REFERENCES

Important Notice: The following are references to various publicly available materials. They may be downloaded freely, via subscription or behind paywalls. It should be assumed that all such references have copyright restrictions in various forms which must be adhered to. References in the body of this site or related documents to the context of such materials is intentionally limited so as not to infringe any such copyright. These are numbered in the same order as the reference section in the book.

  1. Forbes.com: Cybersecurity a board leadership imperative 2022 Link
  2. Purplesec on the growth in Ransomware 2018-2020 Link
  3. Open Source Security Foundation Link. committed to advancing open source security for all. 2021 Link.
  4. What is Spear phishing from Knowbe4 Link
  5. Significant Cyber War Events CNBC on Solarwinds-FireEye Breach, December 2020 Link to CNBC article
  6. Moving the U.S. Government Toward Zero Trust (White House 2022) Link
  7. President Biden on Cybersecurity Link plus Fact Sheet Link
  8. General Data Protection Regulation (GDPR) Regulation (EU) 2016/679 of the European Parliament April 2016 Link to EU site
  9. Comparison between GDPR and CCPA Link
  10. Google Data Processing and Security Terms (Customers) 2021 Link
  11. The International Association of Privacy Professionals. Privacy Regulations possible target “Cyber-Legal” combo attacks (2021) Link
  12. Tracking sites: Data Breach Today Link
  13. OWASP Automated Threat Handbook Web Applications v1.2, Link 2018
  14. The Federal Trade Commission holds end-users accountable – 2022 Link
  15. MEF Link MEF specification for providers MEF70.1 SD-WAN (Software Defined Wide Area Networks (2021) Link
  16. Improving the Nation’s Cybersecurity: Exec. Order 14028 (2021). Link
  17. Malcom Gladwell – Talking with Strangers – (2020) on “the People We Don’t Know” when evaluating potential staff. Link to Audible.com
  18. Security Policies from SANS.org – 2014.
  19. NIST Security and Privacy Controls for Information Systems and SP 800-53 Rev. 5 (2020) Link
  20. ISO 27001 and 27000 (2013,2020) on security management Link
  21. Exponential Organizations book/methodology/community for introducing disruptive technologies. Available on Amazon/Audible
  22. NIST Special Publication 800-207 “Zero Trust Architecture”, August 2020
  23. OAuth 2 authorization framework by Digital Ocean. 2021 Link
  24. OAuth 2.0 – industry-standard protocol for authorization. specification and its extensions are developed within the IETF OAuth Working Group.
  25. Security Assertion Markup Language (SAML) Link to OAuth explanation
  26. Accountable Digital Identity Association Specification Link.
  27. FIDO (Fast IDentity Online) Alliance Link
  28. DevSecOps a definition and discussion Link: DevSecOps explained. 2015
  29. Cloud Security Alliance Guidelines available on Amazon – (Link) 2021
  30. NIST Definition of Cloud Computing Service Models – 2011 Link
  31. SASE The original Gartner Blog: 2019 Link
  32. Splunk’s guide to SIEMs Link
  33. Cloud Security Notification from ONUG (2021) Link
  34. Container Security by Liz Rice. Link to O’Reilly published book sponsored by Aqua. (2020) Link
  35. User Services Platform (USP) TR-369 from the Broadband Forum. Link
  36. CPE WAN Management Protocol (TR-069) from the Broadband Forum
  37. CSO/IDG Cloud Security Threats  Link 2020
  38. BitLocker review from Radius. Link
  39. IEEE Standard for Media Access Control (MAC) Security. 2018. Link
  40. Defending against Living off the Land attack paper 2017-2021 Link
  41. David Bown on prevention of Living off the Land attacks Link
  42. Open Web Application Security Project’s API Security Top 10. Link
  43. OAuth secure API Access Tokens Link
  44. DoD Cybersecurity Maturity Model Certification(CMMC) 2020 Link
  45. NIST Security Resource Center nist.gov
  46. Health Insurance Portability and Accountability Act (HIPPA) Security Rule – 2003 Link to HHS
  47. Gartner on Extended Detection and Response Link
  48. Threat Detection and Hunting from GitHub Link
Additional Useful Links
  1. NIST Glossary Link
  2. “A Semantic Architecture for Enhanced Cyber Situational Awareness”, MITRE, Link 2010
  3. Security Forum – ISF – Online Commercial Assessment Tools Link
  4. Security Policy topics/docs from Information Shield. 2006? – 2021 Link
  5. Internet Engineering Task Force (IETF). Link
  6. White House Cybersecurity Strategy Link
  7. NIST Secure Software Development Framework – from Feb 2022 Link
  8. The dangers of Royal Ransomware Link
  9. NIST announced the choice of Ascon Link
  10. Polymorhic attacks using Chat GPT.  link to article
  11. ISE article on Holistic Cybersecurity Link
  12. CISA Cybersecurity “Performance” Goals Link
  13. MEF 118: Zero Trust Framework for MEF Services. Link
  14. Holistic Cybersecurity impact on Exponential Organizations Link
  15. Secure Production Identity Framework for Everyone Link
  16. Digital Forensics and Incident Response (DFIR) report  Link
  17. Internet Key Exchange (IKEv2) Protocol IETF RFC 4306 (2005)  Link
  18. CISA’s Zero Trust Maturity Model Link
[1]     Significant Cyber War Events CNBC on Solarwinds-FireEye Breach, December 2020 Link to CNBC article
[2]     NIST Security Resource Center csrc.nist.gov
[3]     NIST Special Publication 800-207 “Zero Trust Architecture”, August 2020
[4]     DoD Cybersecurity Maturity Model Certification Link: 2020
[5]     DevSecOps a definition and discussion Link: DevSecOps explained June 2015
[6]     NIST Glossary Link https://csrc.nist.gov/glossary
[7]     General Data Protection Regulation (GDPR) Regulation (EU) 2016/679 of the European Parliament April 2016 Link to EU site
[8]     Purplesec on the growth in Ransomware 2018-2020 Link
[9]     Health Insurance Portability and Accountability Act (HIPPA) Security Rule – 2003  Link to HHS
[10]       Cloud Security Alliance Guidelines Version 4 https://cloudsecurityalliance.org/download/security-guidance-v4/, and available on Amazon – (Link) 2021
[11]       Tracking sites: Data Breach Today Link
[12]       Authentication of Controllers is done using X.509 certificates as defined in RFC 5280 and RFC 6818.
[13]       OWASP Automated Threat Handbook Web Applications v1.2, Link  2018
[14]       “A Semantic Architecture for Enhanced Cyber Situational Awareness”, MITRE, Link 2010
[15]       OAuth 2.0 – industry-standard protocol for authorization. specification and its extensions are developed within the IETF OAuth Working Group. See also [32]
[16]       SASE The original Gartner Blog: 2019 Link
[17]       User Services Platform (USP) TR-369  from the Broadband Forum. Link
[18]       CPE WAN Management Protocol (a.k.a. TR-069) from the Broadband Forum
[19]       Comparison between GDPR and CCPA Link
[20]       Google Data Processing and Security Terms (Customers) 2021 Link
[21]       NIST Definition of Cloud Computing Service Models – 2011 Link
[22]       Security Forum – ISF – Online Commercial Assessment Tools and Consulting Organization Link
[23]       Security Policies from SANS.org  – 2014. Useful but needs updating for Staff-on-Demand, Remote Working, Cloud
[24]       Malcom Gladwell – Talking with Strangers – (2020) on “About the People We Don’t Know” when evaluating potential staff. Link to Audible.com
[25]       Large no. of Security Policy topics and docs from Information Shield. 2006? – 2021 Link
[26]       The International Association of Privacy Professionals. Privacy Regulations possible target “Cyber-Legal” combo attacks (2021) Link
[27]       The Federal Trade Commission (FTC) holds end-user organizations accountable – 2022 Link
[28]       Improving the Nation’s Cybersecurity: Exec. Order No. 14028, 86 Fed. Reg. 26633 (2021). Link
[29]       Moving the U.S. Government Toward Zero Trust from the White House (2022) Link
[30]       Gartner on Extended Detection and Response Link
[31]       Splunk’s guide to SIEMs Link
[32]       OAuth 2 authorization framework introduced by Digital Ocean. 2021 Link
[33]       Security Assertion Markup Language (SAML) is a login standard that helps users access applications Link to Oath explanation
[34]       NIST Security and Privacy Controls for Information Systems and SP 800-53 Rev. 5 (2020) Link
[35]       ISO 27001 and 27000 (2013 & 2020) on Information security management Link
[36]       Container Security by Liz Rice. Link to O’Reilly published book sponsored by Aqua. (2020) Link
[37]       BitLocker review from Radius. Link
[38]       Web Application Security Project’s API Security Top 10. Link
[39]       Oath secure API Access Tokens Link
[40]       Threat Detection and Hunting from GitHub Link
[41]       David Bown on prevention of Living off the Land attacks Link
[42]       Cloud Security Notification from ONUG (2021) Link
[43]       Cloud Security Alliance Link
[44]       MEF Link MEF specification for providers MEF70.1 SD-WAN (Software Defined Wide Area Networks (2021) Link
[45]       Exponential Organizations book/methodology/community for introducing disruptive technologies. Available on Amazon/Audible
[46]       IEEE Standard for Media Access Control (MAC) Security. 2018. Link