Curated references
Reports & Breach Studies
Annual and periodic reports used for defensive planning, awareness, and risk assessment.
36 references
| Reference | URL |
|---|---|
| Verizon Data Breach Investigations Report (DBIR) | https://www.verizon.com/business/resources/reports/dbir/ |
| CrowdStrike Global Threat Report | https://www.crowdstrike.com/en-gb/global-threat-report/ |
| Microsoft Digital Defense Report | https://www.microsoft.com/en-us/security/security-insider/ |
| Google Threat Analysis Group (TAG) | https://blog.google/threat-analysis-group/ |
| Mandiant M-Trends (reports) | https://www.mandiant.com/resources/reports |
| IBM X-Force Threat Intelligence Index | https://www.ibm.com/reports/threat-intelligence |
| Sophos Active Adversary Report | https://www.sophos.com/en-us/content/active-adversary-report |
| Palo Alto Networks Unit 42 Research | https://unit42.paloaltonetworks.com/research/ |
| Cisco Talos Intelligence | https://blog.talosintelligence.com/ |
| Rapid7 Research | https://www.rapid7.com/research/ |
| Proofpoint Threat Insight | https://www.proofpoint.com/us/threat-insight |
| ESET Threat Reports | https://www.eset.com/int/about/newsroom/reports/ |
| Trend Micro Research | https://www.trendmicro.com/en_us/research.html |
| Cloudflare Radar (security insights) | https://radar.cloudflare.com/ |
| Akamai State of the Internet / Security | https://www.akamai.com/resources/state-of-the-internet-report |
| ENISA Threat & Trends (hub) | https://www.enisa.europa.eu/topics/threat-risk-management/threats-and-trends |
| OWASP Top 10 | https://owasp.org/www-project-top-ten/ |
| SANS Reading Room | https://www.sans.org/white-papers/ |
| Apple Platform Security | https://support.apple.com/guide/security/welcome/web |
| Android Security Bulletin | https://source.android.com/docs/security/bulletin |
| Microsoft Security Response Center (MSRC) Update Guide | https://msrc.microsoft.com/update-guide/ |
| ISO/IEC 27001 (overview) | https://www.iso.org/isoiec-27001-information-security.html |
| NIST SP 800-171 | https://csrc.nist.gov/publications/detail/sp/800-171/rev-2/final |
| CNCF TAG Security | https://tag-security.cncf.io/ |
| Kubernetes Pod Security Standards | https://kubernetes.io/docs/concepts/security/pod-security-standards/ |
| OWASP Mobile Top 10 | https://owasp.org/www-project-mobile-top-10/ |
| IETF RFC 3552 (Security Considerations) | https://www.rfc-editor.org/rfc/rfc3552 |
| IETF TLS Working Group | https://datatracker.ietf.org/wg/tls/about/ |
| CISA Shields Up | https://www.cisa.gov/shields-up |
| NCSC Exercise in a Box | https://www.ncsc.gov.uk/information/exercise-in-a-box |
| CIS RAM (Risk Assessment Method) | https://www.cisecurity.org/insights/white-papers/cis-risk-assessment-method-ram |
| Google Project Zero | https://googleprojectzero.blogspot.com/ |
| Project Zero (About) | https://googleprojectzero.blogspot.com/p/about.html |
| SANS Top 20 / CIS Controls history | https://www.sans.org/top20/ |
| MITRE Caldera (adversary emulation) | https://caldera.mitre.org/ |
| Let's Encrypt documentation | https://letsencrypt.org/docs/ |