Tuesday, October 13, 2020

Basic resources for learning more about cybersecurity (Cybersecurity Awareness Month, Day 13)

It's day 13 of Cybersecurity Awareness Month and I'm guessing there are some folks out there for whom this is their first serious encounter with cybersecurity. We know for a fact that cybercrime has risen dramatically in 2020. By mid-April, FBI Deputy Assistant Director Tonya Ugoretz was saying that the number of internet crimes reported to IC3 had "quadrupled compared to months before the pandemic." In this article, written in May, I called it the Covid Effect (also available as a video).

So, if you're relatively new to cybersecurity you may find the jargon confusing. Or maybe you'd like to read more about cybersecurity but don't want to buy a whole book about it. I understand, and I say that as someone who has written whole books about it. 

I figured I would provide links to some resources for folks who are just getting into this. At the same time, these resources can be helpful if you're faced with training employees on security and/or raising security awareness among colleagues.

A Glossary of Common Cybersecurity Terminology: there are quite a few out there, but this one is nicely referenced and tied to standards.

A glossary more focused on malicious code: written by ESET malware researchers (malware is short for malicious software, also known as malicious code—like computer viruses and worms).

At StaySafeOnline.org you will find a good starting point for both learning about cybersecurity and helping others to understand the need for cybersecurity awareness. This site is also the hub of activity for the annual cybersecurity awareness month (October), now observed in many countries.

The award-winning blog WeLiveSecurity.com is a website offering security news, advice, opinion, and award-winning security research, presented in five languages: English, Spanish, Portuguese, German, and French.

Here are some of the leading associations of security professionals, all of whom have websites with articles worth reading:

(ISC)2: International Information System Security Certification Consortium, best known for creating the CISSP credential (Certified Information System Security Professional).

ISSA: Information System Security Association, which has a lot of local chapters but is also international.

ISACA: began as the Information Systems Audit and Control Association but now goes by just ISACA.

AITP: a broader IT group, the Association of Information Technology Professionals is part of CompTIA, a leading provider of certifications in IT and security.

The articles on the Krebs on Security website might be of interest once you start picking up the cybersecurity lingo. This site is where journalist Brian Krebs reports on some of the more interesting cybersecurity problems (he's the one who broke the news of Target breach, and quite a few more since then).

You can find a lot of cybersecurity news on the website of Graham Cluley, a security expert who is also a good writer and speaker. I encourage you to sign up for his newsletter, cheekily called GCHQ (the initials of Britain's top cybersecurity agency). 

Another good newsletter is Weekly Cybersecurity from Politico which examines the latest news in cybersecurity policy and politics.

In the same vein, check out the Third Way Cyber Enforcement Initiative where you can learn more about public policy issues related to cybercrime. All the articles there are written for non-technical readers.

There are lots more places to turn for cybersecurity information—including several subscription-based newsletters from women in cybersecurity that are well-worth paying for. I will cover these soon, but the above should get you started.


No comments: