Listed below are several organizations that pertain to Computer/Cyber Security and Digital Forensics. These are ‘roughly’ categorized and grouped into their respective areas (which can be difficult, as many of these overlap). Also, please feel free to contribute to this list too!


Cybersecurity Training and Education-related links

  • The National Integrated Cyber Education Research Center (NICERC): NICERC (Link: https://nicerc.org/ ) was developed by the Cyber Innovation Center to address the demand for cyber education. They support K-12 educators and Postsecondary instruction as well. See their website for information on curriculum. In addition, they have a nice infographic that shows, graphically, the pathway from K through postsecondary education.This is a nicely mapped out infographic on cybersecurity education from K-Post Secondary entitled “Cyber Interstate” by the “National Integrated Cyber Education Research Center (NICERC)”. Information about curriculum related to each item is at this website: https://nicerc.org/curricula/
Cybpersecurity education; Cybersecurity Training;
National Integrated Cyber Education Research Center (NICERC) pathways in K-PostSecondary Education
  • National Initiative for Cybersecurity Careers and Studies (NICCS) FRAMEWORK: NICCS shows the job speciality areas, work roles, and ‘capability indicators’ based around the NICE (National Initiative for Cybersecurity Education) based on KSAs (Knowledge, Skills, and Abilities). From their site: “The Capability Indicators are a combination of education, certification, training, experiential learning, and continuous learning attributes that could indicate a greater likelihood in an individual’s ability to perform a given Work Role.” Also, there are 7 broad categories for job roles and each job role has a drop-down on the screen that identifies sub-specialities and what each sub-speciality’s role/job responsibilities are. Link to the Framework: https://niccs.us-cert.gov/workforce-development/cyber-security-workforce-framework
  • National Initiative for Cybersecurity Careers and Studies (NICCS): The general NICCS site is quite interesting. It shows several links that include a “Training”, “Formal Education”, and “Workforce Development” link (as buttons at the bottom of the screen). Each link also shows additional information (general NICCS page link: https://niccs.us-cert.gov/ :
    • “Training” page: Link: https://niccs.us-cert.gov/training
      • NICCS Education and Training Catalog: This site requests access to your location to display training opportunities near you. Listed, you’ve find the course name, provider information, location and method of delivery.
      • Become a Provider: This section of the website includes a form where you can setup your organization as an education provider.
      • Federal Virtual Training Environment (FedVTE): FedVTE is a free cybersecurity training resource for government personnel and veterans (which you must register for access). Training is free to K-12, community college, and university teachers too. Training is listed and based on the NICE Cybersecurity Workforce Framework. Further, there is a drop-down list at the bottom of the screen where the user selects the “work role” and is taken to the suitable training for the job role. For example, when I selected “Software Development” from the drop-down list of cybersecurity roles, FedVTE took me to a list of courses that I should take (screenshot below) that suggests courses like “Software Assurance Executive COurse (SAE)”, “Static Code Analysis using Synopsis Coverity” and others:
Cybersecurity training; Cybersecurity education
FedVTE Federal Cybersecurity Training and Education resource (Free Training!)
      • Veterans: Launch a New Cybersecurity Career: For Vets, this site provides additional information on getting into the cybersecurity field including notes on the FedVTE (described above), a link to Cyber-related degrees offered the the National Centers of Academic Excellence (CAE) (link is also posted here: https://niccs.us-cert.gov/formal-education/national-centers-academic-excellence-cae), and also provides Vets with (a) a Veterans Guide and (b) Veterans toolkit to assist in training and education for the Vet.
  • Cybercompex: Cybercompex’s website can be found here: https://www.cybercompex.org/  This site is to assist the educator in setting up cybersecurity-related competitions, as one aspect of this site. The Job competition portion of this site breaks down the competition ‘possibilities’ by the NICE framework/lexicon. (Link to the competition page is here: https://www.cybercompex.org/pages/nice).  Also, in looking at the “About” page, Cybercompex notes: “This platform serves to connect the workforce with employers in the cybersecurity industry. CyberCompEx is managed by U.S. Cyber Challenge (USCC), a program of the Center for Internet Security (CIS), and in partnership with Monster Government Solutions.” From a quick review of the jobsite portion, it seems to be fairly ‘thin’ in jobs, but promises to be a growing community, as the job portion is supported by Monster.
  • National IA (Information Assurance) Education & Training Programs (NIETP): This organization manages the highly-regarded certification list for the CAE (Center of Academic Excellence) in Cyber Defense Education schools and programs. Attaining the CAE certification for a school/program is rigorous and the school/program must meet stringent guidelines set by the NICE (National Initiative for Cybersecurity Education). There are several designations including (a) the CAE-CDE (National Centers of Academic Excellence in Cyber Defense Education), (b) CAE-2Y or 4Y (National Centers of Academic Excellence in Cyber Defense 2-Year or 4-Year Education, and (c) CAE-R (National Centers of Academic Excellence in Cyber Defense Research). Link for CAE-certified schools and organizations can be found here: https://www.iad.gov/NIETP/reports/cae_designated_institutions.cfm
  • Scholarship for Serfice (SFS): The SFS program is funded by the National Science Foundation (NSF). Ample scholarship opportunities are provided to students in 2- and 4-year degree CAE programs (see note above about the CAE certified programs through NIETP). The website indicates “Typically, the scholarships provide academic year stipends of up to $22,500 per year for undergraduate students and up to $34,000 for graduate students. SFS scholarships may cover expenses normally incurred by full-time students in the institution, including tuition and education-related fees.” This can be a substantial amount of funding for the student (and is!). The student also has to agree to work for the Department of Homeland Security and other co-sponsors for a given term (typically a year or two). Here’s the link for the SFS program: https://niccs.us-cert.gov/formal-education/cybercorps-scholarship-service-sfs

 


Governmental-related and Non-profit Cyber Security Resources

  • Committee on National Security Systems: CNSS is a website and forum for the discussion of policy-level that guides the nations cyber security direction.  link: https://www.cnss.gov/
  • Electronic Frontier Foundation (EFF): The EFF is a non-profit that is focused on defending civil liberties in the digital world. EFF is an ‘influencer’ for global policies as it pertains to the Internet and other electronic media.  link: https://www.eff.org/

Information Security Certification Organizations and Resources

  • The International Information System Security Certification Consortium, Inc., (ISC)²® — the global, not-for-profit leader in educating and certifying cyber, information, software and infrastructure security professionals throughout their careers. They are recognized for Gold Standard certifications and world-class education programs. They provide vendor-neutral education products, career services, and Gold Standard credentials to professionals in more than 160 countries, and take pride in their reputation built on trust, integrity, and professionalism. The membership consists of an elite network that has over 110,000 certified industry professionals worldwide. https://www.isc2.org/
  • EC-Council—The International Council of E-Commerce Consultants (EC-Council) is a member-based organization that certifies individuals in various information security and e-business skills. EC-Council has been certified by American National Standards Institute to meet its ANSI 17024 standard. It is the owner and creator of the world-famous Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (CHFI), and EC-Council Certified Security Analyst (ECSA)/License Penetration Tester (LPT) programs, as well as many others programs, that are offered in over 92 countries through a training network of more than 500 training partners globally. https://www.eccouncil.org/
  • Computing Technology Industry Association (CompTIA)—the voice of the world’s information technology (IT) industry. As a non-profit trade association, they advance the global interests of IT professionals and IT channel organizations and enable them to be more successful with industry-leading IT certifications and IT business credentials, IT education, resources and the ability to connect with like-minded, leading IT industry experts. https://www.comptia.org/
  • Verizon Data Breach Investigations Report (2008-2015)—Over the years, the Verizon Data Breach Investigations Report has helped companies and organizations gain key insights into how to manage risk and avoid security failings. A summary of some of the key findings year-over-year was compiled to make it easier to understand how the landscape has changed. Quantify the impact of a data breach with new data from the 2015 DBIR. http://www.verizonenterprise.com/DBIR/
  • SC Magazine for IT Security Professionals—an online periodical providing timely and topical articles, white papers, and webinars to keep the IT cybersecurity professional informed on current events and trends. http://www.scmagazine.com
  • SecureWorld—an online periodical providing timely and topical articles, white papers, and webinars to keep the IT cybersecurity professional informed on current events and trends. Their resources are as multi-dimensional as the threats, linking you to the larger forums, articles, webcasts, and gatherings that spark conversations…and solutions. http://www.secureworldexpo.com/
  • TechRepublic—an online publication and social community for IT professionals with advice on best practices, tools, current IT events, and trends for IT professionals. http://www.techrepublic.com/
  • FBI Cyber Crime Web site—As an intelligence-driven and a threat-focused national security organization with both intelligence and law enforcement responsibilities, the mission of the FBI is to protect and defend the United States against terrorist and foreign intelligence threats, to uphold and enforce the criminal laws of the United States, and to provide leadership and criminal justice services to federal, state, municipal, and international agencies and partners. The cyber crime Web site provides current information on high-tech crimes.  https://www.fbi.gov/about-us/investigate/cyber
  • United States Department of Homeland Security-Cyber Security—in light of the risk and potential consequences of cyber events, strengthening the security and resilience of cyberspace has become an important homeland security mission. http://www.dhs.gov/topic/cybersecurity

Computer Forensics Certification Organizations

  • International Society of Forensic Computer Examiners (ISFCE)a private organization dedicated to providing an internationally recognized, unblemished, computer forensics certification that is available to all who can qualify. The principal certification offered by the ISFCE is the Certified Computer Examiner (CCE)®.  The ISFCE continually conducts research and development into new and emerging technologies and methods in the science of computer forensics.  This development is reflected in the certification(s) that are offered by the ISFCE. https://www.isfce.com/
  • The American Board of Forensic Document Examiners, Inc.® (ABFDE)—established in 1977, the board’s objectives are two-fold: 1) to establish, maintain and enhance standards of qualification for those who practice forensic document examination, and 2) to certify applicants who comply with ABFDE requirements for this expertise. In doing so, the board aims to safeguard the public interest by ensuring that anyone who claims to be a specialist in forensic document examination does, in fact, possess the necessary skills and qualifications. https://www.abfde.org/
  • Association of Certified Fraud Examiners (ACFE) the world’s largest anti-fraud organization and premier provider of anti-fraud training and education. Together with more than 75,000 members, the ACFE is reducing business fraud worldwide and inspiring public confidence in the integrity and objectivity within the profession. http://www.acfe.com/
  • The American College of Forensic Examiners Institute (ACFEI)an independent, scientific, and professional association representing forensic examiners worldwide. They actively promote the dissemination of forensic information and the continued advancement of forensic examination and consultation across the many professional fields of membership. They have elevated standards through education, credentials, and basic and advanced training, as well as Diplomate and Fellow status. http://www.acfei.com/
  • The National Computer Forensics Institute (NCFI)an innovative facility and strategic partnership that serves to substantially enhance law enforcement efforts to suppress the continually evolving and increasing number of electronic crime cases affecting communities nationwide, as well as improve and strengthen the prosecution and adjudication of those cases. https://www.ncfi.usss.gov/ncfi/
  • International Association of Computer Investigative Specialists (IACIS)a non-profit corporation composed entirely of volunteer computer forensic professionals dedicated to fostering and perpetuating educational excellence in the field of forensic computer science.  IACIS is composed of professional computer forensic practitioners from around the world.  Its membership is comprised of professionals from the federal, state, local and international law enforcement community, as well as the business and academic communities.  Collectively they share a passion for training and certification excellence in the forensic principles of computer examination. http://www.iacis.com/
  • FBI Forensic Science Communication—Computer forensic science was created to address the specific and articulated needs of law enforcement to make the most of this new form of electronic evidence. Computer forensic science is the science of acquiring, preserving, retrieving, and presenting data that has been processed electronically and stored on computer media. As a forensic discipline, nothing since DNA technology has had such a large potential effect on specific types of investigations and prosecutions as computer forensic science. https://www.fbi.gov/about-us/lab/forensic-science-communications/fsc/oct2000/index.htm/computer.htm

Several Key Security / Forensics Certifications

  • CISSP® – Certified Information Systems Security Professional (Software Development Security): The CISSP covers 8 mini certifications. The one that pertains mostly to us is the Application Development Security. Link to the CISSP Certification Requirements on the ISC2 Website: https://www.isc2.org/Certifications/CISSP
  • Computer Hacking Forensic Investigator (CHFI) – EC-Council: The Computer Hacking Forensic Investigator is a certification what prepares the individual to investigate attacks on a system. The training prepares the recipient of this certification to be able to track down the digital evidence left behind by the attacker. Not only that, but the Forensic Investigator must be have an understanding of the necessary methods of packaging the evidence so that it can be present in legal proceedings when it reaches that point. Link to the CHFI certification information from the eCCouncil’s website: https://www.eccouncil.org/programs/computer-hacking-forensic-investigator-chfi/
  • CEPT -Certified Expert Penetration Tester: The objective of this certification is to show that the holder is truly an expert in both the knowledge and skills required to do the job of a penetration tester. It consists of two parts. Part one is a knowledge based multiple choice test and a 70% constitutes a passing score. Part two is a practical application and consists of three challenges. The first challenge is to discover and create a working exploit for a Microsoft Windows vulnerability. Challenge two is to do the same as challenge one for Linux. For a final challenge the candidate must reverse engineer a Windows Binary. Link to the Certified Expert Penetration Tester certification information from IACRB (Information Assurance Certification Review Board) at: http://www.iacertification.org/cept_certified_expert_penetration_tester.html
  • CSSLP – Certified Secure Software Lifecycle Professional: The CSSLP certification is intended to prove that a software professional has a holistic understanding of software security as it applies to every stage of the SDLC, rather than just within their own areas of focus/expertise. The intention of this, of course, is to reinforce the idea that security must be built-into software at every step, and somebody who is CSSLP-certified will ostensibly be able to factor the security considerations of the other development processes that go into to software development effort into his/her decisions within their own domain. Link to the CSSLP certification program information from the ISC2 website: https://www.isc2.org/Certifications/CSSLP

Other Highly-relevant Cyber Security Research links

  • The National CyberWatch Center:The NCC is an NSF-supported initiative that provides great resources for individuals (students), schools, and organizations. In particular, this is a good website to visit when starting to look at programs, whether you’re a student interested in Cyber Studies or a Faculty member interested in having your program become a CAE2Y or CAE4Y certified program. Link: https://www.nationalcyberwatch.org/
  • CyberSeek: CyberSeek shows an interactive map, by state, of the cyber security supply and demand. Also, there’s a general cyber security career pathway (graphical form). These are nice to use for presentations. Link: https://www.cyberseek.org/
  • National Initiative for Cyber security Education (NICE): The NICE site provides some (minimal) tutorials for the cybersecurity faculty and student. Importantly, NICE is a website (sponsored by NIST) for cyber security education. For cyber security program development, this is a good site to visit. Link: https://www.nist.gov/itl/applied-cybersecurity/nice
  • C5Colleges: This link is an NSF-supported initiative (NSA/NICE, etc.). You can find a few free Cyber security training modules and other related cyber studies info here: Link: https://www.c5colleges.org/