Cybersecurity resources, publications, and literature
The Center for Information Assurance and Cybersecurity has compiled a directory of links to aid in connecting with governmental, non-profit and industry related sources of information.
Purdue Global: Worst Data Breaches
This data analysis resource of the "Top 10 Worst Data Breaches of All Time" is provided by Purdue University Gobal.
Center for Academic Excellence: CAE Community
An online resource for Center for Academic Excellence (CAE) schools, or those interested in becoming one.
CAE Tech Talks
Monthly technical seminars are provided by NSA/DHS online and for free. These lectures by experts across the country are recorded and stored. Watch videos, view pdf lecture slides.
Department of Homeland Security: DHS on Internet of Things: IoT cybersecurity
The Department of Homeland Security released a document titled "Strategic Principles for Securing the Internet of Things (IoT)", stressing the importance of building security into the design state of IoT devices. Cyber Scoop released an article that illustrates the details of this document and the rules involved.
DHS Secretary's Honors Program Cyber Student Volunteer Initiative - 2015
The U.S. Department of Homeland Security (DHS) launched the Secretary’s Honors Program Cyber Student Volunteer Initiative. DHS placed undergraduate student volunteers in cybersecurity-focused assignments.
National Initiative for Cybersecurity Education (NICE)
The National Cybersecurity Workforce Framework was developed to provide a common understanding and lexicon for cybersecurity work. They define the cybersecurity population consistently and use standardized terms. This is an essential step to ensure that our country is able to educate, recruit, train, develop, and retain a highly-qualified workforce.
With the goal of closing the cybersecurity skills gap, CyberSeek provides detailed and actionable data about supply and demand in the cybersecurity job market. Includes an supply/demand jobs interactive map and information about career pathways.
National Institute of Standards & Technology (NIST): IoT
The White House issued cybersecurity guidelines (2016) for Internet of Things (IoT) devices through a 257-page report developed by the National Institute of Standards and Technology.
NIST: Cybersecurity Framework Reference Tool
The NIST Cybersecurity Framework (CSF) Reference Tool is a FileMaker runtime database solution. The Core presents industry standards, guidelines, and practices in a manner that allows for communication of cybersecurity activities and consists of five functions - Identify, Protect, Detect, Respond, Recover. When considered together they provide a high-level, strategic view of the lifecycle of an organization's management of cybersecurity risk.
NIST: Guide for Conducting Risk Assessments
Special Publication 800-30 is a guide for assesing rixk among federal information systems, including all three tiers of the risk management hierarchy.
NIST: Framework for Improving Critical Infrastructure Cybersecurity (2014)
This framework was developed between the government and private sector to create a common language for managing cybersecurity risk, based on business needs and cost-effectiveness.
Software Engineering Institute: Podcasts
The Software Engineering Institute (SEI) is a federally funded research and development center (FFRDC) sponsored by the U.S. Department of Defense (DoD) and operated by Carnegie Mellon University. About one hundred podcasts have been created since 2012. Find a podcast.
Not-for-profit publications, literature, and initiatives
AIRMIC: A structured approach to Enterprise Risk Management (ERM) and the requirements of ISO 31000 (2010).
View the ISO Risk Management Framework
COBIT 5 Framework
The COBIT 5 Framework is the latest edition of the Information Systems Audit and Control Association's (ISACA) globally accepted framework, providing an end-to-end business view of the governance of enterprise IT that reflects the central role of information and technology in creating value for enterprises. The principles, practices, analytical tools and models found in COBIT 5 embody thought leadership and guidance from business, IT and governance experts around the world.
Committee of Sponsoring Organizations (COSO) of the Treadway Commission
This is a joint initiative of the five private sector organizations and is dedicated to providing thought leadership through the development of frameworks and guidance on enterprise risk management, internal control and fraud deterrence.
The Cybersecurity Forum Initiative (CSFI)
Senior Cyber Leadership: Why a Technically Competent Cyber Workforce is Not Enough (2013). Prepared by The Cyber Security Forum Initiative (CSFI) this 27 page report identifies the 10 General Findings and Observations concerning Cyber Leaders. CSFI discusses the seven graduate level programs addressing the development of the next generation of Cyber Leader.
Center for Strategic and International Studies (CSIS)
A Human Capital Crisis In Cybersecurity: Technical Proficiency Matters (2010). A White paper of the CSIS Commission on Cybersecurity for the 44th Presidency. This 53 page report provides a comprehensive approach to addressing the shortage of cybersecurity professionals with a variety of remedies. Provided by the Center for Strategic and International Studies.
Capture-the-flag competition stats
CTFtime.org is a website dedicated to Capture-the-Flag (CTF) competitions, holding CTF archives, team rankings (look to see where UW Batman's Kitchen scores) and upcoming worldwide competitions.
Global CyberLympics’ goal is to raise awareness of increased education and ethics in information security through a series of cyber competitions that encompass forensics, ethical hacking and defense. One key initiative for Global CyberLympics is to foster an environment that creates child online protection through education.
Partnership for Public Service
Cyber IN-SECURITY: Strengthening the Federal Cybersecurity Workforce (2009). This 36 page report collaborative prepared by the Partnership for Public Service and Booz Allen Hamilton supports the findings of earlier research that the federal government needs more skilled cybersecurity professionals. The report provides recruiting, hiring and retention information to agencies seeking to hire this illusive workforce commodity.
Industry-affiliated publications, literature, and initiatives
Booz Allen Hamilton
Readying the Next Generation Cyber Workforce: Acquiring, Developing and Retaining Cyber Professionals (2010). This 16 page analysis by Booz Allen Hamilton presents a case study to address the growing demand for educated well trained, and experienced cyber workforce that covers an organization’s “Cyber Workforce Lifecycle”.
Cybersecurity Professional Trends: A SANS Survey (2014). SANS Salary Survey provides an overview of the cybersecurity workforce. Resources provide a balanced approach of education, experience, certifications that lead to significant career in this rapidly expanding career field.