1 |
APWG |
Phishing Activity Trends Report |
All Businesses, Governments and Intergovernmental Organizations, Individuals |
Public |
https://apwg.org/trendsreports |
Cybersecurity Awareness |
|
Since 2004, the APWG Phishing Activity Trends Report, now quarterly, analyzes phishing attacks and other cybercrime events reported to the APWG by its member companies, institutions and national government agencies, through the organization’s website at |
2 |
APWG |
Symposium on Electronic Crime Research |
Researchers |
|
https://ecrimeresearch.org/ecrime-symposium/ |
Research and Knowledge Development |
|
The APWG Symposium on Electronic Crime Research (APWG eCrime), founded in 2006 as the eCrime Researchers Summit, was conceived as a comprehensive, multi-disciplinary venue to present applied research into electronic crime, engaging every aspect of its evo |
3 |
APWG |
APWG Phishing Education Landing Page |
Content Providers |
|
https://ecrimeresearch.org/education-landing-page/ |
Cybersecurity Awareness |
CIS Control 14: Security Awareness and Skills Training |
The Phishing Education Landing Page replaces phishing pages with a redirect that sends users to a page of online safety and security instructions when they click on phishing URLs – instead of a confusing 404 message. The APWG launched the program in 200 |
4 |
APWG |
eCrime eXchange |
All Businesses, Governments and Intergovernmental Organizations, Law Enforcement, National CERTs, Nonprofits/Charities |
Member |
https://apwg.org/ecx |
Collaborative Defensive Operations/Information Sharing |
CIS Control 9: Email and Web Browser Protections |
The APWG eCrime Exchange (eCX) is the clearinghouse and repository developed specifically to exchange machine event and Internet event data about common cybercrimes such as phishing. The APWG’s member organizations contribute new data, and extract data |
5 |
APWG |
STOP. THINK. CONNECT. Cybersecurity Awareness Campaign |
All Businesses |
Public |
https://messagingconvention.org |
Cybersecurity Awareness |
CIS Control 14: Security Awareness and Skills Training |
The STOP. THINK. CONNECT. program is a cybersecurity public awareness campaign of shared assets promoted by industry, NGOs and national government deployments and through MoUs with multilateral treaty organizations. STOP. THINK. CONNECT. was conceived and |
6 |
APWG |
APWG Malicious Domain Suspension Program (AMDoS) |
Cybersecurity Providers, Law Enforcement |
Member |
https://ecrimeresearch.org/amdos/ |
Cybersecurity Awareness |
CIS Control 14: Security Awareness and Skills Training |
The APWG Malicious Domain Suspension (AMDoS) system enables Accredited Interveners to submit suspected malicious domain names for investigation and suspension by Sponsoring Registrars and Top-Level Domain Registries. AMDoS orders and systematizes suspensi |
7 |
APWG |
University Researcher Grants |
Researchers |
Public |
https://apwg.org/membership/research/ |
|
|
For the purpose of obtaining access to reliable source data for original research in cybercrime, the APWG honors requests from researchers, Universities, and NGO’s for access to resources within our eCrime Exchange (eCX). Accepted programs are granted a |
8 |
Canadian Cyber Threat Exchange (CCTX) |
Best Practices Development/Sharing/Deployment |
All Businesses |
Member |
https://www.cctx.ca |
Collaborative Defensive Operations/Information Sharing |
|
The CCTX is a not for profit organization created by the private sector that enables members to reduce financial and operational risk through access to relevant and actionable threat intelligence, best practices and information. The cross-sector collabor |
9 |
Canadian Cyber Threat Exchange (CCTX) |
Collaborative Information Sharing |
All Businesses |
Member |
https://www.cctx.ca |
Collaborative Defensive Operations/Information Sharing |
|
The CCTX is a not for profit organization that enables members to reduce financial and operational risk through access to relevant and actionable threat intelligence, best practices and information. The cross-sector collaboration amongst member organizat |
10 |
Canadian Cyber Threat Exchange (CCTX) |
Cybersecurity Awareness |
All Businesses, Individuals |
Public |
https://www.cctx.ca |
Cybersecurity Awareness |
|
CCTX provides podcasts, presentations and research to the general public to raise awareness of the cyber risk and the critical role that collaboration plays in building resiliency. |
11 |
Canadian Cyber Threat Exchange (CCTX) |
Cross Sector Threat Intelligence Sharing |
All Businesses |
Member |
https://www.cctx.ca |
Collaborative Defensive Operations/Information Sharing |
|
The CCTX is a not for profit organization that enables members to reduce financial and operational risk through access to relevant and actionable threat intelligence, best practices and information. The cross-sector collaboration amongst member organizat |
12 |
Canadian Cyber Threat Exchange (CCTX) |
Annual Symposium and Webinars |
All Businesses, Individuals |
Member |
https://www.cctx.ca |
Cybersecurity Awareness, Research and Knowledge Development |
|
CCTX Annual Symposdium is a member only learning and networking opportunity, enabling members to connect, build relationshipos and earn CPE credits. The Technical Webinars are an opportunity for leading edge technology companies and solution providers to |
13 |
Center for Internet Security |
CIS Critical Security Controls |
All Businesses |
Public |
https://www.cisecurity.org/controls |
Best Practices Sharing/Deployment |
|
Foundational set of prioritized security controls |
14 |
Center for Internet Security |
CIS Benchmarks |
All Businesses |
Public |
https://www.cisecurity.org/cis-benchmarks/ |
Best Practices Sharing/Deployment |
|
100+ vendor-neutral Security configuration guides for IT components |
15 |
Center for Internet Security |
CIS SecureSuite |
All Businesses |
Member |
https://www.cisecurity.org/cis-securesuite |
Best Practices Sharing/Deployment |
|
Start secure and stay secure with integrated cybersecurity tools and resources designed to help you implement CIS Benchmarks and CIS Controls. |
16 |
Center for Internet Security |
CIS Hardened Images |
All Businesses |
Public |
https://www.cisecurity.org/cis-benchmarks/ |
Best Practices Sharing/Deployment |
|
Virtual images hardened to CIS Benchmarks on cloud service provider marketplaces |
17 |
Center for Internet Security |
CIS-CAT (Controls Assessment Tool) |
All Businesses |
Public |
https://www.cisecurity.org/ |
Cybersecurity Measurement |
|
A configuration assessment tool that checks conformance to the recommendations in the CIS Benchmarks. Leveraging the CIS-CAT Pro Dashboard component, users can view conformance to best practices and evaluate compliance scores over time. |
18 |
Center for Internet Security |
CIS-CAT Pro (Controls Assessment Tool) |
All Businesses |
Member |
https://www.cisecurity.org/ |
Cybersecurity Measurement |
|
A configuration assessment tool that checks conformance to the recommendations in the CIS Benchmarks. Leveraging the CIS-CAT Pro Dashboard component, users can view conformance to best practices and evaluate compliance scores over time. |
19 |
Center for Internet Security |
CSAT (Controls Self-Assessment Tool, hosted by CIS) |
All Businesses |
Public |
https://www.cisecurity.org/ |
Cybersecurity Measurement |
|
A hosted (by CIS) CIS Controls self-assessment tool that enables you to conduct, track, and assess implementation of the Controls. |
20 |
Center for Internet Security |
CSAT-Pro (Controls Self-Assessment Tool) |
All Businesses |
Member |
https://www.cisecurity.org/ |
Cybersecurity Measurement |
|
An on-premises CIS Controls self-assessment tool that enables you to conduct, track, and assess implementation of the Controls. |
21 |
Center for Internet Security |
CIS-RAM (Risk Assessment Method) |
All Businesses |
Public |
https://learn.cisecurity.org/cis-ram |
Cybersecurity Measurement |
|
An information security risk assessment method that helps organizations implement and assess their security posture against the CIS Critical Security Controls (CIS Controls) cybersecurity best practices. |
22 |
Center for Internet Security |
MS-ISAC Operations |
Governments US State/Local/Tribal/Territorial (SLTT) |
Member |
https://www.cisecurity.org/isac |
Collaborative Defensive Operations/Information Sharing |
|
Improve the overall cybersecurity posture of U.S. State, Local, Tribal, and Territorial (SLTT) government organizations through coordination, collaboration, cooperation, and increased communication. |
23 |
Center for Internet Security |
MS-ISAC Managed Security Services |
Governments US State/Local/Tribal/Territorial (SLTT) |
Member |
https://www.cisecurity.org/services/managed-security-services-mss |
Collaborative Defensive Operations/Information Sharing |
|
Monitor SLTT devices for signs of malicious or anomalous activity, eliminate false positives, and escalate only actionable items as an alert. |
24 |
Center for Internet Security |
MS-ISAC Endpoint Security Services |
Governments US State/Local/Tribal/Territorial (SLTT) |
Member |
https://www.cisecurity.org/services/endpoint-security-services |
Collaborative Defensive Operations/Information Sharing |
|
Offers device-level protection and response to strengthen an organization’s cybersecurity program, and provides active defense against both known (signature-based) and unknown (behavioral-based) malicious activity. |
25 |
Center for Internet Security |
EI-ISAC Operations |
Governments US State/Local/Tribal/Territorial (SLTT) |
Member |
https://www.cisecurity.org/isac |
Collaborative Defensive Operations/Information Sharing |
|
Works closely with election officials and security and technology personnel to provide the highest standards of election security, including incident response and remediation through our team of cyber experts. Our 24x7x365 Security Operations Center (SOC) |
26 |
Center for Internet Security |
ISAC Albert Network Monitoring (IDS) |
Governments US State/Local/Tribal/Territorial (SLTT) |
Member |
https://www.cisecurity.org/services/albert-network-monitoring |
Collaborative Defensive Operations/Information Sharing |
|
24x7x365 managed and monitored Intrusion Detection System (IDS) built to detect SLTT-specific threats. |
27 |
Center for Internet Security |
MDBR (Malicious Doman Blocking & Reporting) |
Governments US State/Local/Tribal/Territorial (SLTT) |
Member |
https://www.cisecurity.org/ms-isac/services/mdbr |
Collaborative Defensive Operations/Information Sharing |
|
A cloud-based solution that uses recursive DNS technology to prevent IT systems from connecting to harmful web domains, helping SLTTs limit infections related to known malware, ransomware, phishing, and other cyber threats. This capability can block the v |
28 |
Center for Internet Security |
CIS CyberMarket |
Governments US State/Local/Tribal/Territorial (SLTT) |
Member |
https://www.cisecurity.org/services/cis-cybermarket |
Best Practices Sharing/Deployment |
|
Collaborative purchasing program that serves U.S. State, Local, Tribal, and Territorial (SLTT) government organizations, nonprofit entities, and public health and education institutions to improve cybersecurity through cost-effective group procurement. |
29 |
Cloud Security Alliance |
Security, Trust, Assurance & Risk (STAR) Program |
All Businesses |
Public |
https://cloudsecurityalliance.org/star |
Cybersecurity Measurement |
|
CSA STAR has public registry of cloud providers complying with CSA Cloud Controls Matrix best practices. Free to view and download all entries to analyze the security of providers. Also free for providers to submit level one self assessments. |
30 |
Cloud Security Alliance |
Zero Trust Resource Hub |
All Businesses |
Public |
https://cloudsecurityalliance.org/zt/resources/ |
Best Practices Sharing/Deployment |
|
Curated site of useful Zero Trust technical documents and standards |
31 |
Cloud Security Alliance |
CSA Research |
All Businesses |
Public |
https://cloudsecurityalliance.org/research/ |
Best Practices Development |
|
Location for complete archive of CSA research, all free to the public |
32 |
Cloud Security Alliance |
CSA Cyber Incident Sharing Center |
All Businesses |
Member |
https://cloudsecurityalliance.org/membership/enterprises/ |
Collaborative Defensive Operations/Information Sharing |
|
Private sharing enclave of cloud-related threat intelligence for members |
33 |
Consumer Reports |
Security Planner |
Individuals |
Public |
https://securityplanner.org,https://securityplanner.consumerreports.org/ |
Cyber Hygiene Implementation |
CIS Control 3: Data Protection, CIS Control 5: Account Management, CIS Control 6: Access Control Management, CIS Control 7: Continuous Vulnerability Management, CIS Control 9: Email and Web Browser Protections, CIS Control 10: Malware Defenses, CIS Control 14: Security Awareness and Skills Training, CIS Control 16: Application Software Security |
Security Planner is an easy personal security assistant that helps people stay safer online. It provides personalized recommendations and expert advice on topics such as keeping social media accounts from being hacked, locking down devices ranging from sm |
34 |
CREST |
Simulated Target Attack & Response,Simulated Target Attack & Response (RedTeam) |
All Businesses, Cybersecurity Providers |
Public |
https://www.crest-approved.org/certification-careers/crest-certifications/ |
Cybersecurity Certification |
|
|
35 |
CREST |
Penetration Testing |
All Businesses, Cybersecurity Providers |
Public |
https://www.crest-approved.org/certification-careers/crest-certifications/ |
Cybersecurity Certification |
|
|
36 |
CREST |
Incident Response |
All Businesses, Cybersecurity Providers |
Public |
https://www.crest-approved.org/certification-careers/crest-certifications/ |
Cybersecurity Certification |
|
|
37 |
CREST |
Security Operations Centers |
All Businesses, Cybersecurity Providers |
Public |
https://www.crest-approved.org/membership/membership-benefits/ |
Standards |
|
|
38 |
Cyber Readiness Institute |
Cyber Readiness Program |
Small and Medium Businesses |
Public |
https://cyberreadinessinstitute.org/ |
Cybersecurity Training and Workforce Development |
|
The Cyber Readiness Program is a simple, practical way for organizations to provide security awareness training to employees and establish sustainable, effective cyber readiness practices. Specifically designed for small and medium-sized enterprises, this |
39 |
Cyber Readiness Institute |
Cyber Leader Program |
Small and Medium Businesses |
Public |
https://cyberreadinessinstitute.org/ |
Cybersecurity Training and Workforce Development |
|
The Cyber Leader Certification Program is a personal professional credential that can be achieved after completing the Cyber Readiness Program. |
40 |
Cyber Readiness Institute |
Cyber Readiness Guides |
Small and Medium Businesses |
Public |
https://cyberreadinessinstitute.org/ |
Cybersecurity Awareness |
|
CRI offers guides on MFA, MSPs, Holiday Season, and other cyber issues and topics relevant to SMBS. |
41 |
Cyber Readiness Institute |
Incident Response Plan |
Small and Medium Businesses |
Public |
https://cyberreadinessinstitute.org/ |
Best Practices Development |
|
Establishing cyber readiness practices and policies helps to reduce risk, but it’s important to assume that our company is likely to have to deal with a security incident at some point that could impact business operations. Trying to determine how to re |
42 |
Cyber Readiness Institute |
Ransomware Playbook |
Small and Medium Businesses |
Public |
https://cyberreadinessinstitute.org/resource/ransomware-playbook/ |
Best Practices Development |
|
How to prepare for, respond to, and recover from a ransomware attack |
43 |
Cyber Threat Alliance |
Threat Intelligence Sharing |
Cybersecurity Providers |
Public |
https://cyberthreatalliance.org/ |
Collaborative Defensive Operations/Information Sharing, Cybercrime Prevention |
|
The Cyber Threat Alliance improves the cybersecurity of the global digital ecosystem by enabling real-time, high-quality cyber threat information sharing among companies and organizations in the cybersecurity field. |
44 |
Cyber Threat Alliance |
Magellan Automated Sharing Platform |
Cybersecurity Providers, Security Operations Entities |
Member |
https://cyberthreatalliance.org |
Collaborative Defensive Operations/Information Sharing |
|
Magellan is CTA's automated threat indicator sharing platform. Member companies submit indicators of compromise and associated context to the platform; members can then retrieve submissions by others. All CTA members are required to submit a minimum numbe |
45 |
Cyber Threat Alliance |
Analytic Sharing |
Cybersecurity Providers |
Member |
https://cyberthreatalliance.org |
Collaborative Defensive Operations/Information Sharing |
|
CTA maintains several channels for members to share threat intelligence at human speed, including dedicated WebEx channels, regular virtual meetings among member representatives, and pre-publication sharing of embargoed blog posts, reports, and research p |
46 |
Cyber Threat Alliance |
Partnership Program |
Information Sharing Organizations |
Member |
https://cyberthreatalliance.org |
Collaborative Defensive Operations/Information Sharing |
|
CTA partners with other information sharing organizations, such as Information Sharing and Analysis Centers (ISACs), to enable informal, human speed collaboration among these entities. This program is open to threat sharing organziations that otherwise do |
47 |
Cybercrime Support Network |
Fightcybercrime.org |
Individuals, Small and Medium Businesses |
Public |
https://fightcybercrime.org |
Cybercrime Victim Assistance |
|
Cybercrime Support Network provides information for individuals and small and medium businesses to recognize, report and recover from cybercrime. Cybercrime Support Network is your advocate and partner in protecting your online data and privacy. |
48 |
Cybercrime Support Network |
Peer Support Program |
Individuals |
Public |
https://fightcybercrime.org/programs/peer-support/ |
Cybercrime Victim Assistance |
|
To support individuals impacted by romance imposter scams, Cybercrime Support Network offers a free, confidential Peer Support Program for romance scam survivors. The counselor-led sessions provide a safe virtual environment for individuals to work throug |
49 |
Cybercrime Support Network |
Military & Veteran Program |
Individuals |
Public |
https://fightcybercrime.org/programs/milvet/ |
Cybercrime Victim Assistance |
|
CSN has created the Partnership to FightCybercrime, a bold new alliance of military and veteran service organizations, non-governmental organizations, corporations, foundations, and federal agencies. By collaborating with this alliance to provide relevant |
50 |
CyberGreen Institute |
Global data for open services |
Governments and Intergovernmental Organizations, ISPs, National CERTs |
Public |
https://stats.cybergreen.net |
Cyber Hygiene Implementation, Cybercrime Prevention, Cybersecurity Measurement |
CIS Control 12: Network Infrastructure Management, CIS Control 15: Service Provider Management |
Weekly, global data and statistics related to 5 open services at the country and ASN levels. Allows policymakers, nat'l CS agencies, CSIRTs, and other network operators assess levels and do cross comparisons. |
51 |
CyberPeace Institute |
CyberPeace Builders |
Nonprofits/Charities |
Member |
https://cyberpeaceinstitute.org/cyberpeacebuilders |
Best Practices Development, Best Practices Sharing/Deployment, Collaborative Defensive Operations/Information Sharing, Cyber Hygiene Implementation, Cybercrime Prevention, Cybercrime Victim Assistance, Cybersecurity Awareness, Cybersecurity Certification, Cybersecurity Measurement, Cybersecurity Testing, Cybersecurity Training and Workforce Development, Development of Tools and Services, Diversity and Inclusion |
|
The CyberPeace Builders programme assists NGOs to build cybersecurity capacity through a trusted and dedicated network of corporate partners who provide volunteers managing a variety of free cybersecurity services for these NGOs. |
52 |
CyberPeace Institute |
CyberPeace Cafes |
Nonprofits/Charities |
Public |
https://cyberpeaceinstitute.org/cyberpeace-cafe/ |
Cyber Hygiene Implementation, Cybersecurity Awareness |
CIS Control 14: Security Awareness and Skills Training |
CyberPeace Café is a repository of international and local cybersecurity awareness and digital resilience resources for NGOs’ employees and users in general. |
53 |
Global Cyber Alliance |
Cybersecurity Toolkit for Individuals |
Individuals |
Public |
https://gcatoolkit.org/individuals/ |
Cyber Hygiene Implementation |
CIS Control 14: Security Awareness and Skills Training |
The GCA Cybersecurity Toolkit for Individuals provides free and effective tools to help protect individuals from cyber risks. The included free tools, services and resources focus on basic cyber hygiene to enable people to significantly reduce their risk |
54 |
Global Cyber Alliance |
Cybersecurity Toolkit for Small Business |
Small and Medium Businesses |
Public |
https://gcatoolkit.org/smallbusiness/ |
Cyber Hygiene Implementation, Cybersecurity Awareness |
CIS Control 1: Inventory and Control of Enterprise Assets, CIS Control 2: Inventory and Control of Software Assets, CIS Control 4: Secure Configuration of Enterprise Assets and Software, CIS Control 6: Access Control Management, CIS Control 9: Email and Web Browser Protections, CIS Control 10: Malware Defenses |
The GCA Cybersecurity Toolkit for Small Business provides free and effective tools to reduce cyber risk. The tools are carefully selected and organized to make it easy to find and implement cybersecurity controls that will help organizations defend themse |
55 |
Global Cyber Alliance |
Cybersecurity Toolkit for Journalists |
Journalists |
Public |
https://gcatoolkit.org/journalists/ |
Cyber Hygiene Implementation |
CIS Control 1: Inventory and Control of Enterprise Assets, CIS Control 2: Inventory and Control of Software Assets, CIS Control 4: Secure Configuration of Enterprise Assets and Software, CIS Control 6: Access Control Management, CIS Control 9: Email and Web Browser Protections, CIS Control 10: Malware Defenses |
This GCA Cybersecurity Toolkit for Journalists empowers independent journalists, watchdogs, and small newsrooms with information and tools to protect their sources and reputation. It helps the user to assess their security posture, implement free tools, f |
56 |
Global Cyber Alliance |
Cybersecurity Toolkit for Elections |
Elections Offices/Officials |
Public |
https://gcatoolkit.org/elections/ |
Cyber Hygiene Implementation |
CIS Control 1: Inventory and Control of Enterprise Assets, CIS Control 2: Inventory and Control of Software Assets, CIS Control 3: Data Protection, CIS Control 4: Secure Configuration of Enterprise Assets and Software, CIS Control 5: Account Management, CIS Control 6: Access Control Management, CIS Control 7: Continuous Vulnerability Management, CIS Control 8: Audit Log Management, CIS Control 9: Email and Web Browser Protections, CIS Control 10: Malware Defenses, CIS Control 11: Data Recovery, CIS Control 12: Network Infrastructure Management |
The tools in the GCA Cybersecurity Toolkit for Elections have been selected to assist election offices and officials augment their security programs with free operational tools and guidance which support implementation of the recommendations in the EI-ISA |
57 |
Global Cyber Alliance |
Cybersecurity Toolkit for Mission-Based Organizations |
Nonprofits/Charities |
Public |
https://gcatoolkit.org/mission-based-orgs/ |
Cyber Hygiene Implementation |
CIS Control 1: Inventory and Control of Enterprise Assets, CIS Control 2: Inventory and Control of Software Assets, CIS Control 4: Secure Configuration of Enterprise Assets and Software, CIS Control 6: Access Control Management, CIS Control 9: Email and Web Browser Protections, CIS Control 10: Malware Defenses |
The GCA Cybersecurity Toolkit for Mission-Based Organizations provides a set of free tools, guidance, and training designed to help organizations take key cybersecurity steps and be more secure. |
58 |
Global Cyber Alliance |
DMARC Setup Guide & Resources |
All Businesses |
Public |
https://www.globalcyberalliance.org/dmarc/ |
Cyber Hygiene Implementation |
CIS Control 9: Email and Web Browser Protections |
GCA assembled these resources about DMARC and a step-by-step DMARC Setup Guide, available in 18 languages, to help organizations of all sizes implement DMARC. |
59 |
Global Cyber Alliance |
AIDE/IoT |
Developers and Development Organizations, ISPs, National CERTs |
Member |
https://www.globalcyberalliance.org/aide/ |
Best Practices Sharing/Deployment, Cybercrime Prevention |
|
At the core of AIDE is a database of 4 years' worth of global honeyfarm data. The current focus is on using the data to identify pockets of criminality and encourage cleanup in source networks. The ultimate goal is to use this sort of intelligence to info |
60 |
Global Cyber Alliance |
Domain Trust |
Carriers/Communications, Critical Infrastructure, Cybersecurity Providers, Information Sharing Organizations, National CERTs, Registrars and Registries, Security Operations Entities |
Public |
https://www.globalcyberalliance.org/domain-trust/ |
Best Practices Sharing/Deployment, Collaborative Defensive Operations/Information Sharing, Cybercrime Prevention |
|
GCA has convened a community of organizations across the globe, working together and driven by data, to help increase the integrity of the Internet by decreasing the number and impact of domains registered for cybercrime and other malicious purposes. This |
61 |
Global Resilience Federation |
ISAC/ISAO construction and operation, cross-sector intelligence sharing, operational resilience against systemic threats |
All Businesses |
Member |
https://www.grf.org/ |
Collaborative Defensive Operations/Information Sharing |
|
Global Resilience Federation (GRF) is a non-profit hub and integrator for support, analysis, and cross-sector intelligence exchange among information sharing and analysis centers (ISACs), organizations (ISAOs), and computer emergency readiness/response te |
62 |
Institute for Security and Technology |
Blueprint for Ransomware Defense |
Small and Medium Businesses |
Public |
https://securityandtechnology.org/ransomwaretaskforce/blueprint-for-ransomware-defense/ |
Best Practices Sharing/Deployment |
|
The Blueprint for Ransomware Defense represents a set of foundational and actionable Safeguards, aimed at small- and medium-sized enterprises (SMEs).They’re based on a curated subset of the globally recognized CIS Critical Security Controls. It is writt |
63 |
National Cyber-Forensics and Training Alliance |
Internet Fraud Alert (IFA) |
All Businesses |
Public |
https://www.ncfta.net |
Cyber Hygiene Implementation |
CIS Control 6: Access Control Management |
IFA is a public service which alerts on compromised credentials recovered online. Stolen credentials include credit/debit cards, email accounts with passwords, and user login accounts with passwords. Credentials are recovered daily by cyber-research analy |
64 |
National Cyber-Forensics and Training Alliance |
Cyfin |
Security Operations Entities |
Member |
https://www.ncfta.net |
Collaborative Defensive Operations/Information Sharing, Cybercrime Prevention |
|
CyFin is an NCFTA Member Program that facilitates financial institutions and law enforcement to share information and identify, validate, mitigate, and disrupt cyber-enabled financial crimes and cyber-threats to the financial services industry. |
65 |
National Cyber-Forensics and Training Alliance |
Malware Lab |
Law Enforcement, MSPs and MSSPs, Security Operations Entities |
Member |
https://www.ncfta.net |
Collaborative Defensive Operations/Information Sharing, Cybercrime Prevention |
CIS Control 10: Malware Defenses |
Through NCFTA's onsite Malware Lab, teams research, analyze, and provide intelligence on malware, ransomware and related technical cyber threats. Three outbound "feeds" are generated consiting of Long Term Infection analysis, live Malicious Threat Indicat |
66 |
National Cyber-Forensics and Training Alliance |
Brand and Consumer Protection Program |
All Businesses, Law Enforcement |
Member |
https://www.ncfta.net |
Collaborative Defensive Operations/Information Sharing, Cybercrime Prevention |
|
BCP is an NCFTA Member Program that provides industry and law enforcement with actionable intelligence on cyber-enabled illegal sale and distribution of counterfeit goods and intelectual property including; fraud related to ecommerce transactions, pharmac |
67 |
National Cybersecurity Alliance |
Career + Education Library |
Individuals |
Public |
https://staysafeonline.org/resources/career-education/ |
Cybersecurity Education (pre-college), Cybersecurity Training and Workforce Development |
CIS Control 14: Security Awareness and Skills Training |
The National Cybersecurity Alliance is a non-profit organization on a mission to create a more secure, interconnected world.We advocate for the safe use of all technology and educate everyone on how best to protect ourselves, our families, and our organi |
68 |
National Cybersecurity Alliance |
Cybersecurity Awareness Month |
All Businesses, Governments and Intergovernmental Organizations, Individuals |
Public |
https://staysafeonline.org/programs/cybersecurity-awareness-month/ |
Cyber Hygiene Implementation, Cybersecurity Awareness, Cybersecurity Education (pre-college), Cybersecurity Training and Workforce Development |
CIS Control 14: Security Awareness and Skills Training |
Cybersecurity Awareness Month, every October, is a collaboration between government and private industry to raise awareness about digital security and empower everyone to protect their personal data from digital forms of crime. The month is dedicated to |
69 |
National Cybersecurity Alliance |
Convene Regional Conferences |
Security Personnel |
Public |
https://staysafeonline.org/programs/events/regional-conferences/ |
Best Practices Sharing/Deployment, Cybersecurity Awareness, Cybersecurity Training and Workforce Development |
CIS Control 14: Security Awareness and Skills Training |
Elevate your cybersecurity training and awareness programs and learn from the experts at Convene.Since 2001, The National Cybersecurity Alliance has created educational resources and campaigns to help training and awareness professionals lead the charge |
70 |
National Cybersecurity Alliance |
CyberSecure My Business |
Small and Medium Businesses |
Public |
https://staysafeonline.org/programs/cybersecure-my-business/ |
Best Practices Sharing/Deployment, Cyber Hygiene Implementation, Cybercrime Prevention |
CIS Control 14: Security Awareness and Skills Training |
CybersecureMyBusiness is a national program,CyberSecure My Business™ is a national program helping small and medium-sized businesses (SMBs) learn to be safer and more secure online. The program is a series of in-person, highly interactive and easy-to-un |
71 |
Open Cybersecurity Alliance |
STIX Shifter |
Developers and Development Organizations, Security Personnel |
Public |
https://opencybersecurityalliance.org/ |
Best Practices Sharing/Deployment, Development of Tools and Services |
CIS Control 14: Security Awareness and Skills Training |
Structured Threat Information eXpression (STIX™) is a software library and toolchain that allow SOC personnel and threat hunters to query data across many different security tools and have that data all be normalized to a common data format (the OASIS S |
72 |
Open Cybersecurity Alliance |
Kestrel Threat Hunting Language |
Developers and Development Organizations, Security Personnel |
Public |
https://opencybersecurityalliance.org/ |
Collaborative Defensive Operations/Information Sharing, Development of Tools and Services |
CIS Control 10: Malware Defenses, CIS Control 13: Network Monitoring and Defense, CIS Control 17: Incident Response Management |
Kestrel is a threat hunting language aiming to make cyber threat hunting fast by providing a layer of abstraction to build reusable, composable, and shareable hunt-flow. Kestrel sits on top of STIX Shifter and uses it to provide a full universal threat hu |
73 |
Open Cybersecurity Alliance |
Posture Attribute Collection and Evaluation (PACE) |
Developers and Development Organizations, Security Personnel |
Public |
https://opencybersecurityalliance.org/ |
Collaborative Defensive Operations/Information Sharing, Development of Tools and Services |
CIS Control 10: Malware Defenses, CIS Control 13: Network Monitoring and Defense, CIS Control 17: Incident Response Management |
Posture Attribute Collection and Evaluation (PACE) is an Open Cybersecurity Alliance (OCA) project. Posture assessment generally consists of understanding, for a given computing resource (or set of computing resources), software load, composition of that |
74 |
OpenSecurityTraining2 |
OpenSecurityTraining2 |
All Businesses, Governments and Intergovernmental Organizations, Individuals |
Public |
https://ost2.fyi |
Cybersecurity Training and Workforce Development |
|
Free online deep-technical vocational cybersecurity training |
75 |
OWASP |
OWASP Top 10 |
Web Developers |
Public |
https://owasp.org/Top10/A00_2021_Introduction/ |
Best Practices Development |
CIS Control 14: Security Awareness and Skills Training |
The OWASP Top 10 is primarily an awareness document. However, this has not stopped organizations using it as a de facto industry AppSec standard since its inception in 2003. If you want to use the OWASP Top 10 as a coding or testing standard, know that it |
76 |
OWASP |
OWASP Amass |
Cybersecurity Providers |
Public |
https://owasp.org/www-project-amass/ |
Cybersecurity Testing |
CIS Control 1: Inventory and Control of Enterprise Assets |
The OWASP Amass Project has developed a tool to help information security professionals perform network mapping of attack surfaces and perform external asset discovery using open source information gathering and active reconnaissance techniques. |
77 |
OWASP |
OWASP Application Security Verification Standard |
Developers and Development Organizations |
Public |
https://owasp.org/www-project-application-security-verification-standard/ |
Secure Development |
CIS Control 16: Application Software Security |
The OWASP Application Security Verification Standard (ASVS) Project provides a basis for testing web application technical security controls and also provides developers with a list of requirements for secure development. |
78 |
OWASP |
OWASP Cheat Sheet Series |
Developers and Development Organizations |
Public |
https://owasp.org/www-project-cheat-sheets/ |
Best Practices Development |
CIS Control 16: Application Software Security |
The OWASP Cheat Sheet Series was created to provide a set of simple good practice guides for application developers and defenders to follow. Rather than focused on detailed best practices that are impractical for many developers and applications, they are |
79 |
OWASP |
OWASP CSRFGuard |
Developers and Development Organizations |
Public |
https://owasp.org/www-project-csrfguard/ |
Best Practices Development |
CIS Control 16: Application Software Security |
OWASP CSRFGuard is a library that implements a variant of the synchronizer token pattern to mitigate the risk of Cross-Site Request Forgery (CSRF) attacks. |
80 |
OWASP |
OWASP CycloneDX |
Developers and Development Organizations |
Public |
https://owasp.org/www-project-cyclonedx/ |
Best Practices Development |
CIS Control 2: Inventory and Control of Software Assets |
OWASP CycloneDX is a lightweight Bill of Materials (BOM) standard designed for use in application security contexts andsupply chain component analysis. |
81 |
OWASP |
OWASP Defectdojo |
Developers and Development Organizations |
Public |
https://owasp.org/www-project-defectdojo/ |
Best Practices Development |
CIS Control 7: Continuous Vulnerability Management |
An open source vulnerability management tool that streamlines the testing process by offering templating, report generation, metrics, and baseline self-service tools. |
82 |
OWASP |
OWASP Dependency-Check |
Developers and Development Organizations |
Public |
https://owasp.org/www-project-dependency-check/ |
Best Practices Development |
CIS Control 7: Continuous Vulnerability Management |
Dependency-Check is a Software Composition Analysis (SCA) tool that attempts to detect publicly disclosed vulnerabilities contained within a project’s dependencies. It does this by determining if there is a Common Platform Enumeration (CPE) identifier f |
83 |
OWASP |
OWASP Dependency-Track |
Developers and Development Organizations |
Public |
https://owasp.org/www-project-dependency-track/ |
Best Practices Development |
CIS Control 7: Continuous Vulnerability Management |
Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain. Dependency-Track takes a unique and highly beneficial approach by leveraging the capabilities of Software Bi |
84 |
OWASP |
OWASP Juice Shop |
Developers and Development Organizations |
Public |
https://owasp.org/www-project-juice-shop/ |
Cybersecurity Education (pre-college) |
CIS Control 14: Security Awareness and Skills Training |
OWASP Juice Shop is probably the most modern and sophisticated insecure web application! It can be used in security trainings, awareness demos, CTFs and as a guinea pig for security tools! Juice Shop encompasses vulnerabilities from the entire OWASP Top T |
85 |
OWASP |
OWASP Mobile Application Security |
Developers and Development Organizations |
Public |
https://owasp.org/www-project-mobile-app-security/ |
Best Practices Development |
CIS Control 16: Application Software Security |
The OWASP Mobile Application Security (MAS) flagship project provides a security standard for mobile apps (OWASP MASVS), a comprehensive testing guide (OWASP MASTG) and a checklist bringing everything together. Together they provide that covers during a m |
86 |
OWASP |
OWASP ModSecurity Core Rule Set |
All Businesses |
Public |
https://owasp.org/www-project-modsecurity-core-rule-set/ |
Cybercrime Prevention |
CIS Control 13: Network Monitoring and Defense |
The OWASP ModSecurity Core Rule Set (CRS) is a set of generic attack detection rules for use with ModSecurity or compatible web application firewalls. The CRS aims to protect web applications from a wide range of attacks, including the OWASP Top Ten, with |
87 |
OWASP |
OWASP OWTF |
Cybersecurity Providers |
Public |
https://owasp.org/www-project-owtf/ |
Cybersecurity Testing |
CIS Control 18: Penetration Testing |
OWTF attempts to solve the “penetration testers are never given enough time to test properly” problem, or in other words, OWTF = Test/Exploit ASAP |
88 |
OWASP |
OWASP SAMM |
Developers and Development Organizations |
Public |
https://owasp.org/www-project-samm/ |
Secure Development |
CIS Control 16: Application Software Security |
Software Assurance Maturity Model's mission is to provide an effective and measurable way for you to analyze and improve your secure development lifecycle. SAMM supports the complete software lifecycle and is technology and process agnostic. |
89 |
OWASP |
OWASP Security Knowledge Framework |
Developers and Development Organizations |
Public |
https://owasp.org/www-project-security-knowledge-framework/ |
Secure Development |
CIS Control 16: Application Software Security |
The OWASP Security Knowledge Framework is an open source web application that explains secure coding principles in multiple programming languages. The goal of OWASP-SKF is to help you learn and integrate security by design in your software development and |
90 |
OWASP |
OWASP Security Shepherd |
Developers and Development Organizations |
Public |
https://owasp.org/www-project-security-shepherd/ |
Secure Development |
CIS Control 16: Application Software Security |
OWASP Security Shepherd is a web and mobile application security training platform. Security Shepherd has been designed to foster and improve security awareness among a varied skill-set demographic. The aim of this project is to take AppSec novices or exp |
91 |
OWASP |
OWASP Web Security Testing Guide |
Cybersecurity Providers |
Public |
https://owasp.org/www-project-web-security-testing-guide/ |
Cybersecurity Testing |
CIS Control 18: Penetration Testing |
The WSTG is a comprehensive guide to testing the security of web applications and web services. Created by the collaborative efforts of cybersecurity professionals and dedicated volunteers, the WSTG provides a framework of best practices used by penetrati |
92 |
OWASP |
OWASP ZAP |
Cybersecurity Providers |
Public |
https://owasp.org/www-project-zap/ |
Cybersecurity Testing |
CIS Control 18: Penetration Testing |
The worlds most widely used web app scanner. Free and open source. Actively maintained by a dedicated international team of volunteers. |
93 |
SAFECode |
Trainiing and Culture Development |
Developers and Development Organizations |
Public |
https://safecode.org/category/resource-training-and-culture/ |
Best Practices Sharing/Deployment, Cybersecurity Training and Workforce Development, Secure Development |
CIS Control 16: Application Software Security |
Developing a software security program without consideration for the people who create the software is an effort doomed to fail. Creating and fostering a security-supportive culture is essential to successfully scaling a software security program. This In |
94 |
SAFECode |
Managing a Software Security Program |
Developers and Development Organizations |
Public |
https://safecode.org/category/resource-managing-software-security/ |
Best Practices Sharing/Deployment, Secure Development |
CIS Control 16: Application Software Security |
A mature secure development lifecycle is more than just a checklist of secure development practices. It also encompasses all aspects of a healthy business process, such as program management, stakeholder engagement, deployment planning and measurement. SA |
95 |
SAFECode |
Software Security for Buyers and Government |
All Businesses, Governments and Intergovernmental Organizations, Security Personnel |
Public |
https://safecode.org/category/resource-buyers-and-government/ |
Best Practices Sharing/Deployment, Cyber Hygiene Implementation |
CIS Control 16: Application Software Security |
There is no “secret sauce” for creating secure software. It is achieved through the successful execution of a holistic, scalable assurance process that should be transparent to those seeking to evaluate the security of the software they use. SAFECode |
96 |
SAFECode |
Sofware Supply Chain Security |
All Businesses, Governments and Intergovernmental Organizations, Security Personnel |
Public |
https://safecode.org/blog/untangling-supply-chain-security/ |
Best Practices Sharing/Deployment, Cybersecurity Certification, Secure Development |
CIS Control 15: Service Provider Management, CIS Control 16: Application Software Security |
As global technology leaders, SAFECode members are frequently drawn into discussions of supply chain security with customers and regulators, and have a key role to play in managing the security of the supply chains used to deliver commercial products. Thi |
97 |
SAFECode |
Secure Development Practices |
Developers and Development Organizations, Web Developers |
Public |
https://safecode.org/category/resource-secure-development-practices/ |
Best Practices Sharing/Deployment, Secure Development |
CIS Control 16: Application Software Security |
Effective technology practices are the foundation of any secure development process. From threat modeling to fuzzing, SAFECode members share their insights and experiences around implementing security practices across all stages of the software developmen |
98 |
SecureTheVillage |
Executive and Board Leadership Security and Privacy Program |
Nonprofits/Charities, Small and Medium Businesses |
Public |
https://securethevillage.org/ |
Best Practices Sharing/Deployment, Secure Development |
|
Through a systemically-integrated series of information security and privacy programs, SecureTheVillage provides education, support, and advocacy to the bottom half of the cybersecurity divide: mid-size & smaller organizations, and families & individuals. |
99 |
SecureTheVillage |
IT Security Management Program |
MSPs and MSSPs |
Public |
https://securethevillage.org/ |
Best Practices Development, Collaborative Defensive Operations/Information Sharing |
|
Through a systemically-integrated series of information security and privacy programs, SecureTheVillage provides education, support, and advocacy to the bottom half of the cybersecurity divide: mid-size & smaller organizations, and families & individuals. |
100 |
SecureTheVillage |
Financial Services Cybersecurity Program |
Financial Institutions |
Public |
https://securethevillage.org/ |
Cybercrime Prevention |
|
Through a systemically-integrated series of information security and privacy programs, SecureTheVillage provides education, support, and advocacy to the bottom half of the cybersecurity divide: mid-size & smaller organizations, and families & individuals. |
101 |
SecureTheVillage |
Cybersecurity Workforce Program |
All Businesses, Nonprofits/Charities |
Public |
https://securethevillage.org/ |
Cybersecurity Training and Workforce Development, Diversity and Inclusion |
|
Through a systemically-integrated series of information security and privacy programs, SecureTheVillage provides education, support, and advocacy to the bottom half of the cybersecurity divide: mid-size & smaller organizations, and families & individuals. |
102 |
SecureTheVillage |
Community Engagement Program |
Individuals |
Public |
https://securethevillage.org/ |
Cyber Hygiene Implementation, Cybercrime Prevention, Cybercrime Victim Assistance, Cybersecurity Awareness |
|
Through a systemically-integrated series of information security and privacy programs, SecureTheVillage provides education, support, and advocacy to the bottom half of the cybersecurity divide: mid-size & smaller organizations, and families & individuals. |
103 |
Shadowserver |
Daily threat intelligence feeds |
All Businesses, National CERTs |
Member |
https://www.shadowserver.org/what-we-do/network-reporting/get-reports/ |
Collaborative Defensive Operations/Information Sharing,Cybercrime Prevention,Cyber Hygiene Implementation |
|
Shadowserver is the world's largest provider of free threat intelligence, sharing billions of security events daily with 201 National CSIRTs in 175 countries and territories, and over 7000+ organizations (government entities, ISPs, hosting providers, CSPs |
104 |
Shadowserver |
Dashboard |
All Businesses, Carriers/Communications, Content Providers, Critical Infrastructure, Financial Institutions, Governments and Intergovernmental Organizations, Governments US State/Local/Tribal/Territorial (SLTT), Individuals, Information Sharing Organizations, ISPs, Law Enforcement, MSPs and MSSPs, National CERTs, Nonprofits/Charities, Registrars and Registries, Security Operations Entities, Small and Medium Businesses |
Public |
https://dashboard.shadowserver.org |
Collaborative Defensive Operations/Information Sharing, Cyber Hygiene Implementation, Cybercrime Prevention |
|
Shadowserver maintains a Public Dashboard that allows any user to explore many Internet-scale security datasets (high-level statistics only) |
105 |
Shadowserver |
Scanning Project |
All Businesses, National CERTs |
Member |
https://www.shadowserver.org/what-we-do/network-reporting/get-reports/ |
Collaborative Defensive Operations/Information Sharing |
|
Daily scanning of entire IPv4 space for over 100 services, plus 10 IPv6 services (latter based on hitlists). Overview of external exposed services worldwide since 2014. Remote fingerprinting of IoT and other devices, with over 1200+ fingerprinting rules c |
106 |
Shadowserver |
Malware Project |
All Businesses, National CERTs |
Member |
https://www.shadowserver.org/what-we-do/network-reporting/get-reports |
Collaborative Defensive Operations/Information Sharing |
|
Malware collection of over 1.7 billion unique samples by hash, over 1 million collected daily (unique by hash). Sample exchange with industry/CSIRTs/researchers. |
107 |
Shadowserver |
Sandbox Project |
All Businesses, National CERTs |
Member |
https://www.shadowserver.org/what-we-do/network-reporting/get-reports |
Collaborative Defensive Operations/Information Sharing |
|
Large scale sandboxing of malware, YARA rule development and classification of malware. Over 200 physical and 2000 virtual sandboxes running at one time |
108 |
Shadowserver |
Honeynet Project |
All Businesses, National CERTs |
Member |
https://www.shadowserver.org/what-we-do/network-reporting/get-reports |
Collaborative Defensive Operations/Information Sharing |
|
Large scale deployments (over 2000) IoT, Web, ICS and other honeypots (7 types) in over 90 countries worldwide. Presence in over 400 datacentre locations worldwide. Tracking new exploits and common vulnerabilities daily (currently over 200 total). Any org |
109 |
Shadowserver |
Honeynet-as-a-Service |
Cybersecurity Providers, National CERTs, Nonprofits/Charities |
Member |
https://www.shadowserver.org/contact/ |
Collaborative Defensive Operations/Information Sharing |
|
Ability to operate honeypot platforms for other entities |
110 |
Shadowserver |
SSL/TLS certificate collection,SSL/TLS certificate active collection |
National CERTs |
Member |
https://www.shadowserver.org/what-we-do/network-reporting/api-scan-ssl/ |
Collaborative Defensive Operations/Information Sharing |
|
Shadowserver collects over 40 million SSL certificates per day, enabling tracking of threat actors and their infra that use SSL certificates. |
111 |
Shadowserver |
Sinkholing Project |
All Businesses, National CERTs |
Public |
https://www.shadowserver.org/what-we-do/network-reporting/get-reports |
Collaborative Defensive Operations/Information Sharing |
|
Shadowserver sinkholes over 400 malware families and malware variants. Any organization that has a responsibility for a network can subscribe for free to this data for their network. |
112 |
Shadowserver |
SSPT,Special Projects Team (SSPT) |
Cybersecurity Providers, Law Enforcement, National CERTs |
Member |
https://www.shadowserver.org/contact/ |
Collaborative Defensive Operations/Information Sharing |
|
Shadowserver maintains a team that collaborates with leading LE agencies worldwide on large scale malware, botnet and ransomware cases. |
113 |
Shadowserver |
Registrar of Last Resort (ROLR) |
Law Enforcement, National CERTs |
Public |
https://www.rolr.eu/ |
Collaborative Defensive Operations/Information Sharing |
|
Shadowserver operates ROLR, a registrar of malicious domains - enabling registration of malicious domains that need to be blocked or sinkholed, thus ensuring protection of users (Public) |
114 |
Shadowserver |
Malicious hash lookup service |
National CERTs |
Member |
https://www.shadowserver.org/what-we-do/network-reporting/api-research/ |
Collaborative Defensive Operations/Information Sharing |
|
Shadowserver maintains a free malicious hash lookup service for the (vetted) community. |
115 |
Shadowserver |
Trusted program lookup service |
All Businesses, National CERTs, Security Operations Entities |
Public |
https://www.shadowserver.org/what-we-do/network-reporting/api-trusted-programs-query/ |
Collaborative Defensive Operations/Information Sharing |
|
Shadowserver maintains a trusted hash lookup service for the community. |
116 |
Shadowserver |
Cybersecurity training for CSIRTs |
Governments and Intergovernmental Organizations, Law Enforcement, National CERTs |
Member |
https://www.shadowserver.org/contact/ |
Collaborative Defensive Operations/Information Sharing, Cybersecurity Awareness, Cybersecurity Training and Workforce Development |
|
Shadowserver conducts trainings for National CSIRTs, Law Enforcement, Government and others on cybersecurity issues as seen in Shadowserver dataset and on how to use Shadowserver data. |
117 |
Shadowserver |
Geo-ip/ASN/lookup service |
All Businesses |
Public |
https://www.shadowserver.org/what-we-do/network-reporting/api-asn-and-network-queries/ |
Collaborative Defensive Operations/Information Sharing |
|
Shadowserver maintains a free IP/ASN lookup service for the community. |
118 |
Sightline Security |
[cybersecurity] KickStart for Nonprofits |
Nonprofits/Charities |
Public |
https://sightlinesecurity.org/kickstart |
Best Practices Development |
|
Cybersecurity assessments designed for nonprofits rooted in the NIST CSF includes assessment questions, outcomes and roadmap report, and training. |
119 |
Sightline Security |
Member Forum for Nonprofits |
Nonprofits/Charities |
Public |
https://sightlinesecurity.org/member-forum |
Cybersecurity Awareness |
|
A free cybersecurity community private for nonprofits only (no vendors) where they gain knowledge about current events (as well as security reports), do early stage assessments and participate in learning and discussion groups with other nonprofits. |
120 |
Sightline Security |
Cybersecurity consulting services for nonprofits |
Nonprofits/Charities |
Public |
https://sightlinesecurity.org/ |
Best Practices Sharing/Deployment |
|
Sightline provides adhoc consulting and project based services for data mapping, social media use and policies, and training. |