Cyber Resources

Awareness


VirusTotal


VirusTotal utilizes 70 different virus scanners, URL/domain blocklists, and other methods to detect signals from a given piece of software or URL. Users select a file and upload it to the VirusTotal website, where it is then compared and analyzed by various scanners. The purpose of VirusTotal is to help identify whether a piece of software or a URL is malicious. Additionally, VirusTotal offers an API to automate the submission and information retrieval process.


OWASP Top 10


OWASP Top 10 is a standard awareness document designed to assist web developers in creating more secure web applications. It identifies the most critical security risks that developers may inadvertently introduce into web applications. By addressing these vulnerabilities during the development phase, a culture of secure code development can be established.


CISA Known Exploited Vulnerabilities


The Known Exploited Vulnerabilities Catalog, maintained by the Cybersecurity and Infrastructure Security Agency (CISA), is an authoritative source of vulnerabilities that have been actively exploited in the wild. It helps organizations prioritize their vulnerability management efforts by listing known exploited vulnerabilities along with recommended actions and due dates for mitigation. This catalog is regularly updated and can be accessed in multiple formats like CSV and JSON.


CISA Cybersecurity Alerts


Cybersecurity and Infrastructure Security Agency (CISA) site dedicated to cybersecurity advisories. These advisories provide detailed information on specific cybersecurity issues, including threat actor tactics, techniques, and procedures, indicators of compromise, and mitigation strategies. This resource helps organizations and individuals stay informed about current cybersecurity threats and recommended actions to address them.

Planning

NIST Cybersecurity Framework


National Institute of Standards and Technology (NIST) describes the NIST Cybersecurity Framework (CSF). This framework provides organizations with a set of guidelines and best practices to manage and reduce cybersecurity risks. It includes a comprehensive approach to identify, protect, detect, respond to, and recover from cyber threats. The framework is designed to be flexible and can be customized to suit the specific cybersecurity needs of different organizations.


IAEA Computer Security Approaches to Reduce Cyber Risks in the Nuclear Supply Chain


Guidelines that encompasses a range of activities aimed at enhancing cybersecurity within the nuclear supply chain. These activities include identifying and mitigating cyber risks, developing and implementing computer security requirements, managing procurement processes and supplier relationships, and applying robust risk management strategies. Additionally, it focuses on protecting sensitive digital assets, ensuring compliance with international and national standards, conducting risk assessments and vulnerability analyses, and implementing defense-in-depth security measures. These efforts collectively aim to secure nuclear supply chains against cyber threats.

NIST C-SRCM Cybersecurity Supply Chain Risk Management

The NIST Cybersecurity Supply Chain Risk Management (C-SCRM) program helps organizations manage the risks associated with their information and communications technology supply chains. This involves identifying, assessing, and mitigating risks throughout the entire lifecycle of systems, from design and development to deployment and disposal. The program provides guidelines, standards, and best practices to ensure the integrity, security, quality, and resilience of supply chains. It also emphasizes the importance of enterprise-wide practices and risk management processes in mitigating supply chain cybersecurity threats.


CISA Shields Ready

The “Shields Ready” initiative by CISA focuses on enhancing resilience against cyber and physical incidents by providing various resources. These include guidelines and best practices for critical infrastructure protection, practical toolkits for implementing security measures, training programs to improve readiness and response capabilities, and platforms for information sharing and collaboration. The initiative aims to prepare businesses, government entities, and individuals to adapt to and quickly recover from disruptions by staying informed and engaged with the security community.


CISA Incident Response and Awareness Training

The “Incident Response and Awareness Training” page on the CISA website offers on-demand webinars aimed at providing cybersecurity guidance and best practices for managers and business leaders. Topics include defending against ransomware, understanding indicators of compromise, managing log data, and preventing attacks on web and email servers, among others. These webinars are accessible through the Federal Virtual Training Environment (FedVTE) and previous recordings are available on CISA’s YouTube channel.

Oak Ridge National Laboratory is managed by UT-Battelle LLC for the US Department of Energy