Governance, Risk Management & Compliance Professional

Passionate about implementing best practices, security awareness training, and executing compliance policies 

​

---

​My name is DeBora King. I'm a Senior Cybersecurity Analyst at CREO, Inc.
I recently formalized my many years of experience in corporate risk management and information technology with a degree in Cybersecurity Management and Policy.

Information security is a complex topic, with immense volumes of information that change by the minute. What works today may be obsolete tomorrow.  

​I couldn't find a one-stop professional resource to keep up with industry tweets, articles, guidelines and updates, SO I CREATED ONE!  

​If you are in the Infosec industry or just an end-user or individual seeking security awareness, I hope this website will be helpful to you.

MY FAVORITE RESOURCES

---

MORNING NEWS FEED

Breaking News
Dark Reading
Politico Morning Cybersecurity
Security Today
The Hacker News
ThreatPost
WIRED

Top Bloggers
Daniel Miessler
Krebs on Security
​Schneier on Security
TAO Security
​The Last Watchdog
Troy Hunt

News, Views & Insights
Cybersecurity Insiders
​Cyberwire
IT Security Guru
Security Boulevard
Signal
We Live Security

---

HOT TOPIC(s)

Guide to General Data Protection Regulation (GDPR)

Short KnowBe4 Security Awareness Video that EVERY EMPLOYER MUST SEE!

Cybersecurity Maturity Model Certification (CMMC)

Cybersecurity Resources for Manufacturers - Defense Federal Acquisition Regulation Supplement (DFARS)

---

KNOWN THREATS & VULNERABILITIES RESOURCES

Daily Podcast on Current Threats

SYMANTEC SECURITY CENTER: THREATS

MCAFEE VIRUS INFO

List of Publicly Known Vulnerabilities

Threat Mitigation Publication

---

SECURITY AWARENESS/SOCIAL ENGINEERING/PHISHING

ANTI-PHISHING WORKING GROUP, INC.

KnowBE4

US-CERT NATIONAL CYBER AWARENESS SYSTEM

HOMELAND SECURITY INDUSTRIAL CONTROL SYSTEMS CYBER EMERGENCY RESPONSE TEAM (ICS-CERT)

TIPS: SECURITY ISSUES

SECURITY ALERTS: TECHNICAL INFO

REDUCING SPAM

UNDERSTANDING FIREWALLS

CHOOSING AND PROTECTING PASSWORDS

BULLETIN: WEEKLY VULNERABILITIES

CURRENT ACTIVITY: FREQUENT/HIGH IMPACT ISSUES

UNDERSTANDING ANTI-VIRUS SOFTWARE

PROTECTING YOUR PRIVACY

PREVENTING AND RESPONDING TO IDENTITY THEFT

---

DATA PROTECTION

FEDERAL TRADE COMMISSION: PRIVACY, IDENTITY & ONLINE SECURITY

IDENTITY THEFT RESOURCE CENTER (ITRC)

DATA PROTECTION DIRECTIVE (DIRECTIVE 95/46/EC) replaced by GENERAL DATA PROTECTION REGULATION (GDPR)

DIRECTIVE 2009/136 REGULATION OF USE OF COOKIES

E-PRIVACY DIRECTIVE (DIRECTIVE 2002/58)

THE DATA PROTECTION DIRECTIVE 95/46/EC

---

EMERGENCY PREPAREDNESS/RESPONSE

AusCERT

COMPUTER EMERGENCY RESPONSE TEAM COORDINATION (CERT/CC)

FORUM OF INCIDENT RESPONSE TEAMS (FIRST)

NIST FRAMEWORK FOR EMERGENCY RESPONSE OFFICIALS

READY.GOV CYBERSECURITY 

---

BEST PRACTICES

BEST PRACTICES (BP) INFORMATION ASSURANCE (IA) ROLE-BASED TRAINING

DIGITAL GOV CHECKLIST OF REQUIREMENTS FOR FEDERAL WEBSITES AND DIGITAL SERVICES

INFORMATION SECURITY GUIDE FOR GOVERNMENT EXECUTIVES

CENTER FOR INTERNET SECURITY (CIS) MULTI-STATE INFORMATION SHARING & ANALYSIS CENTER (MS-ISAC)

EUROPEAN NETWORK AND INFORMATION SECURITY AGENCY
NATIONAL CYBER SECURITY STRATEGIES PRACTICAL GUIDE ON DEVELOPMENT & EXECUTION

INFORMATION TECHNOLOGY INFRASTRUCTURE LIBRARY (ITIL)

U.S. DEPARTMENT OF DEFENSE (DoD) CLOUD COMPUTING SECURITY REQUIREMENTS GUIDE

---

REGULATORY REQUIREMENTS

THE CALIFORNIA ONLINE PRIVACY PROTECTION ACT (OPPA) OF 2003

CLINGER-COHEN ACT OF 1996
INFORMATION TECHNOLOGY MANAGEMENT REFORM ACT

CONNECTICUT'S PUBLIC ACT NO. 08-167: AN ACT CONCERNING THE CONFIDENTIALITY OF SOCIAL SECURITY NUMBERS

FEDERAL INFORMATION SECURITY MANAGEMENT ACT OF 2002
FEDERAL INFORMATION SECURITY MODERNIZATION ACT OF 2014

MANAGEMENT OF FEDERAL INFORMATION RESOURCES

THE PAYMENT CARD INDUSTRY (PCI) SECURITY STANDARDS COUNCIL

CALIFORNIA SUPREME COURT RULING: ZIP CODES ARE PII

COMPUTER FRAUD ABUSE ACT (CFAA) OF 1986

THE E-GOVERNMENT ACT OF 2002

FEDERAL RECORDS ACT OF 1950

THE FREEDOM OF INFORMATION ACT

GENERAL DATA PROTECTION REGULATION (GDPR)

THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (HIPAA) OF 1996

PAPERWORK REDUCTION ACT (PRA) OF 1995

THE PRIVACY ACT OF 1974/2015

THE CHILDREN'S ONLINE PRIVACY PROTECTION ACT (COPPA)

COMPUTER MATCHING AND PRIVACY PROTECTION ACT OF 1988

FEDERAL AGENCY RESPONSIBILITIES FOR MAINTAINING RECORDS ABOUT INDIVIDUALS

FAIR AND ACCURATE CREDIT TRANSACTIONS ACT OF 2003 (FACTA)

THE GRAMM-LEACH-BLILEY ACT

REHABILITATION ACT OF 1973: REVISED 508 STANDARDS INFORMATION AND CONSUMER TECHNOLOGY (ICT)

THE SARBANES-OXLEY (SOX) ACT OF 2002

---

FRAMEWORKS

CARNEGIE MELLON UNIVERSITY SOFTWARE ENGINEERING INSTITUTE
OPERATIONALLY CRITICAL THREAT, ASSET, AND VULNERABILITY EVALUATION (OCTAVE) FRAMEWORK

CONTROL OBJECTIVES FOR INFORMATION AND RELATED TECHNOLOGY (CobIT)

THE COMMON CRITERIA FOR INFORMATION TECHNOLOGY SECURITY EVALUATION (CC)

COMMITTEE OF SPONSORING ORGANIZATIONS (COSO)

U.S. DEPARTMENT OF DEFENSE ARCHITECTURE FRAMEWORK (DoDAF)

INFOSEC INSTITUTE ISO27002 SECURITY FRAMEWORK AUDIT PROGRAM TEMPLATE

MINISTRY OF DEFENCE ARCHITECTURE FRAMEWORK (MODAF)

NIST CYBERSECURITY FRAMEWORK

U.S.-EU SAFE HARBOR FRAMEWORK

THE OPEN GROUP (TOGAF)

ZACHMAN FRAMEWORK

---

METHODOLOGIES

AGILE ALLIANCE

CAPABILITY MATURITY MODEL INTEGRATION (CMMI)

CONSULTATIVE, OBJECTIVE AND BI-FUNCTIONAL RISK ANALYSIS (COBRA)

FEDERAL FINANCIAL INSTITUTIONS EXAMINATION COUNCIL (FFIEC)

FACILITATED RISK ASSESSMENT PROCESS (FRAP)

SHERWOOD APPLIED BUSINESS SECURITY ARCHITECTURE (SABSA)

SIX SIGMA

---

STANDARDS/GUIDELINES

NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY
PUBLIC DOMAIN DOCUMENTS
(open government documentation available to anyone)

---

NIST INFORMATION TECHNOLOGY LABORATORY (ITL) MONTHLY BULLETIN

NIST SP 800-18
GUIDE FOR DEVELOPING SECURITY PLANS FOR FEDERAL INFORMATION

NIST SP 800-34
CONTINGENCY PLANNING GUIDE FOR FEDERAL INFORMATION SYSTEMS

NIST SP 800-41
GUIDELINES ON FIREWALLS AND FIREWALL POLICY

NIST SP 800-53
​SECURITY AND PRIVACY CONTROL FOR FEDERAL INFORMATION SYSTEMS AND ORGANIZATIONS

NIST SP 800-58
SECURITY CONSIDERATIONS FOR VOICE OVER IP SYSTEMS

NIST SP 800-64
SECURITY CONSIDERATIONS IN THE SYSTEM DEVELOPMENT LIFE CYCLE

NIST SP 800-77
GUIDE TO IPsec VPNS

NIST SP 800-84
GUIDE TO TEST, TRAINING, AND EXERCISE PROGRAMS FOR IT PLANS AND CAPABILITIES

NIST SP 800-88
GUIDELINES FOR MEDIA SANITIZATION

NIST SP 800-94
​GUIDE TO INTRUSION DETECTION AND PREVENTION SYSTEMS (IDPS)

NIST SP 800-100
INFORMATION SECURITY HANDBOOK: A GUIDE FOR MANAGERS

NIST SP 800-115
TECHNICAL GUIDE TO INFORMATION SECURITY TESTING AND ASSESSMENT

NIST SP 800-122
​GUIDE TO PROTECTING THE CONFIDENTIALITY OF PERSONALLY IDENTIFIABLE INFORMATION (PII)

NIST SP 800-124
​GUIDELINES FOR MANAGING THE SECURITY OF MOBILE DEVICES IN THE ENTERPRISE

NIST SP 800-30 
GUIDE FOR CONDUCTING RISK ASSESSMENTS

NIST SP 800-37
GUIDE FOR APPLYING THE RISK MANAGEMENT FRAMEWORK TO FEDERAL INFORMATION SYSTEMS: A LIFE CYCLE APPROACH

NIST SP 800-47
SECURITY GUIDE FOR INTERCONNECTING INFORMATION TECHNOLOGY SYSTEMS

NIST SP 800-57 PART 1 REVISION 4
RECOMMENDATION FOR KEY MANAGEMENT

NIST SP 800-61
​COMPUTER SECURITY INCIDENT HANDLING GUIDE

NIST SP 800-72
GUIDELINES ON PDA FORENSICS

NIST SP 800-83
GUIDE TO MALWARE INCIDENT PREVENTION AND HANDLING FOR DESKTOPS AND LAPTOPS

NIST SP 800-86
GUIDE TO INTEGRATING FORENSIC TECHNIQUES INTO INCIDENT RESPONSE

NIST SP 800-92
GUIDE TO COMPUTER SECURITY LOG MANAGEMENT

NIST SP 800-97
ESTABLISHING WIRELESS ROBUST SECURITY NETWORKS: A GUIDE TO IEEE 802.11

NIST SP 800-111
GUIDE TO STORAGE ENCRYPTION TECHNOLOGIES FOR END USER DEVICES

NIST SP 800-113
GUIDE TO SSL VPNs

NIST SP 800-123
​GUIDE TO GENERAL SERVER SECURITY

NIST SP 800-127
​GUIDE TO SECURITY WiMAX WIRELESS COMMUNICATIONS

NIST 800-171
PROTECTING CONTROLLED UNCLASSIFIED INFORMATION IN NON-FEDERAL SYSTEMS AND ORGANIZATIONS

FEDERAL INFORMATION PROCESSING STANDARDS PUBLICATIONS

FIPS 200 
​MINIMUM SECURITY REQUIREMENTS FOR FEDERAL INFORMATION AND INFORMATION SYSTEMS

FIPS 140-2
​SECURITY REQUIREMENTS FOR CRYPTOGRAPHIC MODULES

---

INTERNATIONAL ORGANIZATION FOR STANDARDIZATION/INTERNATIONAL ELECTROTECHNICAL COMMISSION (ISO/IEC)

ISO/IEC 27001:2013 
SECURITY TECHNIQUES -- INFORMATION SECURITY MANAGEMENT SYSTEMS REQUIREMENTS

ISO/IEC 27002:2013
SECURITY TECHNIQUES -- CODE OF PRACTICE FOR INFORMATION SECURITY CONTROLS

ISO/IEC 2382:2015
INFORMATION TECHNOLOGY -- VOCABULARY

BIOMETRICS

ISO/IEC 15444-1: 2016
JPEG 2000 IMAGE CODING SYSTEM: CORE CODING SYSTEM

ISO/IEC 19794-6:2011
BIOMETRIC DATA INTERCHANGE FORMATS--PART 6:IRIS IMAGE DATA

ISO/IEC 19785-1:2006
BIOMETRIC APPLICATION PROGRAMMING INTERFACE--PART 1 BioAPI Specification

ISO/IEC 197-7:2014
BIOMETRIC DATA INTERCHANGE FORMATS PART 7: SIGNATURE/SIGN TIME SERIES DATA

ISO/IEC 19785-1:2015
COMMON BIOMETRIC EXCHANGE FORMATS FRAMEWORK (CBEFF)

ANSI INCITS 395-2005 
BIOMETRIC DATA INTERCHANGE FORMATS - SIGNATURES/SIGN DATA

ISO/IEC 19785-1:2015
COMMON BIOMETRIC EXCHANGE FORMATS FRAMEWORK--PART 1: DATA ELEMENT SPECIFICATION

ISO JTC 1/SC 37
​BIOMETRICS SCOPE

SMART CARDS

ISO/IEC 7816-4:2013 
IDENTIFICATION CARDS--INTEGRATED CIRCUIT CARDS--PART 4: ORGANIZATION, SECURITY AND COMMANDS FOR INTERCHANGE

SECURE TECHNOLOGY ALLIANCE (FORMERLY SMART CARD ALLIANCE)

---

REFERENCE MATERIALS

BH CONSULTING

CANADIAN SECURITY ESTABLISHMENT (CSE)

CENTER FOR INTERNET SECURITY (CIS)

DARK READING

ENCYCLOPEDIA OF CRYPTOGRAPHY AND SECURITY

GARTNER'S IT GLOSSARY

INTERNET ENGINEERING TASK FORCE (IETF)

OPEN WEB APPLICATION SECURITY PROJECT (OWASP)

STAY SAFE ONLINE

THE SECURITY EXECUTIVE COUNCIL

BRITISH COMPUTING SOCIETY

CLOUD SECURITY ALLIANCE

DATA MANAGEMENT ASSOCIATION (DAMA)

ELECTRONIC FRONTIER FOUNDATION (EFF)

GARTNER MAGIC QUADRANT

INSIDE CYBERSECURITY

NATIONAL CHECKLIST PROGRAM REPOSITORY

SANS GLOSSARY OF SECURITY TERMS

SANS SECURITY AWARENESS

SECURITY POLICY TEMPLATES

NATIONAL INFORMATION ASSURANCE PARTNERSHIP GLOSSARY

CARNEGIE MELLON UNIVERSITY SYSTEMS SECURITY ENGINEERING CAPABILITY MATURITY MODEL (SSE-CMM)

THE CENTER FOR EDUCATION AND RESEARCH IN INFORMATION ASSURANCE AND SECURITY (CERIAS)

U.S. DIRECTOR OF CENTRAL INTELLIGENCE DIRECTIVE (DCID) 1/21: MANUAL FOR PHYSICAL SECURITY STANDARDS FOR SENSITIVE COMPARTMENTED INFORMATION FACILITIES (SCIF)

---

PUBS

CIO

CISO

CNET SECURITY

COMPLIANCE WEEK

COMPUTER WORLD

CSO

HOMELAND SECURITY NEWS WIRE

INFORMATION SECURITY BUZZ

INFOSECURITY MAGAZINE

KREBS ON SECURITY

NAKED SECURITY

NPR: CYBERSECURITY

PC WORLD

SCHNEIER ON SECURITY

SC MAGAZINE

SECURITY CURRENT

SECURITY MAGAZINE

SECURITY WEEK

TECH NEWS WORLD

THE HACKER NEWS

THREAT POST

---

DIGITAL FORENSICS

ASSOCIATION OF CHIEF POLICE OFFICERS (ACPO) GOOD PRACTICE GUIDE FOR DIGITAL EVIDENCE

INTERNATIONAL ORGANIZATION OF COMPUTER EVIDENCE (IOCE)

SCIENTIFIC WORKING GROUP ON DIGITAL EVIDENCE (SWGDE)

---

TRAINING & CONTINUING EDUCATION RESOURCES

AXELOS

CYBER ACES

ISACA

EC-COUNCIL

CompTIA

MIS TI

ISC(2)

KAPLAN

UDEMY

INFOSEC INSTITUTE

THE SANS INSTITUTE

THE OPEN GROUP (TOGAF)

CYBRARY

ITPROTV

MICROSOFT

SecureNINJA

PROJECT MANAGEMENT INSTITUTE (PMI)

GLOBAL INFORMATION ASSURANCE CERTIFICATION

---

MY INTEREST GROUPS

CHICKTECH

WOMEN WHO CODE

WOMEN IN TECH ALLIES (WITA)

WOMEN IN CYBERSECURITY CYBERJUTSU

TOASTMASTERS INTERNATIONAL