This page features multiple resources to assist IT professionals with information on current security practices and protection tools. Check out the technical publications for valuable security information.
IT Security Technical Publications
- CIS Critical Security Controls
The Center for Internet Security (CIS) presents the CIS Controls for Effective Cyber Defense Version 6.0, a recommended set of actions that provide specific and actionable ways to stop today's most pervasive and dangerous cyber attacks.
- Information Technology Professional's Resource Center (ITRPC)
ITRPC provides numerous links to valuable network security publications.
- National Institute of Standards and Technology (NIST) - General IT Security
The Computer Security Division of NIST's Information Technology Laboratory provides standards and technology to protect federal information systems against threats to the confidentiality, integrity, and availability of information and services.
NIST Cyber Security Framework
Recognizing that the national and economic security of the United States depends on the reliable functioning of critical infrastructure, the President issued Executive Order 13636, Improving Critical Infrastructure Cybersecurity, in February 2013. It directed NIST to work with stakeholders to develop a voluntary framework – based on existing standards, guidelines, and practices - for reducing cyber risks to critical infrastructure.
- NIST Guidelines for Media Sanitization
The National Institute of Standards and Technology's (NIST) Guidelines for Media Sanitation
- NIST Releases Final Version of Revised Bluetooth Security Guide
The National Institute of Standards and Technology's (NIST) final version of the Guide to Bluetooth Security
- Ransomware - What it is and what to do about it.
Ransomware is a type of malicious software cyber actors use to deny access to systems or data. The malicious cyber actor holds systems or data hostage until the ransom is paid. After the initial infection, the ransomware attempts to spread to shared storage drives and other accessible systems. If the demands are not met, the system or encrypted data remains unavailable, or data may be deleted.
- SANS Application Security Working Papers
This set of working papers will provide up-to-date information from "industry thought leaders and enterprise pros already leading the application security charge in the trenches".
- SANS Digital Forensics and Incident Response (DFIR)
Every organization will eventually deal with cyber-crime. Fraud, intrusion, insider threats, phishing and other cyber-crimes are now a fact of life. If you are an IT or law enforcement professional and don't know how to look for and sort out these cases, your skills are becoming less valuable every day.
- SANS Internet Storm Center
The ISC was created in 2001 following the successful detection, analysis, and widespread warning of the Li0n worm. Today, the ISC provides a free analysis and warning service to thousands of Internet users and organizations, and is actively working with Internet Service Providers to fight back against the most malicious attackers.
- Small and Medium-Size Business Information Security Outreach Program
SMBs are increasingly reliant on information technology as they store, process, and communicate information. Because information is one of the most valuable assests of an organization, the protection of this information is critical.
- The Map of Cyber Security Domains
A week ago, I posted a picture of a mind-map that I created just called "The Map of Cybersecurity Domains (v1.0)." The map was put together as a way to clear my head by fully immersing myself in the world of cybersecurity day-in and day-out for the past few years, and constant reminder that just how complex and vast the subject can be.
- The Security of Cloud Storage Services
Fraunhofer Institute for Secure Information Technology reports on the security of cloud storage services
ThreatExpert is an advanced automated threat analysis system designed to analyze and report the behavior of computer viruses, worms, trojans, adware, spyware, and other security-related risks in a fully automated mode.
- US-CERT Cyber Resilience Review (CRR)
The CRR is a no-cost, voluntary, non-technical assessment to evaluate an organization’s operational resilience and cybersecurity practices. The CRR may be conducted as a self-assessment or as an on-site assessment facilitated by DHS cybersecurity professionals.
- US-CERT Cyber Security Evaluation Tool (CSET)
The Cyber Security Evaluation Tool (CSET®) is a Department of Homeland Security (DHS) product that assists organizations in protecting their key national cyber assets. It was developed by cybersecurity experts under the direction of the DHS Industrial Control Systems Cyber Emergency Response Team (ICS-CERT). The tool provides users with a systematic and repeatable approach to assessing the security posture of their cyber systems and networks. It includes both high-level and detailed questions related to all industrial control and IT systems. Click here to download CSET.
- US-CERT Security Publications
These documents can help you with everything from setting up your first computer to understanding the nuances of emerging threats.
Written testimony of National Cyber Security Communications Integration Center Director to House Committee on Homeland Security
Assessing Persistent and Emerging Cyber Threats to the U.S. Homeland
- 2017 National Preparedness Report
National Preparedness Report summarizes how prepared we are as a Nation. It focuses on five mission areas: Prevention, Protection, Mitigation, Response, and Recovery.
- 2018 Verizon Data Breach Investigations Report
At first glance, identifying 53K+ incidents in only 12 months suggests an information security dystopia, an uneven playing field where the bad guys consistently win out. And, the 2018 Data Breach Investigations Report (DBIR) is full of nefarious events by offenders both known and unknown.