Resource Library

TitleSummaryLast ModifiedRolePhaseResource TypeOrganizationOrg Typerole_hfilternist_phase_hfilterresource_type_hfilterresource_org_hfilterresource_source_hfilter
Cyber Threat Intelligence

Resources that provide insight for organizations to the latest threats and understanding the adversary. Read Cyber Threat Intelligence

August 31, 2021, , , , , , , it-cybersecurity-practitioner technical-leaderidentify protectadvisory doc website-articlecisa mitre nistgovernment non-profit
CISA Ransomware Resource Hub

A collection of CISA cybersecurity services can that help organization identify, protect and respond to the ransomware threat. Read CISA Ransomware Resource Hub

August 13, 2021, , , , , , , business-leader it-cybersecurity-practitioner technical-leaderidentify protect respondbest-practice doc training website-articlecisagovernment
Cyber Analytics Repository (CAR)

A knowledge base of analytics developed by MITRE based on the MITRE ATT&CK adversary model. Read Cyber Analytics Repository (CAR)

July 11, 2021, it-cybersecurity-practitionerdetecttool website-articlemitrenon-profit
Rubric for Applying CVSS to Medical Devices

The CVSS Rubric consists of a structured set of questions and corresponding decision flow diagrams, along with medical device specific examples and guidance, to help assess a medical device vulnerability in a consistent and standardized way. Read Rubric for Applying CVSS to Medical Devices

July 8, 2021, it-cybersecurity-practitioner technical-leaderidentifydocmitrenon-profit
Zero Trust Architectures (ZTA)

The ZTA Tech Watcher report explores the state of the technology today and provides background, applicability and benefits to organizations, outstanding challenges and issues, and recommendations. Read Zero Trust Architectures (ZTA)

July 8, 2021, , business-leader it-cybersecurity-practitioner technical-leaderprotectdocmitrenon-profit
Ransomware Readiness Assessment (RRA)

The RRA is a self-assessment based on a tiered set of practices to help organizations better assess how well they are equipped to defend and recover from a ransomware incident. Read Ransomware Readiness Assessment (RRA)

July 2, 2021, , , , , , business-leader it-cybersecurity-practitioner technical-leaderdetect identify protect recovercybersecurity-assessment toolcisagovernment
CISA Fact Sheet Rising Ransomware Threat to OT Assets

Recommended actions and resources that critical infrastructure entities should implement to reduce the risk ransomware. Read CISA Fact Sheet Rising Ransomware Threat to OT Assets

June 17, 2021, , it-cybersecurity-practitioner technical-leaderprotect respondfact-sheetcisagovernment
Ransomware Techniques in ATT&CK

List of ransomware techniques, software, and groups that are presently documented in MITRE ATT&CK. Read Ransomware Techniques in ATT&CK

June 11, 2021, , , it-cybersecurity-practitioner technical-leaderidentify protect respondtoolmitrenon-profit
User Awareness Training

An overview of how to establish a User Awareness Training program. The EARNEST Practice helps educate End Users to be effective Cyber Sensors. Read User Awareness Training

June 11, 2021, , , , business-leader technical-leaderdetect protectbest-practice doc white-papermitrenon-profit
Data Integrity: Recovering from Ransomware and Other Destructive Events

Reference designs that uses commercially available technologies to develop solutions that could assist an organization in recovering from ransomware or other destructive events. Read Data Integrity: Recovering from Ransomware and Other Destructive Events

June 4, 2021, , , it-cybersecurity-practitioner technical-leaderrecover respondbest-practice website-articlenistgovernment
Data Integrity: Identifying and Protecting Assets Against Ransomware and Other Destructive Events

Reference designs that uses commercially available technologies to develop solutions that could assist an organization in identifying and protecting critical assets against ransomware or other destructive events. Read Data Integrity: Identifying and Protecting Assets Against Ransomware and Other Destructive Events

June 4, 2021, , it-cybersecurity-practitioner technical-leaderidentify protectbest-practicenistgovernment
Incident Preparedness and Response

Incident preparedness and response considerations that can help health delivery organizations (HDOs) and other stakeholders understand the roles and responsibilities before, during, and after a cyber incident. Read Incident Preparedness and Response

June 4, 2021, , , , , , business-leader technical-leaderdetect identify protect recover responddoc website-articlemitrenon-profit
Health Information Sharing and Analysis Center (H-ISAC)

H-ISAC, Health Information Sharing and Analysis Center, is a global, non-profit, member-driven organization offering healthcare stakeholders a trusted community and forum for coordinating, collaborating and sharing vital physical and cyber threat intelligence and best practices with each other. Read Health Information Sharing and Analysis Center (H-ISAC)

June 4, 2021, , , it-cybersecurity-practitioner technical-leaderprotectinformation-sharing threat-intel website-articlehealth-isacnon-profit
Ransomware What It Is and What To Do About It

Cybersecurity & Infrastructure Security Agency (CISA) overview on ransomware, what it is and what to do about it. Read Ransomware What It Is and What To Do About It

June 4, 2021, it-cybersecurity-practitioner technical-leaderprotectfact-sheetcisagovernment
CISA Cyber Resource Hub

A collection of CISA cybersecurity services can that help the broader cybersecurity community gain visibility with vulnerability trends, adversarial activities and, effective mitigations for better protection of their networks. Read CISA Cyber Resource Hub

June 4, 2021, , , , , , business-leader it-cybersecurity-practitioner technical-leaderidentify protectcybersecurity-assessment doc tool website-articlecisagovernment
Principles and Practices for Medical Device Cybersecurity

International Medical Device Regulators Forum guidance document providing general principles and best practices
to facilitate international regulatory on medical device cybersecurity from pre-market to post-market. Read Principles and Practices for Medical Device Cybersecurity

June 4, 2021, , , , , business-leader technical-leaderdetect identify protect recover respondbest-practiceinternational-medical-device-regulators-forumnon-profit
Webinar: Combating Ransomware

CISA Webinar: Provides technical overview of prevalent ransomware actors, their targets, and provides recommendations on how organization could defend against the threat. Read Webinar: Combating Ransomware

June 4, 2021, it-cybersecurity-practitioner technical-leaderprotectvideocisagovernment
US Computer Emergency Response Team (US-CERT)

US-CERT is responsible for analyzing and reducing cyber threats, vulnerabilities, disseminating cyber threat warning information, and coordinating incident response activities. Read US Computer Emergency Response Team (US-CERT)

June 4, 2021, , business-leader it-cybersecurity-practitioner technical-leaderprotectadvisorycisagovernment
The MITRE Systems Engineering Guide

MITRE Systems Engineering Guide, or SEG, conveys The MITRE Corporation’s accumulated wisdom on a wide range of systems engineering subjects—sufficient for understanding the essentials of the discipline and for translating this knowledge into practice in your own work environment. Read The MITRE Systems Engineering Guide

June 4, 2021, , , it-cybersecurity-practitioner technical-leaderbest-practice book docmitrenon-profit
Ten Strategies of a World-Class Cybersecurity Operations Center

MITRE’s Ten Strategies of a World-Class CSOC book, describing detailed strategies, including how they crosscut elements of people, process, and technology to build, manage, and improve the CSOC. Read Ten Strategies of a World-Class Cybersecurity Operations Center

June 4, 2021, , , , , it-cybersecurity-practitioner technical-leaderdetect identify protect respondbest-practice docmitrenon-profit
Stop that Phish

Learn what phishing is and how you can spot and stop these attacks, regardless if you are at work or at home. Read Stop that Phish

June 4, 2021it-cybersecurity-practitionerprotectfact-sheetsansnon-profit
SEI Cyber Minute: Mitigating Ransomware

In this Software Engineering Institute (SEI) Cyber Minute, Rotem Guttman discusses “Mitigating Ransomware. Read SEI Cyber Minute: Mitigating Ransomware

June 4, 2021, , business-leader it-cybersecurity-practitioner technical-leaderdetectvideoseieducation
Security Primer – Ransomware

Center for Internet Security white paper on ransomware. Read Security Primer – Ransomware

June 4, 2021, , business-leader technical-leaderidentify protectdoccisnon-profit
SANS: Internet Storm Center (ISC)

SANS Internet Storm Center provides free analysis and warning service to thousands of Internet users and organizations. Read SANS: Internet Storm Center (ISC)

June 4, 2021, , it-cybersecurity-practitioner technical-leaderidentifyfact-sheet information-sharingsanseducation
Rubric for Applying CVSS to Medical Devices

MITRE developed a rubric that provides guidance for how an analyst can utilize CVSS as part of a risk assessment for a medical device. Read Rubric for Applying CVSS to Medical Devices

June 4, 2021, , , it-cybersecurity-practitioner technical-leaderidentifycybersecurity-assessment doc toolmitrenon-profit
Ransomware: Facts, Threats, and Countermeasures

Center for Internet Security blog on ransomware facts, threat and countermeasures. Read Ransomware: Facts, Threats, and Countermeasures

June 4, 2021, it-cybersecurity-practitioner technical-leaderprotectfact-sheetcisnon-profit
Ransomware Protection and Response

NIST resources on tips and tactics for preparing your organization for ransomware attacks. Read Ransomware Protection and Response

June 4, 2021, , , , business-leader it-cybersecurity-practitioner technical-leaderprotect respondfact-sheet videonistgovernment
Ransomware Guidance and Resources

Collection of Cybersecurity & Infrastructure Security Agency (CISA) ransomware guidance and resources. Read Ransomware Guidance and Resources

June 4, 2021, , business-leaderbest-practice fact-sheet website-articlecisagovernment
Ransomware and HIPAA Fact Sheet

Health and Human Services Ransomware and HIPAA fact sheet. Read Ransomware and HIPAA Fact Sheet

June 4, 2021, , , business-leader it-cybersecurity-practitioner technical-leaderprotectdoc fact-sheethhsgovernment
Ransomware and Breach

Health and Human Services Office for Civil Rights presentation on Ransomware prevention, recovery and breach risk assessment. Read Ransomware and Breach

June 4, 2021, , it-cybersecurity-practitioner technical-leaderprotect recoverdochhsgovernment
Ransomware Activity Targeting the Healthcare and Public Health Sector

Cybersecurity & Infrastructure Security Agency (CISA) Alert (AA20-302A); Uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework to describes the tactics, techniques, and procedures (TTPs) used by cybercriminals against targets in the Healthcare and Public Health (HPH). Read Ransomware Activity Targeting the Healthcare and Public Health Sector

June 4, 2021, , it-cybersecurity-practitioner technical-leaderadvisory doccisagovernment
Protecting Data from Ransomware and Other Data Loss Events

National Institute of Standards and Technology (NIST) white paper providing recommendation to help managed service providers (MSPs) protecting data from ransomware and other data loss events. Read Protecting Data from Ransomware and Other Data Loss Events

June 4, 2021, , it-cybersecurity-practitioner technical-leaderprotectbest-practice docnistgovernment
Protecting Against Ransomware

Cybersecurity & Infrastructure Security Agency (CISA) security time (ST19-001); protecting against ransomware. Read Protecting Against Ransomware

June 4, 2021, , , , business-leader it-cybersecurity-practitioner technical-leaderprotect respondbest-practice website-articlecisagovernment
Podcast Interview: Cyber and Supply Chain Threats to the Health Care Sector

Matthew Halvorsen, Strategic Program Director for NCSC’s Supply Chain and Cyber Directorate, recently sat down with Gregory Garcia, the Executive Director for Cybersecurity of the Health Sector Coordinating Council, for an audio interview on current threats to the health care sector. Read Podcast Interview: Cyber and Supply Chain Threats to the Health Care Sector

June 4, 2021, , business-leader it-cybersecurity-practitioner technical-leaderpodcastoffice-of-the-director-of-national-intelligencegovernment
No-Cost Malicious Domain Blocking and Reporting for U.S. Hospitals

Overview of the Center for Internet Security® (CIS®), Malicious Domain Blocking and Reporting (MDBR) service offering to all public and private hospitals and related healthcare organizations in the United States. This service provides an additional layer of cybersecurity protection that is proven, effective, and easy to deploy. Read No-Cost Malicious Domain Blocking and Reporting for U.S. Hospitals

June 4, 2021, technical-leaderidentify protectmanaged-servicecisnon-profit
NIST Cybersecurity Framework

The National Institute of Standards and Technology (NIST) Cybersecurity Framework is voluntary guidance intended to help organizations to better manage and reduce cybersecurity risk. Read NIST Cybersecurity Framework

June 4, 2021, , , , , , , business-leader it-cybersecurity-practitioner technical-leaderdetect identify protect recover respondbest-practice website-articlenistgovernment
MS-ISAC Ransomware Guide

Ransomware best practices and recommendations are based on operational insight from the Cybersecurity and Infrastructure Security Agency (CISA) and the Multi-State Information Sharing and Analysis Center (MS-ISAC). Read MS-ISAC Ransomware Guide

June 4, 2021, , , , , it-cybersecurity-practitioner technical-leaderdetect protect recover respondbest-practice doccisagovernment
Locked Out: Tackling Australia’s ransomware threat

​​​Industry Advisory Committee paper presents real case studies and provides advice on how all Australians can best protect themselves from ransomware attacks.​ The advice is applicable to any country. Read Locked Out: Tackling Australia’s ransomware threat

June 4, 2021, , , , , , business-leader it-cybersecurity-practitioner technical-leaderdetect identify protectadvisory docaustralian-government department-of-home-affairsgovernment
Laws and Regulations Enforced by OCR

Laws and regulations that apply to programs, services, and activities receiving HHS Federal financial assistance. Read Laws and Regulations Enforced by OCR

June 4, 2021, business-leader technical-leaderpolicy-regulationhhsgovernment
INSIGHTS Ransomware Outbreak

Three steps any organization can take to manage their risk against ransomware. Read INSIGHTS Ransomware Outbreak

June 4, 2021, , , , business-leader technical-leaderdetect protect recoveradvisory doccisagovernment
How to Protect Your Networks from Ransomware

Document that provides an aggregate of already existing Federal government and private industry best practices and mitigation strategies focused on the prevention and response to ransomware incidents. Read How to Protect Your Networks from Ransomware

June 4, 2021, , , it-cybersecurity-practitioner technical-leaderprotect respondadvisory docfbigovernment
How to Address the Threat of Ransomware Attacks

Educational video on how to address the threat of ransomware attacks. Read How to Address the Threat of Ransomware Attacks

June 4, 2021, , , , business-leader it-cybersecurity-practitioner technical-leaderdetect protect respondvideocisagovernment
Health Sector Cybersecurity Coordination Center (HC3) Homepage

A collection of Health Sector Cybersecurity Coordination Center (HC3) resources to aid in the protection of vital, healthcare-related controlled information and ensure that cybersecurity information sharing is coordinated across the Health and Public Health Sector (HPH). Read Health Sector Cybersecurity Coordination Center (HC3) Homepage

June 4, 2021, it-cybersecurity-practitioner technical-leaderprotectinformation-sharinghhsgovernment
Health Sector Coordinating Council

Report which examines cybersecurity threats and vulnerabilities that affect the healthcare industry. It explores (5) current threats and presents (10) practices to mitigate those threats. Read Health Sector Coordinating Council

June 4, 2021, , business-leader technical-leaderprotectbest-practice website-articlehsccnon-profit
Health Industry Cybersecurity Practices: Managing Threats and Protecting Patients

Resources that provide Health Industry Cybersecurity Best Practices: Managing Threats and Protecting Patients (HICP). Read Health Industry Cybersecurity Practices: Managing Threats and Protecting Patients

June 4, 2021technical-leaderprotectbest-practicehhsgovernment
Health Care Industry Cybersecurity Task Force

Health Care Industry Cybersecurity Task Force report detailing findings on cybersecurity risk facing the healthcare industry. Read Health Care Industry Cybersecurity Task Force

June 4, 2021, business-leader technical-leaderfact-sheetphegovernment
FBI: InfraGard Portal

InfraGard connects owners and operators within critical infrastructure to the FBI, to provide education, information sharing, networking, and workshops on emerging technologies and threats. Read FBI: InfraGard Portal

June 4, 2021, , , , business-leader it-cybersecurity-practitioner technical-leaderidentify protectinformation-sharing threat-intelfbigovernment
FBI Watch – TLP:WHITE Report

FBI bulletin containing 16 Conti ransomware attacks targeting US healthcare and first responder networks, including law enforcement agencies, emergency medical services, 9-1-1 dispatch centers, and municipalities within the last year. Read FBI Watch – TLP:WHITE Report

June 4, 2021, , business-leader it-cybersecurity-practitioner technical-leaderprotectadvisoryfbinon-profit
Designing Cyber Resilient Systems (NIST SP 800-160 Vol. 2)

A Systems Security Engineering Approach; which defines cyber resiliency as the ability to anticipate, withstand, recover from, and adapt to adverse conditions, stresses, attacks, or compromises on cyber resources. Read Designing Cyber Resilient Systems (NIST SP 800-160 Vol. 2)

June 4, 2021, , it-cybersecurity-practitioner technical-leaderprotectbest-practice docnistgovernment
Design Defenses

NIST Reference designs that focuses on detailed methods and potential tool sets that can detect, mitigate, and contain data integrity events in the components of an enterprise network. Read Design Defenses

June 4, 2021, , , , , , , it-cybersecurity-practitioner technical-leaderdetect identify protect recover respondbest-practice doc website-articlenistgovernment
Data Integrity: Detecting and Responding to Ransomware and Other Destructive Events

Reference designs that uses commercially available technologies to develop solutions that could assist an organization in detecting and responding against ransomware or other destructive events. Read Data Integrity: Detecting and Responding to Ransomware and Other Destructive Events

June 4, 2021, , it-cybersecurity-practitioner technical-leaderdetect respondbest-practicenistgovernment
Cybersecurity Toolkit for Digital Health

An educational resource for digital health companies at all stages of growth on both the fundamentals and best practices for cybersecurity and privacy protection. Read Cybersecurity Toolkit for Digital Health

June 4, 2021, , , , business-leader it-cybersecurity-practitioner technical-leaderdetect protectbest-practice website-articlemass-digital-healthnon-profit
Cybersecurity Maturity Models

An overview of three Cybersecurity Maturity Models that can be used by an organization to baseline their current capabilities against best practices. Read Cybersecurity Maturity Models

June 4, 2021, , , , business-leader technical-leaderidentify protectbest-practice cybersecurity-assessment dochhsgovernment
Cybersecurity Act of 2015 Section 405(d) Overview Presentation

Provides industry-led consensus-based guidelines, practices, and methodologies that aim to raise awareness, provide vetted practices, in mitigating the most pertinent and current cybersecurity threats to the HPH sector. Read Cybersecurity Act of 2015 Section 405(d) Overview Presentation

June 4, 2021, , business-leaderidentify protectdoc policy-regulationphegovernment
Cyber Tabletop Exercises

Cyber Tabletop Exercises (TTX) are a way to evaluate your cyber response plan with scenarios that identify gaps between what you’ve planned for and what can actually happen, practice roles and responsibilities, and improve communications throughout organizations. Read Cyber Tabletop Exercises

June 4, 2021, business-leaderrecover responddocmitrenon-profit
Cyber Security Guidance Material

Educational materials specifically designed to give HIPAA covered entities and business associates insight into how to respond to a cyber-related security incidents. Read Cyber Security Guidance Material

June 4, 2021, , , , , , , business-leader technical-leaderdetect identify protect recover respondadvisory doc website-articlehhsgovernment
Cyber Resiliency

Resources that provide and overview of Cyber Resiliency and its implementation. Read Cyber Resiliency

June 4, 2021, technical-leaderprotectcybersecurity-assessment docmitrenon-profit
Cyber Resilience Review (CRR)

CRR is a no-cost, voluntary, non-technical assessment to evaluate an organization’s operational resilience and cybersecurity practices. Read Cyber Resilience Review (CRR)

June 4, 2021, , , , , business-leader technical-leaderidentify recover respondcybersecurity-assessment doc website-articlecisagovernment
Cyber Operations Rapid Assessment (CORA)

A lightweight assessment tool used to evaluate your overall cybersecurity operations and infrastructure. Read Cyber Operations Rapid Assessment (CORA)

June 4, 2021, , business-leader technical-leaderidentifydoc toolmitrenon-profit
Cyber Attack Checklist

Steps for a HIPAA covered entity or its business associate (the entity) to take in response to a cyber-related security incident. Read Cyber Attack Checklist

June 4, 2021, , , business-leader technical-leaderrecover respondadvisory dochhsgovernment
Cyber Assessments

An overview of Cyber Assessments methods to bolster an organization’s ability to identify, protect, and detect cyber threats. Read Cyber Assessments

June 4, 2021, , , technical-leaderdetect identify protectcybersecurity-assessment docmitrenon-profit
Crown Jewels Analysis (CJA)

Crown Jewels Analysis (CJA) is a process for identifying those cyber assets that are most critical to achieve an organization’s key objectives and enable organizations to prioritize and apply limited resources effectively for cyber resiliency during a major cyber attack. Read Crown Jewels Analysis (CJA)

June 4, 2021, , business-leaderidentifycybersecurity-assessment doc toolmitrenon-profit
Common Vulnerability Scoring System Special Interest Group (SIG)

The Common Vulnerability Scoring System (CVSS) provides a way to capture the principal characteristics of a vulnerability and produce a numerical score reflecting its severity. The score can help organizations properly assess and prioritize their vulnerability management processes. Read Common Vulnerability Scoring System Special Interest Group (SIG)

June 4, 2021, , it-cybersecurity-practitionerprotectdoc training website-articlefirstgovernment
Common Vulnerabilities and Exposures (CVE)

CVE® is a list of records—each containing an identification number, a description, and at least one public reference—for publicly known cybersecurity vulnerabilities. Read Common Vulnerabilities and Exposures (CVE)

June 4, 2021, , , it-cybersecurity-practitioneridentifydoc tool website-articlemitregovernment non-profit
Combating Ransomware: A Comprehensive Framework for Action: Key Recommendations from the Ransomware Task Force

A comprehensive strategic framework and recommendations for tackling the dramatically increasing and evolving threat of ransomware. Read Combating Ransomware: A Comprehensive Framework for Action: Key Recommendations from the Ransomware Task Force

June 4, 2021, , , , business-leaderprotect recover respondadvisory best-practice docinstitute-for-security-and-technologynon-profit
CISA, MS-ISAC, NGA & NASCIO Recommend Immediate Action To Safeguard Against Ransomware Attacks

Best practice outlining three steps to resilience against ransomware for State and Local Partners. Read CISA, MS-ISAC, NGA & NASCIO Recommend Immediate Action To Safeguard Against Ransomware Attacks

June 4, 2021, , it-cybersecurity-practitioner technical-leaderidentify protectbest-practicecisagovernment
Caldera

CALDERA™ is a cybersecurity framework designed to easily run autonomous breach-and-simulation exercises. It can also be used to run manual red-team engagements or automated incident response. Read Caldera

May 17, 2021, , it-cybersecurity-practitioner technical-leaderidentifycybersecurity-assessment toolmitrenon-profit

Pin It on Pinterest

Share This