ISC (2) Cloud Security Report
Cisco Cyber Security Report Series 2020: “Simplify to Secure” (PDF)
Check Point Research: Cyber Security Report 2020 (PDF)
Accenture Security: Innovate for Cyber Resilience (PDF)
Trustwave Global Security Report 2020
ISACA: State of Cyber Security 2020
Ernest and Young : Global Information Security Survey
Windows Server Security documentation
Windows Server Security provides layers of protection built into the operating system to safeguard against security breaches, help block malicious attacks, and enhance the security of your virtual machines, applications, and data.
Security is integrated into every aspect of Azure. Azure offers you unique security advantages derived from global security intelligence, sophisticated customer-facing controls, and a secure hardened infrastructure. This powerful combination helps protect your applications and data, support your compliance efforts, and provide cost-effective security for organizations of all sizes.
Security best practices for Azure solutions
This paper is a collection of security best practices to use when you’re designing, deploying, and
managing your cloud solutions by using Azure. These best practices come from our experience with Azure security and the experiences of customers like you.
This paper is intended to be a resource for IT pros. This might include designers, architects, developers, and testers who build and deploy secure Azure solutions.
PDF: Click here to download [Microsoft Link]
Microsoft Security Update Guide
The Microsoft Security Response Center (MSRC) investigates all reports of security vulnerabilities affecting Microsoft products and services, and provides the information here as part of the ongoing effort to help you manage security risks and help keep your systems protected.
Red Hat Enterprise Linux 7 : Security Guide
Concepts and techniques to secure RHEL servers and workstations
This book provides best practices and conceptual information about securing an OpenStack cloud.
The SAP HANA Security Guide is the entry point for all information relating to the secure operation and configuration of SAP HANA.
Learn how to meet your security and compliance goals using AWS infrastructure and services. For an introduction to AWS security see the Security Pillar – AWS Well-Architected Framework.
—————
Cisco Guide to Harden Cisco IOS Devices
—————
—————
—————
Cisco Best Practices to Harden Devices Against Cyber Attacks Targeting Network Infrastructure
This document has been published jointly by The Australian Computer Emergency Response Team (AusCERT) and the CERT® Coordination Center (CERT/CC) and details steps to improve the security of Unix Operating Systems. We encourage system administrators to review all sections of this document and if appropriate modify their systems accordingly to fix potential weaknesses.
vSphere Security Configuration Guide
VMware creates Security Hardening Guides that provide prescriptive guidance about deploying and operating VMware products in a secure manner. For vSphere, this guide is called the vSphere Security Configuration Guide (formerly know as the Hardening Guide).
——————
VMware Security Hardening Guides
Security Hardening Guides provide prescriptive guidance for customers on how to deploy and operate VMware products in a secure manner. Guides for vSphere are provided in an easy to consume spreadsheet format, with rich metadata to allow for guideline classification and risk assessment. They also include script examples for enabling security automation. Comparison documents are provided that list changes in guidance in successive versions of the guide.
NHS Health and social care cloud security – good practice guide
This document provides advice and guidance about the safeguards that should be put in place to enable health and social care organisations to safely locate health and care data, including patient information, in the public cloud.
ENISA guides – European Union Agency for Cybersecurity
Security Guide for ICT Procurement
The “Security Guide for ICT Procurement” aims to be a practical tool for electronic communications service providers to better manage security risks when dealing with vendors of ICT products and outsourced services.
————————————————————————————
Good Practices for Security of IoT – Secure Software Development Lifecycle
This ENISA study introduces good practices for IoT security, with a particular focus on software development guidelines for secure IoT products and services throughout their lifetime.
https://www.enisa.europa.eu/publications/good-practices-for-security-of-iot-1/at_download/fullReport
———————————————————————————–
Industry 4.0 – Cybersecurity Challenges and Recommendations
In this short paper ENISA provides identifies the main challenges to the adoption of the security measures and security of Industry 4.0 and Industrial IoT.
https://www.enisa.europa.eu/publications/industry-4-0-cybersecurity-challenges-and-recommendations/at_download/fullReport
IoT Security Standards Gap Analysis
This study analyses the gaps and provides guidelines for, in particular, the development or repositioning of standards, facilitating the adoption of standards and governance of EU standardisation in the area of NIS.
https://www.enisa.europa.eu/publications/good-practices-for-security-of-iot
https://www.enisa.europa.eu/publications/good-practices-for-security-of-iot
This ENISA study aims at addressing the security and privacy challenges related to the evolution of industrial systems and services precipitated by the introduction of IoT innovations.
————————————————————————————
Towards secure convergence of Cloud and IoT
The aim of this work is to provide a high-level overview on the security issues to IoT developers and IoT integrators that make use of IoT Cloud Computing and Cloud service Providers (CSPs) of IoT Cloud offerings.
————————————————————————————
Baseline Security Recommendations for IoT
The study which is titled ‘Baseline Security Recommendations for Internet of Things in the context of critical information infrastructures’, aims to set the scene for IoT security in Europe. It serves as a reference point in this field and as a foundation for relevant forthcoming initiatives and developments.
————————————————————————————
Security aspects of virtualization
This report provides an analysis of the status of virtualization security. ENISA presents current efforts, emerging best practices and known security gaps, discussing the impact the latter have on environments based on virtualization technologies.
https://www.enisa.europa.eu/publications/securing-smart-airports
In response to the new emerging threats faced by smart airports, this report provides a guide for airport decision makers (CISOs, CIOs, IT Directors and Head of Operations) and airport information security professionals, but also relevant national authorities and agencies that are in charge of cyber-security for airports.
https://www.enisa.europa.eu/publications/securing-smart-airports/at_download/fullReport
Cyber security and resilience for Smart Hospitals
This study proposes key recommendations for hospital information security executives and industry to enhance the level of information security in Smart Hospitals.
————————————————————————————
Procure Secure: A guide to monitoring of security service levels in cloud contracts
A practical guide aimed at the procurement and governance of cloud services. This guide provides advice on questions to ask about the monitoring of security.
https://www.enisa.europa.eu/publications/good-practice-guide-for-securely-deploying-governmental-clouds
Good Practice Guide for securely deploying Governmental Clouds
In this report, ENISA identifies the Member States with operational government Cloud infrastructures and underlines the diversity of Cloud adoption in the public sector in Europe.
————————————————————————————
Security Framework for Governmental Clouds
ENISA after having analysed the present state of play of governmental Cloud deployment in 2013 report, presents a guide on the steps public administration has to take to deploy cloud computing. This report gives guidance on the process from pre-procurement till finalisation and exit from a cloud contract, explaining which are the steps to take when focusing on security and privacy.
————————————————————————————
This guide wants to assist SMEs understand the security risks and opportunities they should take into account when procuring cloud services. This document includes a set of security risk, a set of security opportunities and a list of security questions the SME could pose to the provider to understand the level of security.
————————————————————————————
The study aims at identifying the key security challenges that the companies are facing when implementing Big Data solutions, from infrastructures to analytics applications, and how those are mitigated.
————————————————————————————
Awesome InfoSec (Tutorials etc.)
GitHub: A curated list of awesome information security resources, inspired by the awesome-* trend on GitHub.
Metasploit is one of the most powerful and widely used tools for penetration testing. In this tutorial, TutorialsPoint take you through the various concepts and techniques of Metasploit and explain how you can use them in a real-time environment. This tutorial is meant for instructional purpose only.
Kali Linux Tutorials
A curated list of awesome information security resources
Learning Computer Security [Nathan Farrar on GitHub].
“This is an opinionated guide to learning about computer security (independently of a university or training program), starting with the absolute basics (suitable for someone without any exposure to or knowledge of computer security) and moving into progressively more difficult subject matter..”