Season 2 wrap.
Rick presents the highlight reel of season 2.
Resources:
Data Loss Protection and Prevention
- “Enhanced Security Requirements for Protecting Controlled Unclassified Information: A Supplement to NIST Special Publication 800-171,” by Ron Ross, Victoria Pillitteri, Gary Guissanie, Ryan Wagner, Richard Graubart, Deb Bodeau, National Institute of Standards and Technology (NIST), July 2020.
- “Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations: NIST Special Publication 800-171, Revision 2,” by Ron Ross, Victoria Pillitteri, Kelley Dempsey, Mark Riddle, Gary Guissanie, National Institute of Standards and Technology (NIST), February 2020.
- “The Forrester Wave™: Data Security Portfolio Vendors, Q2 2019: The 13 Providers That Matter Most And How They Stack Up,” by Heidi Shey, Forrester, 10 June 2019.
- “What is a Honeypot?” by Caleb Townsend, Cybersecurity Magazine.
- "Yesterday’s Solutions Won’t Solve Tomorrow’s Data Security Issues: Understanding Shortcomings With Current DLP/CASB Security Solutions And How To Fill The Gaps,” Forrester and Code42, June 2020.
Identity management
- "AN H-ISAC FRAMEWORK FOR CISOsTO MANAGE IDENTITY,” H-ISAC, April 2020.
- “An Introduction to Identity Management,” By John K Waters, CSO, 15 October 2007.
- “Cybersecurity first principles: zero trust,” by Rick Howard, The Cyberwire, 18 May 2020.
- "IDENTITY FOR THE CISO NOT YET PAYING ATTENTION TO IDENTITY,” H-ISAC.
- “What is IAM? Identity and access management explained,” by James Martin and John Waters, CSO, 9 October 2018.
- “What is Identity and Access Management and Why is it a Vital IT Security Layer?” by Matt Miller, BeyondTrust, 29 November 2018.
- “Cyber Deception,” Dave Climek, Anthony Macera, and Walt Tirenin, Journal of Cyber Security and Information Systems, Volume: 4 Number: 1 - Focus on Air Force Research Laboratory’s Information Directorate, 8 March 2016.
- “Cyber Deception Systems - Market Segment Report,” by Wellington Research, 2019.
Incident Response
- “Agreeing on Roles and Responsibilities: Summary of RACI,” ValueBasedManagement.net, 2019.
- “Attorney Client Privilege and Use of Kovel Arrangements FAQs,” by the American Institute of CPAs (AICPA), 18 August 2017.
- "Computer Security Incident Handling Guide: Special Publication 800-61 Revision 2,” by Paul Cichonski, Tom Millar, Tim Grance, and Karen Scarfone, NIST - National Institute of Standards and Technology, U.S. Department of Commerce, August 2012.
- “DACI Decision-Making Framework,” by Product Plan. Last Checked 5 August 2020.
- “Framework for Improving Critical Infrastructure Cybersecurity,” National Institute of Standards and Technology, Version 1.1, 16 April 2018, Last visited 17 June 2020.
- “The Big Picture of the Security Incident Cycle,” by Lenny Zeltser, SANS, 27 September 2010.
Red Team Blue Team Operations
- “2020 Red and Blue Team Survey Reveals Positive Trends,” by Sam Humphries, Exabeam, last visited 13 September 2020.
- “3 Situations That Call for a Red Team,” by Lisa Earle McLeod, Huffington Post, 23 November 2013.
- “Cybersecurity Red Team Versus Blue Team — Main Differences Explained,” by Sara Jelen, SecurityTrails, 7 December 2018.
- “Guide to Red Team Operations,” by Raj Chandel, Hacking Articles, 5 August 2019.
- “Helpful Red Team Operation Metrics,” by Cedric Owens, Medium, 2 March 2020.
- “Red team,” by Military Wikia.org.
- “Red Team Vs Blue Team Testing for Cybersecurity,” by Zbigniew Banach, Netsparker, 14 November 2019.
- “Red Team: How to Succeed By Thinking Like the Enemy,” by Micah Zenko, Basic Books, 3 November 2015.
- “Red Team: How to Succeed By Thinking Like the Enemy,” by Micah Zenko, Council on Foreign Relations, 1 November 2015.
- “The Difference Between Red, Blue, and Purple Teams,” By Daniel Miesller, 4 April 2020.
- “The History of Penetration Testing,” by Ryan Fahey, Infosec.
- “The importance of red teams,” by Peter Attia, Media, 24 May 2020.
- “Where does red teaming break down?” by David Spark, Allan Alford, and Dan DeCloss, “Defense in Depth” podcast, 3 September 2020.
Security Operations Centers
- "5G/SOC: SOC Generations,” by HP ESP Security Intelligence and Operations Consulting Services, May 2013, Last Visited 30 June 2020.
- “ABOUT ISACs,” by The National Council of ISACs, Last Visited 30 June 2020.
- “A History of Western Technology,” by Friedrich Klemm, published by Iowa State Press, 1 July 1991, Last Visited 30 June 2020.
- “Phenomenati's Taxonomy of a SOC™ for Cyber Security Operations,” by Phenomenati, Last Visited 30 June 2020.
- “The Morris Worm: 30 Years Since First Major Attack on the Internet,” FBI, 2 Novemebr 2018, Last Visited 30 June 2020.
- "The National Sigint Operations Center,” NSA FOIA Release, 4 May 2007, Wayback Machine, Last Visited 30 June 2020.
- “U.S. Cyber Command History,” by U.S. Cyber Command, Last Visited 30 June 2020.