If you are new to cybersecurity and trying to find out where to get reliable information, searching the web will likely be frustrating. There are so many different organizations and companies providing services, so how do you choose? It is helpful to understand what agencies are out there to help you, then you can go directly to their websites to find what you need. Here are a few top organizations that you can use.

The number one organization to be aware of is the Cybersecurity and Infrastructure Security Agency (CISA), “America’s Cyber Defense Agency.” They are part of the US Department of Homeland Security, and their main mission is to help defend our country and its institutions from cyber attacks. They provide many different resources, and they are one of the main points of contact in case you suffer a cyber attack. Their latest initiative is to promote “Secure by Design, Secure by Default,” a new set of guidelines for software developers in which CISA advocates that it is no longer acceptable for developers to release insecure software that requires the user to secure it. Instead, the software should be inherently secure upon release. This change will take some time to be implemented, but it shows CISA’s leadership in the cybersecurity arena.

The second organization to follow is the National Institute for Standards and Technology (NIST). This agency is part of the US Department of Commerce, and while they set the standards for many different industries, they have taken on the lead role for defining cybersecurity standards. Their fundamental guidance in this area is the Cybersecurity Framework, a document that provides
a five-step approach (“Identify, Protect, Detect, Respond, Recover”) to strategize how to deal with cybersecurity risks. Version 1.1 of the framework is the most current, published in 2018, but Version 2.0 is in the works. Additionally, NIST’s cybersecurity site provides much more information and other resources dealing with cybersecurity.

Another helpful organization is the Center for Internet Security (CIS), a non-profit, private organization that provides best practices for cybersecurity. One their key products is the CIS Benchmarks, which give detailed guidance for securing each type of software operating system. While many of their products are free, CIS also provides services for a fee.

Another non-profit, private agency is the Open Worldwide Application Security Project® (OWASP). One of their key products is the “OWASP Top Ten,” a list of cybersecurity vulnerabilities and risks that software developers should be aware of. This list is continuously updated, so be sure to get the latest.

These organizations are not the only ones involved in cybersecurity, but they are some of the key US agencies that provide reliable guidance. Good luck in your quest to be cyber secure!