Incident Response Teams
U.S. Incident Response Teams
US-CERT and Carnegie Mellon University's CERT Division within the Software Engineering Institute are the standard places to start. Browse their past advisories, and get on their advisory mailing list.
FIRST is the Forum of Incident Response and Security Teams.
U.S. Department of Energy has its Computer Incident Advisory Capability.
U.S. Department of Defense published CJCSM 6510.01A Information Assurance (IA) and Computer Network Defense (CND), Volume I (Incident Handling Program).
Incident Response Teams
Non-U.S. Incident Response Teams
AUSCERT — Australian Computer Emergency Response Team
Australian Defence Signals Directorate
German Federal Networks CERT
CERT-NL, SURFnet Response Team, Netherlands
Hong Kong Police Commercial Crimes Bureau
Two different web sites claim to be the Pakistan Computer Emergency Response Team, both www.pakcert.org and cert.org.pk
Royal Canadian Mounted Police computer crime efforts
US DoD folks, check out DISA.
NCIX — National Counter-Intelligence Executive has newsletters on information security and more general but related topics.
NSA is the information security agency in the U.S., and includes the National Computer Security Center, source of the "Rainbow Series".
As for the documents themselves, see this copy at fas.org.
NIST Computer Security Resource Clearinghouse
IATAC — Information Assurance Technology Analysis Center
International Computer Security Association
National Security Institute
American Society for Industrial Security publishes Security Management magazine.
UK folks should check the National Technical Authority for Information Assurance.
Aussies can check their national Evaluated Products List.
Research and Development Organizations
Hey, so I'm biased, but Purdue's CERIAS group has a lot of great information, tools, pointers to other resources, etc.
Other great tool collections are at Lawrence Livermore National Laboratory and funet.fi.
Risk Management and Insurance Coverage
Here's an analysis of over 100 cyber insurance policies: Content Analysis of Cyber Insurance Policies: How Do Carriers Write Policies and Price Cyber Risk? by Sasha Romanosky, Lilian Ablon, Andreas Kuehn, and Therese Jones, all of the RAND Corporation, March 2017.
InsureTrust (formerly Network Risk Management Services)
provides services in risk assessment and managment,
and offers insurance coverage for information security
threats — the first organization providing integrated
risk assessment, management, and insurance.
P. O. Box 205-1000
11770 Haynes Bridge Road
Alpharetta GA 30004