When I started in information security we nearly danced withjoy when an article in one of the trade journals focused upon infosec orcontingency planning. Today there are somany, as well as blogs, that it is virtually impossible to identify all of thesources, never mind read them all. Addto that, so many are not appropriate to your specific perspective,configuration or enterprise.
However, there is one source that may help and perhaps helpa great deal. You see, the Department ofHomeland Security (DHS) publishes a daily report of relevant articles which DHSviews as threats to the U.S. critical infrastructure. Some of these threats are not limited to theU.S., especially those dealing with Banking and Finance, Information Technologyor Communications. Thus, this report canprove valuable to those working outside of the U.S. It is also likely that you will find a coupleof DHS daily concerns that are yours as well. The basic problem with the DHS report is it is so voluminous that itturns many off. However, if you take anintelligent approach to reviewing the report you will find that it is not thatchallenging but rather quite useful.
While I wish I was preaching to the choir, I find that analarming number of individuals responsible for infosec either do not read thereport or are not even aware of its availability. Truly, that is a shame. The
DHS DailyOpen Source Infrastructure Report (DOSIR) is available directly from DHS orfrom
InfraGard and for those of youthat are based in the United States I hope that you are a member ofInfraGard. Yes, I know...it is a bit of apain to join as you must pass an FBI investigation. On the other hand, not only will they eMailto you the DHS Daily Open Source Infrastructure Report in PDF format daily butalso provide you access to reports that are not available to the public; that isthey are limited to law enforcement, InfraGard members and others with asimilar need.
Ok...you currently do not receive the DOSIR and are not amember of InfraGard. Just what do youdo? Open the
DOSIRlink and review the most recent one as well as a few of its predecessors. You will immediately note that the averagereport exceeds 10+ pages and addresses a number of issues that do not directlyimpact your environment or concerns; or do they? While your focus is likely IT plus thebusiness vertical in which you are employed, perhaps Information Technology andBanking and Finance or Healthcare, can you be sure that issues regardingEnergy, Dams or Postal and Shipping will not impact your business? It could be well worth your while to spend10-15 minutes each day reading the DOSIR!
Some of you are likely aware that I have been publishing anextract of the DOSIR which only focused upon the Headlines, Banking andFinance, Information Technology and Communications. My blog has been running since November 1,2006 and all entries are accessible at
http://dhs-daily-report.blogspot.com/. It may be time to close the blog as it is farwiser for you to receive the complete report rather than a limited selection. Thus, please head to the
DOSIRlink, scroll down the page to “Contact Information” and subscribe. You will be offered all types of otheropportunities, all U.S. government, but you need not subscribe to them.
But, what if you need historical information? The DOSIR linkonly provides the last 10 reports. Whatif you want relevant reports from previous months to determine if somethingoccurred that might have contributed to an event incurred by your firm or youare trying to develop trends on a particular topic? Are you going to research hundreds of sitesto retrieve the information or would the published DOSIR prove valuable? They and a number of other DHS reports arearchived at the
Homeland Security PolicyInstitute Group web site. You mighteven find a few other reports you are interested in.
More...