This collection of free cybersecurity guides covers a wide range of topics, from resources for developing a cybersecurity program to specific guides for different sectors and organizations.
Whether you work for a small business, a large corporation, or a specific industry, these guides provide insight into cybersecurity best practices, strategies to combat threats, and advice for using online services safely. Offers.
Cybersecurity resources and reference guides
This guide brings together U.S. and international resources for developing a cybersecurity program and establishing robust network protection. Covers material on reliable network operations and information systems security, focusing on confidentiality, integrity, and other important aspects. Aimed at promoting security cooperation, it contains information on cybersecurity norms, best practices, policies, and standards.
Cyber security toolkit for boards
NCSC's Board Toolkit helps boards embed cyber resilience and risk management throughout their organizations, including people, systems, processes, and technology. This toolkit is designed for board members of medium to large organizations in all sectors, including boards of directors, boards/advisory boards, non-executive directors, and boards of trustees.
C2M2 and CMMC User Guide
This guide is designed for Cybersecurity Capability Maturity Model (C2M2) users seeking Cybersecurity Maturity Model Certification (CMMC) to meet their Department of Defense contractual obligations. This is intended to help these users leverage their existing C2M2 experience while pinpointing further actions required for CMMC certification compliance.
Department of Defense (DoD) Cybersecurity Reference Architecture
The Cybersecurity Reference Architecture (CSRA) outlines principles, components, and design patterns to counter internal and external network threats and ensure cyberspace survivability and operational resilience. CSRA is designed for organizations that require access to Department of Defense resources to guide cybersecurity establishment and facilitate joint deterrence and strategic acquisition planning.
A guide to securing your remote access software
Written by CISA, NSA, FBI, MS-ISAC, and INCD, this guide provides insight into prevalent exploits and related tactics, techniques, and procedures (TTPs). It also provides IT/OT and ICS professionals and organizations with recommendations on best practices when adopting remote capabilities and strategies for identifying and countering malicious actors who exploit this software. Masu.
Incident Response Guide: Water and Wastewater Department
CISA worked with EPA, FBI, and sector partners to develop this Incident Response Guide (IRG) specifically for the Water and Wastewater Systems (WWS) sector. This unique IRG provides critical information about the federal government's role, resources, and responsibilities across the cyber incident response lifecycle to help WWS sector owners and operators strengthen their incident response plans and overall cyber resiliency. I will make it possible.
NIST Phishing Scale User Guide
The NIST Phish Scale provides a system for those conducting cybersecurity and phishing awareness training to rate the difficulty of detecting phishing attempts in email. This guide describes phishing scales and provides step-by-step instructions for applying them to phishing emails. Additionally, it includes an appendix with worksheets to help trainers effectively use his Phish Scale, as well as detailed information on email characteristics and related findings.
Phishing guidance: Stop the attack cycle in phase 1
This guide details common phishing techniques used by attackers and provides strategies for network defenders and software manufacturers to reduce the impact of attacks such as credential theft and malware deployment. Recognizing the resource constraints of some organizations, it includes specific recommendations for small and medium-sized businesses that lack dedicated IT staff for continuous phishing protection.
#StopRansomware Guide
This guide serves as a resource for organizations to reduce the risk of ransomware attacks. Provides best practices for detection, prevention, response, and recovery, including detailed strategies for dealing with potential threats. It was developed through the Joint Ransomware Task Force (JRTF), an interagency organization established by Congress under the Critical Infrastructure Incident Reporting Act of 2022 (CIRCIA).
Use online services safely
This guide provides practical advice for using online services safely and reducing the risk of cyberattacks for small organizations. Covers essential online tools that are essential to daily work, even if their usage isn't always obvious, including email, instant messaging, cloud storage, online accounting and invoice management, website or online shop hosting, and social media interaction. doing.
Further considerations: