(Ottawa, Ontario, Canada) ( http://www.visionspheretech.com )

Visionics Corp. (Jersey City, N.J., U.S.A.)

A4Vision, Inc. (Sunnyvale, CA, U.S.A.) http://www.a4vision.com - - A provider of 3-D facial-scanning and -recognition software and equipment [applications in U.S.A. and Europe France (Lyon)].

You can find more information on the "Face detection Home Page" /commercial software area by Dr. R. Frischholz (http://home.t-online.de/home/Robert.Frischholz/face.ht m )

Face Recognition Vendor Test at http://wwwfrvt.org

International Biometric Group at http://www.biometricgroup.com

Biometric consortium at http://www.biometrics.org

Face recognition Home Page at http://www.face-rec.org

"U.S. pushes for advances in Facial recognition (3D scanning)" by Larry Greenemeier, InformationWeek issue 1,030, page 30 (March 14, 2005)

"Face recognition is emerging as a viable tool for verifying identities" by Michell Spier, Federal Computer Week 19 (10), 20 - 25 (2005)

Facial-recognition technology at http://www.fcw.com/download

3D - Face Recognition

Voice authentication technologies(inexpensive, easy to use, not very accurate) - Behavioral biometric measurement

Veritel (Chicago, IL, U.S.A.)

Voice Security Systems Inc.(CA, U.S.A.) ( http://www.voice-security.com/ )

Saflink (Redmond, WA, U.S.A.)

Face recognition and Voice authentication - Physiological biometric measurement

BioID [Raleigh, NC, U.S.A.; Berlin, Germany; Taipei, Taiwan)

Biomimetic Intelligence (Holographic / Quantum Neural Technology)

ANDCorporation (Washington, DC, U.S.A., New York, NY, U.S.A., Toronto, Canada)

Pacific Northwest National Laboratry (Richland, Wash., U.S.A.)

View Systems Inc., Baltimora, DC, U.S.A.)

Signature recognition (inexpensive, not very accurate) - Behavioral biometric measurement

 

Thermal imaging (very accurate, expensive) - Physiological biometric measurement

Termal imaging camera (or infrared camera) from Flir Systems and the software (VistaScape Software's Security Data Management System) at Boston's Logan International Airport (Massachusetts, U.S.A.)

Recognition of human hand (palm scan, hand geometry) (easy to use, not very accurate) - Physiological biometric measurement

Advanced Biometrics, Inc. (Puyallup, WA, U.S.A.)

Keystroke dynamics - Behavioral biometric measurement

  

Other biomimetrics (esoteric biometrics) : - Behavioral biometric measurement

  • Gait
  • Ear
  • Odour (Odour detector: substance property / physical sensation)
  

References:

Fingerprint-based biometric solutions

Automated fingerprint identification systems (AFIS) - One to many matching - Law enforcement agencies (FBI's Integrated Automated Fingerprint Identification System (IAFIS).

AIFS vendors:

Printrak (Anaheim, CA, U.S.A. - www.printrakinternational.com )

NEC Solutions America, Inc. (Rancho Cordova, CA, U.S.A. - www.necsolutions-am.com )

Sagem Morpho, Inc. (Tacoma, Washington, U.S.A. - www.morpho.com ; www.sagem.com )

Fingerprint authentication of a person's identity (secure border control solutions, integrators involved in the deployment of e-passports, access to facilities, computer networks, individual computing devices - One to one matching)

It contains the public - key infrastructure certificate

Vendors:

CryptoMetrics (Tuckahoe, NY, U.S.A. www.cryptonomics.com )

Bioscrypt, Inc. (Van Nuys, CA, U.S.A. - www.bioscrypt.com )

Cross Match Technologies, Inc. (Palm Beach Gardens, FL, U.S.A. - www.crossmatch.net )

DigitalPersona, Inc. (Redwood City, CA, U.S.A. - www.digitalpersona.com )

Identix, Inc. (Minnetonka,MN, U.S.A. - www.identix.com )

The standards: American National Standards Institute / National Institute of Standards

Accuracy (the matching algoritm)

Fingerprint biometric cannot be universally applied

The use of more than one biometric is becoming more common, because each biometric system has its own set of strengths and weaknesses [multimodal biometrics (for example:n fingerprint imaging, facial-recognition, iris-scanning)].

 

The analysis made by Wein and Baveja [ PNAS 102 , 7772 - 7775 (2005)]  reveals that the strong dependence of biometric identification performance on image quality level leaves the US-VISIT Program vulnerable to exploitation by terrorists. "Our policy recommendations hinge on the assumption that terrorist organizations will attempt to defeat the biometric system by employing terrorists with poor-quality fingerprints."

References:

 "Sensing the future of security" by John Moore on Federal Computer Week ( http://www.fcw.com ) 17 (20) 23 - 30, 2003

"A moving target" by Jennifer Jones on Federal Computer Week ( http://www.fcw.com ) 17  (20) 30 - 36, 2003

DRAFT NIST Special Publication 800-63 , Recommendation for Electronic Authentication - Special Publication 800-63 states specific technical requirements for each of the four levels of assurance in the following areas: identity proofing and registration, tokens, remote authentication mechanisms and assertion mechanisms.

"Using fingerprint image quality to improve the identification performance of the U.S. Visitor and Immigrant Status Indicator Technology Program" by Lawrence M. Wein and Manas Baveja on PNAS 102 (21), 7772 - 7775 (2005)

"2 digits or 10? Mismatched fingerprint standards still a problem for national security" by Aliya Sternstein, Federal Computer Week 19 (5), 60 (2005)

most biometric systems are probably vulnerable

A researcher (Andy Adler) at the U. of Ottawa (Ontario, Canada) has developed an exploit to which most biometric systems are probably vulnerable. He developed an algorithm which allows a fairly high quality image of a person to be regenerated from a face recognition template. Three commercial face rec. algorithms were tested and in all cases the image could masquerade to the algorithm as the target person. More here:  http://slashdot.org/article.pl?sid=03/06/27/197229&mode=thread&tid=126&tid=172     [The article is also available at slashdot.org, searching for "biometric face recognition" (posted by Michael , June 27, 2003)]

"Sample images can be independently restored from face recognition templates" by Andy Adler at http://www.site.uottawa.ca/~adler/publications/2003/adler-2003-fr-templates.pdf

"Using fingerprint image quality to improve the identification performance of the U.S. Visitor and Immigrant Status Indicator Technology Program" by Lawrence M. Wein and Manas Baveja on PNAS 102 (21), 7772 - 7775 (2005)

DOD devotes a Web site to biometrics

 The site, www.biometrics.dod.mil ( http://www.biometrics.dod.mil), offers biometric technology tutorials, test and evaluation updates, policy foundation background, educational program announcements and information on government and industry partnerships, according to a Defense official.

"We have a responsibility to keep our people, information, and equipment as secure as possible. Biometrics help us to do that by ensuring that the right people, and only the right people, have access to the resources they need to maintain superiority on the battlefield and in the war on terrorism."

LTG Steven Boutelle (U.S. Army Chief Information Officer / G-6, DoD Executive Agent for Biometrics, March 2004

Computer Security Resource Center (CSRC0 at http://csrc.nist.gov/

http://csrc.nist.gov/CryptoToolkit/aes/

Counterpane - Internet Security Inc. (see the section: Crypto-Gram Newsletter)

SliderSecurity.co .uk

New Fed info site:

The US Justice Department recently opened the web site CCIPS (Computer Crime and Intellectual Propertyy Section)  to educate people about cybercrime.

For risk analysis Introduction to security risk analysis and the COBRA approach

For security policies - Security policies & baseline standards: effective implementation

For BS7799 - BS 7799 Compliance & BS 7799 Management using the COBRA method

For security audit - Computer audit , systems audit

CCIPS (Computer Crime and Intellectual Property Section) is a new Fed info site to educate people about cybercrime

CYBERSHOCK - Surviving hackers, phreakers, identity thieves, Internet terrorists and weapons of mass disruption by Winn Schwartau (2000) - Thunder's Mouth Press, New York (NY, U.S.A.)

Dutch Security Information Network

InfoSec and InfoWar Portal

SecurityDocs at http://www.securitydocs.com

Electronic Privacy Information Center (EPIC)

HaCkER at http://www.ccil.org/~esr/faqs/hacker-howto.html

Hachers & Computer Security at http://www.sphinxmontreal.com/hackers/hacker_resources.html

A number of companies now offer "tiger team or "samurai" service for a network security assessment [Password cracking and password strength checking, Access control checking, User account restrictions (dormant user accounts), System vulnerability auditing, Data confidentiality checks, Virus Checking]

  • Black magic technologies "professional crackers" ("Tiger Team") (Staunton, Virginia, U.S.A.) www.blackmagic.com/corp/team.html
  • Samurai technologies (London, U.K.) www.samuraitech.com Their professional ethics is referred to "The Book of Five Rings" by Miyamoto Musashi (Translation and commentary by Nihon Services Corp: Bradford J. Brown, Yuko Kashiwagi, William H. Barrett and Eisuke Sasagawa), Bantam Books, New York - Toronto - London - Sydney - Auckland (1982).

Cybercrime prevention at: http://www.e-prevention.ch/web/index.asp

Computer Crime Research Center at : http://www.crime-research.org/

2003 CSI/FBI Computer Crime and Security Survey at http://www.crime-research.org/legislation.html

Secure Florida at http://www.secureflorida.org/

Information Security - www.4Terrorism.com

The SANS Institute at http://www.sans.org

The CERT Coordination Center at http://www.cert.org

U.S. Department of Justice at http://www.cybercrime.gov

informationweek .com/1041/security.htm

National Homeland Security Knowledgebase  at: http://www.twotigersonline.com/resources.html

U.S.Department of Homeland Security  at: http://www.dhs.gov

Welcome to InfraGard at: http://www.infragard.net

Institute for intergovernmental research at: http://www.iir.com/

Crypto Law Survey ( version 24.0 - January 2007)  made by Bert-Jaap Koops at http://rechten.uvt.nl/koops/cryptolaw/

ENISA        ( European Network & Information Security Agency )

BITS             (Berlin Information - Center for Transatlantic Security )

STEGO at http://www.guillermito2.net/stegano/index.html

EU-Wide DNA Data Sharing to Fight Crime - The "Prüm Treaty" on police cooperation at http://www.dw-world.de/dw/article/0,2144,2311468,00.html

INTELLIGENCE - TERRORISM - SIMULATION

INTELLIGENT AGENT SOFTWARE AGAINST TERRORISM: " Defender's Edge: Utilizing Intelligent Agent Technology to Anticipate Terrorist Acts" by L.B. Scheiber  (Institute for Defense Analyses, June 2003)

UNDERSTANDING WHY - Dissecting radical islamist terrorism with agent-based simulation by Edward P. MacKerrow on Los Alamos Science N. 28 (2003)

Cybercrime type

(valued by the amount of dollar loss)

1) Virus

7) Laptop theft

2) Theft of proprietary information (Identity theft)

8) Denial-of-service attack

3) Financial fraud

9) System penetration

4) Insider network abuse

10) Active wiretapping

5) Sabotage

11) Telecom fraud

6) Unauthorized insider access

12) Telecom eavesdropping

13) Extortion online

15) Identity theft

Identity Theft

This COPS POP Guide addresses the problem of identity theft, and reviews the factors that increase the risk of it. (NCJ 205701) - Full text of the report: PDF http://www.cops.usdoj.gov/mime/open.pdf?Item=1271 

Personal Security Tips CHIPS XXII (IV), 16, 2004 ; guidance published by the FTC (Federal Trade Commission) at http://www.consumer.gov/idtheft/  ("If you think your identity has been stolen, here's what to do now..")

Helpful web sites for preventing identity theft:

Books about identity theft

"Preventing Identity Theft for Dummies" by Michael J. Arata, Jr. - Wiley Publishing, Inc. (2004).  If you haven't been the victim of identity theft,......If you have been the victim of identity theft..........

"50 ways to protect your identity and your credit" by Steve Weisman - Pearson Education, Inc. (2005).The book contains various form letters that may be adapted to a specific situation and used accordingly.

 

" Social Engineering" as big method of IT security breaches

 References:

 

RFID tags

RFID stands for Radio Frequency Identification

" RFID Chips Are Here" by Scott Granneman

" These chips act as transponders (transmitters/responders), always listening for a radio
signal sent by transceivers, or RFID readers. When a transponder receives a certain radio query, it responds by transmitting its unique ID code, perhaps a 128-bit number, back to the transceiver. "

http://www.theregister.co.uk/content/55/31461.html

RFID Basics http://www.zebra.com/id/zebra/na/en/index/rfid/faqs/rfid_basics.html

RFID technology differs from bar codes http://www.spychips.com/what-is-rfid-print.html

"Antennas get smart" by Martin Cooper, Scientific American 289 (1), 48 - 55 (2003)

"Spectrum-enabled RFID tags store and share data" by DON CIO Spectrum Team, CHIPS  XXIII (III), 30 - 32 (2004)

RFID Journal at http://www.rfidjournal.com/

RFID and the Supply Chain

Radio Frequency Identification technology, Electronic Product Code (EPC) and

privacy principles: to protect consumers ( RFID Journal :  September 2003, April 2004)

RFID's positive identification - Wireless ID apps gaining foothold beyond military - by John Moore, Federal Computer Week 19 (11) , 53 - 56 (2005)

Attention 

RFID tags could be abused by hackers and tech-savvy shoplifters

 

Companies involved to develop RFID -enabled supply chain solutions (from Accenture Technology Labs. on RFID Journal, April 2004)

Alien Technology, Avery Dennison, ConnecTerra, Escort Memory System, Intel, Intermec Technologies, Manhattan Associates, Matrics, Microsoft, Philips Semiconductors, PSC, Rafsec, Rockwell Automation, Samsys, SecuraKey, Sirit Technologies, Symbol Technologies, Texas Instruments, Verisign, Zebra Technologiest

Attention 

Transponders

http://transpondernews.com/

 

Transponders, RFID and the friendly fire

 

RFID at the U.S. Defense Department

References:

  • "Setting the stage for RFID - DOD to use radio technology at two distributor centers" by Bob Brewin, Federal Computer Week 18 (34), 10 (2004) (supply chain operations)
  • "Convoy safety slated for upgrade - Vehicle-mounted RFID tracking to be used in Iraq"by Bob Brewin, Federal Computer Week 18 (41), 12 (2004) (RFID in military vehicles will enable commanders in Iraq to monitor convoys and redirect them around dangerous situations)
  • "Spectrum-enabled RFID tags store and share data" by Don CIO, CHIPS XXII (III)  30 - 32 (2004)
  • "No silver bullets" by Bob Brewin, Federal Computer Week 19 (13), 39-42 (2005)
  • Report on Defense Department technology at http://www.fcw.com/download
  • The Defense Department's proposed radio frequency identification regulation at   http://www.fcw.com/download

 The New Hacker's Dictionary

http://catb.org/~esr/

SECURITY TAGS FOR DOCUMENTS AND PRODUCTS

for life science research, for molecular identification and quantitation, for authentication and tracking applications at

Nanoplex Technologies, Inc. (Menlo Park, CA, U.S.A.)

http://www.nanoplextech.com

Nanobarcode Particles are the nanoscale equivalent of conventional barcodes

OSVDB

Open Source Vulnerability Database

OSVDB is an independent and open source database created by and for the community. Our goal is to provide accurate, detailed, current, and unbiased technical information

http://www.osvdb.org/

 

First quantum cryptography network

  BBN Technologies in Cambridge (MA, U.S.A.)

http://www.bbn.com/

DNA-BASED CRYPTOGRAPHY

  • Carter Bancroft and Catherine Clelland - (Mount Sinai School of Medicine, New York City, NY, U.S.A.)
  • John Reif - (Duke University Durham, NC, U.S.A.)

Reference:DNA-Based Chrisptography on The Scientist 18 (12): 39 (2004)]

DNA-BASED AUTHENTICATION

Reference: "Fighting Fraud with DNA" by Bennett Daviss on The Scientist 18 (12):37 - 39 (2004)

BIODEFENSE

To identify of the organisms that might be used as agents of  biorerrorism and to know the responses of the human immune system to those organisms.  The bioterrorism's impact on the ecosystem (the food chain, air pollution).  How to prevent the contamination

 

 Bullet     Biosensing

 Bullet     Real Time Monitoring

 Bullet     Real time detection of microbial contaminants (electrochemiluminescence)

 Bullet     Genome sequensing (species and strain comparison and identification; computational intelligence)

 Bullet     Microarray for biodefense (Chips-N-SNPs)

 Bullet     Signatures for extraterrestrial life (Astrobiology)

The Matrix

Project: Multistate Anti-Terrorism Information Exchange system, currently backed by the main state law enforcement agencies of Connecticut, Florida, Michigan, Ohio and Pennsylvania.

Purpose: To increase and enhance local, state and federal law enforcement agencies' exchange of sensitive information on terrorism and other criminal activity.

Status: A pilot proof-of-concept project funded by federal governmentgrants is due to end in March 2005

Reference:

  • "Re-enter the Matrix" by Brian Robinson, Federal Computer Week 18 (18), 116 - 118 (2004)
  • "Multistate Matrix is wounded, not dead" by Dibya Sarkar, Federal Computer Week 19 (14), 47 (2005)
  • Find a link to Florida's law enforcement request for information at www.fcw.com/download

Carnivore

The FBI's controversial surveillance program that monitors e-mail and chat rooms

Reference:

  • "FBI cans Carnivore" by David Perera, Federal Computer Week 19 (3), 59 (2005)

Sentinel

The FBI information technology program

OBSIDIS

Obsidis is a scientific/underground magazine that focuses on research in ITC security

http://www.obsidis.org

 

 

Cryptographic methods

Guideline for implementing cryptography in the federal government

Digital Signature Guidelines Tutorial ( American Bar Association - Section of Science and Technology - Information Security Committee)

 

INFRAGARD

InfraGard is celebrating it's 10th Anniversary this year and the 2006 Conference this Summer is a must attend event for people with security focus, not only in Cyber, but in all the areas of US critical infrastructure protection.

http://www.infragardconferences.com/

National Security and Scientific Research

Export Administration Regulations

Export Control Regulations

http://www.gpo.gov/bis/index.html

SECURITY NEWS & ALERTS

ALERTS

US CERT Technical Cyber Security Alerts
 

SANS @RISK: The Consensus Security Alert
 

US CERT Cyber Security Alerts
 

TRC Terrorism E-Mail Alerts
 

The Emergency Email and Wireless Network
 

CNN Breaking News Alerts
 

NEWSLETTERS

SecurityFocus Newsletter
 

SANS NewsBites
 

ComputerWorld Newsletters
 

Search Security Newsletters
 

Security Awareness Newsletter - NoticeBored
 

US CERT Cyber Security Bulletins
 

SANS AuditBits Newsletter
 

SANS NetworkBits Newsletter
 

Kroll Ontrack: Case Law Update & E-Discovery News
 

Kroll Ontrack: Computer Forensics & Cyber Crime News

 

Microsoft Security Notification Service
 

TIPS

US CERT Cyber Security Tips
 

National Institute of Standards and Technology . Special publications (Computer Security Resource Center) at http://csrc.nist.gov/publications/nistpubs/index. html#sp800-95
 

An Introductory Resource Guide for Implementing the HIPAA Security Rule at http://csrc.nist.gov/publications/nistpubs/800-6 6/SP800-66.pdf
 

Holistic Information Security Practitioner (HISP) at (HISP) http://www.hispcertification.org
 

WEDI is a good website for information on HIPAA and HIPAA implementation. at http://www.wedi.org

 

CMS, Centers for Medicare % Mediicaid Services at http://www.cms.hhs.gov/home/regsguidance.asp