This report creates an overall picture of the cybersecurity capabilities of public power utilities. Moreover, it supports the previous year’s findings and provides a consistent approach for supporting DOE’s Multiyear Plan for Energy Sector Cybersecurity. (more available)

The initial global cybersecurity index report. Using a survey based approach, this report attempts to create a global index for the state of cybersecurity and establish country specific wellness profiles. (more available)

A survey driven review of 25 indicators via 157 questions spanning 193 respondents. This attempts to focus on factors influencing cybersecurity strategy design and implementation on a year-over-year basis. (more available)

A survey driven review of 25 indicators via 50 questions spanning nearly 160 respondents. This attempts to focus on factors influencing cybersecurity strategy design and implementation on a year-over-year basis. (more available)

The third annual report from Hacker One on the state of the hacker/security testing community. Data is drawn from Hacker One’s community of bug bounty registrants and subscribing platforms. (more available)

A lot of progress has been made in the past few years around requirements. Next steps in this area include identifying when and why to update intelligence requirements—even ad hoc adjustments can be planned for by identifying the circumstances under which they would need to be changed. (more available)

This year’s SANS survey saw an increase in usage and interest in CTI, along with a diversification in how the intelligence is being used by organizations. (more available)

Upon request by the United States Senate Select Committee on Intelligence (SSCI), New Knowledge reviewed an expansive data set of social media posts and metadata provided to SSCI by Facebook, Twitter, and Alphabet, plus a set of related data from additional platforms. (more available)

This report offers insights into why a CSIRT is crucial in today’s world. It provides some helpful tips and steps that can improve any organization’s response team. (more available)

Ponemon Institute is pleased to present The Value of Threat Intelligence: Annual Study of North American and United Kingdom Companies, sponsored by Anomali. (more available)

This report offers insights and guides into the new Help America Vote Act.

This whitepaper is intended to help firms understand how security automation can accelerate analyst response time to incoming phishing alerts and minimize the impact of these malicious attacks on their environment. (more available)

This report provides information cultivated by the Task Force, which offers the opportunity to address significant cybersecurity concerns in the health care industry. (more available)

Multiple Polish banks have fallen victim to malware. This post contains what information was public about the attack at the time. (more available)

With the subtitle “Why Internet Routing Sucks” you know this will be an interesting read.

The goal of this project was to develop an initial framework for cybersecurity that considers the roles of government, industry, advo- cacy organizations, and academic institutions and how these stake- holders’ concerns relate to each other. (more available)

The research reported here was conducted in the RAND Justice Policy Program, which spans both criminal and civil justice system issues with such topics as public safety, effective policing, police–community relations, drug policy and enforcement, corrections policy, use of technology in law enforcement, tort reform, catastrophe and mass-injury compensation, court resourcing, and insurance regulation. (more available)

Based on a 2015 survey of more than 100 major Canadian organizations across all major sectors, this paper sets out to prove that with additional focus, investment, and increased maturity, not all breaches need to be the size or have the impact that we have seen recently reported. (more available)

In 2015, after two years of study and policy coordination, the United States and Japan publicly issued new defense guidelines, updating and expanding upon the previous guidance of 1997. (more available)

This report is a kind of dossier on the hacker community. It lets you in to their world, to know their mindset, and thoughts on the bug bounty community. (more available)

This paper outlines the current state of play in political warfare, identifies emerging threats, and proposes potential policy responses. It argues for greater information sharing mechanisms between trans-Atlantic governments and the private sector, greater information security and transparency, and greater investments in research and development on AI and computational propaganda. (more available)