Resources for IT / MSPs

SecureTheVillage Cybersecurity News of the Week and Weekend Patch Report.

Subscribe.

The Center for Internet Security

CIS Controls®, version 8.1: The CIS Critical Security Controls (CIS Controls) are a prescriptive, prioritized, and simplified set of best practices that you can use to strengthen your cybersecurity posture.
CIS Risk Assessment Method (CIS RAM): An information security risk assessment method that helps organizations implement and assess their security posture against the CIS Critical Security Controls (CIS Controls) cybersecurity best practices. The CIS RAM Family of Documents provides instructions, examples, templates, and exercises for conducting a cyber risk assessment.
A Guide to Defining Reasonable Cybersecurity: In collaboration with recognized technical cybersecurity and legal experts, the Center for Internet Security® (CIS®) published this guide to provide practical and specific guidance to organizations seeking to develop a cybersecurity program that satisfies the general standard of reasonable cybersecurity.
Reasonable Cybersecurity: Oxymoron or Opportunity? RSA 2024 Panel. Moderator: Tony Sager, Center for Internet Security. Panelists: Brian Ray, Cleveland State University College of Law; Samuel Thumma, Arizona Court of Appeals

National Institute of Standards and Technology (NIST)

Cyber Security Framework 2.0: Provides guidance to industry, government agencies, and other organizations to manage cybersecurity risks. It offers a taxonomy of high-level cybersecurity outcomes that can be used by any organization — regardless of its size, sector, or maturity — to better understand, assess, prioritize, and communicate its cybersecurity efforts.
Cybersecurity Framework 2.0: Small Business Quick-Start Guide Overview: This guide provides small-to-medium sized businesses (SMB), specifically those who have modest or no cybersecurity plans in place, with considerations to kick-start their cybersecurity risk management strategy by using the NIST Cybersecurity Framework (CSF) 2.0.

2024 Verizon Data Breach Investigations Report

View the Key Findings or read the full version (gated). Learn about the latest trends in real-world security incidents and breaches—to help protect your organization and help you evaluate potential updates to your security plan.

Cybersecurity is Everyone’s Job:

This guidebook outlines what each member of an organization should do to protect it from cyber threats, based on the types of work performed by the individual.

CISA Known Exploited Vulnerabilities (KEV) Catalog

To help organizations better manage vulnerabilities and keep pace with threat activities, CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild. Organizations should use the KEV catalog as an input to their vulnerability management prioritization framework.

FBI Internet Crime Report, 2023

IBM Cost of a Data Breach Report 2024:

Be prepared for breaches by understanding how they happen and learning about the factors that increase or reduce your costs. New research from IBM and Ponemon Institute provides insights from the experiences of 604 organizations and 3,556 cybersecurity and business leaders hit by a breach.