2019 New York SHIELD Act
Relates to notification of a security breach; includes credit and debit cards; increases civil penalties.
AICPA Cybersecurity/Information Security
Breaking news stories about malware attacks, scams, hacks and identity theft have become commonplace in today’s headlines. Cybersecurity threats are escalating, unnerving the boards of directors, managers, investors and other stakeholders of public and private organizations of all sizes. These organizations are under increasing pressure to demonstrate that they are managing threats and have effective processes and controls in place to detect, respond to, mitigate and recover from security incidences.
American Council for Technology-Industry Advisory Council (ACT-IAC)
The American Council for Technology-Industry Advisory Council (ACT-IAC) is a 501(c)3 non-profit educational organization established to improve government through the effective and innovative application of technology. ACT-IAC provides an objective, trusted and ethical forum where government and industry executives can communicate, collaborate and learn. ACT-IAC is the premier public-private partnership in the government technology community and has been called “an example of how government and industry can work to
Anti-Phishing Working Group
APWG is the international coalition unifying the global response to cybercrime across industry, government and law-enforcement sectors and NGO communities.
California Consumer Privacy Act (CCPA)
The California Consumer Privacy Act (CCPA), enacted in 2018, creates new consumer rights relating to the access to, deletion of, and sharing of personal information that is collected by businesses. It also requires the Attorney General to solicit broad public participation and adopt regulations to further the CCPA’s purposes. The proposed regulations would establish procedures to facilitate consumers’ new rights under the CCPA and provide guidance to businesses for how to comply.
Center for Internet Security, Inc.
CIS® (Center for Internet Security, Inc.) is a forward-thinking, non-profit entity that harnesses the power of a global IT community to safeguard private and public organizations against cyber threats.
CISA's Automated Indicator Sharing (AIS)
Automated Indicator Sharing (AIS), a Cybersecurity and Infrastructure Security Agency (CISA) capability, enables the real-time exchange of machine-readable cyber threat indicators and defensive measures to help protect participants of the AIS community and ultimately reduce the prevalence of cyberattacks. The AIS community includes private sector entities; federal departments and agencies; state, local, tribal, and territorial (SLTT) governments; information sharing and analysis centers (ISACs) and information sharing and analysis organizations (ISAOs); and foreign partners and companies. AIS is offered at no cost to participants as part of CISA’s mission to work with our public and private sector partners to identify and help mitigate cyber threats through information sharing and provide technical assistance, upon request, that helps prevent, detect, and respond to incidents.
Critical Infrastructure Sectors
There are 16 critical infrastructure sectors whose assets, systems, and networks, whether physical or virtual, are considered so vital to the United States that their incapacitation or destruction would have a debilitating effect on security, national economic security, national public health or safety, or any combination thereof. Presidential Policy Directive 21 (PPD-21): Critical Infrastructure Security and Resilience advances a national policy to strengthen and maintain secure, functioning, and resilient critical infrastructure. This directive supersedes Homeland Security Presidential Directive 7.
Department of Defense Cyber Crime Center
The DoD Cyber Crime Center (DC3) provides digital and multimedia (D/MM) forensics, specialized cyber training, technical solutions development, and cyber analytics for the following DoD mission areas: cybersecurity (CS) and critical infrastructure protection (CIP); law enforcement and counterintelligence (LE/CI); document and media exploitation (DOMEX), counterterrorism (CT) and safety inquiries. DC3 is designated as a federal cyber center by National Security Presidential Directive 54/Homeland Security Presidential Directive 23, as a DoD center of excellence for D/MM forensics by DoD Directive 5505.13E, and serves as the operational focal point for DoD’s Defense Industrial Base Cybersecurity Program (DIB CS Program; 32 CFR Part 236). DC3 delivers capability with a team comprised of Department of the Air Force civilians, Air Force and Navy military personnel, and contractors for specialized support.
Federal Information Security Modernization Act
The Federal Information Security Modernization Act of 2014 (FISMA 2014) updates the Federal Government’s cybersecurity practices by:
- Codifying Department of Homeland Security (DHS) authority to administer the implementation of information security policies for non-national security federal Executive Branch systems, including providing technical assistance and deploying technologies to such systems;
- Amending and clarifying the Office of Management and Budget’s (OMB) oversight authority over federal agency information security practices; and by
- Requiring OMB to amend or revise OMB A-130 to “eliminate inefficient and wasteful reporting.”
GCA Cybersecurity ToolKit for Small Businesses
The Global Cyber Alliance (GCA) has built this toolkit for small to medium-sized businesses to address the Center for Internet Security Controls (CIS Controls) which will enable business owners to significantly reduce the cyber risks they face every day.
Gramm-Leach-Bliley Act (GLBA)
The Gramm-Leach-Bliley Act requires financial institutions – companies that offer consumers financial products or services like loans, financial or investment advice, or insurance – to explain their information-sharing practices to their customers and to safeguard sensitive data.
Hoax-Slayer
The goal of the Hoax-Slayer Website is to help make the Internet a safer, more pleasant and more productive environment by:
- Debunking email and Internet hoaxes
- Thwarting Internet scammers
- Educating web users about email and Internet security issues
- Combating spam
Information Sharing and Analysis Organizations (ISAOS)
America’s cyber adversaries move with speed and stealth. To keep pace, all types of organizations, including those beyond traditional critical infrastructure sectors, need to be able to share and respond to cyber risk in as close to real-time as possible. Organizations engaged in information sharing related to cybersecurity risks and incidents play an invaluable role in the collective cybersecurity of the United States. However, many companies have found it challenging to develop effective information sharing organizations—or Information Sharing and Analysis Organizations (ISAOs). In response, President Obama issued the 2015 Executive Order 13691 directing the Department of Homeland Security (DHS) to encourage the development of ISAOs.
International Organization for Standardization
ISO is an independent, non-governmental international organization with a membership of 164 national standards bodies.
Through its members, it brings together experts to share knowledge and develop voluntary, consensus-based, market relevant International Standards that support innovation and provide solutions to global challenges.
NERC Critical Infrastructure Protection Standards (NERC CIP Standards)
The North American Electric Reliability Corporation (NERC) is a not-for-profit international regulatory authority whose mission is to assure the effective and efficient reduction of risks to the reliability and security of the grid. NERC develops and enforces Reliability Standards; annually assesses seasonal and long‐term reliability; monitors the bulk power system through system awareness; and educates, trains, and certifies industry personnel. NERC’s area of responsibility spans the continental United States, Canada, and the northern portion of Baja California, Mexico. NERC is the Electric Reliability Organization (ERO) for North America, subject to oversight by the Federal Energy Regulatory Commission (FERC) and governmental authorities in Canada. NERC’s jurisdiction includes users, owners, and operators of the bulk power system, which serves more than 400 million people.
OASIS Cyber Threat Intelligence (CTI) TC
The OASIS Cyber Threat Intelligence (CTI) TC supports automated information sharing for cybersecurity situational awareness, real-time network defense, and sophisticated threat analysis.
Ohio Breach Law
Private disclosure of security breach of computerized personal information data.
Open Threat Exchange
OTX provides open access to a global community of threat researchers and security professionals. It now has more than 100,000 participants in 140 countries, who contribute over 19 million threat indicators daily. It delivers community-generated threat data, enables collaborative research, and automates the process of updating your security infrastructure with threat data from any source. OTX enables anyone in the security community to actively discuss, research, validate, and share the latest threat data, trends, and techniques, strengthening your defenses while helping others do the same.
RFC Editor
The RFC series (ISSN 2070-1721) was originated in 1969 by Steve Crocker of UCLA, to organize the working notes of the new ARPAnet research program. For 28 years, this RFC series was managed and edited by the Internet pioneer Jon Postel. For the history of the series, see “30 Years of RFCs“, “40 Years of RFCs“, and “Fifty Years of RFCs“.
RFC Editor operations were funded by the Defense Advanced Research Projects Agency (DARPA) of the US government until 1998. From 1998-2018, the RFC Editor was funded by a contract with the Internet Society, to continue to edit, publish, and catalog RFCs. The RFC Editor was a project at the USC Information Sciences Institute in Marina del Rey, California, through 2009. Currently, the RFC Production Center and Publisher functions are provided by Association Management Solutions, LLC (AMS) under contract with the IETF Administration LLC (IETF LLC).
SENKI Open Source Threat Intelligence Feeds
SENKI is the indomitable spirit in Japanese (it can also be referred to war spirit). SENKI is the personal Blog space of Barry Raveendran Greene. I use it to share views and thoughts on areas of my work related to the scaling of the Internet. The theme and topics are around scaling (people and the Internet) and the impact of a totally interconnected humanity (what we call security). In 1989 I signed on to the Internet’s Quest of “connecting everything and everyone while everything is moving.” Every job role and position I’ve taken on has been to promote that Internet Quest. I have faith that the interconnection of people in all parts of the world, in all languages, in all economics classes, and all age groups are and will continue to have an unforeseen transformation of humanity. That means the big issues we have are scale and the impact of massively interconnected humanity (i.e. what we call security).
Stay Safe Online - Cybersecure My Business
The National Cyber Security Alliance’s (NCSA’s) CyberSecure My Business™ is a national program helping small and medium-sized businesses (SMBs) learn to be safer and more secure online.
The Family Educational Rights and Privacy Act of 1974 (FERPA)
The Family Educational Rights and Privacy Act (FERPA) (20 U.S.C. § 1232g; 34 CFR Part 99) is a Federal law that protects the privacy of student education records. The law applies to all schools that receive funds under an applicable program of the U.S. Department of Education.
The Federal Risk and Authorization Management Program (FedRAMP)
FedRAMP simplifies security for the digital age by providing a standardized approach to security for the cloud.
FedRAMP facilitates the shift from insecure, tethered, tedious IT to secure, mobile, nimble, and quick IT.
The FedRAMP Program Management Office (PMO) mission is to promote the adoption of secure cloud services across the Federal Government by providing a standardized approach to security and risk assessment.
The Spamhaus Project
The Spamhaus Project is an international nonprofit organization that tracks spam and related cyber threats such as phishing, malware and botnets, provides realtime actionable and highly accurate threat intelligence to the Internet’s major networks, corporations and security vendors, and works with law enforcement agencies to identify and pursue spam and malware sources worldwide.
Threatfeeds
Threatfeeds.io hosts a list of open source threat intelligence feeds, with details of when they were added and modified, who maintains them, and other useful information.
VirusShare
VirusShare contains details about malware uploaded to VirusTool