Information Security and Business Continuity

Information Security and Business Continuity

UK - NCSC

National Cyber Security Centre (NCSC) - https://www.ncsc.gov.uk

All Topics - https://www.ncsc.gov.uk/section/advice-guidance/all-topics

Risk Management Guidance - https://www.ncsc.gov.uk/collection/risk-management-collection

Weekly Threat Report - https://www.ncsc.gov.uk/section/keep-up-to-date/threat-reports

Cyber Assessment Framework (CAF) {Applies UK Regulations that implement EU NIS Directive} - https://www.ncsc.gov.uk/collection/caf

Cyber Essentials - https://www.ncsc.gov.uk/cyberessentials

Best Practice for the Construction Sector - https://www.ncsc.gov.uk/blog-post/information-security-best-practice-for-the-construction-sector

Best Practice for Construction - Joint Ventures PDF - https://www.ncsc.gov.uk/files/Joint-ventures-in-the-Construction-Sector-guidance.pdf

UK (Non-Commercial)

Chartered Institute of Information Security (CIISec) [formerly Institute of Information Security Professionals (IISP)] - https://www.ciisec.org

The Business Continuity Institute (BCI) - https://www.thebci.org

Cyber Security Body of Knowledge (CyBOK) - https://www.cybok.org

CREST - https://www.crest-approved.org

UK (Commercial)

Cybersec Innovation Partners (CIP) - https://www.cybersecip.com

Cloudflare - https://www.cloudflare.com

USA - NIST

National Institute of Standards and Technology (NIST) - https://www.nist.gov

NIST - Computer Security Resource Centre (CSRC) - Publications - https://csrc.nist.gov/publications

NIST - Cybersecurity Framework [Programme Security Framework] - https://www.nist.gov/cyberframework

NIST - Cybersecurity Framework - Revision 2.0 - https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.29.pdf

NIST - Risk Management Framework - https://csrc.nist.gov/projects/risk-management/rmf-overview

NIST - Risk Management Framework (RMF) - Revision 2 - 2018-12-20 - https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-37r2.pdf

NIST - Secure Software Developement Framework - https://csrc.nist.gov/Projects/ssdf

USA

(ISC)2 - https://www.isc2.org

ISACA - https://www.isaca.org

SANS - https://www.sans.org

Cloud Security Alliance (CSA) - https://cloudsecurityalliance.org

Institute of Electrical and Electronics Engineers (IEEE) - https://www.ieee.org

IEEE Computer Society - https://www.computer.org

National Security Agency (NSA) - Cybersecurity Advisories & Guidance - https://www.nsa.gov/Press-Room/Cybersecurity-Advisories-Guidance

NSA Cybersecurity Technical Report - Network Infrstructure Security Guidance

Software Engineering Body of Knowledge (SWEBOK) - https://www.computer.org/education/bodies-of-knowledge/software-engineering

Association for Computing Machinery (ACM) - https://www.acm.org

Krebs on Security - https://krebsonsecurity.com

PCI Security Standards Council [PCI-DSS and PA-DSS] - https://www.pcisecuritystandards.org

Germany - BSI

BSI (Bundesamt für Sicherheit in der Informationstechnik) - https://www.bsi.bund.de

Germany - BSI - Deutsch

IT-Grundschutz - https://www.bsi.bund.de/grundschutz

Leitfaden zur Basis-Absicherung nach IT-Grundschutz

IT-Grundschutz-Kompendium - Edition 2021

BSI-Standard 200-1: Managementsysteme für Informationssicherheit (ISMS)

BSI-Standard 200-2: IT-Grundschutz-Methodik

BSI-Standard 200-3: Risikomanagement

BSI-Standard 200-4: Business Continuity Management - Community Draft

BSI-Standard 200-4 Hilfsmittel Bewältigung

BSI-Standard 100-4: Notfallmanagement

Germany - BSI - English

IT-Grundschutz - https://www.bsi.bund.de/EN/Topics/ITGrundschutz/itgrundschutz_node.html

Guide to Basic Protection based on IT-Grundschutz

IT-Grundschutz-Compendium - Edition 2019

BSI Standard 200-1: Information Security Management Systems (ISMS)

BSI-Standard 200-2: IT-Grundschutz-Methodology

BSI-Standard 200-3: Risk Analysis based on IT-Grundschutz

Europe

European Union Agency for Cybersecurity (ENISA) - https://www.enisa.europa.eu

Publications - https://www.enisa.europa.eu/publications

Trust Services - https://www.enisa.europa.eu/topics/trust-services

Australia

Australian Signals Directorate (ASD) - https://www.asd.gov.au

Australian Cyber Security Centre (ACSC) - https://www.cyber.gov.au

Information Security Manual (ISM) - https://www.cyber.gov.au/ism

New Zealand

Government Communications Security Bureau (GCSB) - https://www.gcsb.govt.nz

NZ Information Security Manual - https://www.gcsb.govt.nz/publications/the-nz-information-security-manual

NZ Information Security Manual - https://www.nzism.gcsb.govt.nz

NZ Information Security Manual - https://www.nzism.gcsb.govt.nz/ism-document

Canada

Communications Security Establishment (CSE) - https://www.cse-cst.gc.ca

National Association of Corporate Directors (NACD), American International Group, Inc. (AIG) and Internet Security Alliance (ISA)

National Association of Corporate Directors (NACD) - https://www.nacdonline.org

American International Group, Inc. (AIG) - https://www.aig.com

The Internet Security Alliance (ISA) - https://isalliance.org

Cyber-Risk Oversight Executive Summary (2014) - https://www.nacdonline.org/files/NACD Cyber-Risk Oversight Executive Summary.pdf

Cyber-Risk Oversight (2017) - https://regents.universityofcalifornia.edu/regmeet/july18/b4attach1.pdf

Managing Cyber Risk (for UK) - https://www.aig.co.uk/content/dam/aig/emea/united-kingdom/documents/Insights/cyberrisk-directors-handbook.pdf

Security Utilities

ProtonMail (Secure email) - https://protonmail.com

DuckDuckGo (Private search engine and tracker blocker) - https://duckduckgo.com

Have I Been Pwned (Check if an email or phone is compromised by data breaches) - https://haveibeenpwned.com

Privacy by Design

Privacy by Design - http://www.privacybydesign.ca

Privacy by Design - The 7 Foundational Principles - http://www.privacybydesign.ca/index.php/about-pbd/7-foundational-principles

Data Protection Industries - https://dataprotection.industries

Privacy by Design - https://dataprotection.industries/index.php/privacy-by-design

Privacy by Design - The 7 Foundational Principles (PDF) - http://dataprotection.industries/wp-content/uploads/2017/10/7foundationalprinciples.pdf

Privacy by Design - The 7 Foundational Principles (PDF) - http://dataprotection.industries/wp-content/uploads/2017/10/privacy-by-design.pdf

International Association of Privacy Professionals - https://iapp.org

Privacy by Design - The 7 Foundational Principles - https://iapp.org/resources/article/privacy-by-design-the-7-foundational-principles

Privacy by Design - The 7 Foundational Principles (PDF) - https://iapp.org/media/pdf/resource_center/pbd_implement_7found_principles.pdf

Information and Privacy Commissioner of Ontario - https://www.ipc.on.ca

Privacy by Design - The 7 Foundational Principles (PDF) - https://www.ipc.on.ca/wp-content/uploads/2018/01/pbd.pdf