The Internet gives us unlimited opportunities to educate ourselves. Here I want to share with you some free resources, which can help you understand information security concepts better.
1. For those of you who want to familiarize yourself with ISO 27001 standard I recommend free e-learning course
“The purpose of this course is to enable information security practitioners to successfully implement an ISO 27001 compatible information security management system in their respective organizations. This course is made freely available to interested candidates and is modeled on ISO 27001 Lead Implementer courses.” (c) ISQ
2. Designing and Executing Information Security Strategies course provides you with opportunities to integrate and apply your information security knowledge. Following the case-study approach, you will be introduced to current, real-world cases developed and presented by the practitioner community. You will design and execute information assurance strategies to solve these cases. A term-long capstone project leads you through an actual consulting engagement with a local organisation adding experience to your resume before you even complete the program.
3. Stanford University provides free online cryptography courses.
“This course explains the inner workings of cryptographic primitives and how to correctly use them. Students will learn how to reason about the security of cryptographic constructions and how to apply this knowledge to real-world applications. The course begins with a detailed discussion of how two parties who have a shared secret key can communicate securely when a powerful adversary eavesdrops and tampers with traffic. We will examine many deployed protocols and analyze mistakes in existing systems. The second half of the course discusses public-key techniques that let two or more parties generate a shared secret key. We will cover the relevant number theory and discuss public-key encryption and basic key-exchange. Throughout the course students will be exposed to many exciting open problems in the field.” (c) Dan Boneh
“The course begins with constructions for digital signatures and their applications. We will then discuss protocols for user authentication and zero-knowledge protocols. Next we will turn to privacy applications of cryptography supporting anonymous credentials and private database lookup. We will conclude with more advanced topics including multi-party computation and elliptic curve cryptography” (c) Dan Boneh
4. One-hour seminar by Xeno Kovah (Mitre) on rootkits highlights the few weaknesses in detection methodologies and many weaknesses in tools
5. Using buffer overflows
– Understanding the Stack – The beginning of this video explain Intel x86 function-call conventions when C code is compile
– Buffer Overflow Exploitation Megaprimer for Linux video series
6. Series of videos introducing wireless networking and the application of penetration testing tools to WLANs