Cybersecurity Resource Center.

There are many free and valuable resources available online for companies of all sizes. Below are quick references to many of these resources.

Articles by Overt.

Below are cybersecurity articles from the staff at Overt:

Online Resources.

Security Frameworks.

Overt Channel recommends three frameworks for security, often used in assessments or developing security programs:

National Institute of Standards and Technology (NIST) – Cybersecurity Framework (CSF) – https://www.nist.gov/cyberframework
International Organization for Standardization and the International Electrotechnical Commission (ISO/IEC) – ISO 27001 – https://www.iso.org/isoiec-27001-information-security.html
Center for Internet Security (CIS) – CIS Controls – https://www.cisecurity.org/controls

Security Guides.

Australian Cyber Security Centre (ACSC) – https://www.cyber.gov.au/

Security for individuals & families step-by-step guide – https://www.cyber.gov.au/acsc/individuals-and-families/step-by-step-guides
Security for small & medium sized businesses (SMB) – https://www.cyber.gov.au/resources-business-and-government/essential-cyber-security/smallbusiness

US Federal Trade Commission (FTC) – Cybersecurity for Small Business – https://www.ftc.gov/business-guidance/small-businesses/cybersecurity

Cybersecurity Basics – https://www.ftc.gov/business-guidance/small-businesses/cybersecurity/basics
Cybersecurity Basics Downloadable PDF – https://www.ftc.gov/system/files/attachments/cybersecurity-basics/cybersecurity_sb_cyber-basics.pdf

The Cyber Risk Institute – CRI Profile – https://cyberriskinstitute.org/the-profile/

US Federal Government Resources.

Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) – https://www.cisa.gov/

National Credit Union Administration (NCUA) – Cybersecurity Resources- https://www.ncua.gov/regulation-supervision/regulatory-compliance-resources/cybersecurity-resources

Federal Financial Institutions Examination Council (FFIEC) – Cybersecurity Awareness – https://www.ffiec.gov/cybersecurity.htm

The FFIEC provides extensive resources directed toward financial institutions with the aim of assessing and improving their cybersecurity postures. These resources are free – and useful – to all organizations. The FFIEC’s Cybersecurity Assessment Tool (CAT) is an excellent resource.

Federal Deposit Insurance Corporation (FDIC) – Cyber Challenge – https://www.fdic.gov/regulations/resources/director/technical/cyber/purpose.html

Non-Government Organizations.

National Council of ISACs – https://www.nationalisacs.org/member-isacs-3

Information Sharing and Analysis Centers (ISACs) are sector-based membership organizations which facilitate information sharing.

Financial Services Sector Coordinating Council (FSSCC) – Published Documents – https://fsscc.org/published-documents/

Annual Reports.

Reports Provided by Commercial Companies

Data Breach Investigations Report (DBIR) by Verizon – https://enterprise.verizon.com/en-gb/resources/reports/dbir/
“The State of the Phish” by Proofpoint – https://www.proofpoint.com/us/resources/threat-reports/state-of-phish
Microsoft Digital Defense Reports – https://www.microsoft.com/en-us/security/business/security-intelligence-report
SaaS Alerts SASI Report – https://saasalerts.com/category/sasi-report/

Annual Report on Cyber Crime by the FBI’s Internet Crime Complaint Center (IC3)

Reporting & Notifications.¹

DMCA Takedown Requests – https://www.copyright.gov/dmca/ – A DMCA Takedown Request is a letter sent to a website owner asking them to remove protected (proprietary, trademark, or copyright) content. If the owner is unresponsive, a similar letter can be sent to the website hosting company. Examples include:

Someone has copied my website. I think they are trying to steal my customers.
Someone has copied my original photographs.
Someone has copied my whitepaper and posted it on their site. They did not link it to my site or attribute ownership.
Someone has copied my advertising.

Uniform Domain Name Dispute Resolution Policy (UDRP) – The UDRP is a process established by the Internet Corporation for Assigned Names and Numbers (ICANN) for the resolution of disputes regarding the registration of internet domain names. The process can be used to take ownership of a domain, when successful. Examples include:

Someone has register a look-alike domain that is one letter different than mine. They are using this in an email phishing campaign against my company.
Someone has registered a look-alike domain and built a similar website. I think they are trying to steal my customers.

IC3 Complaint – The FBI’s Internet Crime Complaint Center (IC3) should be notified by victims of cybercrime. This enables federal law enforcement to correlate crimes based and maintain statistics. It should be considered simply a notification mechanism. It is not a substitute for requesting law enforcement involvement during cyber incident response, suspected terrorism, or suspected crimes against children.

Internet Crime – https://www.ic3.gov/Home/FileComplaint
Suspected Terrorism – https://www.fbi.gov/tips/
National Center for Missing and Exploited Children (NCMEC) – https://report.cybertip.org/

¹ Not intended to be legal advice. Please refer to https://overtchannel.com/legal/.

Security resources, whitepapers, downloads.