Resources

Industry/Legal Guidelines

• California Breach Notification Law
• CIS Critical Controls
• CIS Compliance Benchmark
• CIS Benchmarks
• NIST 800-53 — Security Controls
• NIST 800-171 — Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations
• NIST Cybersecurity Framework
• GDPR General Data Protection Regulation Toolkit (download)

Reports

• California 2016 Breach Report (download)
• Verizon Databreach Investigations Report

Best Practices

• Best Practices for Notifying Affected Individuals of a Large-Scale Data Breach (download)
• Remediation: Pass the Hash
• Sysmon Deployment
  
  • For Deployment of Sysmon using a GPO: https://gist.github.com/silentbreaksec/8972f8c9dce151aebbef0a58313f3971
  • Initially use this example Sysmon XML configuration file to seed the Sysmon deployment.