Reference Link Library
Providing What You Need
Major Industry Websites
Government Resources
Cybersecurity News
Cybersecurity Tools
Certification and Training
Cryptography
Illustration of the idea behind Diffie-Hellman key Exchange
Twofish: A 128-Bit Block Cipher
Description of a New Variable-Length Key, 64-Bit Block Cipher (Blowfish)
A Performance Comparison of the Five AES Finalists
​
Security Architecture
https://sabsa.org/sabsa-executive-summary/
https://sabsa.org/wp-content/uploads/SABSA_Key_Features_Advantages_Benefits.png
https://sabsa.org/leadership-governance/
https://sabsa.org/white-paper-requests/
Operational Policy
Apgar and Associates, LLC. (2014, Dec). Mobile Device Use Policy & Procedure Overview Retrieved
from Apgar & Associates: https://aishealth.com/sites/all/files/mobiledeviceusepolicy.pdf
​
Bank Holding Company Act. (n.d.). Retrieved from FFIEC:
https://www.ffiec.gov/exam/InfoBase/documents/02-con-4_k_bank_holding_comp_act-991112.pdf
​
Bitdefender Business. (2018). Detect Advanced Persistent Threats. Retrieved from Bitdefender:
https://www.bitdefender.com/business/usecases/advance-persistent-threats.html
​
California Department of Insurance. (2003, July 1). Privacy of Nonpublic Personal Information. Retrieved from
California Department of Insurance: https://www.insurance.ca.gov/0250-insurers/0500-legal-info/0500-gen-legal-info/privacy-of-nonpublic-personal-info.cfm
Chapman University. (2011, May 9). Mobile Computing Device Standard. Retrieved from Chapman University:
​
HIPAA JOURNAL. (2015). Mobile Data Security and HIPAA Compliance. Retrieved from HIPAA JOURNAL:
https://www.hipaajournal.com/mobile-data-security-and-hipaa-compliance/
Information Classification Policy. (2008, July 9). Retrieved from ISO/IEC 27001:2005 A.7.2.1:
http://www.iso27001security.com/ISO27k_Model_policy_on_information_classification.pdf
Kostadinov, D. (n.d.). Information and Asset Classification. Retrieved from INFOSEC INSTITUTE:
Martino, L. D., Ni, Q., Lin, D., & Bertino, E. (n.d.). Multi-domain and Privacy-aware Role Based Access Control in eHealth.
Retrieved from Purdue University: https://www.cs.purdue.edu/homes/bertino/IIS-eHealth/pervasive.pdf
Ni, Q., Bertino, E., Brodie, C., Karat, C.-M., Karat, J., Lobo, J., & Trombetta, A. (2008). Privacy-aware Role Based Access
Control. Retrieved from Academia: http://www.academia.edu/256269/Privacy-Aware_Role_Based_Access_Control
NIST SP 800-122, Guide to Protecting the Confidentiality of Personally Identifiable Information (PII). (2010, April).
Retrieved from NIST: https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-122.pdf
NIST Special Publication 800-39. (2011, March). Managing Information Security Risk. Gaithersburg, MD.
Office for Civil Rights. (2017, June 16). Covered Entities and Business Associates. Retrieved from HHS.gov: http://www.hhs.gov/ocr/privacy/hipaa/understanding/coveredentities/index.html
Olavsrud, T. (2013, May 29). Signature-Based Endpoint Security on Its Way Out. Retrieved from CIO From IDG:
https://www.cio.com/article/2385459/security0/signature-based-endpoint-security-on-its-way-out.html
​
Proskura, A., & Child, M. (2017, May). Hypervisor Introspection: A Transformative Approach to Advanced Attack
Detection. Retrieved from Bitdefender: https://download.bitdefender.com/resources/media/materials/hypervisor-introspection/en/Bitdefender-Business-2017-Whitepaper-AAD-CEMA42520517.pdf
​
Laws, Regulations and Standards
Krebs, B. (2016, December 14). Yahoo: One Billion More Accounts Hacked. Retrieved from Krebs on Security:
https://krebsonsecurity.com/2016/12/yahoo-one-billion-more-accounts-hacked/
Perlroth, N., & Goel, V. (2016, September 28). Defending Against Hackers Took a Back Seat at Yahoo, Insiders Say. Retrieved
from The New York Times: https://www.nytimes.com/2016/09/29/technology/yahoo-data-breach-hacking.html
Privacy Policies
[1] S. Fischer-Hubner, IT-security and privacy: design and use of privacy enhancing security mechanisms. Springer-Verlag New
York, Inc., 2001
[2] Q. Ni, A. Trombetta, E. Bertino, and J. Lobo, “Privcy aware role based access control,” in SACMAT ’07: Proceedings of the 12th
ACM symposium on Access control models and technologies. New York, NY, USA: ACM Press, 2007.
[3] D. F. Ferraiolo, R. Sandhu, S. Gavrila, D. R. Kuhn, and R. Chandramouli,
“Proposed nist standard for role-based access control,” ACM Trans. Inf. Syst. Secur., vol. 4, no. 3, pp. 224–274, 2001.
[4] Organisation for Economic Co-operation and Development, “Oecd guidelines on the protection of privacy and transborder
flows of personal data of 1980,” available at http://www.oecd.org/.
Bank Holding Company Act. (n.d.). Retrieved from FFIEC: https://www.ffiec.gov/exam/InfoBase/documents/
02-con-4_k_bank_holding_comp_act-991112.pdf
Martino, L. D., Ni, Q., Lin, D., & Bertino, E. (n.d.). Multi-domain and Privacy-aware Role Based Access Control in eHealth. Retrieved
from Purdue University: https://www.cs.purdue.edu/homes/bertino/IIS-eHealth/pervasive.pdf
Ni, Q., Bertino, E., Brodie, C., Karat, C.-M., Karat, J., Lobo, J., & Trombetta, A. (2008). Privacy-aware Role Based Access Control.
Retrieved from Academia: http://www.academia.edu/256269/Privacy-Aware_Role_Based_Access_Control
Information Classification Scheme
Information Classification Policy. (2008, July 9). Retrieved from ISO/IEC 27001:2005 A.7.2.1:
http://www.iso27001security.com/ISO27k_Model_policy_on_information_classification.pdf
​
Kostadinov, D. (n.d.). Information and Asset Classification. Retrieved from INFOSEC INSTITUTE:
NIST SP 800-122, Guide to Protecting the Confidentiality of Personally Identifiable Information (PII). (2010, April). Retrieved from NIST:
https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-122.pdf
Risk Management
​
Risk Management Framework
​
-
CATEGORIZE Information System – FIPS 199 (Standards for Security Categorization of Federal Information and Information Systems)/NIST SP 800-60 (Guide for Mapping Types of Information and Information Systems to Security Categories)
-
SELECT Security Controls – FIPS 200 (Minimum Security Requirements for Federal Information and Information Systems) / NIST SP 800-53 (Security and Privacy Controls for Federal Information Systems and Organizations)
-
IMPLEMENT Security Controls – Many NIST SPs
-
ASSESS Security Controls – NIST SP 53A (Assessing Security and Privacy Controls in Federal Information Systems and Organizations: Building Effective Assessment Plans)
-
AUTHORIZE Information System – SP 800-37 (Guide for Applying the Risk Management Framework to Federal Information Systems: a Security Life Cycle Approach)
-
MONITOR Security State – SP 800-137 (Information Security Continuous Monitoring (ISCM) for Federal Information Systems and Organizations) / NIST SP-53A (Assessing Security and Privacy Controls in Federal Information Systems and Organizations: Building Effective Assessment Plans)
​
Management and Cyber Security
(n.d.). Retrieved from Hall Consulting & Research: http://www.hallcr.com
Buffett, W. (n.d.). BrainyQuote.com. Retrieved 12 5, 2016, from BrainyQuote.com:
https://www.brainyquote.com/citation/quotes/authors/w/warren_buffett.html?ct=Warren+Buffett
​
Communicating Risk Internally. (2014). In G. J. Touhill, & C. J. Touhill, Cybersecurity for Executives (pp. 78-79). Hoboken: John Wiley &
Sons, Inc.
​
NIST SP800-18, Guide for Developing Security Plans for Federal Information Systems. (2006, 2). Retrieved from NIST:
http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-18r1.pdf
​
Prevention is better than cure. (n.d.). Retrieved 12 5, 2016, from Cambridge Dictionary:
http://dictionary.cambridge.org/dictionary/english-chinese-simplified/prevention-is-better-than-cure
​
Rouse, M. (2007, 6). What is enterprise architecture (EA)? Retrieved 12 4, 2016, from TechTarget:
http://searchcio.techtarget.com/definition/enterprise-architecture
​
Sun, T. (1988). The Art of War. (S. B. Griffith, Trans.) Oxford, UK: Oxford University Press.
​
Touhill, G. J., & Touhill, C. J. (2014). Cybersecurity For Executives. Hoboken, New Jersey: John Wiley & Sons, Inc.
​
Web Accessibility Initiative. (2013, 10 1). Retrieved from Worldwide Web Consortium: https://www.w3.org/WAI/
​
Whitman, M. E., & Mattord, H. J. (2010). In M. E. Whitman, & H. J. Mattord, Management of Information Security. Boston: Course
Technology.
​
Whitman, M. E., & Mattord, H. J. (2010). Management of Information Security. Boston: Course Technology.
​
Secure Software Design and Development
CERN Computer Security Team. (2017). CERN Computer Security. Retrieved from cern.ch:
https://security.web.cern.ch/security/recommendations/en/codetools/coverity.shtml
CERN Computer Security Team. (2017). CERN Computer Security . Retrieved from cern.ch:
https://security.web.cern.ch/security/recommendations/en/codetools/vcg.shtml
​
Cert-IST. (2015, March). Cert-IST annual review for 2014 regarding flaws and attacks. Retrieved from cert-ist.com:
https://www.cert-ist.com/pub/files/Cert-IST_Bilan2014_en_v1_0.pdf
​
CodeExcellence Admin. (2012, May 25). What is Static Analysis? And Why Is It Important To Software Testing. Retrieved from
codeexcellence.com: http://www.codeexcellence.com/2012/05/what-is-static-analysis-and-why-is-it-important-to-software-testing/
​
Ghahrai, A. (2015, July 15). Test Automation Advantages and Disadvantages - Testing Excellence. Retrieved from Testing
Excellence: http://www.testingexcellence.com/test-automation-advantages-and-disadvantages/
​
OpenSSL Security Advisory. (2016, November 10). OpenSSL Security Advisory. Retrieved from OpenSSL:
https://www.openssl.org/news/secadv/20161110.txt
​
OpenSSL Security Advisory. (2016, September 26). OpenSSL Security Advisory. Retrieved from OpenSSL:
https://www.openssl.org/news/secadv/20160926.txt
​
OpenSSL Security Advisory. (2016, September 22). OpenSSL Security Advisory. Retrieved from OpenSSL:
https://www.openssl.org/news/secadv/20160922.txt
​
OpenSSL Security Advisory. (2017, January 26). OpenSSL Security Advisory. Retrieved from OpenSSL:
https://www.openssl.org/news/secadv/20170126.txt
Rouse, M. (2006, May). What is dynamic analysis? Retrieved from searchsoftwarequality.techtarget.com:
http://searchsoftwarequality.techtarget.com/definition/dynamic-analysis
​
Sing, J. (2017, January 22). libtls: Rethinking the TLS/SSL API. Retrieved from YouTube:
https://www.youtube.com/watch?v=Wd_dyRbE4AA
​
Veracode. (n.d.). Dynamic Code Analysis Tool | Veracode. Retrieved from Veracode:
https://www.veracode.com/products/dynamic-analysis-dast/dynamic-analysis
​
Network Visualization and Vulnerability Detection
Kali Linux VirtualBox download. Retrieved from
https://www.offensive-security.com/kali-linux-vm-vmware-virtualbox-hyperv-image-download/
​
Metasploitable 2 VM download. Retrieved from
https://sourceforge.net/projects/metasploitable
​
Nmap.org. Nmap. Retrieved from https://nmap.org/
​
VirtualBox. (n.d.). Virtual networking. Retrieved from virtualbox.org:
https://www.virtualbox.org/manual/ch06.htm
​
Wireshark Foundation. Download. Retrieved from https://www.wireshark.org/
​
​
Cyber threat intelligence
AV-TEST. (2017). The best antivirus software for Windows Client Business User. Retrieved from AV-TEST: https://www.av-test.org
​
Baron, E. (2016, Sept 23). Yahoo hit with class-action lawsuit over massive data breach. Retrieved from The Mercury News:
http://www.mercurynews.com/2016/09/23/yahoo-hit-with-class-action-lawsuit-over-massive-data-breach/
​
EY. (2014, November). Cyber threat intelligence - how to get ahead of cybercrime.
​
Holland, R. (2014, February 12). Actionable Intelligence, Meet Terry Tate, Office Linebacker. Retrieved from FORRESTER:
https://go.forrester.com/blogs/14-02-11-actionable_intelligence_meet_terry_tate_office_linebacker/
​
iSIGHT Partners. (2014). Retrieved from
​
Moritz, S. (2017, Feb 21). Verizon Reaches Deal for Lowered Yahoo Price After Hacks. Retrieved from Bloomberg:
​
Perlroth, N., & Goel, V. (2016, Sep 28). Defending Against Hackers Took a Back Seat at Yahoo, Insiders Say. Retrieved from The New
York Times: https://www.nytimes.com/2016/09/29/technology/yahoo-data-breach-hacking.html
Reuters. (2015, Nov 10). Three indicted in US over major hacking scheme. Retrieved from CNBC:
https://www.cnbc.com/2015/11/10/three-indicted-in-us-over-major-hacking-scheme.html
Incident Response & Computer Network Forensics
abc13. (2017, March 17). 2 charged in connection to Texas teen Brandy Vela's 2016 suicide | abc7chicago.com. Retrieved from
abc7chicago.com: http://abc7chicago.com/news/2-charged-in-connection-with-suicide-of-teen-who-was-still-bullied-after-death/1805502/
Crawford, V. (n.d.). Example of An Expert Witness Digital Forensic Report. Retrieved from ole.sandiego.edu:
https://ole.sandiego.edu/bbcswebdav/pid-975028-dt-content-rid-4407840_1/xid-4407840_1
Keating, C. (2016, Dec 14). Teen's Family Reveals the Intense Bullying Before Her Suicide in Front of Them: 'It Was Stalking'. Retrieved
from people.com: http://people.com/crime/cyberbullied-teen-brandy-vela-family
​
Books
Bosworth, S., Kabay, M. E., & Whyne, E. (2014). Computer security handbook. Hoboken, NJ: John Wiley & Sons.
​
Ferguson, N., Schneier, B., & Kohno, T. (2010). Diffie-Hellman. In N. Ferguson, B. Schneier, & T. Kohno
Cryptography Engineering (p. 181-193). Indianapolis: Wiley Publishing, Inc.
​
Ferguson, N., Schneier, B., & Kohno, T. (2010). Block Ciphers. In N. Ferguson, B. Schneier, & T. Kohno
Cryptography Engineering (p. 43-59). Indianapolis: Wiley Publishing, Inc.
​
Gregory J. Touhill and C. Joseph Touhill, Cybersecurity for Executives, A Practical Guide, (Hoboken, NJ: John Wiley & Sons, 2014)
​
Johnson, R. (2015). Security policies and implementation issues. Burlington, MA: Jones & Bartlett Learning
​
Sherwood, J., Clark, A., & Lynas, D. (2005). Enterprise security architecture a business-driven approach. Boca Raton: CRC Press.
​
​
 |  |  |
|---|---|---|
 |  |  |