Week
1-2 Part 2
After
going thru many of the masters classes in the cybersecurity program I have come
across several good resources for security news and threats. The first credible
source is the Internet Storm Center from sans https://isc.sans.edu/.
Sans provides cybersecurity training and offers a master’s degree in cybersecurity.
The internet storm center has the latest security news, podcasts and diaries.
Since sans is a school and provides training there is no reason for them to
provide false information. The writers for the internet storm center are
teachers and other security experts talking about current events. I consider
this website to be a credible source because they have been around for 25 plus
years and they provide great educational material.
The
second credible source is Krebs on security https://krebsonsecurity.com/. Brian Krebs wrote for the Washington Post for
14 years and now runs his blog krebsonsecurity. Krebs focuses on cybersecurity
and he likes to report on skimmers. Krebs has been a trusted source in the
security community and has reported on several breaches such as Target and the
Ashley Madison hack. I think Krebs is a credible source because other websites
use information off his blog to write their stories. Krebs has been writing about
cybersecurity for many years and his articles are accurate plus they are backed
up with creditable sources. Since Krebs wrote articles for the Washington Post
before starting his blog, he has the experience and contacts to provide great
information. Krebs is known in the security circle as a great reporter and if
he calls an organization up then there is a problem.
The
third credible source is the CVE or common vulnerabilities and exposures is a
site that stores security vulnerabilities. https://cve.mitre.org/
is not really a news site; it is more of a database that stores information. If
a person needs to know about a CVE from the year 2006 on Windows XP it can be
looked up in the database. The CVE site provides the description and references
for the CVE. The reason I think this is a credible source is because it is a
central repository for cybersecurity vulnerabilities. The site is also nonprofit
and provides information on several operating systems. The CVE identifiers are
used by OWSAP and are mentioned in the NIST standard. Since it is recognized by
NIST and OWSAP organizations that is a good sign of reliable and accurate
information.
The
fourth credible source Dark Reading is a news site that contains information on
several information technology topics. Some of the interesting topics are internet of
things, cloud, risk, attacks / breaches and threats / vulnerabilities. Our
professor Coach got me hooked on the website http://www.darkreading.com/ and I haven’t
looked back. Some of the article writers have spoken at black hat and they even
have a black hat news section. Dark reading has been recommended to me by
several security professionals and I find there articles well written.
The
last credible source is www.csoonline.com
a website that provides security and risk news. Our professor Coach has written
articles for csoonline and so have other top cybersecurity talent. Having talented authors and well known people in
the cybersecurity community write articles is good sign for a credible source. Csoonline focuses on cybersecurity news and
other topics such as management. I think they are a credible source because
many of their articles have great information. They only allow a person to see
a part of the article and a person must sign up to read them, but I figure this
is so they can track people.
After
doing research for papers, discussion boards and other assignments in my master’s
classes I have found some news sites have conflicting information. What I have
found is if websites that are not on my list, sometimes have different information
then the sites on my list. I would trust the five websites on my list over
other sources because the websites on my list usually have more details about
the event. The five sites on my list sometimes have the same story depending on
how big it is, but they usually provide the same information and there are no
conflicts. If there were conflicts between the sites I listed it would depend
on the conflicts and which sites they were on. I have never seen a conflict
between the sites listed below. Overall I trust the five sites listed for my
cybersecurity news and other security information.
Here is a list of the
sites from above.
No comments:
Post a Comment