Professional Documents
Culture Documents
Cybersecurity Study Guide Resources v3
Cybersecurity Study Guide Resources v3
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
This list of websites, documents and resources accompany the Cyber Security Strategies class
taught by Professor Ronald Woerner. These are some of the resources provided with the
lecture. The links are current at the time of the class. Use at your own risk.
Contents
Glossaries .............................................................................................................................. 1
Data Breaches........................................................................................................................ 1
Cybersecurity Design, Concepts and Principles ..................................................................... 2
International Standards, Strategies, and Frameworks ............................................................ 2
Privacy ................................................................................................................................... 3
Web Security .......................................................................................................................... 4
Attacks, Threats, & Vulnerabilities .......................................................................................... 4
Tools ...................................................................................................................................... 4
Social Engineering.................................................................................................................. 5
Industry Resources (Information Sharing and Analysis Centers) ............................................ 5
Other resources...................................................................................................................... 5
COURSE INSTRUCTOR ........................................................................................................ 6
Glossaries
• NIST CSRC Glossary https://csrc.nist.gov/glossary/term/cybersecurity
• ISACA Glossary, https://www.isaca.org/resources/glossary
• The New Hacker's Dictionary (aka Jargon File), Eric Raymond -
http://www.catb.org/jargon/html/go01.html
Data Breaches
• Verizon Data Breach Investigations Report (DBIR) -
https://www.verizon.com/business/resources/reports/dbir/
as of 10 March 2022
1
• Information is Beautiful, World’s Biggest Data Breaches -
https://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-
hacks/
as of 10 March 2022
2
Information security controls - https://www.iso.org/obp/ui/#iso:std:iso-iec:27002:ed-
3:v2:en
ISO/IEC 27032:2012(en): Security Techniques – Guidelines for Cybersecurity -
https://www.iso.org/standard/44375.html
ISO/IEC TS 27110:2021(en), Information technology, cybersecurity and privacy
protection — Cybersecurity framework development guidelines,
https://www.iso.org/obp/ui/#iso:std:iso-iec:ts:27110:ed-1:v1:en
ISO 27701 – The Standard for Privacy Information Management,
https://www.isms.online/iso-27701/
• United Nations, Cybercrime: https://www.unodc.org/unodc/en/cybercrime/index.html
https://www.unodc.org/unodc/en/cybercrime/global-programme-cybercrime.html
• US National Institute of Standards and Technology (NIST)
Computer Security Resources Center (CSRC) - https://csrc.nist.gov/
o Special Publications (800 Series) - https://csrc.nist.gov/publications/sp800
o NIST Publications - https://csrc.nist.gov/publications
o Cybersecurity Framework (CSF) - https://www.nist.gov/cyberframework
o Risk Management Framework (RMF) - https://csrc.nist.gov/Projects/risk-
management
o Privacy Framework, https://www.nist.gov/privacy-framework
• Payment Card Industry (PCI) Data Security Standard (DSS) -
https://www.pcisecuritystandards.org/pci_security/
Document Library - https://www.pcisecuritystandards.org/document_library
• Center for Internet Security – https://www.cisecurity.org/
o CIS Controls - https://www.cisecurity.org/controls/cis-controls-list/
o Controls FAQ - https://www.cisecurity.org/controls/cis-controls-faq/
o Control Implementation Groups -
https://learn.cisecurity.org/CIS_Controls_v8_Implementation_Groups_Handout
o Benchmarks - https://www.cisecurity.org/cis-benchmarks/
• Underwriters Laboratory, Cybersecurity,
https://www.ul.com/services/solutions/cybersecurity
• Cloud Security Alliance (CSA) – https://cloudsecurityalliance.org/
o CSA Security Guidance for Critical Areas of Focus in Cloud Computing v4.0,
https://cloudsecurityalliance.org/research/guidance/
o Cloud Controls Matrix (CCM), https://cloudsecurityalliance.org/research/cloud-
controls-matrix/
Privacy
• IAPP, What is Privacy, https://iapp.org/about/what-is-privacy/
• EU GDPR, Personal Data: https://gdpr-info.eu/issues/personal-data/
as of 10 March 2022
3
• IAPP, Priv IAPP, Privacy by Design - The 7 Foundational Principles,
https://iapp.org/resources/article/privacy-by-design-the-7-foundational-principles/
• Global Privacy Standard (GPS) Privacy Principles:
http://www.ehcca.com/presentations/privacysymposium1/cavoukian_2b_h5.pdf
• IAPP, US State Privacy Legislation Tracker, https://iapp.org/resources/article/us-state-
privacy-legislation-tracker/
• Data Protection Laws of the World, https://www.dlapiperdataprotection.com/
• California Consumer Privacy Act (CCPA): https://oag.ca.gov/privacy/ccpa
• CPRA 1798.100. General Duties of Businesses that Collect Personal Information
(section e): https://iapp.org/resources/article/the-california-privacy-rights-act-of-2020/
Web Security
• Web Application Security (OWASP) – https://owasp.org/
o Top 10 web vulnerabilities - https://owasp.org/www-project-top-ten/
o Software Assurance Maturity Model - https://owasp.org/www-project-samm/
o Security Knowledge Framework - https://owasp.org/www-project-security-
knowledge-framework/
Tools
[Very partial list]
• VirusTotal - https://www.virustotal.com/
• HaveIBeenPwned - https://haveibeenpwned.com/
• Nmap – https://nmap.org/
• Wireshark – https://www.wireshark.org/
• SSL Labs (Qualys) - https://www.ssllabs.com/
• OWASP ZAP - https://owasp.org/www-project-zap/
• NoScript Browser add-on - https://noscript.net/
• Windows SysInternals Suite - https://technet.microsoft.com/en-
us/sysinternals/bb842062.aspx
as of 10 March 2022
4
Social Engineering
• OSInt Framework - https://osintframework.com/
• Social Engineering Framework - https://www.social-engineer.org/framework/general-
discussion/
• Books:
o C. Hadnagy, Human Hacking
o P. Carpenter, Transformation Security Awareness
Other resources
• Cybersecurity Canon, Book Hall of Fame - https://icdt.osu.edu/cybercanon
• Information Security Cheat Sheets, Lenny Zeltser - https://zeltser.com/cheat-sheets/
• Personal Security Checklist (Lissy93) https://github.com/Lissy93/personal-security-
checklist
as of 10 March 2022
5
COURSE INSTRUCTOR
Ron Woerner, CISSP, CISM
President / Chief Information Security Officer at Cyber-AAA, LLC, USA
Professor, Information Technology & Cybersecurity, College of Science & Technology, Bellevue
University, Bellevue, Nebraska, USA
• Ron Woerner, CISSP, CISM is a noted consultant, speaker and writer in the security
industry. As Chief Security Evangelist at Cyber-AAA, LLC, he delivers training and
security risk assessments for small, medium and large organizations. Woerner also
teaches at Bellevue University, an NSA Center of Academic Excellence. He has been a
featured speaker for TED, (ISC)2, ISACA, and RSA conferences and numerous industry
podcasts and webinars. Woerner has numerous University degrees in Computer
Science and Management of Information Systems. Ron loves to talk to others who are
passionate about Security, Privacy, and preventing online fraud.
• Social Medial Links: https://linktr.ee/cyberron
• LinkedIn Profile and Articles: https://www.linkedin.com/in/ronwoerner/
• YouTube: https://www.youtube.com/user/ronw68123
as of 10 March 2022
6