Saturday, November 22, 2008

My Top Cyber Security Sites
- Bookmark This!

Last Updated: 1-10-2010

Here's my developing list of top cyber security sites and podcasts with supporting rational.

A. Situational Awareness:
  1. US-CERT: United States Computer Emergency Response Team
    This is the very first place I check every day for a quick take on relevant threatscape information - i.e. Current Activity and Alerts. Simple click to drill in on full listing of active national Technical Security Alerts, Bulletins, Vulnerabilities, etc. Clean, well organized site with great coverage of a number of key cyber security topics.
  2. DHS Daily Open Source Infrastructure Report
    A must read, great source of daily critical infrastructure protection related news organized by sectors and key assets as defined by the National Infrastructure Protection Plan with linked open source references. e.g. Energy, Nuclear Reactors, Government Facilities, Information Technology, Communications, etc.
  3. SANS Internet Storm Center- Handler's Diary
    Especially useful for developing situations- these are the folks that go deep into nitty-gritty details addressing the latest Internet security problems.
B. Program Development:

  1. Resource site for CISO's, CSO's, and security professionals.
    Metrics, tools, opinions, and most importantly access to CISO's, CSO's, experts, and other professionals in the field of security. Shares information, ideas, tips, and techniques for addressing security issues faced by today's professional. Content is free; however, some areas require using a registration logon for access.  Their latest book  goes beyond program centered engagement specifics to provide a deeper understanding into what it takes for longer term results. It explains and underscores what really matters in organizations to ensure security programs - regardless of budget and expertise applied to form them up- do not devolve as many do, like an ice sculpture melting into a useless puddle, while internal areas look on- recommended reading:   CISO Soft Skills: Securing Organizations Impaired by Employee Politics, Apathy, and Intolerant Perspectives 
  2. Security Manager's Journal - ComputerWorld
    Since 2002, a regular series of timely security manager articles addressing real world situations very simliar to a number of challenges many organizations face. The specific companies and assorted ghostwriters remain anonomous to help protect sources while gaining insight from often entertaining real-world hard knocks. Think your job is tough?
  3. CSO Online - Security and Risk
    A sister publication of CIO Magazine, this is the primary trade magazine many follow with the latest enterprise views: headlines, data protection, identity & access, business continuity, physical security, leadership, and some solid blogs.
  4. NIST, Computer Security Division, Computer Security Resource Center
    Regulatory trajectory is promising to get more "NISTy" for critical infrastructure organizations and this site provides a front door to the National Institute of Standards and Technology well regarded Special Publications, related FIPS requirements, and drafts organized by topic clusters, etc. Great complement to an overall framework.
  5. CERT's Podcast Series: Security for Business Leaders
    Robust cyber security is increasingly a non-negotiable requirement for organizations. Moving corporate culture forward cooking security in poses challenges that must be overcome. CERT has a well done podcast series addressing key principles and strategies: Governing for Enterprise Security, Measuring Security, Privacy, Risk Management and Resilience, Security Educations and Training, Threats, Trends and Lessons Learned, Tips from the Trenches.
C. Perspectives and Professional Development:
  1. KrebsonSecurity: In-depth security news and investigation.
    Brian Krebs worked as a reporter for The Washington Post from 1995 to 2009, authoring more than 1,300 blog posts for the Security Fix blog, as well as hundreds of stories for and The Washington Post newspaper, including eight front-page stories in the dead-tree edition and a Post Magazine cover piece on botnet operators.
  2. Digital Bond: Control System Security Research and Consulting
    Digital Bond is a control system security research and consulting practice. They have years of security experience from the National Security Agency (NSA), National Labs, large asset owners and leading security equipment providers.perspective. Resources include the well maintained blog, monthly podcast with industry expertise, presentations, annual "S4" research conference proceedings, research, and a solid SCADApedia reference.
  3. Risky Business Podcast with Patrick Gray
    Excellent latest news coverage and regularly featured interviews all professionally done. Great, timely coverage of hot security topics from the experts closest to the action- all done in a way to help ensure those listening are entertained and gain valuable perspective.
  4. Manager Tools Podcasts
    Want to become a more effective leader and manager? This weekly podcast helps with fresh tools and easy techniques for real-world settings that go beyond theory into specific actions that can be used right away to improve your performance. A key set of "the basics" provide a strong starting point you can immediately apply and build on!
Helpful input welcome.

Sunday, November 2, 2008

FTC Will Delay 'Red Flags' Rule Enforcement for Six Months

Some Good News on FACTA!
Looks like a number of utilities will get a break in enforcement action with FTC granting a six-month delay. However, this repreave is just for FTC enforcement, and won't affect other federal agencies' enforcement of the original Nov 1, 2008 deadline.

>FTC Will Grant Six-Month Delay of Enforcement Action , FTC Announcement
>More on FACTS (Fair and Accurate Credit Transactions Act) - Wikipedia Overview/Links