In our world that is growing more and more dependent on technology, cybersecurity is just about as important as physical security. For government agencies, ensuring that all bases are covered is critical to safeguard all government services, systems and classified information that could potentially wreak havoc if it ends up in the hands of opportunistic people.
Back on the Justice Clearinghouse webinars is Stacey Wright to provide a comprehensive list of resources – trainings, downloads, job aids, checklists, communities, all related to cybersecurity, cybercrime and IT.
Stacey Wright is the Senior Intel Program Manager at the Center for Internet Security (CIS), where she runs the Intel Team that focuses on providing strategic, operational, and tactical cyber threat intelligence. She previously worked for the FBI Albany Division as a Cyber Intelligence Analyst.
Stacey gave a rundown of cyber and IT must-know resources including:
National resources that provide information sharing, assessments, incident response, training, tools, and templates.
- ISACs and ISAOs including MS-ISAC
- US-CERT and ICS-CERT
- FEMA COOP
Local resources that provide physical places to work and virtual groups to collaborate and train with.
- Fusion Centers
- InfraGard, a members-only working group that does a background check for potential members and allows vetted members to gain access to code green and amber information.
Various tools being used by the different organizations to assess a network’s security, reduce cyber risks, do tabletop and live exercises, and test for malware.
- NIST Cyber Security Framework & Roadmap
- Homeland Security Exercise and Evaluation Program (HSEEP)
- National Cybersecurity Assessment & Technical Services (NCATS)
- Cybersecurity Evaluation Tool (CSET)
- Cyber Resilience Review (CRR)
- MS-ISAC’s Nationwide Cyber Security Review (NCSR)
- RSA Cybersecurity Maturity Assessment Survey
- MS-ISAC’s Anomali
- Malware Investigator
- Malicious Code Analysis Platform (MCAP)
- MS-ISAC’s Notifications for IP Ranges & Domains
- MS-ISAC’s Vulnerability Management Program (VMP)
- National Software Resource Library
- No More Ransom
Resources for hiring and training IT and other cyber professionals.
- Scholarship for Service
- National Initiative for Cybersecurity Education (NICE)
- National Initiative for Cybersecurity Careers & Studies (NICCS™)
- Federal Virtual Training Environment (FedVTE)
- Texas Engineering Extension Service (TEEX)
- ICS-CERT Training
- Software Engineering Institute
- SANS Reading Room
- Online courses in edx.org, and other coding schools like w3, Code Academy, and Firehouse Coding Project
- MS-ISAC National Webcasts
Organizations that provide awareness program materials like newsletters, posters, handouts, tips, and videos.
- National Cyber Security Awareness Month (NCSAM)
- CIS Security Monthly Newsletter
- National Cyber Security Alliance
- OnGuard Online
- Know Your Risk – Raise Your Shield
Law Enforcement-specific resources to provide criminal justice professionals with IT-related best practices, research, training, and cases.
- International Association of Chiefs of Police (IACP) Cyber Center
- Criminal Intelligence Coordinating Council (CICC) Five in 5
- Police Executive Research Forum (PERF)
- National Cyber-Forensics and Training Alliance (NCFTA)
- Federal Law Enforcement Training Centers (FLETC)
- National Computer Forensics Institute (NCFI)
- FBI’s Cyber Task Force (CTF)
- USSS Electronic Crimes Task Force (ECTF)
- National Criminal Justice Training Center (NCJTC)
- National White Collar Crime Center (NW3C)
Miscellaneous resources that provide online courses, publications, databases, advisories, and even discounts on procuring programs.
- Internet Crime Complaint Center (IC3)
- MS-ISAC Cybersecurity Advisories
- MS-ISAC Cybersecurity Advisories
- Poll questions inquired on why the participants are interested in the course and how many useful resources they found.
Stacey clarified during the Q&A segment the audience’s concerns on:
- The possibility that working groups are infiltrated for negative purposes
- Resources to conduct an internal assessment for someone without sufficient technical background
- Post-attack forensic analysis resources
- Collaboration and information sharing among national organizations dealing with IT and cybersecurity