The Internet holds vast amounts of information. Some of that information may not always be as accurate as we would hope it to. Inaccurate information serves to mislead the reader and make us doubt most other types of information as well. This leads to a self-perpetuating cycle of doubt which if the savvy security professional is unable to break away from can cause a form of security paralysis in where no action is taken for fear that it is the wrong action. This week I will include sources of credible information in regarding cyber-threats, vulnerabilities, updates, and any and all security news.
First we have https://ics-cert.us-cert.gov/content/cyber-threat-source-descriptions. This is the website for the National Cybersecurity and Communications Integration Center (NCCIC) whose mission is to reduce the risk of systemic cybersecurity and communications challenges in their role as the Nation’s flagship cyber defense, incident response, and operational integration center. The NCCIC offers a myriad of information regarding cyber threat sources such as national governments. terrorist organizations, industrial spies and organized crime groups, "hacktivists', hackers, and the Government Accountability Office (GAO) Threat Table.
Next is CSO Online. CSO is a resource that serves enterprise security decision-makers and users with critical information needed to stay ahead of evolving threats and defend against criminal cyber attacks. Their incisive content addresses all security disciplines from risk management to network defense to fraud and data loss prevention, CSO offers unparalleled depth and insight to support key decisions and investments for IT security professionals.
There are many more good resources out there, all of which should be sought out and examined. Eventually you will come to discover that two sources may have conflicting information. In the event that this does happen I caution diligence. If you are securing government systems then I personally would go with the information from sources directly relating to the government, such as the NCCIC site. For private industry I would follow best practices from other like-enterprises ensuring that any and all security implementations I perform are within industry standards. Cheers!
First we have https://ics-cert.us-cert.gov/content/cyber-threat-source-descriptions. This is the website for the National Cybersecurity and Communications Integration Center (NCCIC) whose mission is to reduce the risk of systemic cybersecurity and communications challenges in their role as the Nation’s flagship cyber defense, incident response, and operational integration center. The NCCIC offers a myriad of information regarding cyber threat sources such as national governments. terrorist organizations, industrial spies and organized crime groups, "hacktivists', hackers, and the Government Accountability Office (GAO) Threat Table.
Next is CSO Online. CSO is a resource that serves enterprise security decision-makers and users with critical information needed to stay ahead of evolving threats and defend against criminal cyber attacks. Their incisive content addresses all security disciplines from risk management to network defense to fraud and data loss prevention, CSO offers unparalleled depth and insight to support key decisions and investments for IT security professionals.
There are many more good resources out there, all of which should be sought out and examined. Eventually you will come to discover that two sources may have conflicting information. In the event that this does happen I caution diligence. If you are securing government systems then I personally would go with the information from sources directly relating to the government, such as the NCCIC site. For private industry I would follow best practices from other like-enterprises ensuring that any and all security implementations I perform are within industry standards. Cheers!
No comments:
Post a Comment