CYBERSECURITY RESOURCES

Advisories

Center for Internet Security (CIS)

CIS is a forward-thinking, non-profit entity that harnesses the power of a global IT community to safeguard private and public organizations against cyber threats. CIS is home to both the Multi-State Information Sharing and Analysis Center (MS-ISAC), the go-to resource for cyber threat prevention, protection, response, and recovery for U.S. State, Local, Tribal, and Territorial government entities, and the Elections Infrastructure Information Sharing and Analysis Center™ (EI-ISAC™), which supports the cybersecurity needs of U.S. State, Local and Territorial elections offices.

• Advisories: The CIS and MS-ISAC cybersecurity professionals analyze vulnerabilities and alert members to current online security advisories.
• Threats: The CIS and MS-ISAC cybersecurity professionals analyze risks and alert members to current online security threats.

US-CERT - National Cyber Awareness System (NCAS)

The National Cyber Awareness System (NCAS) provides a variety of information for users with varied technical expertise. Those with more technical interest can read the Alerts, Analysis Reports, Current Activity, or Bulletins. Users looking for more general-interest pieces can read the Tips.

• Current Activity: Provides up-to-date information about high-impact types of security activity affecting the community at large.
• Alerts: Provide timely information about current security issues, vulnerabilities, and exploits.
• Bulletins: Provide weekly summaries of new vulnerabilities. Patch information is provided when available.
• Tips: Provide advice about common security issues for the general public.
• Analysis Reports: Provide in-depth analysis on a new or evolving cyber threat.

GCHQ - National Cyber Security Centre (NCSC)

An alert will be issued in response to a significant national cyber security incident. Advisories will be issued on a regular basis and will address cyber security issues being detected across government, industry or academia. They will provide more detailed collaborative analysis and independent assessment. The NCSC offers a wide range of reports, from sector-specific assessments to analysis of the latest malware types affecting the UK. Whether you are a CEO, a network defender or run your own business, we produce informed intelligence and reporting on the latest threats to businesses, organizations and the wider public.

• Alerts and Advisories: We issue alerts and advisories to address cyber-security issues being detected in the UK.
• Reports: Threat and vulnerability reports, issued weekly and annually by the National Cyber Security Centre.

Vendor Advisories

• Adobe Security Bulletins and Advisories
• Cisco Security Advisories and Alerts
• IBM Security Bulletins
• IBM Security Vulnerability Management
• Microsoft Security Advisories
• Microsoft Technical Security Notifications
• Oracle Critical Patch Updates, Security Alerts and Bulletins
• Palo Alto Networks Security Advisories
• Red Hat Security Advisories
• Red Hat CVE Database
• Red Hat Security Labs
• VMware Security Advisories

Vulnerability Frameworks

The following vulnerability frameworks assist with the assessment, evaluation, recording, and sharing of vulnerability information.

• Common Vulnerability Scoring System (CVSS)
• Common Vulnerabilities and Exposures (CVE)
• Common Vulnerability Reporting Framework (CVRF)