Wednesday, March 11, 2015

Cyber Security Notes - Part 5

Cybersecurity and Cyberwar: What Everyone Needs to Know® by P.W. Singer and Allan Friedman (Oxford University Press: January 3, 2014) – an excellent overview of the terminology and essentials of cybersecurity; interesting recommendations for national strategies.

INFRAGARD: An alliance for national infrastructure protection – a comprehensive suite of sensitive unclassified, BFI, DHS, and other federal, state, and local threat intelligence products and daily news feeds.  See special membership requirements.

NIST (National Institute of Standards) Cybersecurity Framework

NIST CSRC (Computer Security Resource Center) Guidance:

NIST Small Business Security Outreach:

NIST IR (Interagency or Internal Reports) Publications:

NIST IR 7289 – Glossary of Internet Security Terms (Release 2)

NIST IR 7621, Small Business Information Security

National Initiative for Cybersecurity Education:

Cybercrime Case Studies: (Brian Krebs on Security

National Cyber Security Alliance for small business and home users:
(includes Stop Think.Connect)

Federal Trade Commission – Identity Theft Information

Internet Crime Complaint Center

Tuesday, March 10, 2015

Cyber Security Notes - Part 4

Leading Companies in Cyber Security Field:

Citadel Information Group – Stan Stahl

Information Security Library 

FireEye assessment report – The Current State of Cyber Security

FireEye’s Mandiant division, one of the world's leading cybersecurity firms

Kennedy Consulting and Research Associates:Cyber Security Consulting 2013.

Telos:

The Monterey Group

Mindpoint Group

Booz Allen Hamilton

CSC: Computer Sciences Corporation.

AllClear ID (https://www.allclearid.com/) to protect your identity

Free credit monitoring from Credit Karma (https://www.creditkarma.com/) and Credit Sesame (http://www.creditsesame.com/)

MarketWatch top 20 Cyber Security firms:

The leading companies are:

- BAE Systems PLC
- The Boeing Company
- Booz Allen Hamilton Inc.
- Cisco Systems Inc.
- Computer Sciences Corporation (CSC)
- Dell Inc
- Finmeccanica SpA
- General Dynamics Corporation
- Hewlett Packard Company
- International Business Machines Corporation (IBM)
- Intel Corporation
- Kaspersky Lab
- L-3 Communications Holdings
- Leidos
- Lockheed Martin Corporation
- Northrop Grumman Corporation
- Raytheon Company
- Symantec Corporation&
- Thales Group
- Trend Micro Inc.

Cyber Security Notes - Part 3

“NACD Cyber-Risk Oversight Handbook” – June 2014

“NACD Advisory Council on Risk Oversight Summary of Proceedings” (Sept 18, 2014)

NACD and ISACA also produced a multi-part webinar titled “The Intersection of Technology, Strategy, and Risk.” May 2014

ISACA (previously the Information Systems Audit and Control Association) an independent, nonprofit, global association engaged in the development, adoption and use of globally accepted, industry-leading knowledge and practices for information systems

COBIT 5 (Control Objectives for Information and Related Technology, the only business framework for the governance and management of enterprise IT; the product of a global task force and development team from ISACA
https://cobitonline.isaca.org/

ISSA (Information Systems Security Association) the community of choice for international cybersecurity professionals dedicated to advancing individual growth, managing technology risk and protecting critical information and infrastructure.
http://www.issa.org

Patricia A. Oelrich published an article on “Benefits for the Board of Conducting a Cybersecurity Audit” in Directors and Boards, 4th Quarter 2014

“Private sector largely ignorant of cyber threat,” Center for Strategic & International Studies (CSIS) January 9, 2015

“Technology-Ignorant Boards Are Costing Shareholders Billions: What Should Boards Do Differently?” by Richard LeBlanc, Huffington Post December 9, 2014

“Three Boardroom Questions Every Cybersecurity Entrepreneur Must Answer” by Ted Schlein, general partner with Kleiner Perkins Caufield & Byers January 6, 2015 Forbes

PricewaterhouseCoopers produced a report, “Directors and IT: What Works Best (A user-friendly board guide for effective information technology oversight).”

PricewaterhouseCoopers – “Managing Cyber Risks in an Interconnected World:
Key findings from the Global State of Information Security Survey 2015”
September 30, 2014

“Boards of Directors, Corporate Governance, and Cyber-Risks: Sharpening the Focus”
by Commissioner Luis A. Aguilar June 10, 2014

Deloitte – COSO Framework Overview – June 2014

“10 Steps to Cyber Security: Executive Companion” from The Cyber Security Guidance for Business," produced by CESG (the Information Security arm of GCHQ), the Department for Business Innovation and Skills (BIS) and the Centre for the Protection of National Infrastructure (CPNI) updated January 14, 2014.

The guidance includes:
Cyber Risk Management – A Board Level Responsibility

10 Steps to Cyber Security – Executive Companion

10 Steps to Cyber Security Guidance Sheets: