Resource Library

TitleSummaryLast ModifiedRolePhaseResource TypeOrganizationOrg Typerole_hfilternist_phase_hfilterresource_type_hfilterresource_org_hfilterresource_source_hfilter
CISA Fact Sheet Rising Ransomware Threat to OT Assets

Recommended actions and resources that critical infrastructure entities should implement to reduce the risk ransomware.

June 17, 2021, , it-cybersecurity-practitioner technical-leaderprotect respondfact-sheetcisagovernment
Ransomware Techniques in ATT&CK

List of ransomware techniques, software, and groups that are presently documented in MITRE ATT&CK.

June 11, 2021, , , it-cybersecurity-practitioner technical-leaderidentify protect respondtoolmitrenon-profit
User Awareness Training

An overview of how to establish a User Awareness Training program. The EARNEST Practice helps educate End Users to be effective Cyber Sensors.

June 11, 2021, , , , business-leader technical-leaderdetect protectbest-practice doc white-papermitrenon-profit
Data Integrity: Recovering from Ransomware and Other Destructive Events

Reference designs that uses commercially available technologies to develop solutions that could assist an organization in recovering from ransomware or other destructive events.

June 4, 2021, , , it-cybersecurity-practitioner technical-leaderrecover respondbest-practice website-articlenistgovernment
Data Integrity: Identifying and Protecting Assets Against Ransomware and Other Destructive Events

Reference designs that uses commercially available technologies to develop solutions that could assist an organization in identifying and protecting critical assets against ransomware or other destructive events.

June 4, 2021, , it-cybersecurity-practitioner technical-leaderidentify protectbest-practicenistgovernment
Incident Preparedness and Response

Incident preparedness and response considerations that can help health delivery organizations (HDOs) and other stakeholders understand the roles and responsibilities before, during, and after a cyber incident.

June 4, 2021, , , , , , business-leader technical-leaderdetect identify protect recover responddoc website-articlemitrenon-profit
Health Information Sharing and Analysis Center (H-ISAC)

H-ISAC, Health Information Sharing and Analysis Center, is a global, non-profit, member-driven organization offering healthcare stakeholders a trusted community and forum for coordinating, collaborating and sharing vital physical and cyber threat intelligence and best practices with each other.

June 4, 2021, , , it-cybersecurity-practitioner technical-leaderprotectinformation-sharing threat-intel website-articlehealth-isacnon-profit
Ransomware What It Is and What To Do About It

Cybersecurity & Infrastructure Security Agency (CISA) overview on ransomware, what it is and what to do about it.

June 4, 2021, it-cybersecurity-practitioner technical-leaderprotectfact-sheetcisagovernment
CISA Cyber Resource Hub

A collection of CISA cybersecurity services can that help the broader cybersecurity community gain visibility with vulnerability trends, adversarial activities and, effective mitigations for better protection of their networks.

June 4, 2021, , , , , , business-leader it-cybersecurity-practitioner technical-leaderidentify protectcybersecurity-assessment doc tool website-articlecisagovernment
Principles and Practices for Medical Device Cybersecurity

International Medical Device Regulators Forum guidance document providing general principles and best practices
to facilitate international regulatory on medical device cybersecurity from pre-market to post-market.

June 4, 2021, , , , , business-leader technical-leaderdetect identify protect recover respondbest-practiceinternational-medical-device-regulators-forumnon-profit
Webinar: Combating Ransomware

CISA Webinar: Provides technical overview of prevalent ransomware actors, their targets, and provides recommendations on how organization could defend against the threat.

June 4, 2021, it-cybersecurity-practitioner technical-leaderprotectvideocisagovernment
US Computer Emergency Response Team (US-CERT)

US-CERT is responsible for analyzing and reducing cyber threats, vulnerabilities, disseminating cyber threat warning information, and coordinating incident response activities.

June 4, 2021, , business-leader it-cybersecurity-practitioner technical-leaderprotectadvisorycisagovernment
The MITRE Systems Engineering Guide

MITRE Systems Engineering Guide, or SEG, conveys The MITRE Corporation’s accumulated wisdom on a wide range of systems engineering subjects—sufficient for understanding the essentials of the discipline and for translating this knowledge into practice in your own work environment.

June 4, 2021, , , it-cybersecurity-practitioner technical-leaderbest-practice book docmitrenon-profit
Ten Strategies of a World-Class Cybersecurity Operations Center

MITRE’s Ten Strategies of a World-Class CSOC book, describing detailed strategies, including how they crosscut elements of people, process, and technology to build, manage, and improve the CSOC.

June 4, 2021, , , , , it-cybersecurity-practitioner technical-leaderdetect identify protect respondbest-practice docmitrenon-profit
Stop that Phish

Learn what phishing is and how you can spot and stop these attacks, regardless if you are at work or at home.

June 4, 2021it-cybersecurity-practitionerprotectfact-sheetsansnon-profit
SEI Cyber Minute: Mitigating Ransomware

In this Software Engineering Institute (SEI) Cyber Minute, Rotem Guttman discusses “Mitigating Ransomware.

June 4, 2021, , business-leader it-cybersecurity-practitioner technical-leaderdetectvideoseieducation
Security Primer – Ransomware

Center for Internet Security white paper on ransomware.

June 4, 2021, , business-leader technical-leaderidentify protectdoccisnon-profit
SANS: Internet Storm Center (ISC)

SANS Internet Storm Center provides free analysis and warning service to thousands of Internet users and organizations.

June 4, 2021, , it-cybersecurity-practitioner technical-leaderidentifyfact-sheet information-sharingsanseducation
Rubric for Applying CVSS to Medical Devices

MITRE developed a rubric that provides guidance for how an analyst can utilize CVSS as part of a risk assessment for a medical device.

June 4, 2021, , , it-cybersecurity-practitioner technical-leaderidentifycybersecurity-assessment doc toolmitrenon-profit
Ransomware: Facts, Threats, and Countermeasures

Center for Internet Security blog on ransomware facts, threat and countermeasures.

June 4, 2021, it-cybersecurity-practitioner technical-leaderprotectfact-sheetcisnon-profit
Ransomware Protection and Response

NIST resources on tips and tactics for preparing your organization for ransomware attacks.

June 4, 2021, , , , business-leader it-cybersecurity-practitioner technical-leaderprotect respondfact-sheet videonistgovernment
Ransomware Guidance and Resources

Collection of Cybersecurity & Infrastructure Security Agency (CISA) ransomware guidance and resources.

June 4, 2021, , business-leaderbest-practice fact-sheet website-articlecisagovernment
Ransomware and HIPAA Fact Sheet

Health and Human Services Ransomware and HIPAA fact sheet.

June 4, 2021, , , business-leader it-cybersecurity-practitioner technical-leaderprotectdoc fact-sheethhsgovernment
Ransomware and Breach

Health and Human Services Office for Civil Rights presentation on Ransomware prevention, recovery and breach risk assessment.

June 4, 2021, , it-cybersecurity-practitioner technical-leaderprotect recoverdochhsgovernment
Ransomware Activity Targeting the Healthcare and Public Health Sector

Cybersecurity & Infrastructure Security Agency (CISA) Alert (AA20-302A); Uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework to describes the tactics, techniques, and procedures (TTPs) used by cybercriminals against targets in the Healthcare and Public Health (HPH).

June 4, 2021, , it-cybersecurity-practitioner technical-leaderadvisory doccisagovernment
Protecting Data from Ransomware and Other Data Loss Events

National Institute of Standards and Technology (NIST) white paper providing recommendation to help managed service providers (MSPs) protecting data from ransomware and other data loss events.

June 4, 2021, , it-cybersecurity-practitioner technical-leaderprotectbest-practice docnistgovernment
Protecting Against Ransomware

Cybersecurity & Infrastructure Security Agency (CISA) security time (ST19-001); protecting against ransomware.

June 4, 2021, , , , business-leader it-cybersecurity-practitioner technical-leaderprotect respondbest-practice website-articlecisagovernment
Podcast Interview: Cyber and Supply Chain Threats to the Health Care Sector

Matthew Halvorsen, Strategic Program Director for NCSC’s Supply Chain and Cyber Directorate, recently sat down with Gregory Garcia, the Executive Director for Cybersecurity of the Health Sector Coordinating Council, for an audio interview on current threats to the health care sector.

June 4, 2021, , business-leader it-cybersecurity-practitioner technical-leaderpodcastoffice-of-the-director-of-national-intelligencegovernment
No-Cost Malicious Domain Blocking and Reporting for U.S. Hospitals

Overview of the Center for Internet Security® (CIS®), Malicious Domain Blocking and Reporting (MDBR) service offering to all public and private hospitals and related healthcare organizations in the United States. This service provides an additional layer of cybersecurity protection that is proven, effective, and easy to deploy.

June 4, 2021, technical-leaderidentify protectmanaged-servicecisnon-profit
NIST Cybersecurity Framework

The National Institute of Standards and Technology (NIST) Cybersecurity Framework is voluntary guidance intended to help organizations to better manage and reduce cybersecurity risk.

June 4, 2021, , , , , , , business-leader it-cybersecurity-practitioner technical-leaderdetect identify protect recover respondbest-practice website-articlenistgovernment
MS-ISAC Ransomware Guide

Ransomware best practices and recommendations are based on operational insight from the Cybersecurity and Infrastructure Security Agency (CISA) and the Multi-State Information Sharing and Analysis Center (MS-ISAC).

June 4, 2021, , , , , it-cybersecurity-practitioner technical-leaderdetect protect recover respondbest-practice doccisagovernment
Locked Out: Tackling Australia’s ransomware threat

​​​Industry Advisory Committee paper presents real case studies and provides advice on how all Australians can best protect themselves from ransomware attacks.​ The advice is applicable to any country.

June 4, 2021, , , , , , business-leader it-cybersecurity-practitioner technical-leaderdetect identify protectadvisory docaustralian-government department-of-home-affairsgovernment
Laws and Regulations Enforced by OCR

Laws and regulations that apply to programs, services, and activities receiving HHS Federal financial assistance.

June 4, 2021, business-leader technical-leaderpolicy-regulationhhsgovernment
INSIGHTS Ransomware Outbreak

Three steps any organization can take to manage their risk against ransomware.

June 4, 2021, , , , business-leader technical-leaderdetect protect recoveradvisory doccisagovernment
How to Protect Your Networks from Ransomware

Document that provides an aggregate of already existing Federal government and private industry best practices and mitigation strategies focused on the prevention and response to ransomware incidents.

June 4, 2021, , , it-cybersecurity-practitioner technical-leaderprotect respondadvisory docfbigovernment
How to Address the Threat of Ransomware Attacks

Educational video on how to address the threat of ransomware attacks.

June 4, 2021, , , , business-leader it-cybersecurity-practitioner technical-leaderdetect protect respondvideocisagovernment
Health Sector Cybersecurity Coordination Center (HC3) Homepage

A collection of Health Sector Cybersecurity Coordination Center (HC3) resources to aid in the protection of vital, healthcare-related controlled information and ensure that cybersecurity information sharing is coordinated across the Health and Public Health Sector (HPH).

June 4, 2021, it-cybersecurity-practitioner technical-leaderprotectinformation-sharinghhsgovernment
Health Sector Coordinating Council

Report which examines cybersecurity threats and vulnerabilities that affect the healthcare industry. It explores (5) current threats and presents (10) practices to mitigate those threats.

June 4, 2021, , business-leader technical-leaderprotectbest-practice website-articlehsccnon-profit
Health Industry Cybersecurity Practices: Managing Threats and Protecting Patients

Resources that provide Health Industry Cybersecurity Best Practices: Managing Threats and Protecting Patients (HICP).

June 4, 2021technical-leaderprotectbest-practicehhsgovernment
Health Care Industry Cybersecurity Task Force

Health Care Industry Cybersecurity Task Force report detailing findings on cybersecurity risk facing the healthcare industry.

June 4, 2021, business-leader technical-leaderfact-sheetphegovernment
FBI: InfraGard Portal

InfraGard connects owners and operators within critical infrastructure to the FBI, to provide education, information sharing, networking, and workshops on emerging technologies and threats.

June 4, 2021, , , , business-leader it-cybersecurity-practitioner technical-leaderidentify protectinformation-sharing threat-intelfbigovernment
FBI Watch – TLP:WHITE Report

FBI bulletin containing 16 Conti ransomware attacks targeting US healthcare and first responder networks, including law enforcement agencies, emergency medical services, 9-1-1 dispatch centers, and municipalities within the last year.

June 4, 2021, , business-leader it-cybersecurity-practitioner technical-leaderprotectadvisoryfbinon-profit
Designing Cyber Resilient Systems (NIST SP 800-160 Vol. 2)

A Systems Security Engineering Approach; which defines cyber resiliency as the ability to anticipate, withstand, recover from, and adapt to adverse conditions, stresses, attacks, or compromises on cyber resources.

June 4, 2021, , it-cybersecurity-practitioner technical-leaderprotectbest-practice docnistgovernment
Design Defenses

NIST Reference designs that focuses on detailed methods and potential tool sets that can detect, mitigate, and contain data integrity events in the components of an enterprise network.

June 4, 2021, , , , , , , it-cybersecurity-practitioner technical-leaderdetect identify protect recover respondbest-practice doc website-articlenistgovernment
Data Integrity: Detecting and Responding to Ransomware and Other Destructive Events

Reference designs that uses commercially available technologies to develop solutions that could assist an organization in detecting and responding against ransomware or other destructive events.

June 4, 2021, , it-cybersecurity-practitioner technical-leaderdetect respondbest-practicenistgovernment
Cybersecurity Toolkit for Digital Health

An educational resource for digital health companies at all stages of growth on both the fundamentals and best practices for cybersecurity and privacy protection.

June 4, 2021, , , , business-leader it-cybersecurity-practitioner technical-leaderdetect protectbest-practice website-articlemass-digital-healthnon-profit
Cybersecurity Maturity Models

An overview of three Cybersecurity Maturity Models that can be used by an organization to baseline their current capabilities against best practices.

June 4, 2021, , , , business-leader technical-leaderidentify protectbest-practice cybersecurity-assessment dochhsgovernment
Cybersecurity Act of 2015 Section 405(d) Overview Presentation

Provides industry-led consensus-based guidelines, practices, and methodologies that aim to raise awareness, provide vetted practices, in mitigating the most pertinent and current cybersecurity threats to the HPH sector.

June 4, 2021, , business-leaderidentify protectdoc policy-regulationphegovernment
Cyber Threat Intelligence

Resources that provide insight for organizations to the latest threats.

June 4, 2021, , , , , , , it-cybersecurity-practitioner technical-leaderidentify protectadvisory doc website-articlecisa mitre nistgovernment non-profit
Cyber Tabletop Exercises

Cyber Tabletop Exercises (TTX) are a way to evaluate your cyber response plan with scenarios that identify gaps between what you’ve planned for and what can actually happen, practice roles and responsibilities, and improve communications throughout organizations.

June 4, 2021, business-leaderrecover responddocmitrenon-profit
Cyber Security Guidance Material

Educational materials specifically designed to give HIPAA covered entities and business associates insight into how to respond to a cyber-related security incidents.

June 4, 2021, , , , , , , business-leader technical-leaderdetect identify protect recover respondadvisory doc website-articlehhsgovernment
Cyber Resiliency

Resources that provide and overview of Cyber Resiliency and its implementation.

June 4, 2021, technical-leaderprotectcybersecurity-assessment docmitrenon-profit
Cyber Resilience Review (CRR)

CRR is a no-cost, voluntary, non-technical assessment to evaluate an organization’s operational resilience and cybersecurity practices.

June 4, 2021, , , , , business-leader technical-leaderidentify recover respondcybersecurity-assessment doc website-articlecisagovernment
Cyber Operations Rapid Assessment (CORA)

A lightweight assessment tool used to evaluate your overall cybersecurity operations and infrastructure.

June 4, 2021, , business-leader technical-leaderidentifydoc toolmitrenon-profit
Cyber Attack Checklist

Steps for a HIPAA covered entity or its business associate (the entity) to take in response to a cyber-related security incident.

June 4, 2021, , , business-leader technical-leaderrecover respondadvisory dochhsgovernment
Cyber Assessments

An overview of Cyber Assessments methods to bolster an organization’s ability to identify, protect, and detect cyber threats.

June 4, 2021, , , technical-leaderdetect identify protectcybersecurity-assessment docmitrenon-profit
Cyber Analytics Repository (CAR)

A knowledge base of analytics developed by MITRE based on the MITRE ATT&CK adversary model.

June 4, 2021, it-cybersecurity-practitionerdetecttool website-articlemitrenon-profit
Crown Jewels Analysis (CJA)

Crown Jewels Analysis (CJA) is a process for identifying those cyber assets that are most critical to achieve an organization’s key objectives and enable organizations to prioritize and apply limited resources effectively for cyber resiliency during a major cyber attack.

June 4, 2021, , business-leaderidentifycybersecurity-assessment doc toolmitrenon-profit
Common Vulnerability Scoring System Special Interest Group (SIG)

The Common Vulnerability Scoring System (CVSS) provides a way to capture the principal characteristics of a vulnerability and produce a numerical score reflecting its severity. The score can help organizations properly assess and prioritize their vulnerability management processes.

June 4, 2021, , it-cybersecurity-practitionerprotectdoc training website-articlefirstgovernment
Common Vulnerabilities and Exposures (CVE)

CVE® is a list of records—each containing an identification number, a description, and at least one public reference—for publicly known cybersecurity vulnerabilities.

June 4, 2021, , , it-cybersecurity-practitioneridentifydoc tool website-articlemitregovernment non-profit
Combating Ransomware: A Comprehensive Framework for Action: Key Recommendations from the Ransomware Task Force

A comprehensive strategic framework and recommendations for tackling the dramatically increasing and evolving threat of ransomware.

June 4, 2021, , , , business-leaderprotect recover respondadvisory best-practice docinstitute-for-security-and-technologynon-profit
CISA, MS-ISAC, NGA & NASCIO Recommend Immediate Action To Safeguard Against Ransomware Attacks

Best practice outlining three steps to resilience against ransomware for State and Local Partners.

June 4, 2021, , it-cybersecurity-practitioner technical-leaderidentify protectbest-practicecisagovernment
Caldera

CALDERA™ is a cybersecurity framework designed to easily run autonomous breach-and-simulation exercises. It can also be used to run manual red-team engagements or automated incident response.

May 17, 2021, , it-cybersecurity-practitioner technical-leaderidentifycybersecurity-assessment toolmitrenon-profit

Pin It on Pinterest

Share This