Organizations and Contacts Last Update: August 3, 1993 The computer security practitioner has many organizations that can be of assistance both in the public sector and in the private sector. The types of services these organizations provide vary according to their mission. Several offer bulletin board access and a majority will provide consulting services and free publications. We have attempted to list these organizations and to provide a description of the types of service they provide. There are several incident response teams that offer assistance to the public, however, we have not listed them in this section since they are described elsewhere in this booklet. Public-Sector Organizations Defense Technical Information Center (DTIC) ATTN: Reference Services Branch Building 5, Cameron Station Alexandria, VA 22304-6145 (703) 274-7633 DESCRIPTION: DTIC provides bibliographies of citations to classified and unclassified technical reports which convey results of Defense sponsored research and development. DTIC also provides microfiche and paper copies of these reports. Technical summaries describing DOD research and technology efforts at the work unit level are also available. DTIC provides products and services to registered U.S. Government agencies, industry and academia. Department of Defense Security Institute C/O Defense General Supply Center Richmond, VA 23297-5091 (804) 279-6076 DESCRIPTION: DODSI provides classes and reference materials on computer security. Federal Information Systems Security Educator's Association (FISSEA) NIST Bldg. 225, Room B-154 Gaithersburg, MD 20899 Contact: Kathie Everhart (301) 975-3868 DESCRIPTION: FISSEA is a formally sponsored activity of the National Institute of Standards and Technology. Its purpose is to elevate the general level of security awareness and knowledge within the federal government and federally related workforce. It also provides for the exchange of information regarding -- and for the improvement of -- IT security training and education programs throughout the federal government, and by its contractors and academic institutions. IRM College Bldg. 62 Marshall Hall Ft. McNair Washington, DC 20319-6000 (202) 287-9331 DESCRIPTION: Provides classes and seminars on information security. National Computer Security Center ATTN: X711 Operations Bldg. Fort George G. Meade, MD 20755-600 (410) 766-8729 DESCRIPTION: NCSC produces technical reference materials relating to a wide variety of computer security areas. A list of computer security publications is available on request. National Criminal Justice Reference Service Box 6000 Rockville, MD 20850 (301) 251-5500 (800) 851-3420 DESCRIPTION: NCJRS produces reports and reference materials relating to computer security. Office of Management and Budget Publications Services 726 Jackson Place NEOB Room 2200 Washington, D.C. 20503 (202) 395-7332 DESCRIPTION: OMB circulars and bulletins may be obtained from this organization. Superintendent of Documents U.S. Government Printing Office Washington, D.C. 20402 (202) 783-3238 DESCRIPTION: FIPS Publications, NIST Special Publications, and other security-related reference materials may be obtained from this organization. U.S. Department of Commerce National Institute of Standards and Technology National Computer Systems Laboratory Building 225 (Computer Security Division) Gaithersburg, MD 20899 (301) 975-2934 DESCRIPTION: NIST publishes a wide variety of material on computer security, including the FIPS pubs. Areas covered include encryption, risk analysis, user authentication, physical security, privacy, communications and network security, and computer security evaluation. U.S. Department of Commerce National Technical Information Services 5285 Port Royal Road Springfield, VA 22161 (703) 487-4660 DESCRIPTION: FIPS Publications, NIST Special Publications, and other security-related reference materials may be obtained from this organization. U.S. General Accounting Office Document Handling and Information Box 6015 Gaithersburg, MD 20877 (202) 512-6000 DESCRIPTION: Reports to Congress on computer security may be obtained from this organization. U.S. Office of Personnel Management ATTN: Central Registrar P.O. Box 7230 Washington, D.C. 20044 (703) 312-7260 DESCRIPTION: OPM provides information on a broad range of personnel management services, including computer security training and development. Private-Sector Organizations Association of Data Processing Service Organizations (ADAPSO) Information Technical Associates of America Suite 1300 1616 N. Ft. Meyer Drive Arlington, VA 22209 (703) 522-5055 DESCRIPTION: A leading trade association for the computer software and services industry. American Bankers Association 1120 Connecticut Avenue Washington, D.C. 20036 (202)663-5221 DESCRIPTION: Handles security related issues concerning banks. Association for Computing Machinery 1515 Broadway, 17th floor New York, NY 10036 (212) 869-7440 DESCRIPTION: The ACM is a computer science professional organization that publishes journals and sponsors conferences and workshops. The ACM has a number of special interest groups, specifically one on Security, Audit and Control American Defense Preparedness Association Security Technology Division Two Colonial Place, Suite 400 2101 Wilson Boulevard Arlington, VA 22209 (703) 522-1820 DESCRIPTION: Link between Industry & Government. Publish the National Defense Journal. American Society for Industrial Security (ASIS) 1655 North Fort Meyer Drive Suite 1200 Arlington, VA 22209 (703) 522-5800 DESCRIPTION: Sponsors conferences and chapter meetings on various aspects os security. Association For Systems Management P.O. Box 38370 Cleveland, OH 44138-0370 (216) 243-6900 DESCRIPTION: Association for IS professionals; 100 chapters in U.S. and Canada; chapter and association education programs including seminars and other presentations on computer security. Center for Computer Law P.O. Box 3549 Manhattan Beach, CA 90266 (310) 470-6361 DESCRIPTION: Non-profit, educational institution that conducts research on the legal problems facing the computer industry including computer crime, fraud, privacy and security issues. Computer Security Day Committee Association for Computing Machinery (ACM) Special Interest Group on Computer Security, Audit, and Control (SIGSAC) P.O. Box 39110 Washington, D.C. 20016 DESCRIPTION: An annual event that reminds people to protect their computers, programs, and data at home and at work. Computer Security Institute 600 Harrison Street San Francisco, CA 94107 Contact: (415) 905-2370 DESCRIPTION: This institute is the only membership organization devoting full-time energies to the critical field of computer and information security. CSI functions as a clearinghouse, putting computer security practitioners in touch with the information they need. Contingency Planning and Recovery Institute Division of Management Advisory Service and Publications P.O. Box 81151 Wellesley Hills, MA 02181-0001 Contact: M. Lagos (617) 235-2895, J. Kuong, Executive Dir. DESCRIPTION: CPR-I is solely devoted to development, research, education, and publication in the fields of corporate and computer contingency planning, and backup and recovery to assist professionals and companies maintain business continuity. Data Processing Management Association- SIG-CS 505 Busse Highway Park Ridge, IL 60068-3191 DESCRIPTION: A special interest group for DPMA members interested in computer security issues. EDP Auditors Association P.O. Box 88180 Carol Stream, IL 60188-0180 Contact: Nancy Anderson (312) 682-1200 DESCRIPTION: National Professional association for IS Auditors. Electronic Frontier Foundation (EFF) 1001 G Street, N.W., Suite 950 East Washington, DC 20001 (202) 544-9237 DESCRIPTION: The Electronic Frontier Foundation (EFF) is a public interest organization which seeks to develop and implement public policies that maximize freedom, civil liberty, and competitiveness in the new media environments being created by new computer and communications technologies. I4 SRI, International 333 Ravenswood Avenue Menlo Park, CA 94025-3493 (415) 326-6200 DESCRIPTION: The International Information Integrity Institute (I4) is a service offered by SRI, International, an independent, not-for-profit corporation performing research, development, and consulting services. They hold conferences, participate in forums, distribute awareness information, and conduct clinics. Information Systems Security Association 401 N. Michigan Ave. Chicago, IL 60611-4267 Contact: Peter Studney or Ann VerMeulen (312) 644-6610 DESCRIPTION: A non-profit organization of information security professionals intended to facilitate members education and exchange information. Institute of Internal Auditors 249 Maitland Avenue Altamonte Springs, FL 32701-4201 Contact: Julie Tarpley (407) 830-7600 DESCRIPTION: A professional association representing internal auditors in business, industry, government, and education. Involved in research, publications, and educational programs for the auditing profession. International Computer Security Association 5435 Connecticut Avenue, N.W., Suite 33 Washington, DC 20015 (202) 364-1320 DESCRIPTION: ICSA is an organization that helps PC and LAN users improve the security of the IT systems, to reduce the threat of computer viruses, and to ensure the integrity of their information resources. International Information Systems Security Certification Consortium, Inc. (ISC)2 P.O. Box 98 Spencer, MA 01562-0098 (508) 842-7329 DESCRIPTION: (ISC)2 is a nonprofit corporation tasked with developing a certification program for information systems security practitioners. National Center for Computer Crime Data 1222-B 17th Avenue Santa Cruz, CA 95062 (408) 475-4457 DESCRIPTION: The National Center for Computer Crime Data is a private organization that compiles an disseminates data on various aspects of computer crime and ethics. National Computer Security Association 10 S. Courthouse Ave. Carlisle, PA 17013 (717)258-1816 DESCRIPTION: Dedicated to micro/lan security, they conduct research, publish product evaluations, conduct security awareness training, and promote integrity in the use of computers. National Classification Management Society 6116 Roseland Drive Rockville, MD 20852 (301) 231-9191 DESCRIPTION: A professional society concerned with information security, document control, and computer security. National Fire Protection Association Batterymarch Park P.O. Box 9143 Quincy, MA 02269-9143 (800) 344-3555 DESCRIPTION: NFPA conducts research and publishes standards on all aspects of fire protection. Of particular interest to computer security practitioners are standards relating to Halon Systems and to protection of electronic equipment. A catalog of standards and other publications is available on request.