Technical Publications / Resources
This page features multiple resources to assist IT professionals with information on current security practices and protection tools. Check out the technical publications for valuable security information.
IT Security Technical Publications
- CIS Critical Security Controls
The Center for Internet Security (CIS) presents the CIS Controls for Effective Cyber Defense Version 6.0, a recommended set of actions that provide specific and actionable ways to stop today's most pervasive and dangerous cyber attacks. - Cloud Security Defined: Required Safeguards
In this whitepaper you’ll learn how to harness the capabilities of the cloud while pursuing a “security-first” posture. - National Institute of Standards and Technology (NIST) - General IT Security
The need for cybersecurity standards and best practices that address interoperability, usability and privacy continues to be critical for the nation. NIST’s cybersecurity programs seek to enable greater development and application of practical, innovative security technologies and methodologies that enhance the country’s ability to address current and future computer and information security challenges. - National Preparedness Report
National Preparedness Report summarizes how prepared we are as a Nation. It focuses on five mission areas: Operational Coordination, Infrastructure Systems, Housing, Economic Recovery, and Cybersecurity. - NIST Cybersecurity Framework
Recognizing that the national and economic security of the United States depends on the reliable functioning of critical infrastructure, the President issued Executive Order 13636, Improving Critical Infrastructure Cybersecurity, in February 2013. It directed NIST to work with stakeholders to develop a voluntary framework – based on existing standards, guidelines, and practices - for reducing cyber risks to critical infrastructure. - Phishing
Phishing assessment results provided by CISA to help organizations understand the current threat landscape and prevent the likelihood of employees becoming victims of phishing attempts. - Ransomware Resources
According to the Department of Homeland Security's (DHS) Cybersecurity Infrastructure Security Agency CISA Insights - Ransomware Outbreak, "Ransomware has rapidly emerged as the most visible cybersecurity risk playing out across our nation's networks, locking up private sector organizations and government agencies alike. ... We strongly urge you to consider ransomware infections as destructive attacks." NMFTA has created several documents for participants to customize for use to test their own organizations cyber threat posture. - Ransomware - What it is and what to do about it.
Ransomware is a type of malicious software cyber actors use to deny access to systems or data. The malicious cyber actor holds systems or data hostage until the ransom is paid. After the initial infection, the ransomware attempts to spread to shared storage drives and other accessible systems. If the demands are not met, the system or encrypted data remains unavailable, or data may be deleted. - SANS Application Security Working Papers
This set of working papers will provide up-to-date information from "industry thought leaders and enterprise pros already leading the application security charge in the trenches". - SANS Digital Forensics and Incident Response (DFIR)
Every organization will eventually deal with cyber-crime. Fraud, intrusion, insider threats, phishing and other cyber-crimes are now a fact of life. If you are an IT or law enforcement professional and don't know how to look for and sort out these cases, your skills are becoming less valuable every day. - SANS Webcasts
SANS information security webcasts are given by security experts in the field on a number of different topics a few times each month. Listen to them live, or browse the previous episodes to replay a webcast that meets your security needs. - US-CERT Cyber Resilience Review (CRR)
The CRR is a no-cost, voluntary, non-technical assessment to evaluate an organization’s operational resilience and cybersecurity practices. The CRR may be conducted as a self-assessment or as an on-site assessment facilitated by DHS cybersecurity professionals. - US-CERT Cybersecurity Evaluation Tool (CSET)
The Cybersecurity Evaluation Tool (CSET®) is a Department of Homeland Security (DHS) product that assists organizations in protecting their key national cyber assets. It was developed by cybersecurity experts under the direction of the DHS Industrial Control Systems Cyber Emergency Response Team (ICS-CERT). The tool provides users with a systematic and repeatable approach to assessing the security posture of their cyber systems and networks. It includes both high-level and detailed questions related to all industrial control and IT systems. Click here to download CSET. - US-CERT Security Publications
These documents can help you with everything from setting up your first computer to understanding the nuances of emerging threats. - Verizon Data Breach Investigations Report
The Verizon Data Breach Investigations Report (DBIR) provides you with crucial perspectives on threats that organizations like yours face. The 12th DBIR is built on real-world data from 41,686 security incidents and 2,013 data breaches provided by 73 data sources, both public and private entities, spanning 86 countries worldwide.
