Resources used in my lectures - Information Security

Lecture Materials and Legal Resources
Lecture Image 1 The first chapter talks about the fundamentals including the and design principles. The first chapter gives the background to the subject and important terminology.
Lecture Image 2 Very clear explanation of the subject, including a book, lecture slides, simulated Internet, and lab exercises.
Fundamentals Image Lecture notes, code segments, and presentations.
Android Enterprise Security Android security.
Intruder Dashboard An application security testing tool.
MITRE ATT&CK MITRE attack framework.
IoT Security Architecture Threat modeling by Microsoft - Security architecture for IoT solutions.
MITRE Attack Framework for AI MITRE attack framework for AI.
OWASP ASVS Banner OWASP Application Security Verification Standard.
CYBOK Front Banner Cyber Security Body of Knowledge by the UK government.
Linux Foundation Course on Secure Software Development
NIST Cybersecurity Framework NIST Cybersecurity Framework v2.0
Legislations and Related Source
Personal Data Protection Act, No. 9 of 2022
Intellectual Property Act, No. 36 of 2003
ELECTRONIC TRANSACTIONS ACT, No. 19 OF 2006
Computer Crime Act, No. 24 of 2007
Evidence (Special Provisions) Act (No. 14 of 1995)
General Data Protection Regulation
GDPR Enforcement Tracker
University level course on Cyber Crimes by the United Nations Office on Drugs and Crime
Title Key Points
INFORMATION SECURITY POLICIES, PROCEDURES, AND STANDARDS: A Practitioner’s Reference Chapter 1 and 2. Chapter 2 describes the policies, standards, guidelines, and procedures
ISO 27001 controls – A guide to implementing and auditing (Bridget Kenyon) ISO Standard on Information Security
The Art of Cyber Security: A practical guide to winning the war on cyber crime (Gary Hibberd) The importance of having the right mindset

Comments

  1. My collection August 21, 2024 at 10:43 PM

    This comment has been removed by the author.

    ReplyDelete
  2. My collection August 21, 2024 at 10:46 PM

    SAFECode, “Practical security stories and security tasks for agile development
    environments,” SAFECode, Tech. Rep., July 2012. [Online]. Available: http://safecode.org/
    wp-content/uploads/2018/01/SAFECode Agile Dev Security0712.pdf

    ReplyDelete
  3. My collection August 21, 2024 at 10:46 PM

    SAFECode, “Fundamental practices for secure software development: Essential elements
    of a secure development lifecycle program,” SAFECode, Tech. Rep. Third Edition, March
    2018. [Online]. Available: https://safecode.org/wp-content/uploads/2018/03/SAFECode
    Fundamental Practices for Secure Software Development March 2018.pdf

    ReplyDelete
  4. My collection August 21, 2024 at 10:50 PM

    WhiteSource identifies every open source component in your software, including dependencies. It then secures you from vulnerabilities and enforces license policies throughout the software development lifecycle. The result? Faster, smoother development without compromising on security.

    ReplyDelete
  5. My collection August 21, 2024 at 10:52 PM

    Credential Scanner (aka CredScan) is a tool developed and maintained by Microsoft to identify credential leaks such as those in source code and configuration files. Some of the commonly found types of credentials are default passwords, SQL connection strings and Certificates with private keys.

    ReplyDelete
  6. My collection August 27, 2024 at 11:17 PM

    some games - 7https://www.usenix.org/conference/3gse14/summit-program/presentation/shostack
    8https://securitycards.cs.washington.edu/ Protection Poker [30]

    ReplyDelete
  7. My collection August 27, 2024 at 11:56 PM

    Security Quality Requirements Engineering (SQUARE)
    https://insights.sei.cmu.edu/library/security-quality-requirements-engineering-square/

    ReplyDelete
  8. My collection August 28, 2024 at 2:52 AM

    Cloud Computing Law
    Second Edition
    Edited by
    CHRISTOPHER MILLARD

    ReplyDelete
  9. My collection August 28, 2024 at 2:54 AM

    AWS
    All-in-One
    Security Guide
    Design, Build, Monitor, and Manage a
    Fortified Application Ecosystem on AWS

    ReplyDelete
  10. My collection August 28, 2024 at 10:53 PM

    https://portswigger.net/web-security

    ReplyDelete
  11. My collection August 28, 2024 at 10:54 PM

    Free, online web security training from the creators of Burp Suite

    ReplyDelete
  12. My collection August 28, 2024 at 10:54 PM

    https://www.handsonsecurity.net/resources.html

    ReplyDelete
  13. My collection August 28, 2024 at 10:54 PM

    https://trainingportal.linuxfoundation.org/learn/course/developing-secure-software-lfd121

    ReplyDelete
  14. My collection August 28, 2024 at 10:55 PM

    https://portswigger.net/burp/communitydownload

    ReplyDelete
  15. My collection August 29, 2024 at 8:49 AM

    ISO 27001 Controls
    A guide to implementing and auditing

    ReplyDelete
  16. My collection August 29, 2024 at 8:50 AM

    This comment has been removed by the author.

    ReplyDelete
  17. My collection August 30, 2024 at 10:26 AM

    Book - Grokking Web Application Security

    ReplyDelete
  18. My collection September 2, 2024 at 8:35 PM

    https://www.lockheedmartin.com/content/dam/lockheed-martin/rms/documents/cyber/LM-White-Paper-Defendable-Architectures.pdf and https://www.lockheedmartin.com/

    ReplyDelete
  19. rasika's viewOctober 24, 2024 at 1:58 AM

    (1) AWS Graviton Memory Encryption
    (2) AWS Nitro instance Memory Encryption

    ReplyDelete
  20. rasika's viewNovember 20, 2024 at 10:18 PM

    https://nse.digital/

    ReplyDelete
  21. rasika's viewFebruary 7, 2025 at 8:33 PM

    https://www.nirsoft.net/system_tools.html various tools to study the system, recover passwords, etc

    ReplyDelete
  22. My collection October 27, 2025 at 7:32 AM

    A Cuckoo Sandbox is an open-source tool that can be used to automatically analyze malware. Imagine, it’s 2 am in the Security Operations Center (SOC) and an alert has triggered…
    https://www.varonis.com/blog/cuckoo-sandbox

    ReplyDelete
  23. My collection October 27, 2025 at 7:32 AM

    A challenge - https://www.varonis.com/frostbyte

    ReplyDelete

Post a Comment

Popular posts from this blog

Legal issues in the IT field

Key IT Laws in Sri Lanka 1. Electronic Transactions Act, No. 19 of 2006 (Amended 2017) Legalizes electronic contracts, digital signatures, and electronic documents, giving them the same legal status as paper-based documents. The 2017 amendment expands the scope to include biometric authentication and strengthens provisions for cross-border e‑commerce facilitation. 2. Computer Crimes Act, No. 24 of 2007 Criminalizes offenses such as unauthorized access to systems, data interception, and the disclosure of passwords. This law forms the backbone of cybercrime enforcement in Sri Lanka. 3. Intellectual Property Act, No. 36 of 2003 Protects creative and technological works, including software, trade secrets, and integrated circuits. It ensures protection through copyright, trademarks, and patents—essential for safeguarding digital innovation. 4. Payment and Settlement Systems Act, No. 28 of 2005 Empowers the Central Bank to regulate electronic payment systems and ensure the sa...
Read more
Common Mistakes in Research Papers – Insights from a Journal Editor Common Mistakes in Research Papers – Insights from a Journal Editor As someone who regularly reads research manuscripts and reviewer reports, I have noticed certain mistakes that frequently appear in submissions—regardless of the author’s discipline or experience level. These issues not only reduce the quality of a paper but also lower its chances of being accepted. In this post, I want to share some of the most common mistakes authors make in their research writing, how to avoid them, and best practices for writing clear, strong, and publishable academic work. 1. Use Clear, Concise Language Avoid unnecessary adjectives and adverbs. Phrases like “this study rigorously investigates” are redundant. The expectation is that your research is rigorous. Stick to factual, straightforward language. Avoid vague expressions. Terms like “our understanding” are too...
Read more

Recent legal issues

Image
Parents of teenager who took his own life sue OpenAI Source: BBC The family included chat logs between Adam, who died in April, and ChatGPT that show him explaining he has suicidal thoughts. They argue the programme validated his "most harmful and self-destructive thoughts". In a statement, OpenAI told the BBC it was reviewing the filing. "We extend our deepest sympathies to the Raine family during this difficult time," the company said. Japanese police apologise at grave of wrongfully accused man Source: BBC Japanese authorities bowed and offered flowers at the grave of a businessman to apologise for wrongfully charging him with exporting potentially sensitive industrial machines. Shizuo Aishima and three other executives were arrested for illegal exports in March 2020. He died of stomach cancer in February 2021, five months before the indictments were dropped. Indian media pile into lawsuit against OpenAI chatbot C...
Read more