Getting started with well-know standards, frameworks and best practices
🇺🇸 NIST Publications
NIST Special Publication (SP) 800-61 Rev. 2, Computer Security Incident Handling Guide
Computer security incident response has become an important component of information technology (IT) programs. Because performing incident response effectively is a complex undertaking, establishing a successful incident response capability requires substantial planning and resources. This publication assists organizations in establishing computer security incident response capabilities and handling incidents efficiently and effectively.
Even the best information security infrastructure cannot guarantee that intrusions or other malicious acts will not happen. When computer security incidents occur, it is critical for an organization to have an effective means of managing and responding to them.
NICE Cybersecurity Workforce Framework
The .gov means it's official. Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you're on a federal government site. The site is secure. The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.
Le nouveau référentiel PRIS pour les prestataires de réponse aux incidents de sécurité est maintenant disponible
L'ANSSI publie la version mise à jour du référentiel d'exigences applicables aux prestataires de réponse aux incidents de sécurité (PRIS). Ce référentiel couvre des exigences relatives au PRIS, à son personnel ainsi qu'au déroulement de ces prestations. La qualification peut être délivrée pour les activités de pilotage technique, d'analyse système, d'analyse réseau et de codes malveillants.
Download ETSI ICT Standards for free
Breach Scenarios & Response
This account tweets fictional or headline inspired breach scenarios.
Ryan McGeehan - Medium
I've been helping a few security engineering organizations in the Bay Area experiment with quantifiable risk modeling approaches that use clear language. We're doing this to subject security teams to better measurement beyond (or in addition to) compliance, checklists, grades, color coding, or maturity models.
Learning From A Year of Security Breaches
This year (2016) I accepted as much incident response work as I could. I spent about 300 hours responding to security incidents and data breaches this year as a consultant or volunteer. This included hands on work with an in-progress breach, or coordinating a response with victim engineering teams and incident responders.
Reporting on threats and incidents
How You Can Write Better Threat Reports
Writing about cybersecurity threats, such as phishing campaigns, malware infections, and attack groups, is challenging for many reasons. How should you decide what details to include? How can you persuade the readers that your analysis is sound? How might you address the needs of multiple audiences?
Graphing MITRE ATT&CK via Bloodhound
I honestly can't take credit any for any of this though, it has all been created by some well respected friends. SadProcessor has created a couple of great PowerShell modules that amongst a lot of other features allows you to add the MITRE ATT&CK dataset to Neo4j, which in turn can then be visualised by Bloodhound.