REFERENCES

Important Notice: The following are references to various publicly available materials. They may be downloaded freely, via subscription or behind paywalls. It should be assumed that all such references have copyright restrictions in various forms which must be adhered to. References in the body of this site or related documents to the context of such materials is intentionally limited so as not to infringe any such copyright. Some indicate the reference section in the book: Who Left the Back Door Open? published in 2023.

  • US Govt: CISA Cybersecurity “Performance” Goals Link
  • US Govt: CISA: Common Vulnerabilities and Exposures the CISA list
  • US Govt: CISA’s Zero Trust Maturity ModelLink
  • US Govt: Cybersecurity and Infrastructure Security Agency (CISA) link
  • US Govt: DoD Cybersecurity Maturity Model Certification(CMMC) 2020 Link – Book reference [44]
  • US Govt: Moving the U.S. Government Toward Zero Trust (White House 2022) Link – Book reference [6]
  • US Govt: NIST announced the choice of Ascon Link
  • US Govt: NIST Cybersecurity Framework 2.0 (Draft August 2023) Link
  • US Govt: NIST Definition of Cloud Computing Service Models – 2011 Link – Book reference [30]
  • US Govt: NIST Glossary Link
  • US Govt: NIST policies include Mandatory,  Discretionary and Role-Based Access Control. Link to NIST Glossary.
  • US Govt: NIST Secure Software Development Framework – from Feb 2022 Link
  • US Govt: NIST Security and Privacy Controls for Information Systems and SP 800-53 Rev. 5 (2020) Link – Book reference [19]
  • US Govt: NIST Security Resource Center US Govt: NIST.gov – Book reference [45]
  • US Govt: NIST Special Publication 800-207 “Zero Trust Architecture”, August 2020 – Book reference [22]
  • US Govt: President Biden on Cybersecurity Link plus Fact Sheet Link – Book reference [7]
  • US Govt: The Federal Trade Commission holds end-users accountable – 2022 Link – Book reference [14]
  • US Govt: White House Cybersecurity Strategy Link
  • Accountable Digital Identity Association Specification Link. – Book reference [26]
  • Argon2 Memory-Hard Function for Password Hashing. IETF: RFC9106
  • AsconLightweight Cryptography for IoT devices: Link,
  • BitLocker review from Radius. Link – Book reference [38]
  • Certificate Authority IETF RFC 8555 standard.
  • Cloud Security Alliance Guidelines available on Amazon – (Link) 2021 – Book reference [29]
  • Cloud Security Notification from ONUG (2021) Link – Book reference [33]
  • Comparison between GDPR and CCPA Link – Book reference [9]
  • Container Security by Liz Rice. Link to O’Reilly published book sponsored by Aqua. (2020) Link – Book reference [34]
  • CPE WAN Management Protocol (TR-069) from the Broadband Forum – Book reference [36]
  • Critical Infrastructure(See the CISA description)
  • CSO/IDG Cloud Security Threats  Link 2020 – Book reference [37]
  • David Bown on prevention of Living off the Land attacks Link – Book reference [41]
  • Defending against Living off the Land attack paper 2017-2021 Link – Book reference [40]
  • DevSecOps a definition and discussion Link: DevSecOps explained. 2015 – Book reference [28]
  • Digital Forensics and Incident Response (DFIR) report  Link
  • Exponential Organizations book/methodology/community for introducing disruptive technologies. Available on Amazon/Audible – Book reference [21]
  • FIDO (Fast IDentity Online) Alliance Link – Book reference [27]
  • Forbes.com: Cybersecurity a board leadership imperative 2022 (Now behind pay wall). Link – Book reference [1]
  • Gartner on Extended Detection and Response Link – Book reference [47]
  • General Data Protection Regulation (GDPR) Regulation (EU) 2016/679 of the European Parliament April 2016 Link to EU site – Book reference [8]
  • Google Data Processing and Security Terms (Customers) 2021 Link – Book reference [10]
  • H264 Video File vulnerabilities white paper by the University of Texas (April 2023 )Link.
  • Health Insurance Portability and Accountability Act (HIPPA) Security Rule – 2003 Link to HHS – Book reference [46]
  • Holistic Cybersecurity impact on Exponential Organizations Link
  • IEEE Standard for Media Access Control (MAC) Security. 2018. Link – Book reference [39]
  • Improving the Nation’s Cybersecurity: Exec. Order 14028 (2021). Link – Book reference [16]
  • Internet Engineering Task Force (IETF). Link
  • Internet Key Exchange (IKEv2) Protocol IETF RFC 4306 (2005)  Link
  • ISE article on Holistic Cybersecurity Link
  • ISO 27001 and 27000 (2013,2020) on security management Link – Book reference [20]
  • Malcom Gladwell – Talking with Strangers – (2020) on “the People We Don’t Know” when evaluating potential staff. Link to Audible.com – Book reference [17]
  • MEF Link MEF specification for providers MEF70.1 SD-WAN (Software Defined Wide Area Networks (2021) Link – Book reference [15]
  • MEF 118: Zero Trust Framework for MEF Services. Link
  • Microsoft’s Software Development Lifecycle (SDL) system. Link
  • MITRE ATT&CK: industry threat reference: Click for more info
  • OAuth 2.0 – industry-standard protocol for authorization. specification and its extensions are developed within the IETFin RFC6749 Link. More at OAuth Working Group. Link – Book reference [23] [24]
  • OAuth secure API Access Tokens Link – Book reference [43]
  • Open Source Security Foundation Link. committed to advancing open source security for all. 2021 Link. – Book reference [3]
  • Open Web Application Security Project’s API Security Top 10. Link – Book reference [42]
  • OWASP Automated Threat Handbook Web Applications v1.2, Link 2018 – Book reference [13]
  • Polymorhic attacks using Chat GPT.  link to article
  • Purplesec on the growth in Ransomware 2018-2020 Link – Book reference [2]
  • SASE The original Gartner Blog: 2019 Link – Book reference [31]
  • Secure Production Identity Framework for Everyone Link
  • Security Assertion Markup Language (SAML) Link to OAuth explanation – Book reference [25]
  • Security Forum – ISF – Online Commercial Assessment Tools Link
  • Security Policies from SANS.org – 2014. – Book reference [18]
  • Security Policy topics/docs from Information Shield. 2006? – 2021 Link
  • Semantic Architecture for Enhanced Cyber Situational Awareness, MITRE, Link 2010
  • Significant Cyber War Events CNBC on Solarwinds-FireEye Breach, December 2020 Link to CNBC article – Book reference [5]
  • Splunk’s guide to SIEMs Link – Book reference [32]
  • The dangers of Royal Ransomware Link
  • The Digital Forensics and Incident Response Report. link
  • The International Association of Privacy Professionals. Privacy Regulations possible target “Cyber-Legal” combo attacks (2021) Link – Book reference [11]
  • Threat Detection and Hunting from GitHub Link – Book reference [48]
  • TLS 1.2 (IETF RFC 5246) to TLS 1.3 (RFC 8446).
  • Tracking sites: Data Breach Today Link – Book reference [12]