National Cyber Security Alliance (NCSA): www.staysafeonline.org NCSA is a 501(c)(3) nonprofit, public-private partnership created to educate the American public about cyber security and online safety and to create a culture of cyber security by increasing user defenses to prevent cyber crimes and attacks. NCSA collaborates with a broad range of organizations, including government, corporate, academic, and nonprofit organizations, to bring high quality cyber security and online safety information and best practices to home users, K-12 education, higher education, and small businesses. Cyber security information for business includes resources, tips and best practices.
US-CERT (United States Computer Emergency Readiness Team):www.us-cert.gov Established in 2003, US-CERT is a partnership between the Department of Homeland Security and the public and private sectors. US-CERT provides a way for citizens, businesses, and other institutions to communicate and to coordinate directly with the United States government about cyber security. Resources for business include technical and non-technical information; publications on topical issues; and materials to support security in the workplace, including a brochure and posters with tips and guidance. Report incidents to soc@us-cert.gov.
Alerts and Warnings
Multi-State Information Sharing and Analysis Center (MS-ISAC):www.msisac.org The MS-ISAC, a collaboration of all 50 states, the District of Columbia, local governments, and U.S. Territories, provides a central resource for gathering information on cyber threats to critical infrastructure from the states and providing two-way sharing of information between and among the states and with local government. Information for businesses includes cyber security guides, toolkits, newsletters, and a training video.
Guidelines and Best Practices
Federal Trade Commission (FTC): “Protecting Personal Information: A Guide for Small Businesses.”
The guide offers businesses tips for keeping sensitive personal information – such as names and Social Security numbers – secure. It offers additional websites and publications on security sensitive data. www.ftc.gov/bcp/conline/edcams/infosecurity/
National Security Agency (NSA) Security Configuration Guides: NSA develops and distributes configuration guidance for a wide variety of software, both open source and proprietary. NSA strives to provide its customers and the software development community the best possible security options for the most widely used products. http://www.nsa.gov/ia/guidance/security_configuration_guides/index.shtml
National Association of State Chief Information Officers (NASCIO): www.nascio.org NASCIO provides two topical Newsbriefs delivered via e-mail to you each week on Enterprise Architecture and Cyber Security. This association receives positive reviews from state and local governments and private sector stakeholders.
www.OnGuardOnline.gov This site, also from the FTC, is a useful source of information for quick facts about cyber security and steps that consumers can use to protect themselves. There is also a link where consumers can file complaints to help local and federal law enforcement identify and stop hackers, identity thieves, and scam artists.
Risk Management
International Organization for Standardization and International Electrotechnical Commission (ISO/IEC): “ISO/IEC 27001:2005,”or “ISO 27001.” Published in October 2005, ISO 27001 provides an approach for establishing, operating, and maintaining a business’s Information Security Management System or ISMS. http://www.iso.org
National Institute of Science and Technology (NIST): “NIST Special Publication 800-53, Revision 3.” While geared toward government chief information officers, companies will also benefit from this publication. Its reference section contains more than 100 laws, policies, regulations, standards, and guidelines to inform businesses. http://csrc.nist.gov/publications/drafts/800-53/800-53-rev3-IPD.pdf
Working Groups, Coalitions
Anti-Phishing Work Group:www.antiphishing.org The Anti-Phishing Working Group (APWG) is the global industrial and law enforcement association focused on eliminating the fraud and identity theft that result from phishing, pharming, and email spoofing of all types.
Anti-Spyware Coalition: www.antispywarecoalition.org The Anti-Spyware Coalition (ASC) is a group dedicated to building a consensus about definitions and best practices in the debate surrounding spyware and other potentially unwanted technologies. Composed of anti-spyware software companies, academics, and consumer groups, the ASC seeks to bring together a diverse array of perspective on the problem of controlling spyware and other potentially unwanted technologies.
Please visit the U.S. Chamber of Commerce’s web site for additional information on cyber security (http://www.uschamber.com/issues/index/defense/cip.htm).