REFERENCES
Important Notice: The following are references to various publicly available materials. They may be downloaded freely, via subscription or behind paywalls. It should be assumed that all such references have copyright restrictions in various forms which must be adhered to. References in the body of this site or related documents to the context of such materials is intentionally limited so as not to infringe any such copyright. These are numbered in the same order as the reference section in the book.
- Forbes.com: Cybersecurity a board leadership imperative 2022 Link
- Purplesec on the growth in Ransomware 2018-2020 Link
- Open Source Security Foundation Link. committed to advancing open source security for all. 2021 Link.
- What is Spear phishing from Knowbe4 Link
- Significant Cyber War Events CNBC on Solarwinds-FireEye Breach, December 2020 Link to CNBC article
- Moving the U.S. Government Toward Zero Trust (White House 2022) Link
- President Biden on Cybersecurity Link plus Fact Sheet Link
- General Data Protection Regulation (GDPR) Regulation (EU) 2016/679 of the European Parliament April 2016 Link to EU site
- Comparison between GDPR and CCPA Link
- Google Data Processing and Security Terms (Customers) 2021 Link
- The International Association of Privacy Professionals. Privacy Regulations possible target “Cyber-Legal” combo attacks (2021) Link
- Tracking sites: Data Breach Today Link
- OWASP Automated Threat Handbook Web Applications v1.2, Link 2018
- The Federal Trade Commission holds end-users accountable – 2022 Link
- MEF Link MEF specification for providers MEF70.1 SD-WAN (Software Defined Wide Area Networks (2021) Link
- Improving the Nation’s Cybersecurity: Exec. Order 14028 (2021). Link
- Malcom Gladwell – Talking with Strangers – (2020) on “the People We Don’t Know” when evaluating potential staff. Link to Audible.com
- Security Policies from SANS.org – 2014.
- NIST Security and Privacy Controls for Information Systems and SP 800-53 Rev. 5 (2020) Link
- ISO 27001 and 27000 (2013,2020) on security management Link
- Exponential Organizations book/methodology/community for introducing disruptive technologies. Available on Amazon/Audible
- NIST Special Publication 800-207 “Zero Trust Architecture”, August 2020
- OAuth 2 authorization framework by Digital Ocean. 2021 Link
- OAuth 2.0 – industry-standard protocol for authorization. specification and its extensions are developed within the IETF OAuth Working Group.
- Security Assertion Markup Language (SAML) Link to OAuth explanation
- Accountable Digital Identity Association Specification Link.
- FIDO (Fast IDentity Online) Alliance Link
- DevSecOps a definition and discussion Link: DevSecOps explained. 2015
- Cloud Security Alliance Guidelines available on Amazon – (Link) 2021
- NIST Definition of Cloud Computing Service Models – 2011 Link
- SASE The original Gartner Blog: 2019 Link
- Splunk’s guide to SIEMs Link
- Cloud Security Notification from ONUG (2021) Link
- Container Security by Liz Rice. Link to O’Reilly published book sponsored by Aqua. (2020) Link
- User Services Platform (USP) TR-369 from the Broadband Forum. Link
- CPE WAN Management Protocol (TR-069) from the Broadband Forum
- CSO/IDG Cloud Security Threats Link 2020
- BitLocker review from Radius. Link
- IEEE Standard for Media Access Control (MAC) Security. 2018. Link
- Defending against Living off the Land attack paper 2017-2021 Link
- David Bown on prevention of Living off the Land attacks Link
- Open Web Application Security Project’s API Security Top 10. Link
- OAuth secure API Access Tokens Link
- DoD Cybersecurity Maturity Model Certification(CMMC) 2020 Link
- NIST Security Resource Center nist.gov
- Health Insurance Portability and Accountability Act (HIPPA) Security Rule – 2003 Link to HHS
- Gartner on Extended Detection and Response Link
- Threat Detection and Hunting from GitHub Link
- NIST Glossary Link
- “A Semantic Architecture for Enhanced Cyber Situational Awareness”, MITRE, Link 2010
- Security Forum – ISF – Online Commercial Assessment Tools Link
- Security Policy topics/docs from Information Shield. 2006? – 2021 Link
- Internet Engineering Task Force (IETF). Link
- White House Cybersecurity Strategy Link
- NIST Secure Software Development Framework – from Feb 2022 Link
- The dangers of Royal Ransomware Link
- NIST announced the choice of Ascon Link
- Polymorhic attacks using Chat GPT. link to article
- ISE article on Holistic Cybersecurity Link
- CISA Cybersecurity “Performance” Goals Link
- MEF 118: Zero Trust Framework for MEF Services. Link
- Holistic Cybersecurity impact on Exponential Organizations Link
- Secure Production Identity Framework for Everyone Link
- Digital Forensics and Incident Response (DFIR) report Link
- Internet Key Exchange (IKEv2) Protocol IETF RFC 4306 (2005) Link
- CISA’s Zero Trust Maturity Model Link
[1] Significant Cyber War Events CNBC on Solarwinds-FireEye Breach, December 2020 Link to CNBC article |
[2] NIST Security Resource Center csrc.nist.gov |
[3] NIST Special Publication 800-207 “Zero Trust Architecture”, August 2020 |
[4] DoD Cybersecurity Maturity Model Certification Link: 2020 |
[5] DevSecOps a definition and discussion Link: DevSecOps explained June 2015 |
[6] NIST Glossary Link https://csrc.nist.gov/glossary |
[7] General Data Protection Regulation (GDPR) Regulation (EU) 2016/679 of the European Parliament April 2016 Link to EU site |
[8] Purplesec on the growth in Ransomware 2018-2020 Link |
[9] Health Insurance Portability and Accountability Act (HIPPA) Security Rule – 2003 Link to HHS |
[10] Cloud Security Alliance Guidelines Version 4 https://cloudsecurityalliance.org/download/security-guidance-v4/, and available on Amazon – (Link) 2021 |
[11] Tracking sites: Data Breach Today Link |
[12] Authentication of Controllers is done using X.509 certificates as defined in RFC 5280 and RFC 6818. |
[13] OWASP Automated Threat Handbook Web Applications v1.2, Link 2018 |
[14] “A Semantic Architecture for Enhanced Cyber Situational Awareness”, MITRE, Link 2010 |
[15] OAuth 2.0 – industry-standard protocol for authorization. specification and its extensions are developed within the IETF OAuth Working Group. See also [32] |
[16] SASE The original Gartner Blog: 2019 Link |
[17] User Services Platform (USP) TR-369 from the Broadband Forum. Link |
[18] CPE WAN Management Protocol (a.k.a. TR-069) from the Broadband Forum |
[19] Comparison between GDPR and CCPA Link |
[20] Google Data Processing and Security Terms (Customers) 2021 Link |
[21] NIST Definition of Cloud Computing Service Models – 2011 Link |
[22] Security Forum – ISF – Online Commercial Assessment Tools and Consulting Organization Link |
[23] Security Policies from SANS.org – 2014. Useful but needs updating for Staff-on-Demand, Remote Working, Cloud |
[24] Malcom Gladwell – Talking with Strangers – (2020) on “About the People We Don’t Know” when evaluating potential staff. Link to Audible.com |
[25] Large no. of Security Policy topics and docs from Information Shield. 2006? – 2021 Link |
[26] The International Association of Privacy Professionals. Privacy Regulations possible target “Cyber-Legal” combo attacks (2021) Link |
[27] The Federal Trade Commission (FTC) holds end-user organizations accountable – 2022 Link |
[28] Improving the Nation’s Cybersecurity: Exec. Order No. 14028, 86 Fed. Reg. 26633 (2021). Link |
[29] Moving the U.S. Government Toward Zero Trust from the White House (2022) Link |
[30] Gartner on Extended Detection and Response Link |
[31] Splunk’s guide to SIEMs Link |
[32] OAuth 2 authorization framework introduced by Digital Ocean. 2021 Link |
[33] Security Assertion Markup Language (SAML) is a login standard that helps users access applications Link to Oath explanation |
[34] NIST Security and Privacy Controls for Information Systems and SP 800-53 Rev. 5 (2020) Link |
[35] ISO 27001 and 27000 (2013 & 2020) on Information security management Link |
[36] Container Security by Liz Rice. Link to O’Reilly published book sponsored by Aqua. (2020) Link |
[37] BitLocker review from Radius. Link |
[38] Web Application Security Project’s API Security Top 10. Link |
[39] Oath secure API Access Tokens Link |
[40] Threat Detection and Hunting from GitHub Link |
[41] David Bown on prevention of Living off the Land attacks Link |
[42] Cloud Security Notification from ONUG (2021) Link |
[43] Cloud Security Alliance Link |
[44] MEF Link MEF specification for providers MEF70.1 SD-WAN (Software Defined Wide Area Networks (2021) Link |
[45] Exponential Organizations book/methodology/community for introducing disruptive technologies. Available on Amazon/Audible |
[46] IEEE Standard for Media Access Control (MAC) Security. 2018. Link |