Week 6 and 4 more to go! The week the post assignment:
In your Week 2 blog, you included a list of sources. Are these the actual sources you are using this week? Are there any additional sources you've discovered? Any that you decided would not be good to use? Post your findings to your blog.
First from Week 2, what I listed and whether I used it or how much I referenced the source:
Used some, but not as much as I expected - National Institute of Standards and Technology, Common Vulnerabilities and Exposures, and Kaspersky Lab.
Used as much as I expected and very helpful - The Verizon Data Breach Investigations Report
Not used at all - InfoSecurity and TrendMicro.
Now for the references I did not list, but used more than any on my Week 2 list:
Common Attack Pattern Enumeration and Classification dictionary and classification taxonomy
http://capec.mitre.org/index.html
OWASP Top 10 List
https://www.owasp.org/index.php/Top_10_2013-Top_10
Microsoft Developer Network, Threat Modeling Library
https://msdn.microsoft.com
SANS
https://www.sans.org
Finally, a reference I wish I had found earlier:
A Threat-Driven Approach to Cybersecurity. Lockheed Martin Corporation. http://lockheedmartin.com/content/dam/lockheed/data/isgs/documents/Threat-Driven%20Approach%20whitepaper.pdf
No comments:
Post a Comment