OWASP выпустил бесплатный инструмент для моделирования угроз Threat Dragon https://t.co/nRrLEMh28Y
— Alexey Lukatsky (@alukatsky) March 7, 2020

Команда MITRE ATT&CK рассказала о планах на 2020 год. Среди прочего:

- Оценивают слияние MITRE ATT&CK for ICS c единой MITRE ATT&CK (в которую уже решено объединить PRE-ATT&CK, Mobile ATT&CK, and Enterprise ATT&CK)
- Планируют публикацию мапинга техник MITRE ATT&CK с противодействующими им контролями NIST 800.53 v4 (и другими фрэймворками)

https://medium.com/mitre-attack/2020-attack-roadmap-4820d30b38ba

Nice casebook about US law in Cybersecurity.

https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3547103

ISO - Keeping biometric data on the same page with new International Standards
https://www.iso.org/news/ref2478.html

NICE Webinar Series | NIST
NICE Framework Uses and Success Stories
https://www.nist.gov/itl/applied-cybersecurity/nice/events/webinars

DOJ's totally non-binding guide to legal cyber research -- FCW

"The document offers non-binding legal guidance for how to navigate cyber intelligence gathering on the internet, particularly for sites that "openly advertise illegal services and the sale of stolen credit card numbers, compromised passwords, and other sensitive information."

https://fcw.com/articles/2020/03/03/doj-cyber-research-guide-johnson.aspx?m=1

Future of Data Protection, Privacy & IT Risk Management 2020

ISACA Virtual Summit

March 25, 2020

https://www.isaca.org/education/online-events/lms_wvs0320?cid=sm_2003300

Британский The Institution of Engineering and Technology опубликовал для публичного обсуждения проект свода практик о кибербезопасности и функциональной безопасности “IET Code of Practice – Cyber Security and Safety”

https://electrical.theiet.org/get-involved/consultations/cyber-security-and-safety-iet-code-of-practice/

NISTIR 8272 (Draft), Impact Analysis Tool for Interdependent Cyber Supply Chain Risks | CSRC
https://csrc.nist.gov/publications/detail/nistir/8272/draft