U.S. Department of Health & Human Services. Cyber security guidance material. Retrieved from https://www.hhs.gov/hipaa/for-professionals/security/guidance/cybersecurity/index.html This website provides educational materials specifically designed to give HIPAA-covered entities and business associates insight into how to respond to cyber-related security incidents.
National Institute of Standards and Technology. (2018, April). Framework for improving critical infrastructure security. The NIST cybersecurity framework (CSF) focuses on using business drivers to guide cybersecurity activities and considering cybersecurity risks as part of the organization's risk management processes. The Framework consists of three parts: the Framework Core, the Implementation Tiers, and the Framework Profiles. The Framework Core is a set of cybersecurity activities, outcomes, and informative references that are common across sectors and critical infrastructure. Elements of the Core provide detailed guidance for developing individual organizational Profiles.
National Institute of Standards and Technology. (2021, August). NIST risk management framework. CSRC. The NIST RMF is important because managing organizational risk is paramount to effective information security and privacy programs; the RMF approach can be applied to new and legacy systems, any type of system or technology (e.g., IoT, control systems), and within any type of organization regardless of size or sector.
Cybersecurity & Infrastructure Security Agency (CISA). (n.d.). CISA analysis of risk and vulnerability assessments This website provides a mapping of various risk and vulnerability assessments (RVAs) to the MITRE ATT&CK® framework. The process used to conduct an RVA is described and a variety of methodologies are discussed.
Greene, S. (2020). 32.2 Frameworks and guidance (Lesson 32: Explain the importance of applicable regulations standards or frameworks that impact organizational security posture) [Video]. In CompTIA Security+ SY0-601. Pearson IT Certification.