|Title||Summary||Last Modified||Role||Phase||Resource Type||Org||Org Type||role_hfilter||nist_phase_hfilter||resource_type_hfilter||resource_org_hfilter||resource_source_hfilter|
|HHS 405(d) Aligning Health Care Industry Security Approaches|
Provides industry-led consensus-based guidelines, practices, and methodologies that aim to raise awareness, provide vetted cybersecurity practices, and move organizations towards consistency in mitigating the current most pertinent cybersecurity threats to the HPH sector
|December 13, 2021||Business Leader, IT/Cybersecurity Practitioner, Technical Leader||Detect, Identify, Protect, Recover, Respond||Website||HHS||Government||business-leader it-cybersecurity-practitioner technical-leader||detect identify protect recover respond||website||hhs||government|
|Ransomware Techniques in ATT&CK|
List of ransomware techniques, software, and groups that are presently documented in MITRE ATT&CK.
|December 2, 2021||IT/Cybersecurity Practitioner, Technical Leader||Identify, Protect, Respond||Tool||MITRE||Non-Profit||it-cybersecurity-practitioner technical-leader||identify protect respond||tool||mitre||non-profit|
|Threat-Informed Cybersecurity Operations for Healthcare Delivery Organizations|
A Guide to Maturing Cyber Defense Capabilities For HDO.
|November 29, 2021||Business Leader, IT/Cybersecurity Practitioner, Technical Leader||Identify||Document||MITRE||Non-Profit||business-leader it-cybersecurity-practitioner technical-leader||identify||doc||mitre||non-profit|
|Cyber Operations Rapid Assessment (CORA)|
A lightweight assessment tool used to evaluate your overall cybersecurity operations and infrastructure.
|November 29, 2021||Business Leader, Technical Leader||Identify||Document, Tool||MITRE||Non-Profit||business-leader technical-leader||identify||doc tool||mitre||non-profit|
|Deploy Cyber Analytics|
A knowledge base of analytics developed by MITRE based on the MITRE ATT&CK adversary model.
|November 5, 2021||IT/Cybersecurity Practitioner||Detect||Document||MITRE||Non-Profit||it-cybersecurity-practitioner||detect||doc||mitre||non-profit|
|Detect Cyber Events|
An overview of how to set the scene for detection, and how to collect the right data points.
|August 29, 2021||IT/Cybersecurity Practitioner||Detect||Document||MITRE||Non-Profit||it-cybersecurity-practitioner||detect||doc||mitre||non-profit|
|Cyber Threat Intelligence|
Resources that provide insight for organizations to the latest threats and understanding the adversary.
|August 23, 2021||IT/Cybersecurity Practitioner, Technical Leader||Identify, Protect||Advisory, Document, Website Article(s)||CISA, MITRE, NIST||Government, Non-Profit||it-cybersecurity-practitioner technical-leader||identify protect||advisory doc website-article||cisa mitre nist||government non-profit|
|CISA Ransomware Resource Hub|
A collection of CISA cybersecurity services can that help organization identify, protect and respond to the ransomware threat.
|July 19, 2021||Business Leader, IT/Cybersecurity Practitioner, Technical Leader||Identify, Protect, Respond||Best Practice, Document, Training, Website Article(s)||CISA||Government||business-leader it-cybersecurity-practitioner technical-leader||identify protect respond||best-practice doc training website-article||cisa||government|
NIST Reference designs that focuses on detailed methods and potential tool sets that can detect, mitigate, and contain data integrity events in the components of an enterprise network.
|July 15, 2021||IT/Cybersecurity Practitioner, Technical Leader||Detect, Identify, Protect, Recover, Respond||Best Practice, Document, Website Article(s)||NIST||Government||it-cybersecurity-practitioner technical-leader||detect identify protect recover respond||best-practice doc website-article||nist||government|
|Rubric for Applying CVSS to Medical Devices|
The CVSS Rubric consists of a structured set of questions and corresponding decision flow diagrams, along with medical device specific examples and guidance, to help assess a medical device vulnerability in a consistent and standardized way.
|July 7, 2021||IT/Cybersecurity Practitioner, Technical Leader||Identify||Document||MITRE||Non-Profit||it-cybersecurity-practitioner technical-leader||identify||doc||mitre||non-profit|
|Zero Trust Architecture (ZTA)|
The ZTA Tech Watcher report explores the state of the technology today and provides background, applicability and benefits to organizations, outstanding challenges and issues, and recommendations.
|July 6, 2021||Business Leader, IT/Cybersecurity Practitioner, Technical Leader||Protect||Document||MITRE||Non-Profit||business-leader it-cybersecurity-practitioner technical-leader||protect||doc||mitre||non-profit|
|CISA Fact Sheet Rising Ransomware Threat to OT Assets|
Recommended actions and resources that critical infrastructure entities should implement to reduce the risk ransomware.
|June 14, 2021||IT/Cybersecurity Practitioner, Technical Leader||Protect, Respond||Fact Sheet||CISA||Government||it-cybersecurity-practitioner technical-leader||protect respond||fact-sheet||cisa||government|
|Data Integrity: Recovering from Ransomware and Other Destructive Events|
Reference designs that uses commercially available technologies to develop solutions that could assist an organization in recovering from ransomware or other destructive events.
|June 4, 2021||IT/Cybersecurity Practitioner, Technical Leader||Recover, Respond||Best Practice, Website Article(s)||NIST||Government||it-cybersecurity-practitioner technical-leader||recover respond||best-practice website-article||nist||government|
|Data Integrity: Identifying and Protecting Assets Against Ransomware and Other Destructive Events|
Reference designs that uses commercially available technologies to develop solutions that could assist an organization in identifying and protecting critical assets against ransomware or other destructive events.
|June 4, 2021||IT/Cybersecurity Practitioner, Technical Leader||Identify, Protect||Best Practice||NIST||Government||it-cybersecurity-practitioner technical-leader||identify protect||best-practice||nist||government|
|Incident Preparedness and Response|
Incident preparedness and response considerations that can help health delivery organizations (HDOs) and other stakeholders understand the roles and responsibilities before, during, and after a cyber incident.
|June 4, 2021||Business Leader, Technical Leader||Detect, Identify, Protect, Recover, Respond||Document, Website Article(s)||MITRE||Non-Profit||business-leader technical-leader||detect identify protect recover respond||doc website-article||mitre||non-profit|
|Health Information Sharing and Analysis Center (H-ISAC)|
H-ISAC, Health Information Sharing and Analysis Center, is a global, non-profit, member-driven organization offering healthcare stakeholders a trusted community and forum for coordinating, collaborating and sharing vital physical and cyber threat intelligence and best practices with each other.
|June 4, 2021||IT/Cybersecurity Practitioner, Technical Leader||Protect||Information Sharing, Threat Intel, Website Article(s)||Health-ISAC||Non-Profit||it-cybersecurity-practitioner technical-leader||protect||information-sharing threat-intel website-article||health-isac||non-profit|
|Ransomware What It Is and What To Do About It|
Cybersecurity & Infrastructure Security Agency (CISA) overview on ransomware, what it is and what to do about it.
|June 4, 2021||IT/Cybersecurity Practitioner, Technical Leader||Protect||Fact Sheet||CISA||Government||it-cybersecurity-practitioner technical-leader||protect||fact-sheet||cisa||government|
|CISA Cyber Resource Hub|
A collection of CISA cybersecurity services can that help the broader cybersecurity community gain visibility with vulnerability trends, adversarial activities and, effective mitigations for better protection of their networks.
|June 4, 2021||Business Leader, IT/Cybersecurity Practitioner, Technical Leader||Identify, Protect||Cybersecurity Assessment, Document, Tool, Website Article(s)||CISA||Government||business-leader it-cybersecurity-practitioner technical-leader||identify protect||cybersecurity-assessment doc tool website-article||cisa||government|
|Principles and Practices for Medical Device Cybersecurity|
International Medical Device Regulators Forum guidance document providing general principles and best practices
|June 4, 2021||Business Leader, Technical Leader||Detect, Identify, Protect, Recover, Respond||Best Practice||International Medical Device Regulators Forum||Non-Profit||business-leader technical-leader||detect identify protect recover respond||best-practice||international-medical-device-regulators-forum||non-profit|
|Webinar: Combating Ransomware|
CISA Webinar: Provides technical overview of prevalent ransomware actors, their targets, and provides recommendations on how organization could defend against the threat.
|June 4, 2021||IT/Cybersecurity Practitioner, Technical Leader||Protect||Video||CISA||Government||it-cybersecurity-practitioner technical-leader||protect||video||cisa||government|
|User Awareness Training|
An overview of how to establish a User Awareness Training program. The EARNEST Practice helps educate End Users to be effective Cyber Sensors.
|June 4, 2021||Business Leader, Technical Leader||Detect, Protect||Best Practice, Document, White Paper||MITRE||Non-Profit||business-leader technical-leader||detect protect||best-practice doc white-paper||mitre||non-profit|
|US Computer Emergency Response Team (US-CERT)|
US-CERT is responsible for analyzing and reducing cyber threats, vulnerabilities, disseminating cyber threat warning information, and coordinating incident response activities.
|June 4, 2021||Business Leader, IT/Cybersecurity Practitioner, Technical Leader||Protect||Advisory||CISA||Government||business-leader it-cybersecurity-practitioner technical-leader||protect||advisory||cisa||government|
|The MITRE Systems Engineering Guide|
MITRE Systems Engineering Guide, or SEG, conveys The MITRE Corporation’s accumulated wisdom on a wide range of systems engineering subjects—sufficient for understanding the essentials of the discipline and for translating this knowledge into practice in your own work environment.
|June 4, 2021||IT/Cybersecurity Practitioner, Technical Leader||Best Practice, Book, Document||MITRE||Non-Profit||it-cybersecurity-practitioner technical-leader||best-practice book doc||mitre||non-profit|
|Ten Strategies of a World-Class Cybersecurity Operations Center|
MITRE’s Ten Strategies of a World-Class CSOC book, describing detailed strategies, including how they crosscut elements of people, process, and technology to build, manage, and improve the CSOC.
|June 4, 2021||IT/Cybersecurity Practitioner, Technical Leader||Detect, Identify, Protect, Respond||Best Practice, Document||MITRE||Non-Profit||it-cybersecurity-practitioner technical-leader||detect identify protect respond||best-practice doc||mitre||non-profit|
|Stop that Phish|
Learn what phishing is and how you can spot and stop these attacks, regardless if you are at work or at home.
|June 4, 2021||IT/Cybersecurity Practitioner||Protect||Fact Sheet||SANS||Non-Profit||it-cybersecurity-practitioner||protect||fact-sheet||sans||non-profit|
|SEI Cyber Minute: Mitigating Ransomware|
In this Software Engineering Institute (SEI) Cyber Minute, Rotem Guttman discusses “Mitigating Ransomware.
|June 4, 2021||Business Leader, IT/Cybersecurity Practitioner, Technical Leader||Detect||Video||SEI||Education||business-leader it-cybersecurity-practitioner technical-leader||detect||video||sei||education|
|Security Primer – Ransomware|
Center for Internet Security white paper on ransomware.
|June 4, 2021||Business Leader, Technical Leader||Identify, Protect||Document||CIS||Non-Profit||business-leader technical-leader||identify protect||doc||cis||non-profit|
|SANS: Internet Storm Center (ISC)|
SANS Internet Storm Center provides free analysis and warning service to thousands of Internet users and organizations.
|June 4, 2021||IT/Cybersecurity Practitioner, Technical Leader||Identify||Fact Sheet, Information Sharing||SANS||Education||it-cybersecurity-practitioner technical-leader||identify||fact-sheet information-sharing||sans||education|
|Rubric for Applying CVSS to Medical Devices|
MITRE developed a rubric that provides guidance for how an analyst can utilize CVSS as part of a risk assessment for a medical device.
|June 4, 2021||IT/Cybersecurity Practitioner, Technical Leader||Identify||Cybersecurity Assessment, Document, Tool||MITRE||Non-Profit||it-cybersecurity-practitioner technical-leader||identify||cybersecurity-assessment doc tool||mitre||non-profit|
|Ransomware: Facts, Threats, and Countermeasures|
Center for Internet Security blog on ransomware facts, threat and countermeasures.
|June 4, 2021||IT/Cybersecurity Practitioner, Technical Leader||Protect||Fact Sheet||CIS||Non-Profit||it-cybersecurity-practitioner technical-leader||protect||fact-sheet||cis||non-profit|
|Ransomware Protection and Response|
NIST resources on tips and tactics for preparing your organization for ransomware attacks.
|June 4, 2021||Business Leader, IT/Cybersecurity Practitioner, Technical Leader||Protect, Respond||Fact Sheet, Video||NIST||Government||business-leader it-cybersecurity-practitioner technical-leader||protect respond||fact-sheet video||nist||government|
|Ransomware Guidance and Resources|
Collection of Cybersecurity & Infrastructure Security Agency (CISA) ransomware guidance and resources.
|June 4, 2021||Business Leader||Best Practice, Fact Sheet, Website Article(s)||CISA||Government||business-leader||best-practice fact-sheet website-article||cisa||government|
|Ransomware and HIPAA Fact Sheet|
Health and Human Services Ransomware and HIPAA fact sheet.
|June 4, 2021||Business Leader, IT/Cybersecurity Practitioner, Technical Leader||Protect||Document, Fact Sheet||HHS||Government||business-leader it-cybersecurity-practitioner technical-leader||protect||doc fact-sheet||hhs||government|
|Ransomware and Breach|
Health and Human Services Office for Civil Rights presentation on Ransomware prevention, recovery and breach risk assessment.
|June 4, 2021||IT/Cybersecurity Practitioner, Technical Leader||Protect, Recover||Document||HHS||Government||it-cybersecurity-practitioner technical-leader||protect recover||doc||hhs||government|
|Ransomware Activity Targeting the Healthcare and Public Health Sector|
Cybersecurity & Infrastructure Security Agency (CISA) Alert (AA20-302A); Uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework to describes the tactics, techniques, and procedures (TTPs) used by cybercriminals against targets in the Healthcare and Public Health (HPH).
|June 4, 2021||IT/Cybersecurity Practitioner, Technical Leader||Advisory, Document||CISA||Government||it-cybersecurity-practitioner technical-leader||advisory doc||cisa||government|
|Protecting Data from Ransomware and Other Data Loss Events|
National Institute of Standards and Technology (NIST) white paper providing recommendation to help managed service providers (MSPs) protecting data from ransomware and other data loss events.
|June 4, 2021||IT/Cybersecurity Practitioner, Technical Leader||Protect||Best Practice, Document||NIST||Government||it-cybersecurity-practitioner technical-leader||protect||best-practice doc||nist||government|
|Protecting Against Ransomware|
Cybersecurity & Infrastructure Security Agency (CISA) security time (ST19-001); protecting against ransomware.
|June 4, 2021||Business Leader, IT/Cybersecurity Practitioner, Technical Leader||Protect, Respond||Best Practice, Website Article(s)||CISA||Government||business-leader it-cybersecurity-practitioner technical-leader||protect respond||best-practice website-article||cisa||government|
|Podcast Interview: Cyber and Supply Chain Threats to the Health Care Sector|
Matthew Halvorsen, Strategic Program Director for NCSC’s Supply Chain and Cyber Directorate, recently sat down with Gregory Garcia, the Executive Director for Cybersecurity of the Health Sector Coordinating Council, for an audio interview on current threats to the health care sector.
|June 4, 2021||Business Leader, IT/Cybersecurity Practitioner, Technical Leader||Podcast||Office of the Director of National Intelligence||Government||business-leader it-cybersecurity-practitioner technical-leader||podcast||office-of-the-director-of-national-intelligence||government|
|No-Cost Malicious Domain Blocking and Reporting for U.S. Hospitals|
Overview of the Center for Internet Security® (CIS®), Malicious Domain Blocking and Reporting (MDBR) service offering to all public and private hospitals and related healthcare organizations in the United States. This service provides an additional layer of cybersecurity protection that is proven, effective, and easy to deploy.
|June 4, 2021||Technical Leader||Identify, Protect||Managed Service||CIS||Non-Profit||technical-leader||identify protect||managed-service||cis||non-profit|
|NIST Cybersecurity Framework|
The National Institute of Standards and Technology (NIST) Cybersecurity Framework is voluntary guidance intended to help organizations to better manage and reduce cybersecurity risk.
|June 4, 2021||Business Leader, IT/Cybersecurity Practitioner, Technical Leader||Detect, Identify, Protect, Recover, Respond||Best Practice, Website Article(s)||NIST||Government||business-leader it-cybersecurity-practitioner technical-leader||detect identify protect recover respond||best-practice website-article||nist||government|
|MS-ISAC Ransomware Guide|
Ransomware best practices and recommendations are based on operational insight from the Cybersecurity and Infrastructure Security Agency (CISA) and the Multi-State Information Sharing and Analysis Center (MS-ISAC).
|June 4, 2021||IT/Cybersecurity Practitioner, Technical Leader||Detect, Protect, Recover, Respond||Best Practice, Document||CISA||Government||it-cybersecurity-practitioner technical-leader||detect protect recover respond||best-practice doc||cisa||government|
|Locked Out: Tackling Australia’s ransomware threat|
Industry Advisory Committee paper presents real case studies and provides advice on how all Australians can best protect themselves from ransomware attacks. The advice is applicable to any country.
|June 4, 2021||Business Leader, IT/Cybersecurity Practitioner, Technical Leader||Detect, Identify, Protect||Advisory, Document||Australian Government, Department of Home Affairs||Government||business-leader it-cybersecurity-practitioner technical-leader||detect identify protect||advisory doc||australian-government department-of-home-affairs||government|
|Laws and Regulations Enforced by OCR|
Laws and regulations that apply to programs, services, and activities receiving HHS Federal financial assistance.
|June 4, 2021||Business Leader, Technical Leader||Policy/Regulation||HHS||Government||business-leader technical-leader||policy-regulation||hhs||government|
|INSIGHTS Ransomware Outbreak|
Three steps any organization can take to manage their risk against ransomware.
|June 4, 2021||Business Leader, Technical Leader||Detect, Protect, Recover||Advisory, Document||CISA||Government||business-leader technical-leader||detect protect recover||advisory doc||cisa||government|
|How to Protect Your Networks from Ransomware|
Document that provides an aggregate of already existing Federal government and private industry best practices and mitigation strategies focused on the prevention and response to ransomware incidents.
|June 4, 2021||IT/Cybersecurity Practitioner, Technical Leader||Protect, Respond||Advisory, Document||FBI||Government||it-cybersecurity-practitioner technical-leader||protect respond||advisory doc||fbi||government|
|How to Address the Threat of Ransomware Attacks|
Educational video on how to address the threat of ransomware attacks.
|June 4, 2021||Business Leader, IT/Cybersecurity Practitioner, Technical Leader||Detect, Protect, Respond||Video||CISA||Government||business-leader it-cybersecurity-practitioner technical-leader||detect protect respond||video||cisa||government|
|Health Sector Cybersecurity Coordination Center (HC3) Homepage|
A collection of Health Sector Cybersecurity Coordination Center (HC3) resources to aid in the protection of vital, healthcare-related controlled information and ensure that cybersecurity information sharing is coordinated across the Health and Public Health Sector (HPH).
|June 4, 2021||IT/Cybersecurity Practitioner, Technical Leader||Protect||Information Sharing||HHS||Government||it-cybersecurity-practitioner technical-leader||protect||information-sharing||hhs||government|
|Health Sector Coordinating Council|
Report which examines cybersecurity threats and vulnerabilities that affect the healthcare industry. It explores (5) current threats and presents (10) practices to mitigate those threats.
|June 4, 2021||Business Leader, Technical Leader||Protect||Best Practice, Website Article(s)||HSCC||Non-Profit||business-leader technical-leader||protect||best-practice website-article||hscc||non-profit|
|Health Industry Cybersecurity Practices: Managing Threats and Protecting Patients|
Resources that provide Health Industry Cybersecurity Best Practices: Managing Threats and Protecting Patients (HICP).
|June 4, 2021||Technical Leader||Protect||Best Practice||HHS||Government||technical-leader||protect||best-practice||hhs||government|
|Health Care Industry Cybersecurity Task Force|
Health Care Industry Cybersecurity Task Force report detailing findings on cybersecurity risk facing the healthcare industry.
|June 4, 2021||Business Leader, Technical Leader||Fact Sheet||PHE||Government||business-leader technical-leader||fact-sheet||phe||government|
|FBI: InfraGard Portal|
InfraGard connects owners and operators within critical infrastructure to the FBI, to provide education, information sharing, networking, and workshops on emerging technologies and threats.
|June 4, 2021||Business Leader, IT/Cybersecurity Practitioner, Technical Leader||Identify, Protect||Information Sharing, Threat Intel||FBI||Government||business-leader it-cybersecurity-practitioner technical-leader||identify protect||information-sharing threat-intel||fbi||government|
|FBI Watch – TLP:WHITE Report|
FBI bulletin containing 16 Conti ransomware attacks targeting US healthcare and first responder networks, including law enforcement agencies, emergency medical services, 9-1-1 dispatch centers, and municipalities within the last year.
|June 4, 2021||Business Leader, IT/Cybersecurity Practitioner, Technical Leader||Protect||Advisory||FBI||Non-Profit||business-leader it-cybersecurity-practitioner technical-leader||protect||advisory||fbi||non-profit|
|Designing Cyber Resilient Systems (NIST SP 800-160 Vol. 2)|
A Systems Security Engineering Approach; which defines cyber resiliency as the ability to anticipate, withstand, recover from, and adapt to adverse conditions, stresses, attacks, or compromises on cyber resources.
|June 4, 2021||IT/Cybersecurity Practitioner, Technical Leader||Protect||Best Practice, Document||NIST||Government||it-cybersecurity-practitioner technical-leader||protect||best-practice doc||nist||government|
|Data Integrity: Detecting and Responding to Ransomware and Other Destructive Events|
Reference designs that uses commercially available technologies to develop solutions that could assist an organization in detecting and responding against ransomware or other destructive events.
|June 4, 2021||IT/Cybersecurity Practitioner, Technical Leader||Detect, Respond||Best Practice||NIST||Government||it-cybersecurity-practitioner technical-leader||detect respond||best-practice||nist||government|
|Cybersecurity Toolkit for Digital Health|
An educational resource for digital health companies at all stages of growth on both the fundamentals and best practices for cybersecurity and privacy protection.
|June 4, 2021||Business Leader, IT/Cybersecurity Practitioner, Technical Leader||Detect, Protect||Best Practice, Website Article(s)||Mass Digital Health||Non-Profit||business-leader it-cybersecurity-practitioner technical-leader||detect protect||best-practice website-article||mass-digital-health||non-profit|
|Cybersecurity Maturity Models|
An overview of three Cybersecurity Maturity Models that can be used by an organization to baseline their current capabilities against best practices.
|June 4, 2021||Business Leader, Technical Leader||Identify, Protect||Best Practice, Cybersecurity Assessment, Document||HHS||Government||business-leader technical-leader||identify protect||best-practice cybersecurity-assessment doc||hhs||government|
|Cyber Tabletop Exercises|
Cyber Tabletop Exercises (TTX) are a way to evaluate your cyber response plan with scenarios that identify gaps between what you’ve planned for and what can actually happen, practice roles and responsibilities, and improve communications throughout organizations.
|June 4, 2021||Business Leader||Recover, Respond||Document||MITRE||Non-Profit||business-leader||recover respond||doc||mitre||non-profit|
|Cyber Security Guidance Material|
Educational materials specifically designed to give HIPAA covered entities and business associates insight into how to respond to a cyber-related security incidents.
|June 4, 2021||Business Leader, Technical Leader||Detect, Identify, Protect, Recover, Respond||Advisory, Document, Website Article(s)||HHS||Government||business-leader technical-leader||detect identify protect recover respond||advisory doc website-article||hhs||government|
Resources that provide and overview of Cyber Resiliency and its implementation.
|June 4, 2021||Technical Leader||Protect||Cybersecurity Assessment, Document||MITRE||Non-Profit||technical-leader||protect||cybersecurity-assessment doc||mitre||non-profit|
|Cyber Resilience Review (CRR)|
CRR is a no-cost, voluntary, non-technical assessment to evaluate an organization’s operational resilience and cybersecurity practices.
|June 4, 2021||Business Leader, Technical Leader||Identify, Recover, Respond||Cybersecurity Assessment, Document, Website Article(s)||CISA||Government||business-leader technical-leader||identify recover respond||cybersecurity-assessment doc website-article||cisa||government|
|Cyber Attack Checklist|
Steps for a HIPAA covered entity or its business associate (the entity) to take in response to a cyber-related security incident.
|June 4, 2021||Business Leader, Technical Leader||Recover, Respond||Advisory, Document||HHS||Government||business-leader technical-leader||recover respond||advisory doc||hhs||government|
An overview of Cyber Assessments methods to bolster an organization’s ability to identify, protect, and detect cyber threats.
|June 4, 2021||Technical Leader||Detect, Identify, Protect||Cybersecurity Assessment, Document||MITRE||Non-Profit||technical-leader||detect identify protect||cybersecurity-assessment doc||mitre||non-profit|
|Crown Jewels Analysis (CJA)|
Crown Jewels Analysis (CJA) is a process for identifying those cyber assets that are most critical to achieve an organization’s key objectives and enable organizations to prioritize and apply limited resources effectively for cyber resiliency during a major cyber attack.
|June 4, 2021||Business Leader||Identify||Cybersecurity Assessment, Document, Tool||MITRE||Non-Profit||business-leader||identify||cybersecurity-assessment doc tool||mitre||non-profit|
|Common Vulnerability Scoring System Special Interest Group (SIG)|
The Common Vulnerability Scoring System (CVSS) provides a way to capture the principal characteristics of a vulnerability and produce a numerical score reflecting its severity. The score can help organizations properly assess and prioritize their vulnerability management processes.
|June 4, 2021||IT/Cybersecurity Practitioner||Protect||Document, Training, Website Article(s)||First||Government||it-cybersecurity-practitioner||protect||doc training website-article||first||government|
|Common Vulnerabilities and Exposures (CVE)|
CVE® is a list of records—each containing an identification number, a description, and at least one public reference—for publicly known cybersecurity vulnerabilities.
|June 4, 2021||IT/Cybersecurity Practitioner||Identify||Document, Tool, Website Article(s)||MITRE||Government, Non-Profit||it-cybersecurity-practitioner||identify||doc tool website-article||mitre||government non-profit|
|Combating Ransomware: A Comprehensive Framework for Action: Key Recommendations from the Ransomware Task Force|
A comprehensive strategic framework and recommendations for tackling the dramatically increasing and evolving threat of ransomware.
|June 4, 2021||Business Leader||Protect, Recover, Respond||Advisory, Best Practice, Document||Institute for Security and Technology||Non-Profit||business-leader||protect recover respond||advisory best-practice doc||institute-for-security-and-technology||non-profit|
|CISA, MS-ISAC, NGA & NASCIO Recommend Immediate Action To Safeguard Against Ransomware Attacks|
Best practice outlining three steps to resilience against ransomware for State and Local Partners.
|June 4, 2021||IT/Cybersecurity Practitioner, Technical Leader||Identify, Protect||Best Practice||CISA||Government||it-cybersecurity-practitioner technical-leader||identify protect||best-practice||cisa||government|
CALDERA™ is a cybersecurity framework designed to easily run autonomous breach-and-simulation exercises. It can also be used to run manual red-team engagements or automated incident response.
|May 17, 2021||IT/Cybersecurity Practitioner, Technical Leader||Identify||Cybersecurity Assessment, Tool||MITRE||Non-Profit||it-cybersecurity-practitioner technical-leader||identify||cybersecurity-assessment tool||mitre||non-profit|