The following are websites that provide information related to cyber and business security.
Some information is worth a quick glance and other information is worth saving. Microsoft’s One Note is a tool that can greatly simplify the process of saving and later finding articles of interest. One Note allows the user to create Named Sections – think of these as file folder. Just as a file folder can store multiple pieces of information – pages, pictures or documents so can a OneNote Section. This allows the user to establish a dynamic filing system. When needed, new sections can be added, exported as a OneNote file, Merged, Copied or Deleted. OneNote provides significant flexibility.
The OneNote feature that greatly eases capturing and retrieving web-based information is that when any text is copied from a webpage, OneNote also copies the URL. Having the text information directly associated with URL make the information much more usable.
For those who are interested in Cyber issues, the following sites may be a perfect starting point.
Project Spectrum is a DoD funded project with a focus on cyber security. They offer a variety of services and resources including a listing of 95 cyber tools covering 43 categories, training videos, and resources designed to assist businesses improve their cybersecurity and meet CMMC requirements. Access to many of the available services and resources require registration on the project’s website – https://www.projectspectrum.io. The information is available at no cost.
National Defense – Information Sharing and Analysis Center (ND-ISAC) – www.ndisac.org/
The National Defense ISAC is the Information Sharing and Analysis Center for the Defense Industrial Base, offering defense sector companies, their suppliers, and related interests a community and forum for sharing cyber and physical security threat indicators, best practices and mitigation strategies.
ND-ISAC gives defense industry entities and suppliers the ability to leverage the best security data, tools, services, and best practices available in a high-trust, collaborative industry environment. Through ND-ISAC, members share intelligence on cyber and physical security, insider threats, vulnerabilities, and associated threat remediation. ND-ISAC enables members to develop and continually mature their secure enterprise. ND-ISAC serves as the national defense sector’s principal focal point for all hazards to the sector.
National Council of Information Sharing and Analysis Centers – www.nationalisacs.org/
ISACs are member-driven organizations, delivering all-hazards threat and mitigation information to asset owners and operators.
Sector-based Information Sharing and Analysis Centers collaborate with each other via the National Council of ISACs. Formed in 2003, the NCI today comprises 25 organizations. It is a coordinating body designed to maximize information flow across the private sector critical infrastructures and with government. Critical infrastructure sectors and subsectors that do not have ISACs are invited to contact the NCI to learn how they can participate in NCI activities.
Information Sharing and Analysis Centers help critical infrastructure owners and operators protect their facilities, personnel and customers from cyber and physical security threats and other hazards. ISACs collect, analyze and disseminate actionable threat information to their members and provide members with tools to mitigate risks and enhance resiliency. ISACs reach deep into their sectors, communicating critical information far and wide and maintaining sector-wide situational awareness.
Infragard – www.infragard.org/
InfraGard is a partnership between the Federal Bureau of Investigation (FBI) and members of the private sector for the protection of U.S. Critical Infrastructure. Through seamless collaboration, InfraGard connects owners and operators within critical infrastructure to the FBI, to provide education, information sharing, networking, and workshops on emerging technologies and threats. InfraGard’s vetted membership includes: business executives, entrepreneurs, lawyers, security personnel, military and government officials, IT professionals, academia and state and local law enforcement—all dedicated to contributing industry-specific insight and advancing national security.
MITRE ATT&CK – www.attack.mitre.org/
MITRE ATT&CK® is a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations. The ATT&CK knowledge base is used as a foundation for the development of specific threat models and methodologies in the private sector, in government, and in the cybersecurity product and service community.
With the creation of ATT&CK, MITRE is fulfilling its mission to solve problems for a safer world — by bringing communities together to develop more effective cybersecurity. ATT&CK is open and available to any person or organization for use at no charge.
Bad Practices – www.cisa.gov/BadPractices
As recent incidents have demonstrated, cyberattacks against critical infrastructure can have significant impacts on the critical functions of government and the private sector. All organizations, and particularly those supporting designated Critical Infrastructure or National Critical Functions (NCF) should implement an effective cybersecurity program to protect against cyber threats and manage cyber risk in a manner commensurate with the criticality of those NCFs to national security, national economic security, and/or national public health and safety.
Cyber Resource Hub – www.cisa.gov/cyber-resource-hub
Need a cyber resource? Need a free cyber assessment? Check out this resource page which lists 14 different services and resources. Some services are available to private sector critical infrastructure organizations at no charge.
Small Business Cybersecurity Corner – www.nist.gov/itl/smallbusinesscyber
Access a variety of resources from Cyber Basics, Planning Guides, Information for Managers, Information for Training and information related to Responding to a Cyber Incident.
Cybersecurity for Small Business – www.fcc.gov/general/cybersecurity-small-business
United States Government Launches First One-Stop Ransomware Resource – StopRansomware.gov.
For a list of daily newsletters that will keep you current on Cyber issues, please click here.
For additional information on this topic, please contact Marc Violante at firstname.lastname@example.org or 414-270-3600.