The Essential List of IT Security Resources for Businesses Large and Small
We’ve put together a massive reading list for businesses interested in learning more about US government initiatives, various cybersecurity organizations, and industry best practices related to computer and information security.
So let’s start off with some organizations that you should know about:
This site contains numerous reports, frameworks, and models regarding various operational security and risk management topics. The ISA is essentially a multi-sector trade organization that combines thought leadership, research, and advocacy into one powerful force for security. Publications are available for free, and benefits from substantial participation with a wide variety of industries.
A San Diego based foundation that helps educate people and businesses about cyber security best practices. There are some online resources available, though you may find this group more valuable for their events and security awareness programs. If you are a tech company based in the Silicon Valley area (like us) – this is an organization that you really want to know about.
A non-profit organization that has some interesting reports available about the state of “badware” trends i.e. viruses, malware, and spyware etc. You can also report malicious websites through their service.
Part of the Department of Homeland Security. This website contains numerous publications and related resources to help prepare and educate businesses about a wide variety of security issues and topics. You can also subscribe to various security alerts and tips to keep you appraised of the latest security threats.
Other interesting reading, and free resources:
The following links lead to a wealth of information about various security topics, and have been put together by a variety of US government agencies tasked with protecting the nation. Cybersecurity in general is being treated with ever higher priority as time passes and the threat landscape grows more sophisticated – ergo US-based businesses should be fully aware of what the US government is doing to tackle these issues.
Information about US government cybersecurity initiatives
- National Security Council – The Comprehensive National Cybersecurity Initiative
- Statement from the DHS “Examining the Cyber Threat to Critical Infrastructure and the American Economy”
Cybersecurity best practices and guidelines
- U.S. Chamber of Commerce – Internet Security Essentials for Business 2.0
- Department of Homeland Security – Cybersecurity resources for businesses
- Department of Homeland Security Best Practice Guidelines
- National Institutes of Health – Free Information Security & Privacy Training Courses
- National Institute of Standards and Technology – Guide to Selecting IT Security Products (PDF)
- StaySafeOnline.org (from the NCSA) – Resources for keeping businesses safe online
- National Initiative for Cybersecurity Education
- Vulnerability Disclosure Framework from the National Infrastructure Advisory Council (PDF)
Security Vulnerability Databases
Note that while these databases are co-sponsored by the US government – they can be used by, and are applicable to all countries i.e. information is free for public use. These databases will help you identify any security vulnerability known to exist, while OVAL offers a standardized language for defining vulnerabilities.
- Common Vulnerabilities and Exposures List (CVE)
- National Vulnerability Database (NVD)
- Open Vulnerability Assessment Language (OVAL)
Information Sharing and Analysis Centers
ISACs are organizations that are meant to aid certain key industry sectors to easily share and coordinate security and vulnerability concerns in order to protect critical infrastructures and minimize risks.