Cybersecurity Resources

Federal Organizations that play a key role in Cyber Security

U.S. Cybersecurity & Infrastructure Security Agency (CISA)

CISA partners the federal government with public and private sector organizations to build our nation's capacity to defend against cyber attacks.

U.S. Cyber Command (USCYBERCOM)

USCYBERCOM defends the Department of Defense Information Network and provides support to combatant commanders for execution of their missions around the world. USCYBERCOM plays a key role in and strengthening our nation's ability to withstand and respond to cyber attack.

U.S. National Security Agency

The National Security Agency leads the U.S. Government in cryptology that encompasses both signals intelligence (SIGINT) insights and cybersecurity products and services and enables computer network operations to gain a decisive advantage for the nation and our allies.

Vulnerability Databases

Mitre Corporation's Common Vulnerabilities & Exposures List

Mitre's CVE program identifies, defines, and catalogs publicly disclosed cybersecurity vulnerabilities.Vulnerabilities are discovered, assigned, and published by CVE partner organizations from around the world. Information technology and cybersecurity professionals use CVE Records to ensure they are discussing the same issue, and to coordinate their efforts to prioritize and address the vulnerabilities.

NIST's National Vulnerability Database NVD

The National Institute of Standards and Technology's (NVD) is the U.S. government repository of standards-based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, misconfigurations, product names, and impact metrics.

Alerts & Mail Lists

National Cyber Awareness System (NCAS) Alerts

NCAS Alerts provide timely information about current security issues, vulnerabilities, and exploits. Subscribe to these alerts via email to stay in the know.

BugTraq

BugTraq is a full disclosure moderated mailing list for the detailed discussion and announcement of computer security vulnerabilities: what they are, how to exploit them, and how to fix them.

Seclists

Seclists provides a searchable repository of Security information and maillist archives. The repository is updated in real time. Brought to you from the creator of the Nmap Project.

Schneier on Security

Bruce Schneier is an internationally renowned security technologist, called a “security guru” by The Economist. …His influential newsletter “Crypto-Gram” and his blog “Schneier on Security” are read by over 250,000 people.

Center of Academic Excellence in Cybersecurity (CAE-C) Information

CAE-C Home

The National CAE-C program is managed by the National Cryptologic School at the National Security Agency. The CAE-C Home provides an exceptional set of resources for CAE-C Institutions.

CAE-C Documents Library

The CAE-C Documents Library contains information on CAE designation criteria, checklists, and CAE Program resources.

CAE Community Portal

The CAE Community Portal connects students, institutions, and communities in a community of excellence to share cybersecurity education resources, best practices, expertise, and events.

National Cybersecurity Training & Education (NCyTE)

The NCyTE Center advances cybersecurity education in the U.S. by investing in technological innovation, resources, professional development and tools to support faculty, community colleges and the workforce pipeline of tomorrow.

CAE Community Youtube Channel

The CAE Community Youtube Channel is a repository of past CAE Tech Talks, meetings, and events.

Information Assurance / Cyber Defense Journals, Publications, and Conferences

ACM SIGSAC

SIGSAC's mission is to develop the information security profession by sponsoring high quality research conferences and workshops.

ACM Transactions on Information and System Security

ACM Transactions on Privacy and Security (TOPS) publishes research results in the fields of information and system security and privacy.

IEEE Security and Privacy Magazine

IEEE Security and Privacy Magazine focuses on aspects of security and dependability of computer-based systems, including legal and ethical issues, privacy concerns and tools to help secure information.

IEEE Transactions on Dependable and Secure Computing (TDSC)

IEEE TDSC focuses on methodologies that support the achievement–through design, modeling, and evaluation–of systems and networks that are dependable and secure to the desired degree without compromising performance.

IEEE Transactions on Information Forensics and Security

The IEEE Transactions on Information Forensics and Security covers the sciences, technologies, and applications relating to information forensics, information security, biometrics, surveillance and systems applications that incorporate these features.

Journal of Computer Security

The Journal of Computer Security presents research and development results of lasting significance in the theory, design, implementation, analysis, and application of secure computer systems. It also provides a forum for ideas about the meaning and implications of security and privacy, particularly those with important consequences for the technical community.

Journal of Cryptology

The Journal of Cryptology is the official journal of the International Association for Cryptologic Research, and provides a forum for publication of original results in all areas of modern information security.

New Security Paradigms Workshop (NSPW)

The NSPW is an annual, small, invitation-only workshop for researchers in information security and related disciplines. NSPW's focus is on work that challenges the dominant approaches and perspectives in computer security.

Infosecurity Magazine

Infosecurity Magazine has over ten years of experience providing knowledge and insight into the information security industry. Its multiple award winning editorial content provides compelling features both online and in print that focus on hot topics and trends, in-depth news analysis and opinion columns from industry experts.

Computerworld Security

Computerworld focuses on empowering enterprise users and their managers, helping them create business advantage by skillfully exploiting today's abundantly powerful web, mobile, and desktop applications. Computerworld also offers guidance to IT managers tasked with optimizing client systems—and helps businesses revolutionize the customer and employee experience with new collaboration platforms.

InformIT

InformIT is the online presence of the family of information technology publishers and brands of Pearson, the world's largest education company.

Institutional Resources

CERIAS

Purdue University’s Center for Education and Research in Information Assurance and Security (CERIAS) is currently viewed as one of the world’s leading centers for research and education in areas of information security that are crucial to the protection of critical computing and communication infrastructure.

CERT

The Software Engineering Institute (SEI) at Carnegie Mellon University ... conducts R&D in software engineering, systems engineering, cybersecurity, and many other areas of computing, working to introduce private-sector innovations into government. … The CERT Division is a leader in cybersecurity and partners with government, industry, law enforcement, and academia to improve the security and resilience of computer systems and networks.

CERT experts are a diverse group of researchers, software engineers, security analysts, and digital intelligence specialists working together to research security vulnerabilities in software products, contribute to long-term changes in networked systems, and develop cutting-edge information and training to improve the practice of cybersecurity.

CISSE

The Colloquium for Information Systems Security Education provides guidance, insight, and networking for the international community of cybersecurity educators. The Colloquium's goal is to work together to define current and emerging requirements for information assurance education and to influence and encourage the development and expansion of information assurance curricula, especially at the graduate and undergraduate levels.

CNSS

The Committee on National Security Systems (CNSS) consists of representation from 21 U.S. Government Executive Branch Departments and Agencies. In addition to the 21 Members, there are representatives serving as Observers from 14 additional organizations. The CNSS provides a forum for the discussion of policy issues; sets national policy; and promulgates direction, operational procedures, and guidance for the security of national security systems.

Educause Security

EDUCAUSE is a nonprofit association that helps higher education elevate the impact of IT. Through the EDUCAUSE Cybersecurity Program, you can find the tools, resources, and peer connections you need to learn about, better understand, or help promote information security and privacy to everyone across your campus, including institutional leadership, students, faculty, staff, and external partners.

IACR

The International Association for Cryptologic Research (IACR) is a non-profit scientific organization whose purpose is to further research in cryptology and related fields. Cryptology is the science and practice of designing computation and communication systems which are secure in the presence of adversaries.

Cybercrime.gov

The Computer Crime and Intellectual Property Section (CCIPS) is responsible for implementing the Department of Justice's national strategies in combating computer and intellectual property crimes worldwide.

InfraGard

InfraGard is a partnership between the Federal Bureau of Investigation (FBI) and members of the private sector for the protection of U.S. Critical Infrastructure. Through seamless collaboration, InfraGard connects owners and operators within critical infrastructure to the FBI, to provide education, information sharing, networking, and workshops on emerging technologies and threats.

NIST Computer Security Resource Center

Since the mid-1990s, the Computer Security Resource Center (CSRC) has provided visitors with NIST resources on computer, cyber, and information security and privacy. It includes publications, projects & programs, news and events from the NIST Information Technology Laboratory's (ITL) two security divisions:

• The Computer Security Division (CSD) conducts the research, development and outreach necessary to provide standards and guidelines, mechanisms, tools, metrics and practices to protect the U.S.'s information and information systems.
• The Applied Cybersecurity Division (ACD) implements practical cybersecurity and privacy through outreach and the effective application of standards and best practices necessary for the U.S. to adopt cybersecurity capabilities. It comprises the following groups:
  • Cybersecurity and Privacy Applications
  • National Cybersecurity Center of Excellence (NCCoE)
  • National Initiative for Cybersecurity Education (NICE)

SANS Institute

The SANS Institute was established in 1989 as a cooperative research and education organization. Its programs now reach more than 165,000 security professionals around the world. …SANS is the most trusted and by far the largest source for information security training and security certification in the world. It also develops, maintains, and makes available at no cost, the largest collection of research documents about various aspects of information security, and it operates the Internet's early warning system - the Internet Storm Center.

NCSA Stay Safe Online

The National Cyber Security Alliance (NCSA) builds strong public/private partnerships to create and implement broad-reaching education and awareness efforts to empower users at home, work and school with the information they need to keep themselves, their organizations, their systems and their sensitive information safe and secure online and encourage a culture of cybersecurity.

Stay Safe Online - Learn how to protect yourself, your family and your devices with these tips and resources.

• TechNews Security
• Highlights from 2015 Cybersecurity Summit
• Cybersecurity Policy
• US Department of Homeland Security
• Cybersecurity & Infrastructure Security Agency

The US Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) builds the national capacity to defend against cyber attacks and works with the federal government to provide cybersecurity tools, incident response services and assessment capabilities to safeguard the ‘.gov’ networks that support the essential operations of partner departments and agencies.

F-Secure

F-Secure Consulting is a research-led cyber security consultancy, partnering with enterprises and early adopters worldwide.

Honeynet Project

The Honeynet Project is a leading international 501c3 non-profit security research organization, dedicated to investigating the latest attacks and developing open source security tools to improve Internet security. With Chapters around the world, our volunteers have contributed to fight against malware (such as Confickr), discovering new attacks and creating security tools used by businesses and government agencies all over the world. The organization continues to be on the cutting edge of security research by working to analyze the latest attacks and educating the public about threats to information systems across the world.

Backbone Security

Incorporated in 2000, Backbone Security has decades of experience assisting organizations of all types. Customers large and small have sought expert guidance from Backbone’s cybersecurity consultants to manage information security risk and to meet compliance requirements.

Commonwealth of Pennsylvania Resources

PA Governor’s Office of Homeland Security

The Governor's Office of Homeland Security coordinates homeland security activities by working with our federal agencies, regional task forces, local governments and the private sector.

PA Office of Administration, Cybersecurity Program

The Office of Administration serves the Governor and the citizens of Pennsylvania by providing policy direction and support to all commonwealth agencies for human resources, information technology, continuity of government, records/directives management, and strategic enhancements to help improve the results, reduce costs, and enhance customer service of all agencies under the governor's jurisdiction.

Cybersecurity Program: The Commonwealth of Pennsylvania is a leader among states in cybersecurity. Our goals are to prevent and defend against cyberattacks, reduce vulnerability, minimize damage and recovery time and promote awareness and education. Through our involvement with organizations such as the National Association of State Chief Information Officers, Center for Digital Government, Harrisburg University of Science and Technology and Penn State Harrisburg, we seek to be a resource for best practices and learning in cybersecurity.