- National Initiative for Cybersecurity Education and DHS jointly developed the Cybersecurity Workforce Framework. It is a great way to explore the many specialty areas in cybersecurity as well as the Knowledge, Skills, and Abilities (KSAs) associated with them. View the interactive page at: https://niccs.us-cert.gov/training/framework
- A lot of other resources also appear on the NICCS site: https://niccs.us-cert.gov/
Security Training and Free Certification Preparation Material for Active Government Employees, members of the military, and US Veterans
- If you are a current government employee or member of the military, please visit: https://fedvte.usalearning.gov/
- If you are a US veteran, please visit: https://hireourheroes.org/veterans-training/
- Competitions are a great way to learn and practice your defense and offense cybersecurity skills. And they are lots of fun! Visit: https://www.cybercompex.org/ for a compilation of various competitions and learning platforms.
- NICE-Challenge (instructors in UMSL courses will provide you with more information in class): https://www.nice-challenge.com/
Scholarship Opportunities for Students
Security Resources for the Community
- OnGuardOnline.gov - a great resource for learning about online safety managed by the United States Federal Trace Commission
- They also have a good collection of short videos
- StaySafeOnline (an initiative by the National Cyber Security Alliance) (some quick resources to get the most basics and these are great to pass along to friends, family, and community. Also check out the glossary page.
- STOP | THINK | CONNECT - is a global cybersecurity awareness campaign
- Google's Safety Center, tips and resources
- Microsoft Safety & Security Center, a wealth of guides and resources
- Privacy Rights Clearinghouse, a great place to understand your privacy rights, learn about the various policy issues, and search for data breaches that may have affected you. As information security is inherently tied to privacy (at least in the sense of ensuring confidentiality of data), it is great we have resources such as this to help make sense of the complexity.
Security Resources for Businesses (particularly relevant for small/medium size businesses)
- Start with Security: A Guide for Business: An excellent guide, particularly for small businesses on how to think about and incorporate security into the business to protect both the customers and the business itself.
- Integrating the NIST Cybersecurity Framework into the business security efforts. Following the NIST Cybersecurity Framework is also a plus in terms of your business meeting guidelines from the Federal Trade Comission (FTC)
- FTC's online tutorial for training employees on security issues (unfortunately requires a Flash plugin)
- Guide to protecting personal information of customers and other stakeholders
- Guide on how to respond to Data Breaches
- United States Computer Emergency Readiness Team (US-CERT). Also see the "Related Resources" section for a long list of extremely useful links.
- National Institute of Standards and Technology (NIST) - Computer Security Division, a great resource for guidance on both the management and technical aspects of information security within organizations -- a "must know" site for InfoSec professionals and business managers
- National Initiative for Cybersecurity Careers and Studies (NICCS) (this is a work in progress but check often for internship/scholarship opportunities as well as learning resources)
- National Vulnerability Database, a US Government repository of standards based vulnerability management data
Not-for-profit / Government Sponsored Sites:
- Common Weakness Enumeration (CWE) a project sponsored by the Department of Homeland Security and MITRE. It categorizes vulnerabilities in software.
- Information Systems Security Association (ISSA): is a not-for-profit, membership based, international organization of information security professionals and practitioners.
- Center for Internet Security: a 501c3 nonprofit organization focused on enhancing the cyber security readiness and response of public and private sector entities, with a commitment to excellence through collaboration.
Web Application Security (broadly Software Security and Assurance):
- 2011 CWE/SANS Top 25 Most Dangerous Software Errors
- OWASP Home page. Pay special attention to: https://www.owasp.org/index.php/Top_10_2013Table_of_Contents (and of course look at the Top 10 list itself)
- Google's Application Security Resources, great introduction to top issues in web applications
- HTML 5 Security Cheat Sheet - With the increasing use of HTML 5 and related technologies, this site is a must know for web application developers.
- Microsoft's Security Development Lifecycle (SDL): The SDL is a software development process that helps developers build more secure software, address security compliance requirements, and reduce development costs.
- OpenSAMM: Software Assurance Maturity Model (SAMM): open framework to help organizations formulate and implement a strategy for software security that is tailored to the specific risks facing the organization
- The Software Assurance Forum for Excellence in Code (SAFECode): SAFECode is a global, industry-led effort to identify and promote best practices for developing and delivering more secure and reliable software, hardware and services. They have good introductory videos on a variety of software security issues. Highly recommended.
General Security Sites / Blogs / Mailing Lists
- CSO Online, news and analysis on security and risk management
- DarkReading by Information Week
- KrebsOnSecurity, a great blog with some really interesting information. Be sure to check out the "How to break into security" series...http://krebsonsecurity.com/category/how-to-break-into-security/.
- SecurityFocus.com: A range of mailing lists one may subscribe to. Some are introductory and some rather technical.
- SecurityIntelligence.com: Analysis and Insight for Information Security Professionals - This is an IBM site.
Data Breach Reports and Resources
- Verizon's Annual Data Breach Investigations Report. Also, see their VERIS initiative.
- DATALOSSdb, an initiative of the open security foundation
- A list of Security Breach Notification Laws by state