Reports, Guides etc.

Cisco Cyber Security Report Series 2020: “Simplify to Secure” (PDF)

Check Point Research: Cyber Security Report 2020 (PDF)

Accenture Security: Innovate for Cyber Resilience (PDF)

Windows Server Security documentation

Windows Server Security provides layers of protection built into the operating system to safeguard against security breaches, help block malicious attacks, and enhance the security of your virtual machines, applications, and data.

Azure Security

Security is integrated into every aspect of Azure. Azure offers you unique security advantages derived from global security intelligence, sophisticated customer-facing controls, and a secure hardened infrastructure. This powerful combination helps protect your applications and data, support your compliance efforts, and provide cost-effective security for organizations of all sizes.

Security best practices for Azure solutions

This paper is a collection of security best practices to use when you’re designing, deploying, and
managing your cloud solutions by using Azure. These best practices come from our experience with Azure security and the experiences of customers like you.

This paper is intended to be a resource for IT pros. This might include designers, architects, developers, and testers who build and deploy secure Azure solutions.

PDF: Click here to download [Microsoft Link]

Microsoft Security Update Guide

The Microsoft Security Response Center (MSRC) investigates all reports of security vulnerabilities affecting Microsoft products and services, and provides the information here as part of the ongoing effort to help you manage security risks and help keep your systems protected.

Red Hat Enterprise Linux 7 : Security Guide
Concepts and techniques to secure RHEL servers and workstations

OpenStack Security Guide

This book provides best practices and conceptual information about securing an OpenStack cloud.

SAP HANA Security Guide

The SAP HANA Security Guide is the entry point for all information relating to the secure operation and configuration of SAP HANA.

AWS Security Pillar

Learn how to meet your security and compliance goals using AWS infrastructure and services. For an introduction to AWS security see the Security Pillar – AWS Well-Architected Framework.

PDF: Well Architected Security Pillar

Cisco Security Guides HOME

—————

Cisco Guide to Harden Cisco IOS Devices

—————

Cisco Security Design Guides

—————

Cisco Firewall Best Practices

—————

Cisco Best Practices to Harden Devices Against Cyber Attacks Targeting Network Infrastructure

Unix Security Checklist

This document has been published jointly by The Australian Computer Emergency Response Team (AusCERT) and the CERT® Coordination Center (CERT/CC) and details steps to improve the security of Unix Operating Systems. We encourage system administrators to review all sections of this document and if appropriate modify their systems accordingly to fix potential weaknesses.

vSphere Security Configuration Guide

VMware creates Security Hardening Guides that provide prescriptive guidance about deploying and operating VMware products in a secure manner. For vSphere, this guide is called the vSphere Security Configuration Guide (formerly know as the Hardening Guide).

——————

VMware Security Hardening Guides

Security Hardening Guides provide prescriptive guidance for customers on how to deploy and operate VMware products in a secure manner. Guides for vSphere are provided in an easy to consume spreadsheet format, with rich metadata to allow for guideline classification and risk assessment. They also include script examples for enabling security automation. Comparison documents are provided that list changes in guidance in successive versions of the guide.

NHS Health and social care cloud security – good practice guide
This document provides advice and guidance about the safeguards that should be put in place to enable health and social care organisations to safely locate health and care data, including patient information, in the public cloud.

PDF Link.

ENISA guides – European Union Agency for Cybersecurity


Security Guide for ICT Procurement

The “Security Guide for ICT Procurement” aims to be a practical tool for electronic communications service providers to better manage security risks when dealing with vendors of ICT products and outsourced services.

PDF link.

————————————————————————————

Good Practices for Security of IoT – Secure Software Development Lifecycle

This ENISA study introduces good practices for IoT security, with a particular focus on software development guidelines for secure IoT products and services throughout their lifetime.

https://www.enisa.europa.eu/publications/good-practices-for-security-of-iot-1/at_download/fullReport

———————————————————————————–

Industry 4.0 – Cybersecurity Challenges and Recommendations

In this short paper ENISA provides identifies the main challenges to the adoption of the security measures and security of Industry 4.0 and Industrial IoT.

PDF Link

https://www.enisa.europa.eu/publications/industry-4-0-cybersecurity-challenges-and-recommendations/at_download/fullReport

IoT Security Standards Gap Analysis

This study analyses the gaps and provides guidelines for, in particular, the development or repositioning of standards, facilitating the adoption of standards and governance of EU standardisation in the area of NIS.

PDF Link

https://www.enisa.europa.eu/publications/good-practices-for-security-of-iot

https://www.enisa.europa.eu/publications/good-practices-for-security-of-iot

This ENISA study aims at addressing the security and privacy challenges related to the evolution of industrial systems and services precipitated by the introduction of IoT innovations.

PDF Link

————————————————————————————

Towards secure convergence of Cloud and IoT

The aim of this work is to provide a high-level overview on the security issues to IoT developers and IoT integrators that make use of IoT Cloud Computing and Cloud service Providers (CSPs) of IoT Cloud offerings.

PDF Link

————————————————————————————

Baseline Security Recommendations for IoT

The study which is titled ‘Baseline Security Recommendations for Internet of Things in the context of critical information infrastructures’, aims to set the scene for IoT security in Europe. It serves as a reference point in this field and as a foundation for relevant forthcoming initiatives and developments.

PDF Link

————————————————————————————

Security aspects of virtualization

This report provides an analysis of the status of virtualization security. ENISA presents current efforts, emerging best practices and known security gaps, discussing the impact the latter have on environments based on virtualization technologies.

PDF Link

https://www.enisa.europa.eu/publications/securing-smart-airports

Securing Smart Airports

In response to the new emerging threats faced by smart airports, this report provides a guide for airport decision makers (CISOs, CIOs, IT Directors and Head of Operations) and airport information security professionals, but also relevant national authorities and agencies that are in charge of cyber-security for airports.

PDF Link

https://www.enisa.europa.eu/publications/securing-smart-airports/at_download/fullReport

Cyber security and resilience for Smart Hospitals

This study proposes key recommendations for hospital information security executives and industry to enhance the level of information security in Smart Hospitals.

PDF Link

————————————————————————————

Procure Secure: A guide to monitoring of security service levels in cloud contracts

A practical guide aimed at the procurement and governance of cloud services. This guide provides advice on questions to ask about the monitoring of security.

PDF Link

https://www.enisa.europa.eu/publications/good-practice-guide-for-securely-deploying-governmental-clouds

Good Practice Guide for securely deploying Governmental Clouds

In this report, ENISA identifies the Member States with operational government Cloud infrastructures and underlines the diversity of Cloud adoption in the public sector in Europe.

PDF Link

————————————————————————————

Security Framework for Governmental Clouds

ENISA after having analysed the present state of play of governmental Cloud deployment in 2013 report, presents a guide on the steps public administration has to take to deploy cloud computing. This report gives guidance on the process from pre-procurement till finalisation and exit from a cloud contract, explaining which are the steps to take when focusing on security and privacy.

PDF Link

————————————————————————————

Cloud Security Guide for SMEs

This guide wants to assist SMEs understand the security risks and opportunities they should take into account when procuring cloud services. This document includes a set of security risk, a set of security opportunities and a list of security questions the SME could pose to the provider to understand the level of security.

PDF Link

————————————————————————————

Big Data Security

The study aims at identifying the key security challenges that the companies are facing when implementing Big Data solutions, from infrastructures to analytics applications, and how those are mitigated.

PDF Link

————————————————————————————

Awesome InfoSec (Tutorials etc.)

GitHub: A curated list of awesome information security resources, inspired by the awesome-* trend on GitHub.

Metasploit Tutorial

Metasploit is one of the most powerful and widely used tools for penetration testing. In this tutorial, TutorialsPoint take you through the various concepts and techniques of Metasploit and explain how you can use them in a real-time environment. This tutorial is meant for instructional purpose only.

k4linux

Kali Linux Tutorials

Onlurking / Awesome-InfoSec

A curated list of awesome information security resources

Learning Computer Security [Nathan Farrar on GitHub].

“This is an opinionated guide to learning about computer security (independently of a university or training program), starting with the absolute basics (suitable for someone without any exposure to or knowledge of computer security) and moving into progressively more difficult subject matter..”

Do not wait until a breach. Get a security assessment conducted now. Call us today.