Information is power, and staying informed about the latest cybersecurity threats and mitigation techniques is crucial for protecting your organization.
This article looks at key agencies and organizations offering an array of free resources and guidance to help you stay informed of the latest threats, implement best practices, and strengthen your cybersecurity approach.
Cybersecurity & Infrastructure Security Agency (CISA)
CISA offers a variety of resources to help you decrease cybersecurity risks and protect yourself and your organization online, including:
- Cybersecurity Resources — a list of CISA’s resource offerings.
- Free Cybersecurity Services and Tools — a list of CISA services, widely used open source tools, and more.
- Cybersecurity Training and Exercises — access to CISA’s cybersecurity training and workforce development efforts.
- Shields Up — information and updates for dealing with known cyber attacks.
CVE’s mission is to identify, define, and catalog publicly disclosed cybersecurity vulnerabilities. CVE (which stands for Common Vulnerabilities and Exposures) maintains a public record for every vulnerability, containing an identification number and a description, along with other information. CVE records are accessible via download or search. (Note that the CVE website is in transition, with some features still hosted on its previous site.)
European Union Agency for Cybersecurity (ENISA)
ENISA is “dedicated to achieving a high common level of cybersecurity across Europe.” Resources include:
- Publications, such as the recently published report: Securing EU’s Institutions, Bodies, and Agencies. The recommendations in this report “come at a timely moment, as cyber threats are increasing and discussions about cyber preparedness are taking place across numerous EU communities.”
- Tools, such as the National Cybersecurity Assessment Framework (NCAF) Tool.
- Events, such as the upcoming certification conference, workshops, and challenges.
GCA Cybersecurity Toolkit
The Global Cyber Alliance (GCA) Cybersecurity Toolkit provides free and effective tools to help organizations of all sizes reduce their cyber risk. Specialized toolkits include:
MITRE ATT&CK and D3FEND
The ATT&CK and D3FEND knowledge databases from MITRE provide comprehensive IT security information to help you better understand and mitigate cybersecurity attacks.
- MITRE ATT&CK is a globally accessible knowledge base of adversary tactics and techniques. This knowledge is used for development of specific threat models and methodologies.
- MITRE D3FEND provides an extensive knowledge graph (or matrix) of cybersecurity countermeasures, which defines key concepts in the countermeasure domain and shows the relationships between those concepts.
National Institute of Standards and Technology (NIST)
NIST provides a range of resources and services dealing with measurements, standards, and regulatory practices in various fields, including setting official U.S. time, developing standard reference data for the sciences, and offering guidance for improving the nation’s cybersecurity. NIST also produces cybersecurity-related publications and resources, including:
- Cybersecurity Framework — This document (translated into several languages) “consists of standards, guidelines, and practices to promote the protection of critical infrastructure.” It offers a “prioritized, flexible, repeatable, and cost-effective approach” to help organizations manage cybersecurity-related risk.
- Definition of Critical Software
- Software Supply Chain Security Guidance
National Security Agency (NSA)
The NSA “leverages its elite technical capability to develop advisories and guidance on evolving cybersecurity threats.” As part of its mission to advance the state of cybersecurity, the agency offers security-related publications and technical reports, outlining best practices and guidelines, including:
- Cisco Password Types: Best Practices
- Kubernetes Hardening Guide
- Network Infrastructure Security Guidance
- Cybersecurity Learning Hub from World Economic Forum
- Getting Started in Cybersecurity from FOSSlife
- GitHub Advisory Database
- Job Outlook for Cybersecurity Professionals from FOSSlife
- OSS Vulnerability Guide from OpenSSF
- SANS Cybersecurity Training
- Your Guide to the NIST Cybersecurity Framework from Tripwire