Nowadays, cyber attacks are part of our daily lives. The words "ransomware", "phishing" or "virus" have gradually become common vocabulary. In addition to these attacks, hardware, tools, and other connected objects such as mobile phones, computers, tablets, printers, etc. that we use on a daily basis, both professionally and personally, may have vulnerabilities. Once these vulnerabilities are discovered and exposed, it does not take long for them to be exploited for malicious purposes.
In order to guarantee the continuity of a company, it is important to be able to correct any flaws that are discovered as quickly as possible. It is therefore important to keep abreast of existing and discovered threats and vulnerabilities. In this way, the existing infrastructure and the company's data can be secured as well as possible.
Technology evolves very quickly, as does the ingenuity of attackers. It is therefore interesting to have several sources of information in order to increase the chances of seeing critical alerts as soon as possible.
Here is a list of sources that can be consulted.
CVEs
CVEs (Common Vulnerabilities and Exposures) is a dictionary of publicly available information that lists and assigns an identifier to each cybersecurity threat or vulnerability discovered. It is free to access, use and download.
You can visit their website here.
The ANSSI
The ANSSI (the National Agency for the Security of Information Systems) website is a source of information for companies, administrations and individuals. The ANSSI is a service with national competence. It is attached to the Secretary General of Defence and National Security (SGDSN), an authority that assists the Prime Minister in the exercise of his responsibilities in the field of defence and national security.
It contains, among other things, the latest news on cybersecurity, advice on cybersecurity in general, and a large number of best practice guides on various topics (Web applications, Cryptography, Outsourcing, Methodology, Industrial systems, Contactless technologies, etc.).
You can visit their website here.
The CNIL
The website of the CNIL (Commission Nationale de l'Information et des Libertés) is also an important source of information.
The CNIL's main mission is to inform and protect people's rights. But its field of action does not stop there. It has several missions: to inform, to protect rights, to support compliance/advise, to anticipate and innovate, to control and sanction. It is in particular to the CNIL that companies and individuals must turn when reporting attacks, for example.
You can visit their website here.
The CLUSIF
On the Clusif (French Information Security Club) website, you will find a large number of technical files on various topics such as cryptology, cybercrime, micro-computing, identity and access management, security governance, legal issues, physical and logical security, etc. There are also methods, recommendations and guidelines on compliance and risk analysis. Documents specifically intended for CISOs (Information Systems Security Managers) and DPOs (Data Protection Officers) are also available.
You can visit their website here.
The CESIN
CESIN (Club of Experts in Information and Digital Security) aims to promote exchanges between experts and public authorities in order to support regulatory changes, but also to provide CISOs with all the tools necessary to accomplish their mission. Its role is also to participate in all national and international initiatives aimed at promoting information and digital security, but also to write guides, white papers, etc., as well as to raise awareness among users and decision-makers about the challenges of information systems security.
You can visit their website here.
The CERT-FR
The CERT-FR (Governmental centre for monitoring, alert and response to computer attacks) is one of the curative components of the preventive actions carried out by the ANSSI. As a national CERT, it is the privileged international contact point for any cyber incident affecting France. It ensures a permanent presence of its activities 24 hours a day, 7 days a week.
Its role is to detect system vulnerabilities, notably through technological monitoring, to help set up means to protect against future incidents, to manage the resolution of incidents, if necessary with the worldwide network of CERTs, but also to organise the setting up of a network of trust. Their alert bulletins are available on their website. For the industry, service and tertiary sectors, the CERT-IST bulletins should be consulted.
You can visit their website here.
In addition to these sites, other sources are available for effective technology monitoring. RSS feeds, for example, allow you to monitor current events. A large number of websites, blogs, social networks (Twitter, Linkedin), newspapers, etc. offer to subscribe to these RSS feeds.
In order to help you process all this information and not get drowned under a lot of information that may not be all useful to you, tools are available such as Feedly (web and mobile use, allows you to sort, aggregate and classify hundreds of news sources), or Inoreader (allows you to filter news feeds in a personalised way, to create a search query (all the articles mentioning this query will be delivered in the form of a news feed).
Events such as conferences (LeHack), meetups (Meetup CyberSecura Grenoble), etc., are also a very good way to keep up to date with knowledge and to discuss directly with cybersecurity players.
Finally, self-training is also a very good way to keep up to date with the latest technology. A lot of books, specialised websites, and other resources are available and relevant.
Do not hesitate to multiply the sources for an efficient technology watch. In addition, many professionals are available to answer your questions.
Related blog posts:
Did you enjoy this blog post?
Find more content related to cybersecurity and GDPR regulatory compliance on the CyberSecura blog!
We need your answers!
By completing this survey, you are helping us to better understand your interactions with our site and your potential needs.
Your answers are anonymous, and unless you ask to be contacted again by our teams, no personal information is requested!
Thank you for your responses!
Would you like to be informed of our news and receive our latest blog articles directly in your mailbox ? Subscribe to our monthly newsletter!
Would you like to discuss your difficulties, your needs, our offers? Ask to be contacted, free of charge and without obligation, by one of our cybersecurity experts!
コメント