Welcome to my cybersecurity wiki!

by: Josh Sanders https://www.linkedin.com/in/joshuasanders83/

(Navigate sections in the right panel)

Frameworks & Standards

Security Frameworks

• CIS Critical Security Controls https://www.cisecurity.org/controls
• ISO/IEC 27001:2022 https://www.iso.org/standard/27001
• ISO/IEC 27002:2022 https://www.iso.org/standard/75652.html
• NIST Cybersecurity Framework https://www.nist.gov/cyberframework
• SOC Service Organization Controls https://www.aicpa-cima.com/resources/landing/system-and-organization-controls-soc-suite-of-services

Risk Frameworks

• CIS Risk Assessment Method https://www.cisecurity.org/controls
• COBIT https://www.isaca.org/resources/cobit#1
• ISO/IEC 27005:2022 https://www.iso.org/standard/80585.html
• NIST Risk Management Framework https://csrc.nist.gov/projects/risk-management/about-rmf

Privacy Frameworks

• NIST Privacy Framework https://www.nist.gov/privacy-framework
• ISO/IEC 27701 https://www.iso.org/standard/71670.html

AI Frameworks

• NIST AI Risk Management Framework https://www.nist.gov/itl/ai-risk-management-framework
• OWASP Top 10 for Large Language Models https://owasp.org/www-project-top-10-for-large-language-model-applications/
• ISO/IEC 23894 https://www.iso.org/standard/77304.html
• ISO/IEC 42001 https://www.iso.org/standard/81230.html

Secure Development Frameworks

• CSA CCM Cloud Security Alliance Cloud Controls Matrix https://cloudsecurityalliance.org/research/cloud-controls-matrix
• ETSI EN 303 645 Consumer IOT https://www.etsi.org/deliver/etsi_en/303600_303699/303645/02.01.01_60/en_303645v020101p.pdf
• NIST Secure Software Development Framework https://csrc.nist.gov/projects/ssdf
• OWASP Software Assurance Maturity Model https://owasp.org/www-project-samm/
• UL2900 https://www.cybersecuritysummit.org/wp-content/uploads/2017/10/4.00-Justin-Heyl.pdf

Testing Frameworks

• MITRE ATT&CK https://attack.mitre.org
• OWASP Top 10 https://owasp.org/www-project-top-ten/

Industry

• Payments Security https://www.pcisecuritystandards.org/document_library/
• Defense Industrial Base Security https://dodcio.defense.gov/cmmc/About/
• HiTrust https://hitrustalliance.net/the-hitrust-assurance-program

Laws and Regulations

• CCPA California Consumer Privacy Act https://oag.ca.gov/privacy/ccpa
• CFAA Computer Fraud and Abuse Act https://uscode.house.gov/view.xhtml?req=(title:18%20section:1030%20edition:prelim)
• GDPR General Data Protection Regulation https://gdpr-info.eu
• GLBA Gramm-Leach-Bliley Act https://www.ftc.gov/business-guidance/privacy-security/gramm-leach-bliley-act
• HIPAA Health Insurance Portability and Accountability Act https://www.hhs.gov/hipaa/for-professionals/index.html
• HIPAA Security Rule https://www.hhs.gov/hipaa/for-professionals/security/index.html
• HIPAA Privacy Rule https://www.hhs.gov/hipaa/for-professionals/privacy/index.html
• HIPAA Breach Notification Rule https://www.hhs.gov/hipaa/for-professionals/breach-notification/index.html
• HITECH Act Enforcement Rule https://www.hhs.gov/hipaa/for-professionals/special-topics/hitech-act-enforcement-interim-final-rule/index.html

Guidance

• NIST SP 800 Series https://csrc.nist.gov/publications/sp800
• NIST SP 800-30 Risk Assessments https://csrc.nist.gov/pubs/sp/800/30/r1/final
• NIST SP 800-50 Learning Program https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-50r1.pdf
• NIST SP 800-53 Protecting Classified Information https://csrc.nist.gov/pubs/sp/800/53/r5/upd1/final
• NIST SP 800-61 Incident Handling https://csrc.nist.gov/pubs/sp/800/61/r2/final
• NIST SP 800-66 HIPAA Healthcare Security https://csrc.nist.gov/pubs/sp/800/66/r2/final
• NIST SP 800-82 Operational Technology https://csrc.nist.gov/pubs/sp/800/82/r3/final
• NIST SP 800-115 Security Testing https://csrc.nist.gov/pubs/sp/800/115/final
• NIST SP 800-137 Continuous Monitoring https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-137.pdf
• NIST SP 800-171 Protecting Controlled Unclassified Information https://csrc.nist.gov/pubs/sp/800/171/r3/final
• NIST SP 800-204 DevSecOps https://csrc.nist.gov/pubs/sp/800/204/d/final
• NIST SP 800-207 Zero Trust Architecture https://csrc.nist.gov/pubs/sp/800/207/final
• ISA/IEC 62443 Industrial Control Systems https://www.isa.org/standards-and-publications/isa-standards/isa-iec-62443-series-of-standards

Vulnerability Databases

• CAPEC https://capec.mitre.org/
• CVE Common Vulnerability Enumeration https://www.cve.org
• CVSS Common Vulnerability Scoring System https://www.first.org/cvss/
• CWE Common Weakness Enumeration https://cwe.mitre.org
• NVD NIST National Vulnerability Database https://nvd.nist.gov

Journals

• Journal of Cybersecurity https://academic.oup.com/cybersecurity
• Journal of Cybersecurity and Privacy https://www.mdpi.com/journal/jcp

Agencies

• European Union Agency For Cybersecurity (ENISA) https://www.enisa.europa.eu
• United States Cybersecurity Infrastructure Security Agency https://www.cisa.gov
• United States Department of Defense Office of the CIO https://dodcio.defense.gov

News

• CISO Magazine https://cisomag.com
• Cyware Social https://social.cyware.com/cyber-security-news-articles
• The Hacker News https://thehackernews.com
• The Record https://therecord.media

Vendors

• Amazon Web Services Security https://aws.amazon.com/security/
• Google Cloud Security https://cloud.google.com/security?hl=en
• Microsoft Security Hub https://learn.microsoft.com/en-us/security/
• NVIDIA AI Cybersecurity https://www.nvidia.com/en-us/solutions/ai/cybersecurity/
• Fortinet docs https://docs.fortinet.com
• Elastic resources https://www.elastic.co/learn
• Arctic Wolf resources https://arcticwolf.com/resources/
• ThreatLocker resources https://www.threatlocker.com/resources
• AppGate resources https://www.appgate.com/resources
• Security Scorecard resources https://securityscorecard.com/resources/

Reports

• Crowdstrike Global Threat Report https://go.crowdstrike.com/global-threat-report-2024
• Darktrace State of AI Cybersecurity https://darktrace.com/resources/state-of-ai-cyber-security-2024
• Verizon Data Breach Investigations Report https://www.verizon.com/business/resources/reports/

Tools

• Metasploit Testing and Exploit Framework https://www.metasploit.com
• Nmap Port Scanner https://nmap.org
• Nessus Vulnerability Scanner https://www.tenable.com/products/nessus/nessus-essentials
• Burpsuite Web App Testing https://portswigger.net/burp/documentation/desktop/getting-started/download-and-install
• Wireshark Packet Analysis https://www.wireshark.org
• Kali Linux Docs https://www.kali.org/docs/
• ParrotOS Docs https://parrotsec.org/docs/
• Shodan https://www.shodan.io/
• Haveibeenpwned https://haveibeenpwned.com/
• How does your browser react to bad certificates https://www.badssl.com
• Fortinet Threat Map https://threatmap.fortiguard.com
• Sonicwall Attack Map https://attackmap.sonicwall.com/live-attack-map/
• VIM Cheat Sheet https://vim.rtorr.com
• Ports https://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers
• OSI Model https://en.wikipedia.org/wiki/OSI_model
• KnowBe4 - Free Tools https://www.knowbe4.com/free-cybersecurity-tools
• SecurityOnion https://securityonionsolutions.com/software

Cryptography / Encryption

• FIPS197 AES https://csrc.nist.gov/pubs/fips/197/final
• FIPS203 KEM https://csrc.nist.gov/pubs/fips/203/final
• FIPS204 ML-DSA https://csrc.nist.gov/pubs/fips/204/final
• FIPS205 SLH-DSA https://csrc.nist.gov/pubs/fips/205/final
• RSA https://people.csail.mit.edu/rivest/Rsapaper.pdf
• TLS 1.3 https://datatracker.ietf.org/doc/html/rfc8446

Training

• Game of Active Directory https://github.com/Orange-Cyberdefense/GOAD
• Let's Defend https://app.letsdefend.io/homepage
• TryHackMe https://tryhackme.com
• CISSP Video Lecture Study Guide on UDemy https://www.udemy.com/course/cissp-the-complete-exam-guide/learn/lecture/35421896#overview