Major Industry Websites

Government Resources

Cybersecurity and Infrastructure Security Agency: - https://www.cisa.gov/resources-tools/resources/free-cybersecurity-services-and-tools

Defense Information Systems Agency: - https://www.disa.mil/

Department of Homeland Security (DHS) Cybersecurity: - https://www.dhs.gov/topics/cybersecurity

FBI: - https://www.fbi.gov/investigate/cyber

Health Information Technology: - https://www.healthit.gov/topic/privacy-security-and-hipaa

National Industry of Standards and Technology (NIST) Cybersecurity: - https://www.nist.gov/cybersecurity

Nation Security Agency (NSA): - https://www.nsa.gov/Cybersecurity/

The National Counterintelligence and Security Center: - https://www.dni.gov/index.php/ncsc-home

US General Services Administration (GSA): - https://www.gsa.gov/technology/government-it-initiatives/cybersecurity/cybersecurity-programs-and-policy

Cybersecurity News

Cybersecurity Tools

Certifications and Training

Books

Berenson, A. (2009). The Silent Man. New York: The Penguin Group.

Bosworth, S., Kabay, M. E., & Whyne, E. (2014). Computer Security Handbook. Hoboken, NJ: John Wiley & Sons.

Clark, A., Sherwood, J., & Lynas, D. (2015). Enterprise Security Architecture. A Business-Driven Approach. Burlington, MA: Focal Press.

Du, W. (2019). Computer Security. A Hands-on Approach. Las Vegas, NV: Wenliang Du.

Ferguson, N., Kohno, T., & Schneier, B. (2910). Cryptography Engineering. Indianapolis: Wiley Publishing, Inc.

Gibson, D., & Igonor, A. (2022). Managing Risk in Information Systems. Burlington, MA: Jones & Bartlett Learning.

Grama, J. L. (2022). Legal and Privacy Issues in Information Security . Burlington, MA: Jones & Bartlett.

Graves, M., Jensen, C. J., & McElreath, D. H. (2018). ntroduction to Intelligence Studies. New York: Routledge.

Jackson, G. M. (2012). Predicting Malicious Behavior. Tools for Ensuring Global Security. Indianapolis: John Wiley & Sons.

 .

Cybersecurity Fundamentals

Crowdstrike Inc. (2021). Falcon Insight: Endpoint Detection and Response.  Retrieved from falcon-insight-data-sheet.pdf (crowdstrike.com)

Khan, Mahwish. (2019, January 3).  How to build a successful continuous monitoring (CM) program. INFOSEC. Retrieved from https://resources.infosecinstitute.com/topic/how-to-build-a-successful-continuous-monitoring-cm-program/

Raam, Giridhara. (2019, July 12). Cybersecurity Frameworks – Types, strategies, Implementation and Benefits. The Hacker News. Retrieved from Cybersecurity Frameworks — Types, Strategies, Implementation and Benefits (thehackernews.com)

Scarfone, Karen. (2021, January).  How to develop a cybersecurity strategy: Step-by-Step Guide.  TechTarget. Retrieved from How to Develop a Cybersecurity Strategy: Step-by-Step Guide (techtarget.com)

Sotnikov, Ilia. (2021, August 17). How to perform IT Risk Assessment. Netwrix Blog. Retrieved from https://blog.netwrix.com/2018/01/16/how-to-perform-it-risk-assessment/#FAQ

Cryptography

Barker, E. (2020). Guideline for using cryptographic standards in the federal government. https://doi.org/10.6028/nist.sp.800-175br1

Callas, J., Donnerhacke, L., Finney, H., Shaw, D., & Thayer, R. (2007). OpenPGP Message Format. https://doi.org/10.17487/rfc4880

Du, W. (2019). Computer Security: A Hands-on Approach (2nd ed., pp. 298-318).

FIPS 140-3 Security Requirements for Cryptographic Modules. (2019, March 22). NIST

https://csrc.nist.gov/publications/detail/fips/140/3/final

Halo Linux Services. (2020). Looking at File Internals with the Bless Editor. https://www.halolinux.us/assembly-programming/looking-at-file-internals-with-the-bless-editor.html

Loshin, P., & Wright, R. What is Pretty Good Privacy and how does it work? TechTarget.com. Retrieved from https://www.techtarget.com/searchsecurity/definition/Pretty-Good-Privacy.

Wagner, D. et al.,  (n.d.). Symmetric-Key Encryption Cryptography. Computer Security. https://textbook.cs161.org/crypto/symmetric.html

Enterprise Security Architecture

Atlassian. (2023). Incident management for high-velocity teams. Retrieved from https://www.atlassian.com: https://www.atlassian.com/incident-management/kpis/severity-levels

Chen, H., Cho, J.-H., & Xu, S. (2018). Quantifying the Security Effectiveness of Firewalls and DMZs. HoTSoS '18: Proceedings of the 5th Annual Symposium and Bootcamp on Hot Topics in the Science of Security, 4.

Clay, J. (2022, November 15). Complete Guide to Protecting 7 Attack Vectors. Retrieved from TrendMicro: https://www.trendmicro.com/en_us/ciso/22/k/cyber-attack-vectors-how-to-protect-them.html

Hackerone. (2023). What Are Attack Vectors and 8 Ways to Protect Your Organization. Retrieved from Hackerone: https://www.hackerone.com/knowledge-center/what-are-attack-vectors-and-8-ways-protect-your-organization

Rutuja. (2023). Incident Response Playbooks: A Crucial Component of SOC Strategy. Retrieved from CyberNX: https://www.cybernx.com/b-incident-response-playbooks-a-crucial-component-of-soc-strategy

Singh, A. (2021, June 23). What are Cyber Incident Response Playbooks & Why Do You Need Them? Retrieved from APMG International: https://apmg-international.com/article/what-are-cyber-incident-response-playbooks-why-do-you-need-them

Operational Policy

Chval, Keith. (2006, October 31). How to Preserve Digital Evidence in Case of Legal Investigation. EdTech. How to Preserve Digital Evidence in Case of Legal Investigation | EdTech Magazine

Daniel, Brett. (2021, April 22). What Is FIPS 140-2? TrentonSystems. What Is FIPS 140-2? (trentonsystems.com)

Epstein Becker Green. (2015, January 29. Beyond HIPAA: New Jersey Law Requires Encryption of Personal Data by Health Insurance. Beyond HIPAA: New Jersey Law Requires Encryption of Personal Data by Health Insurance Carriers - Epstein Becker & Green, P.C. (ebglaw.com)

Herpy, Jonathan. (2021, April 5). Staying In Compliance With Biometric Privacy Laws As A Business. Forbes. Staying In Compliance With Biometric Privacy Laws As A Business (forbes.com)

Ko, Jack et al. (2020). China Publishes Import License List and Export Control List for Commercial Encryption. PillsburyLaw. China’s Import and Export Control License Lists for Encryption (pillsburylaw.com)

Lin, Vic. (n.d). How to Avoid Patent Infringement. Patent Trademark. How to Avoid Patent Infringement - Patent Trademark Blog | IP Q&A

Risk Management

ISMS.Online. (2023). ISO 27002:2022, Control 6.4 – Disciplinary Process. Retrieved from Isms.Online:https://www.isms.online/iso-27002/control-6-4-disciplinary-process/  

National Institute of Standards and Technology. (2012, August). Computer Security Incident Handling Guideline. Retrieved from https://nvlpubs.nist.gov/nistpubs/specialpublications/nist.sp.800-61r2.pdf   

National Institute of Standards and Technology (2018). Risk Management Framework for Information Systems and Organizations. A System Life Cycle Approach for Security and Privacy. Retrieved from https://csrc.nist.gov/pubs/sp/800/37/r2/final

Risk Optics. (2023, November 20). What are the PCI DSS Password Requirements? Retrieved from Reciprocity.com: https://reciprocity.com/resources/what-are-the-pci-dss-password-requirements/#:~:text=Passwords%20must%20now%20consist%20of,imposing%20a%20longer%20minimum%20length

Twingate Team. (2024, February 1). CVE-2017-0143 Report - Details, Severity, Advisories and More. Retrieved from Twingate.com: https://www.twingate.com/blog/tips/cve-2017-0143

Vincente, V. (2023, March 20). The 12 PCI DSS Compliance Requirements: What You Need to Know. Retrieved from https://www.auditboard.com/blog/pci-dss-requirements/

Management and Cybersecurity

Babati, Barbara. (2019, December 17). A Guide to Cybersecurity Awareness Training for Your Employees. Hoxhunt. https://www.hoxhunt.com/blog/a-guide-to-cybersecurity-awareness-training-for-your-employees

Cook, Angela. (2021, October 14). Business Continuity vs. Disaster Recovery: What Is The Difference? LdiConnect. https://myldi.com/blog/business-continuity-vs-disaster-recovery-difference/

Filipkowski, Ben. (2021, October 3rd). What to look for in a cyber security vendor. Field Effect. https://fieldeffect.com/blog/what-to-look-for-in-a-cyber-security-vendor/

Security Scorecard. (2020, September 14). How to Justify Your Cybersecurity Budget. https://securityscorecard.com/blog/how-to-justify-your-cybersecurity-budget

Vigeant, Steven. (2015, June 19). In-House vs. Outsourced IT Staffing: The Pros and Cons. Data Evolution LLC. https://www.dataev.com/it-experts-blog/in-house-vs.-outsourced-it-staffing-the-pros-and-cons

Secure Software Design and Development

Berhanu, Yaphi. (2016, June 27th). Things to Know (and Potential Dangers) with Third-Party Scripts. CSS-Tricks. https://css-tricks.com/potential-dangers-of-third-party-javascript/

IBM Support. (2013, June 6th). Security Bulletin: RMI vulnerability in Java, as used with WebSphere eXtreme Scale. https://www.ibm.com/support/pages/security-bulletin-rmi-vulnerability-java-used-websphere-extreme-scale

Harpiz, Ophir et al. (2022, April 13th). Critical Remote Code Execution Vulnerabilities in Windows RPC Runtime. Akamai. https://www.akamai.com/blog/security/critical-remote-code-execution-vulnerabilities-windows-rpc-runtime

ISC2. (2023). The Threat of Insecure Interfaces and APIs. https://www.isc2.org/articles/the-threat-of-insecure-interfaces-and-apis

Kovacs, Eduard. (2019, August 11). Vulnerabilities in Device Drivers From 20 Vendors Expose PCs to Persistent Malware. Security Week. https://www.securityweek.com/vulnerabilities-device-drivers-20-vendors-expose-pcs-persistent-malware/

Microsoft. (2021, December 8th). Improve kernel security with the new Microsoft Vulnerable and Malicious Driver Reporting Center. https://www.microsoft.com/en-us/security/blog/2021/12/08/improve-kernel-security-with-the-new-microsoft-vulnerable-and-malicious-driver-reporting-center/

Network Visualization and Vulnerability Detection

Cooper, Stephen. (2022, October 10). Nessus Vulnerability Scanner Review. Comparitech. https://www.comparitech.com/net-admin/nessus-vulnerability-scanner-review/

Kumar, Chandan. 2022, November 30. 10 Best Open Source Monitoring Software for IT Infrastructure. GeekFlare. https://geekflare.com/best-open-source-monitoring-software/

Nitro. (2020, September 27). Metasploit exploits Encoders and Nops payloads tutorial. Noob Hackers. https://www.noob-hackers.com/2020/09/metasploit-exploits-encoders-and-nops.html#:~:text=Nop%27s%2C%20nops%20are%20like%20payload%20modifiers%20which%20helps,while%20hacking%20gadgets.%20Currently%20Metasploit-framework%20has%2010%20Nops.

Travis. (2022, February 23). How To Use Kismet Kali Linux? Systran Box. https://www.systranbox.com/how-to-use-kismet-kali-linux/

Cyber Threat Intelligence

Ambwani, Kailash. 92022, February 22). Global hybrid warfare introduces cyber threats to companies amid the Russia-Ukraine crisis. Security. https://www.securitymagazine.com/articles/97103-global-hybrid-warfare-introduces-cyber-threats-to-companies-amid-the-russia-ukraine-crisis

Banks, Joe. (2021, September 22). 5 cybersecurity threats for businesses in 2021—and 3 tips to combat them. Security. https://www.securitymagazine.com/articles/96146-5-cybersecurity-threats-for-businesses-in-2021and-3-tips-to-combat-them

Bissel, Kelly and Pipikaite, Algirde. (2022, January 18). What you need to know about cybersecurity in 2022. World Economic Forum. https://www.weforum.org/agenda/2022/01/cyber-security-2022-global-outlook/

Campbell, Chris et al. (2021, July 30). Ransomware attacks rise despite US call for clampdown on cybercriminals. Financial Times. https://www.ft.com/content/c8c7630f-86f8-453f-a664-3fb5401bcb2a

Cisco. (2021). Cyber security threat trends. https://ole.sandiego.edu/bbcswebdav/pid-2534931-dt-content-rid-36738863_1/xid-36738863_1

Cluley, Graham. (2022, February 22). Manufacturing was the top industry targeted by ransomware last year. The State of Security. https://www.tripwire.com/state-of-security/security-data-protection/manufacturing-was-the-top-industry-targeted-by-ransomware-last-year/

Incident Response and Computer Network Forensics

Atlassian. (2021). Understanding the key incident response roles and responsibilities. Retrieved from Understanding incident response roles and responsibilities (atlassian.com)

Bandos, Tim. (2017, July 27). Building your Incident Response Team: Key Roles and Responsibilities. DataInsider. Retrieved from Building Your Incident Response Team: Key Roles and Responsibilities | Digital Guardian

Cheryl. (2021, September 14). What is the purpose of an incident response plan? CyberCPR. Retrieved from What is the purpose of an incident response plan? - CyberCPR 

Ellis, David. (2021). 6 Phases in The Incident Response Plan. SecurityMetrics. Retrieved from 6 Phases in the Incident Response Plan (securitymetrics.com)

Matthews, Tim. (2018, July 19). The Complete Guide to CSIRT Organization: How to Build an Incident Response Team. ExaBeam. Retrieved from Complete Guide to CSIRT: How to Build an Incident Response Team (exabeam.com)

Moore, Stephen. (2018, August 24). 10 Best Practices for Creating an Effective Computer Security Incident Response Team (CSIRT). ExaBeam. Retrieved from 10 Best Practices for Creating an Effective Computer Security Incident Response Team (CSIRT) - Exabeam