Wednesday, March 11, 2015

Cyber Security Notes - Part 5

Cybersecurity and Cyberwar: What Everyone Needs to Know® by P.W. Singer and Allan Friedman (Oxford University Press: January 3, 2014) – an excellent overview of the terminology and essentials of cybersecurity; interesting recommendations for national strategies.

INFRAGARD: An alliance for national infrastructure protection – a comprehensive suite of sensitive unclassified, BFI, DHS, and other federal, state, and local threat intelligence products and daily news feeds.  See special membership requirements.

NIST (National Institute of Standards) Cybersecurity Framework

NIST CSRC (Computer Security Resource Center) Guidance:

NIST Small Business Security Outreach:

NIST IR (Interagency or Internal Reports) Publications:

NIST IR 7289 – Glossary of Internet Security Terms (Release 2)

NIST IR 7621, Small Business Information Security

National Initiative for Cybersecurity Education:

Cybercrime Case Studies: (Brian Krebs on Security

National Cyber Security Alliance for small business and home users:
(includes Stop Think.Connect)

Federal Trade Commission – Identity Theft Information

Internet Crime Complaint Center

Tuesday, March 10, 2015

Cyber Security Notes - Part 4

Leading Companies in Cyber Security Field:

Citadel Information Group – Stan Stahl

Information Security Library 

FireEye assessment report – The Current State of Cyber Security

FireEye’s Mandiant division, one of the world's leading cybersecurity firms

Kennedy Consulting and Research Associates:Cyber Security Consulting 2013.


The Monterey Group

Mindpoint Group

Booz Allen Hamilton

CSC: Computer Sciences Corporation.

AllClear ID ( to protect your identity

Free credit monitoring from Credit Karma ( and Credit Sesame (

MarketWatch top 20 Cyber Security firms:

The leading companies are:

- BAE Systems PLC
- The Boeing Company
- Booz Allen Hamilton Inc.
- Cisco Systems Inc.
- Computer Sciences Corporation (CSC)
- Dell Inc
- Finmeccanica SpA
- General Dynamics Corporation
- Hewlett Packard Company
- International Business Machines Corporation (IBM)
- Intel Corporation
- Kaspersky Lab
- L-3 Communications Holdings
- Leidos
- Lockheed Martin Corporation
- Northrop Grumman Corporation
- Raytheon Company
- Symantec Corporation&
- Thales Group
- Trend Micro Inc.

Cyber Security Notes - Part 3

“NACD Cyber-Risk Oversight Handbook” – June 2014

“NACD Advisory Council on Risk Oversight Summary of Proceedings” (Sept 18, 2014)

NACD and ISACA also produced a multi-part webinar titled “The Intersection of Technology, Strategy, and Risk.” May 2014

ISACA (previously the Information Systems Audit and Control Association) an independent, nonprofit, global association engaged in the development, adoption and use of globally accepted, industry-leading knowledge and practices for information systems

COBIT 5 (Control Objectives for Information and Related Technology, the only business framework for the governance and management of enterprise IT; the product of a global task force and development team from ISACA

ISSA (Information Systems Security Association) the community of choice for international cybersecurity professionals dedicated to advancing individual growth, managing technology risk and protecting critical information and infrastructure.

Patricia A. Oelrich published an article on “Benefits for the Board of Conducting a Cybersecurity Audit” in Directors and Boards, 4th Quarter 2014

“Private sector largely ignorant of cyber threat,” Center for Strategic & International Studies (CSIS) January 9, 2015

“Technology-Ignorant Boards Are Costing Shareholders Billions: What Should Boards Do Differently?” by Richard LeBlanc, Huffington Post December 9, 2014

“Three Boardroom Questions Every Cybersecurity Entrepreneur Must Answer” by Ted Schlein, general partner with Kleiner Perkins Caufield & Byers January 6, 2015 Forbes

PricewaterhouseCoopers produced a report, “Directors and IT: What Works Best (A user-friendly board guide for effective information technology oversight).”

PricewaterhouseCoopers – “Managing Cyber Risks in an Interconnected World:
Key findings from the Global State of Information Security Survey 2015”
September 30, 2014

“Boards of Directors, Corporate Governance, and Cyber-Risks: Sharpening the Focus”
by Commissioner Luis A. Aguilar June 10, 2014

Deloitte – COSO Framework Overview – June 2014

“10 Steps to Cyber Security: Executive Companion” from The Cyber Security Guidance for Business," produced by CESG (the Information Security arm of GCHQ), the Department for Business Innovation and Skills (BIS) and the Centre for the Protection of National Infrastructure (CPNI) updated January 14, 2014.

The guidance includes:
Cyber Risk Management – A Board Level Responsibility

10 Steps to Cyber Security – Executive Companion

10 Steps to Cyber Security Guidance Sheets:

Cyber Security Notes - Part 2

The Cyber Intelligence Sharing and Protection Act (CISPA H.R. 3523 (112th Congress), H.R. 624(113th Congress)) is a proposed law in the United States which would allow for the sharing of Internet traffic information between the U.S. government and technology and manufacturing companies. The stated aim of the bill is to help the U.S. government investigate cyber threats and ensure the security of networks against cyberattacks.

“Stopping the Next Cyberassault: Congress needs to expand private-sector access to classified intelligence about threats” by Congressman Mike Rogers (R-MI), WSJ December 25, 2014

“Debating the NSA, Espionage and Hackers with Congressman Mike Rogers
A Frank Look at the World Today with Congressman Mike Rogers”
by Lynn Mattice, Security Magazine, October 1, 2013

“North Korean Attack on Sony Could Have Been Prevented”
Lynn Mattice Managing Director, Mattice & Associates

Cyber Security Notes - Part 1

Cyber Threat Intelligence Integration Center, February 25, 2015

“President Obama directed the Director of National Intelligence (DNI) to establish the Cyber Threat Intelligence Integration Center (CTIIC) to serve as a national intelligence center focused on “connecting the dots” regarding malicious foreign cyber threats to the nation and cyber incidents affecting U.S. national interests, and on providing all-source analysis of threats to U.S. policymakers.  The CTIIC will also assist relevant departments and agencies in their efforts to identify, investigate, and mitigate those threats.”

Facebook ThreatExchange: February 11, 2015

“Facebook established a social platform for security professionals to exchange information about cyberthreats with greater ease. The concept is that researchers and professionals can learn from each other, and help keep everyone's systems safer.”

“The Emergence of Cybersecurity Law” prepared for the Indiana University Maurer School of Law by Hanover Research | February 2015

“This paper examines cyberlaw as a growing field of legal practice and the roles that lawyers play in helping companies respond to cybersecurity threats. Drawing on interviews with lawyers, consultants, and academics knowledgeable in the intersection of law and cybersecurity, as well as a survey of lawyers working in general counsel’s offices, this study examines the broader context of cybersecurity, the current legal framework for data security and related issues, and the ways in which lawyers learn about and involve themselves in cybersecurity issues.”

Team8: Israeli ex-military elite form cyber security hub to combat corporate hackers -

“A group of veterans of Unit 8200, the Israeli military’s elite intelligence corps, has launched a “cyber security foundry” to help new companies in the expanding industry, with seed money from foreign investors including a fund backed by Eric Schmidt, Google’s executive chairman. Team 8, which described itself as a “start-up for start-ups”, announced its launch in Tel Aviv on Tuesday with $18m of investment from Cisco Investments, Market LLC, Bessemer Venture Partners and Innovation Endeavors, Mr Schmidt’s venture capital fund.”

Israel's Team8 attracts investment for cyber security firms