This is a selection of cybersecurity best practices and resources. It is by no means an exhaustive compilation but rather intended to provide starting points to learn more about these items.
Vendor/Product Security
- OS X Security Configuration Guides
- Security-Announce Mailing List (also available via RSS)
- Apple’s Product Security PGP Key for the responsible disclosure of security bugs
Microsoft Safety & Security Center
- This project provides documentation, tutorials, and developer information.
- Linux Kernel Archives
- Provides guidance for system and network configuration, media handling, electronic emissions (TEMPEST), and trusted computing.
- Forum of Incident Response and Security Teams
- FIRST provides a collection of best practices for incident response.
- National Institute of Standards and Technology
- National Institute of Standards and Technology’s (NIST’s) National Cybersecurity FFRDC (UMBC is a co-founder)
Secure Software Engineering
MSDN Security Development Center
- Security Development Lifecycle
- Microsoft’s Patterns and Practices for Security
- Security Engineering Guidelines
Safe Online Experience
Department of Homeland Security
- Stop. Think. Connect. Initiative for managing your identity online.
- The National Cyber Security Alliance website educating people, businesses, and children on safe online practices.
- The Federal Trade Commission website for a safe online experience.
Cybersecurity Competitions
There are competitions and CTFs being launched and run all the time. Google to find ones in your area! But here are few…
- Mid-Atlantic Collegiate Cyber Defense Competition (CCDC) (UMBC won the national CCDC in 2017!)
- DOE CYBERFORCE (UMBC won national CYBERFORCE in 2019!)
- Defcon CTF
- PicoCTF
- UMBC DawgCTF (CTF hosted by UMBC’s CyberDawgs)
- AFA CyberPatriot (for K-12)
Personal Computing
Security Certifications & Training
- DoD Directive 8140.01 Cyberspace Workforce Management
- Reissues and renumbers DoD Directive (DoDD) 8570.01 to update and expand established DoD policies and assigned responsibilities for managing the DoD cyberspace workforce. The directive unifies the overall cyberspace workforce and establishes specific workforce elements (cyberspace effects, cybersecurity, and cyberspace information technology (IT)) to align, manage and standardize cyberspace work roles, baseline qualifications, and training requirements.
- UMBC Training Centers Cybersecurity Academy
- National Information Assurance Training and Education Center
- CERT Coordination Center
- Information Systems Audit and Control Association (ISACA)
- International Information System Security Certification Consortium (ISC2)
- EC-Council
- SANS (SysAdmin, Audit, Network, Security) Institute