Scribd Logo
Upload

Welcome to Scribd!

  • Cybersecurity Study Guide Resources v3

    Uploaded by

    Kris Montgomery
    25 views6 pages

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    25 views6 pages

    Cybersecurity Study Guide Resources v3

    Uploaded by

    Kris Montgomery

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    of 6

    Cyber Security Study Guide Resources

    Compiled by: Ron Woerner, United States, Cyber-AAA, LLC

    This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.

    This list of websites, documents and resources accompany the Cyber Security Strategies class
    taught by Professor Ronald Woerner. These are some of the resources provided with the
    lecture. The links are current at the time of the class. Use at your own risk.

    Contents
    Glossaries .............................................................................................................................. 1
    Data Breaches........................................................................................................................ 1
    Cybersecurity Design, Concepts and Principles ..................................................................... 2
    International Standards, Strategies, and Frameworks ............................................................ 2
    Privacy ................................................................................................................................... 3
    Web Security .......................................................................................................................... 4
    Attacks, Threats, & Vulnerabilities .......................................................................................... 4
    Tools ...................................................................................................................................... 4
    Social Engineering.................................................................................................................. 5
    Industry Resources (Information Sharing and Analysis Centers) ............................................ 5
    Other resources...................................................................................................................... 5
    COURSE INSTRUCTOR ........................................................................................................ 6

    Glossaries
    • NIST CSRC Glossary https://csrc.nist.gov/glossary/term/cybersecurity
    • ISACA Glossary, https://www.isaca.org/resources/glossary
    • The New Hacker's Dictionary (aka Jargon File), Eric Raymond -
    http://www.catb.org/jargon/html/go01.html

    Data Breaches
    • Verizon Data Breach Investigations Report (DBIR) -
    https://www.verizon.com/business/resources/reports/dbir/

    Ron Woerner, Cyber-AAA

    as of 10 March 2022
    1
    • Information is Beautiful, World’s Biggest Data Breaches -
    https://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-
    hacks/

    Cybersecurity Design, Concepts and Principles


    • Information Security Design Principles
    o Saltzer & Schroeder Original Paper -
    http://web.mit.edu/Saltzer/www/publications/protection/index.html
    o Adam Shostack Blog - https://adam.shostack.org/blog/the-security-principles-of-
    saltzer-and-schroeder/
    • Eric Raymond, Hackers Jargon File, http://www.catb.org/esr/jargon/html/index.html
    (History of hacking)

    International Standards, Strategies, and Frameworks


    • European Union Agency for Cybersecurity (ENISA), https://www.enisa.europa.eu/
    o ENISA, Step Towards Foresight on Emerging Cybersecurity Challenges,
    https://www.enisa.europa.eu/news/enisa-news/step-towards-foresight-on-
    emerging-cybersecurity-challenges, 22 November 2021
    o ENISA, Understanding the increase in Supply Chain Security Attacks,
    https://www.enisa.europa.eu/news/enisa-news/understanding-the-increase-in-
    supply-chain-security-attacks, 29 July 2021
    • EU Cybersecurity Certification Framework: https://digital-
    strategy.ec.europa.eu/en/policies/cybersecurity-certification-framework
    EU Cybersecurity Strategy: https://eeas.europa.eu/archives/docs/policies/eu-cyber-
    security/cybsec_comm_en.pdf
    • Interpol, Cybercrime: https://www.interpol.int/en/Crimes/Cybercrime
    o Interpol, ASEAN Cyber Capacity Development Project
    https://www.interpol.int/en/Crimes/Cybercrime/Cyber-capabilities-
    development/ASEAN-Cyber-Capacity-Development-Project
    o Interpol, National Cybercrime Strategy Guidebook,
    https://www.interpol.int/en/content/download/16455/file/National Cybercrime
    Strategy Guidebook.pdf
    • ITU, Guide to developing a national cybersecurity strategy,
    https://www.itu.int/en/myitu/Publications/2020/02/28/15/28/Guide-to-developing-a-
    national-cybersecurity-strategy---Strategic-engagement-in-cybersecurity
    • International Standards Organization
    ISO/IEC 27001:2013, Information Security Management - https://www.iso.org/isoiec-
    27001-information-security.html
    ISO/IEC 27002:2022(en), Information security, cybersecurity and privacy protection —

    Ron Woerner, Cyber-AAA

    as of 10 March 2022
    2
    Information security controls - https://www.iso.org/obp/ui/#iso:std:iso-iec:27002:ed-
    3:v2:en
    ISO/IEC 27032:2012(en): Security Techniques – Guidelines for Cybersecurity -
    https://www.iso.org/standard/44375.html
    ISO/IEC TS 27110:2021(en), Information technology, cybersecurity and privacy
    protection — Cybersecurity framework development guidelines,
    https://www.iso.org/obp/ui/#iso:std:iso-iec:ts:27110:ed-1:v1:en
    ISO 27701 – The Standard for Privacy Information Management,
    https://www.isms.online/iso-27701/
    • United Nations, Cybercrime: https://www.unodc.org/unodc/en/cybercrime/index.html
    https://www.unodc.org/unodc/en/cybercrime/global-programme-cybercrime.html
    • US National Institute of Standards and Technology (NIST)
    Computer Security Resources Center (CSRC) - https://csrc.nist.gov/
    o Special Publications (800 Series) - https://csrc.nist.gov/publications/sp800
    o NIST Publications - https://csrc.nist.gov/publications
    o Cybersecurity Framework (CSF) - https://www.nist.gov/cyberframework
    o Risk Management Framework (RMF) - https://csrc.nist.gov/Projects/risk-
    management
    o Privacy Framework, https://www.nist.gov/privacy-framework
    • Payment Card Industry (PCI) Data Security Standard (DSS) -
    https://www.pcisecuritystandards.org/pci_security/
    Document Library - https://www.pcisecuritystandards.org/document_library
    • Center for Internet Security – https://www.cisecurity.org/
    o CIS Controls - https://www.cisecurity.org/controls/cis-controls-list/
    o Controls FAQ - https://www.cisecurity.org/controls/cis-controls-faq/
    o Control Implementation Groups -
    https://learn.cisecurity.org/CIS_Controls_v8_Implementation_Groups_Handout
    o Benchmarks - https://www.cisecurity.org/cis-benchmarks/
    • Underwriters Laboratory, Cybersecurity,
    https://www.ul.com/services/solutions/cybersecurity
    • Cloud Security Alliance (CSA) – https://cloudsecurityalliance.org/
    o CSA Security Guidance for Critical Areas of Focus in Cloud Computing v4.0,
    https://cloudsecurityalliance.org/research/guidance/
    o Cloud Controls Matrix (CCM), https://cloudsecurityalliance.org/research/cloud-
    controls-matrix/

    Privacy
    • IAPP, What is Privacy, https://iapp.org/about/what-is-privacy/
    • EU GDPR, Personal Data: https://gdpr-info.eu/issues/personal-data/

    Ron Woerner, Cyber-AAA

    as of 10 March 2022
    3
    • IAPP, Priv IAPP, Privacy by Design - The 7 Foundational Principles,
    https://iapp.org/resources/article/privacy-by-design-the-7-foundational-principles/
    • Global Privacy Standard (GPS) Privacy Principles:
    http://www.ehcca.com/presentations/privacysymposium1/cavoukian_2b_h5.pdf
    • IAPP, US State Privacy Legislation Tracker, https://iapp.org/resources/article/us-state-
    privacy-legislation-tracker/
    • Data Protection Laws of the World, https://www.dlapiperdataprotection.com/
    • California Consumer Privacy Act (CCPA): https://oag.ca.gov/privacy/ccpa
    • CPRA 1798.100. General Duties of Businesses that Collect Personal Information
    (section e): https://iapp.org/resources/article/the-california-privacy-rights-act-of-2020/

    Web Security
    • Web Application Security (OWASP) – https://owasp.org/
    o Top 10 web vulnerabilities - https://owasp.org/www-project-top-ten/
    o Software Assurance Maturity Model - https://owasp.org/www-project-samm/
    o Security Knowledge Framework - https://owasp.org/www-project-security-
    knowledge-framework/

    Attacks, Threats, & Vulnerabilities


    • MITRE
    o ATT&CK Framework - https://attack.mitre.org/
    o D3fend Framework - https://d3fend.mitre.org/
    • Vulnerability Analysis
    o MITRE Common Vulnerabilities and Exposures (CVE) – https://cve.mitre.org/
    o NIST National Vulnerability Database (NVD) - https://nvd.nist.gov/
    o Vulnerability Database - https://vuldb.com/
    • Real-Time Threat Maps
    o Digital Attack Map - https://www.digitalattackmap.com
    o Kaspersky - https://cybermap.kaspersky.com/
    o Akamai - https://www.akamai.com/us/en/resources/visualizing-akamai/

    Tools
    [Very partial list]
    • VirusTotal - https://www.virustotal.com/
    • HaveIBeenPwned - https://haveibeenpwned.com/
    • Nmap – https://nmap.org/
    • Wireshark – https://www.wireshark.org/
    • SSL Labs (Qualys) - https://www.ssllabs.com/
    • OWASP ZAP - https://owasp.org/www-project-zap/
    • NoScript Browser add-on - https://noscript.net/
    • Windows SysInternals Suite - https://technet.microsoft.com/en-
    us/sysinternals/bb842062.aspx

    Ron Woerner, Cyber-AAA

    as of 10 March 2022
    4
    Social Engineering
    • OSInt Framework - https://osintframework.com/
    • Social Engineering Framework - https://www.social-engineer.org/framework/general-
    discussion/
    • Books:
    o C. Hadnagy, Human Hacking
    o P. Carpenter, Transformation Security Awareness

    Industry Resources (Information Sharing and Analysis Centers)


    • Global Resilience Federation (GRF): https://grf.org/
    • National Council of ISACS: https://www.nationalisacs.org/member-isacs-3
    • IT-ISAC: https://www.it-isac.org/
    • Financial Services (FS-ISAC): https://www.fsisac.com/
    • Payment Card Industry Security Standards Council:
    https://www.pcisecuritystandards.org/
    • European Union: https://www.enisa.europa.eu/topics/national-cyber-security-
    strategies/information-sharing

    Other resources
    • Cybersecurity Canon, Book Hall of Fame - https://icdt.osu.edu/cybercanon
    • Information Security Cheat Sheets, Lenny Zeltser - https://zeltser.com/cheat-sheets/
    • Personal Security Checklist (Lissy93) https://github.com/Lissy93/personal-security-
    checklist

    Please share other resources: ronw@cyber-aaa.com.

    Ron Woerner, Cyber-AAA

    as of 10 March 2022
    5
    COURSE INSTRUCTOR
    Ron Woerner, CISSP, CISM
    President / Chief Information Security Officer at Cyber-AAA, LLC, USA
    Professor, Information Technology & Cybersecurity, College of Science & Technology, Bellevue
    University, Bellevue, Nebraska, USA

    • Ron Woerner, CISSP, CISM is a noted consultant, speaker and writer in the security
    industry. As Chief Security Evangelist at Cyber-AAA, LLC, he delivers training and
    security risk assessments for small, medium and large organizations. Woerner also
    teaches at Bellevue University, an NSA Center of Academic Excellence. He has been a
    featured speaker for TED, (ISC)2, ISACA, and RSA conferences and numerous industry
    podcasts and webinars. Woerner has numerous University degrees in Computer
    Science and Management of Information Systems. Ron loves to talk to others who are
    passionate about Security, Privacy, and preventing online fraud.
    • Social Medial Links: https://linktr.ee/cyberron
    • LinkedIn Profile and Articles: https://www.linkedin.com/in/ronwoerner/
    • YouTube: https://www.youtube.com/user/ronw68123

    Ron Woerner, Cyber-AAA

    as of 10 March 2022
    6

    You might also like