Billboard

Resources

For more information on credit degree programs:

Bernice Brezina

Division Chair
Professor of Technology
Computer Science Program Coordinator

301-934-7556
 BerniceB@csmd.edu


For more information on continuing education courses and certifications:

Visit our Website

conedops@csmd.edu

301-539-4760 or
1-800-933-9177, ext. 4760


Sign Up for the Cybersecurity Mailing List

Cybersecurity Jobs

Ever wonder what types of job titles are included in the field of cybersecurity?  The Cybrary has a great list of job titles including explanations of duties and the education required for each.  In Oct. 2015, they will have a job board that allows employers to post cybersecurity jobs of all levels. Great resource!

SANS Top Twenty Critical Security Controls

Over the years, many security standards and requirements frameworks have been developed in attempts to address risks to enterprise systems and the critical data in them. However, most of these efforts have essentially become exercises in reporting on compliance and have actually diverted security program resources from the constantly evolving attacks that must be addressed. In 2008, this was recognized as a serious problem by the U.S. National Security Agency (NSA), and they began an effort that took an "offense must inform defense" approach to prioritizing a list of the controls that would have the greatest impact in improving risk posture against real-world threats. A consortium of U.S. and international agencies quickly grew, and was joined by experts from private industry and around the globe. Ultimately, recommendations for what became the Critical Security Controls (the Controls) were coordinated through the SANS Institute. In 2013, the stewardship and sustainment of the Controls was transferred to the Council on Cybersecurity (the Council), an independent, global non-profit entity committed to a secure and open Internet.

NIST Cybersecurity Framework

Recognizing that the national and economic security of the United States depends on the reliable functioning of critical infrastructure, the President issued Executive Order 13636, Improving Critical Infrastructure Cybersecurity, in February 2013. It directed NIST to work with stakeholders to develop a voluntary framework – based on existing standards, guidelines, and practices - for reducing cyber risks to critical infrastructure. The Framework is based on 5 categories of controls or activities: Identify, Protect, Detect, Defend, Recover; it features four tiers which describe the extent to which cybersecurity is institutionalized within an organization, although it is not a maturity model as such.

Australian Signals Directorate Top 4

The Top 4 mitigations are application white-listing, patching applications and operating systems and using the latest versions, and minimizing administrative privileges. This document is designed to help senior managers in organizations understand the effectiveness of implementing these strategies.

UK Cyber Essentials Scheme

The Cyber Essentials scheme has been developed by Government and industry to fulfill two functions. It provides a clear statement of the basic controls all organizations should implement to mitigate the risk from common internet based threats, within the context of the Government’s 10 Steps to Cyber Security. And through the Assurance Framework it offers a mechanism for organizations to demonstrate to customers, investors, insurers and others that they have taken these essential precautions.

Miter Common Vulnerabilities and Exposures CVE® International in scope and free for public use, CVE is a dictionary of publicly known information security vulnerabilities and exposures.

CVE’s common identifiers enable data exchange between security products and provide a baseline index point for evaluating coverage of tools and services.

Federal Information Security Management Act (FISMA) 

To promote the development of key security standards and guidelines to support the implementation of and compliance with the Federal Information Security Management Act including:

  • Standards for categorizing information and information systems by mission impact
  • Standards for minimum security requirements for information and information systems
  • Guidance for selecting appropriate security controls for information systems
  • Guidance for assessing security controls in information systems and determining security control effectiveness
  • Guidance for the security authorization of information systems
  • Guidance for monitoring the security controls and the security authorization of information systems

Leading To...

  • The implementation of cost-effective, risk-based information security programs
  • The establishment of a level of security due diligence for federal agencies and contractors supporting the federal government
  • More consistent and cost-effective application of security controls across the federal information technology infrastructure
  • More consistent, comparable, and repeatable security control assessments
  • A better understanding of enterprise-wide mission risks resulting from the operation of information systems
  • More complete, reliable, and trustworthy information for authorizing officials--facilitating more informed security authorization decisions
  • More secure information systems within the federal government including the critical infrastructure of the United States