Resource Library:

AFCEA offers a wide range of white papers, EBooks, case studies, event videos and analytical content in our Resource Library. These documents may be relevant to your work and of interest to you as a member of the global defense, security and intelligence community. The content updates often so please bookmark this page and come back frequently.

Registration is required to access the documents. This registration information is minimal and is only shared with the sponsor of the specific document you access.

For information regarding posting content in the Resource Library, please contact Jennifer Deuterman by phone (703) 631-6181 or Email or your SIGNAL account executive.

Filter the library by ...

   

Open Source Software and Mission-Critical Applications: A Cautionary Tale
Author: AFCEA   Send Email to POC   View Content
AFCEA International Cyber Committee The efficiencies of using and embedding open source software imply a number of risks. AFCEA Cyber Committee members have examined the origins of the OSS trend, its motivation and some of these risks and drawn an analogy to previous quality control experiences. Members offer suggestions for mitigating the risks when building systems they intend to trust.

Small Business Cybersecurity
Author: AFCEA   Send Email to POC   View Content
AFCEA International Small Business Committee and Cyber Committee Rapid technology changes create new security vulnerabilities that require small businesses to expend resources to remain compliant. The fundamental problem is twofold: increasing technology complexity and competition for training security professionals. Members of the Small Business and Cyber committees suggest best practices, recommendations and information resources for small businesses to address these issues

The Who, What, Why and How of DDoS Attacks: A Guide for IT Pros
Author: AFCEA   Send Email to POC   View Content
The IT industry has seen a major increase of Distributed Denial of Service (DDoS) attacks over the past several years. The December 2019 New Orleans cyberattack is such an example: This attack combined a classic ransomware deployment with a DDoS attack. The DDoS upward trend promises to continue. DDoS attacks date back to the dawn of the public internet, but the force is strong with this one. According to a 2018 report from International Data Group (IDG), the median downtime caused by a DDoS attack is 7 to 12 hours. Using an estimate from Gartner of $5,600 per minute of ...

Your Guide to Building a CSfC Approved Solution
Author: Attila Security   Send Email to POC   View Content
For decades, Type 1 has been the NSA's most prized cybersecurity designation. Recent years, however, have seen the growth of NSA's Commercial Solutions for Classified (CSfC) program, which offers an alternative to Type 1 products. This guide is designed to help individuals looking to build a CSfC approved solution and provides guidance on how to use the resources available, navigate the CSfC process, and what to expect from CSfC component vendors.

The Cyber Edge April 2020
Author: AFCEA   Send Email to POC   View Content
Daily cyber attacks and other threats naturally take up the short-term attention of many governmental agencies, but there is a need for a more strategic look at risks to the nation's critical infrastructure.

Securing the Enterprise when employees work remotely
Author: Attivo Networks   Send Email to POC   View Content
For various reasons, many companies are encouraging or being requiring to have employees to work from home. This shift in employees working in a less secure environment creates a significant opportunity for cybercriminals and reduces their time to compromise. While it is impossible to prevent every possible attack, proper planning and use of deception technologies could detect and prevent lateral movement and avert a more significant impact on the organization. To learn more, check out this solution brief on securing the enterprise while employees work remotely.

Taking the Risk out of Software Supply Chain Management
Author: Flexera   Send Email to POC   View Content
Supply chain management is vitally important to running and maintaining an organization's IT systems. When it is carried out, in many federal agencies it's traditionally a manual process managed on spreadsheets. In recent years new directives have mandated that the Department of Defense (DOD) and civilian agencies must all begin monitoring this, especially for cybersecurity considerations within the Department's Risk Management Framework (RMF). In this editorial, Flexera Software explains how many department directors are paying more attention to life-cycle management f ...

NIST: 800-160 (2) AND 800-171 (B) SECURING HIGH VALUE ASSETS AND CONFIDENTIAL UNCLASSIFIED INFORMATION
Author: Attivo Networks   Send Email to POC   View Content
The NIST publications 800-160 Volume 21 and 800-1712 deal with developing cyber-resilient systems and protecting controlled unclassified information in nonfederal systems and organizations, respectively. These documents give an organization clear guidance on implementing secure systems from the policy, process, personnel, and technical perspectives. This paper will very briefly summarize these NIST publications, introduce deception technology, and show how deception technology fits within the NIST guidelines to support regulatory compliance and enhanced security.

The U.S. Cybersecurity Industrial Base and National Security
Author: AFCEA   Send Email to POC   View Content
This white paper conveys to U.S. national security policy makers and decision makers observations and recommendations regarding the nation's cybersecurity industrial base and this sector's ability to support and strengthen the national security of the United States.

The Cyber Edge January 2020
Author: AFCEA   Send Email to POC   View Content
FBI Strives to Keep Ahead of Cyber Adversaries.
A rapidly changing threat environment compels increased cooperation.

Will Your Security Solution Fit the New CMMC Framework?
Author: Attila Security   Send Email to POC   View Content
The Cybersecurity Maturity Model Certification (CMMC) promises to have significant impact on the state of cybersecurity requirements for US DIB contractors. Each member of the DIB supply chain plays a vital role in the nation's security, and contractors that are not CMMC certified will not be eligible to bid on government defense contracts. Download this whitepaper to get CMMC preparation tips and to learn if your current security solution will fit the new CMMC framework.

NIST: 800-160(2) and 800-171(B) Securing High Value Assets and Confidential Unclassified Information
Author: Attivo Networks   Send Email to POC   View Content
The NIST publications 800-160 Volume 21 and 800-1712 deal with developing cyber-resilient systems and protecting controlled unclassified information in nonfederal systems and organizations, respectively. These documents give an organization clear guidance on implementing secure systems from the policy, process, personnel, and technical perspectives. This paper will very briefly summarize these NIST publications, introduce deception technology, and show how deception technology fits within the NIST guidelines to support regulatory compliance and enhanced security.

The Cyber Edge October 2019
Author: AFCEA   Send Email to POC   View Content
Cyber policy traditionally has focused more on enterprise networks than tactical systems, according to Nancy Kreidler, the Army's new leader for the Cybersecurity and Information Assurance Directorate within the Office of the Chief Information Officer/G-6. But new initiatives emphasize cybersecurity in the tactical environment, including networks, weaponry and any other systems used by warfighters.

Cyber Insurance
Author: Cyber Insurance   Send Email to POC   View Content
The Cyber Insurance Subcommittee of AFCEA International's Cyber Committee concluded cyber insurance is useful in risk transference but with some important caveats. For example, a purchase decision is contingent on individual company circumstances, such as revenue, risk tolerance, board guidance and regulatory environment relative to protected categories of information. In addition, every purchase decision should be critically reviewed regarding the extent of exclusions to coverage in each policy. The subcommittee also concluded that it remains in the indeterminate futur ...

The Cyber Edge July 2019
Author: AFCEA   Send Email to POC   View Content
The whole is greater than the sum of its parts when the two combine forces for information technology. BY ROBERT K. ACKERMAN The U.S. Army is building a tighter relationship with industry to tap commercial expertise and avoid long procurement delays that often render new information technologies obsolete before they are fielded

Why UEM is the key to enterprise IT security?
Author: Zoho Corporation   Send Email to POC   View Content
Free e-book that aids in improving your enterprise IT security
Most IT admins have asked themselves at some point in time, "How do I achieve and sustain enterprise IT security?"

With cybercriminals sneaking into enterprises using new techniques every day, IT administrators have never been busier. Download your free e-book to understand the challenges in sustaining enterprise IT security, and learn how to overcome these challenges by implementing security-first procedures, securing corporate and personal data, maintaining user privacy, and increasing employee p ...

Cyber Deception: How to Build a Program
Author: Attivo Networks   Send Email to POC   View Content
With traditional cybersecurity, companies play a cat-and-mouse game to identify, block, and prevent threats. A deception program changes this by giving defenders the ability to learn about attackers in the same way attackers try to learn about their targets. Once an organization knows an attacker is in the network, it can observe the attacker's behaviours and patterns. This background helps security teams better understand what attackers are after and the best way to respond.

Beyond the Phish
Author: Proofpoint   Send Email to POC   View Content
In our deepest and most wide-ranging report yet, we explore user knowledge of a broad range of best practices for cyber hygiene, security, and compliance. The report analyzes millions of responses gathered from our Security Education Platform. Our latest Beyond the Phish Report includes: Data from nearly 130 million questions answered by customers end users Users understanding of 14 cybersecurity topics Two new categories: users understanding of unintentional and malicious insider threats and a view of executives cybersecurity knowledge Knowledge comparisons across 16 i ...

State of the Phish
Author: Proofpoint   Send Email to POC   View Content
This cybersecurity report analyses data from tens of millions of simulated phishing attacks sent through Proofpoint's Security Education Platform over a 12-month period, as well as an extensive survey of our global database of infosec professionals. It also includes survey data from thousands of working adults in seven countries, the US, UK, France, Germany, Italy, Australia, and Japan providing cybersecurity insights into end-user security awareness and behavior around phishing, ransomware, and more. Direct feedback from infosec professionals on today's threat landscap ...

SIGNAL Executive Video: Wrapping Software Licensing in a Blanket Purchase Agreement
Author: Thundercat & Symantec   Send Email to POC   View Content
Nothing in the field of information technology is more dynamic than software development. For consumers, individual personal mobile communications devices are constantly upgraded by weekly downloads of new apps. For large organizations such as the military services, vital information systems must be upgraded repeatedly and quickly, lest they enter the world of obsolescence. And, when it comes to security, obsolescence could be the death knell for any national security organization in a time of crisis.
Upgrading security across the breadth of a military service poses ...