Rack of Ethernet switches.

Infosec Response Teams

Incident Response Teams

U.S. Incident Response Teams

US-CERT and Carnegie Mellon University's CERT Division within the Software Engineering Institute are the standard places to start. Browse their past advisories, and get on their advisory mailing list.

FIRST is the Forum of Incident Response and Security Teams.

U.S. Department of Energy has its Computer Incident Advisory Capability.

U.S. Department of Defense published CJCSM 6510.01A Information Assurance (IA) and Computer Network Defense (CND), Volume I (Incident Handling Program).

Incident Response Teams

Non-U.S. Incident Response Teams

AUSCERT — Australian Computer Emergency Response Team

Australian Defence Signals Directorate

German Federal Networks CERT

CERT-NL, SURFnet Response Team, Netherlands

Hong Kong Police Commercial Crimes Bureau

Two different web sites claim to be the Pakistan Computer Emergency Response Team, both www.pakcert.org and cert.org.pk

Royal Canadian Mounted Police computer crime efforts

Assistance/Guidance/Policy Organizations

US DoD folks, check out DISA.

NCIX — National Counter-Intelligence Executive has newsletters on information security and more general but related topics.

NSA is the information security agency in the U.S., and includes the National Computer Security Center, source of the "Rainbow Series".

As for the documents themselves, see this copy at fas.org.

NIST Computer Security Resource Clearinghouse

IATAC — Information Assurance Technology Analysis Center

International Computer Security Association

National Security Institute

American Society for Industrial Security publishes Security Management magazine.

UK folks should check the National Technical Authority for Information Assurance.

Aussies can check their national Evaluated Products List.

Research and Development Organizations

Hey, so I'm biased, but Purdue's CERIAS group has a lot of great information, tools, pointers to other resources, etc.

Other great tool collections are at Lawrence Livermore National Laboratory and funet.fi.

Risk Management and Insurance Coverage

Here's an analysis of over 100 cyber insurance policies: Content Analysis of Cyber Insurance Policies: How Do Carriers Write Policies and Price Cyber Risk? by Sasha Romanosky, Lilian Ablon, Andreas Kuehn, and Therese Jones, all of the RAND Corporation, March 2017.

InsureTrust (formerly Network Risk Management Services) provides services in risk assessment and managment, and offers insurance coverage for information security threats — the first organization providing integrated risk assessment, management, and insurance.
InsureTrust
P. O. Box 205-1000
11770 Haynes Bridge Road
Alpharetta GA 30004
+1-888-932-7475
www.insuretrust.com