CERT Publication -
Název | Info | Download |
Understanding Voice over Internet Protocol (VoIP) | Voice over Internet Protocol (VoIP) is a form of communication that allows you to make phone calls over a broadband internet connection instead of typical analog telephone lines. Some VoIP services require a computer or a dedicated VoIP phone, while others allow you to use your landline phone to place VoIP calls through a special adapter. |  understanding_voip.pdf
|
Banking Securely Online | Online banking continues to present challenges to your financial security and personal privacy. Millions of people have had their checking accounts compromised, mainly as a result of online banking. If you are going to use online banking to conduct financial transactions, make yourself aware of the risks and take precautions to minimize them. | Banking_Securely_
Online07102006.pdf |
Playing it Safe: Avoiding Online Gaming Risks | New technologies and high-speed internet connections have helped online gaming become a popular pastime on the internet. Because gamers invest large amounts of time and money in today’s sophisticated games, others see an opportunity for mischief or illicit profit | gaming.pdf |
Protecting Aggregated Data | In their ongoing quest for improved operational efficiency, organizations have come to rely on the ability to collect, access, and process large volumes of electronic data (aggregated data). This reliance has evolved with the development of sophisticated database software and the growing availability of hardware with storage capacity measured in terabytes. By possessing such large volumes of data, however, organizations assume certain risks and responsibilities. Large data stores are valuable informational assets that have become targets for cyber criminals. | Data-Agg-120605.pdf |
Introduction to Information Security | The internet is a worldwide collection of loosely connected networks that are accessible to anyone with a computer and a network connection. Thus, individuals and organizations can reach any point on the internet without regard to national or geographic boundaries or time of day | infosecuritybasics.pdf |
South Korean Malware Attack | Reporting and technical details surrounding the malware used in the March 20, 2013, attack on South Korean assets have been varied and inconsistent. This paper outlines the attack's common attributes, gives guidance to U.S. Cricital Infrastructure and Key Resource owners and operators, and lists defensive measures against the DarkSeoul malware | South Korean Malware
Attack.pdf |
The Risks of Using Portable Devices | Portable devices such as jump drives, personal audio players, and tablets give users convenient access to business and personal data on the go. As their use increases, however, so do the associated risks. | RisksOfPortable
Devices.pdf |
Cyber Threats to Mobile Phones | Smartphones and personal digital assistants (PDAs) give users mobile access to email, the internet, GPS navigation, and many other applications. However, smartphone security has not kept pace with traditional computer security. | cyber_threats_to_mobile_
phones.pdf |
Understanding and Protecting Yourself Against Money Mule Schemes | “Money mules” are people who are used to transport and launder stolen money or some kind of merchandise. Criminals may even recruit money mules to use stolen credit card information. People who are used as money mules may be willing participants; however, many money mules are not aware that they are being used to commit fraud | money_mules.pdf |
Socializing Securely: Using Social Networking Services | Social networking is a way for people to connect and share information with each other online. Millions of people worldwide regularly access these types of services from mobile devices, applications, and websites. | safe_social_networking.pdf |
Vulnerability Information |
Common Vulnerabilities and Exposures List (CVE)
Search vulnerabilities by CVE name or browse the US-CERT list of vulnerabilities for specific CVEs.
National Infrastructure Advisory Council's Vulnerability Disclosure Framework
Improve your understanding of vulnerability management practices.
National Vulnerability Database (NVD)
Search U.S. government vulnerability resources for information about vulnerabilities on your systems.
Open Vulnerability Assessment Language (OVAL)
Identify vulnerabilities on your local systems using OVAL vulnerability definitions.
Tools, Techniques, Research, and Guidelines |
Build Security In
BSI provides a collection of software assurance and security information to help software developers, architects, and security practitioners create secure systems.
Center for Education and Research in Information Assurance and Security (CERIAS)
CERIAS offers tools and resources to the security community at large.
DHS Science and Technology Directorate Cyber Security Division Resources
DHS provides public documents relevant to the planning of cybersecurity research and development.
Information Sharing Specifications
TAXII, STIX, and CybOX are technical specifications designed to enable automated information sharing for cybersecurity situational awareness, real-time network defense and sophisticated threat analysis.
National Institute of Standards and Technology (NIST)
NIST offers various publications to promulgate computer security standards and guidelines and present relevant supporting information and research.
Operationally Critical Threat and Vulnerability Evaluation (OCTAVE)
OCTAVE includes tools and techniques for risk-based assessment and planning.
Software Assurance: Community Resources and Information Clearinghouse
The Software Assurance Program provides resources to encourage cyber resilience.
Federal Cyber Service: Scholarship for Service Program (SFS)
The SFS program seeks to increase the number of skilled students entering the fields of information assurance and computer security.
National Centers of Academic Excellence in Information Assurance Education
The Centers of Academic Excellence program strengthens higher education in information assurance programs to meet America's growing requirements for cybersecurity professionals.
National Initiative for Cybersecurity Careers and Studies (NICCS)
A one-stop shop for cybersecurity careers and studies, NICCS connects the public with information on cybersecurity awareness, degree programs, training, careers, and talent management.
OnGuard Online
Practical tips from the Federal Government and technology industry to help consumers guard against Internet fraud, secure their computers, and protect personal information
Stay Safe Online
Resources sponsored by the National Cyber Security Alliance (NCSA) to promote safe behavior online
The NetSmartz Workshop
Educational materials for children and teens
Stop. Think. Connect. || Get Involved and Informed | Tips and Advice
A national public awareness campaign aimed at increasing the understanding of cyber threats and empowering the American public to be safer and more secure online
Information Sharing and Analysis Centers (ISACs) |
Information Sharing and Analysis Centers (ISACs) were established to allow sectors to share information and work together in an effort to protect our critical infrastructures.
Emergency Services
Emergency Management and Response ISAC
Energy
Electricity Sector ISACFinancial Services
Financial Services ISAC
Government Facilities
Multi-State ISAC
Information Technology
Information Technology ISAC
Real Estate
Real Estate ISAC
Research and Education
Research and Education Networking ISAC
Communications
NCC-Communications ISAC
Transportation Systems
Surface Transportation ISAC
Water and Wastewater Systems
Water ISAC
NCCIC Cyber Incident Scoring System
The NCCIC Cyber Incident Scoring System (NCISS) is a framework designed to provide a repeatable and consistent mechanism for estimating the impact of a cyber incident.
Comprehensive National Cybersecurity Initiative
The CNCI consists of initiatives and goals designed to help secure the United States in cyberspace.
E-Government Act of 2002 including Title III - The Federal Information Security Management (FISMA) Act
The purpose of this Act is to enhance the management and promotion of electronic government services and processes. Title III of this act is the Federal Information Security Management Act of 2002. The E-Government Act permanently supersedes the Homeland Security Act in those instances where both Acts prescribe different amendments to the same provisions of the United States Code.
International Strategy for Cyberspace
The International Strategy for Cyberspace outlines a vision for cyberspace and an agenda for realizing it.
IT Sector Baseline Risk Assessment
The ITSRA identifies and prioritizes national-level risks to critical functions delivered and maintained by the IT Sector and relied on by all critical infrastructure sectors.
National Infrastructure Protection Plan
NIPP 2013 outlines how government and private sector participants in the critical infrastructure community work together to manage risks and achieve security and resilience outcomes.
National Security Strategy
The National Security Strategy articulates four enduring national interests advanced by the five missions of DHS.
Office of Management and Budget Guidance on FISMA
M-15-01 provides current Administration information security priorities, FY 2014-2015 Federal Information Security Management Act (FISMA) and Privacy Management reporting guidance and deadlines, and policy guidelines to improve Federal information security posture.
Presidential Homeland Security Issues
This web page describes guiding principles for securing the United States from 21st-century threats.
Presidential Policy Directive – Critical Infrastructure Security and Resilience
Released in February 2013, PPD-21 provides guidance for a national unity of effort to strengthen and maintain secure, functioning, and resilient critical infrastructure.
Quadrennial Homeland Security Review
Published in 2014, the QHSR reaffirms the five homeland security missions set forth in the previous QHSR, while acknowledging the evolving landscape of homeland security threats and hazards.
US-CERT Year In Review CY 2012
US-CERT 2012 Trends In Retrospect