Government security organizations

Almost all goverments worldwide provide good advice for dealing with cyber risks. Some advice and tips for other goverments organisations but also for citizens and private companies.

Reinventing the wheel is a lost of energy and resources. Put effort on reuse already existing information. Below a collection of governments sites that provide good and open information on cyber security.

• Australian Strategic Policy Institute (ASPI). Core aim is to provide the Australian Government with fresh ideas on Australia’s defence, security and strategic policy choices. .auCheck provides a series of tests that check whether your internet services follow standards advised by the Australian government and are up to date. .auCheck is a non-commercial, independent and free service. Our mission is to empower users, in particular Australian small businesses, to ask the right questions and request up-to-date services from their providers.

• Australian Cyber Security Centre (ACSC) The Australian Cyber Security Centre (ACSC) leads the Australian Government’s efforts to improve cyber security. Our role is to help make Australia the most secure place to connect online. We monitor cyber threats across the globe 24 hours a day, seven days a week, so we can alert Australians early on what to do.

• Cybersecurity Library of US DoD Great collection of links to valuable security resources. Use it and improve it for your context! Also using these resources is good for inspiration when you need to create your own security architecture or how to perform a complex risks analyses in a large environment. Zero Trust is everywhere, but I like the DoD created Zero Trust reference architecture

• NIST General information

• No-More-Ransom The “No-More-Ransom” website is an initiative by the National High Tech Crime Unit of the Netherlands’ police, Europol’s European Cybercrime Centre and two cyber security companies – Kaspersky Lab and Intel Security – with the goal to help victims of ransomware retrieve their encrypted data without having to pay the criminals.

• New Zealand Information Security Manual Great IS manual. The New Zealand Information Security Manual details processes and controls essential for the protection of all New Zealand Government information and systems. Controls and processes representing good practice are also provided to enhance the baseline controls. Use and reuse this manual for your governmental organisation or company.

• Luxembourg National Cybersecurity Competence Center (NC3). The NC3 mission is to support the Luxembourg ecosystem in building cybersecurity competence and capacity. They produce some nice FOSS tools, check it here.