Threats, Vulnerabilities and Malware

A sampling of resources that identify information security threat sources and describe information technology security weaknesses, including a section that lists resources related specifically to malware, which is a significant type of security threat in and of itself.

The best information about threats and vulnerabilities is subject to constant change as the types of threats and vulnerabilities that represent the most current risks are constantly evolving. Always pursue your own study to ensure that your risk assessments sufficiently address your organization's current risks.

Resources on Threats

NIST Guide for Conducting Risk Assessments

A-Z Listing of Threats and Risks

Threat Encyclopedia

Symantec Internet Security Threat Report

Application Threat Modeling

HHS Reported Breaches

Intelligence and National Secuirty Alliance (INSA) Cyber Insider Threat Task Force

The Enemy Within: Dealing with Insider Threats - Presentation

BJA Major White-Collar Crime and Identity Theft

Resources on Vulnerabilities

Common Vulnerabilities and Exposures

Vulnerability Reporting and Data eXchange SIG (VRDX-SIG)

CIS Controls

CERT Vulnerability Analysis

MS-ISAC Advisories

Common Weakness Risk Analysis Framework (CWRAF)

Nationwide Rollup Review of CMS HIPAA Oversight

GAO Report on Medical Devices

Open Web Application Security Project

Resources on Viruses and Malware

OWASP Computer Viruses

OWASP Anti-Malware - Knowledge Base



Sophos Threat Center

McAfee Threat Center

Symantec Security Response


McAfee Virus Info

Trend Micro Malware Trends

Malware Investigator