When I started in information security we nearly danced with joy when an article in one of the trade journals focused upon infosec or contingency planning. Today there are so many, as well as blogs, that it is virtually impossible to identify all of the sources, never mind read them all. Add to that, so many are not appropriate to your specific perspective, configuration or enterprise.
However, there is one source that may help and perhaps help a great deal. You see, the Department of Homeland Security (DHS) publishes a daily report of relevant articles which DHS views as threats to the U.S. critical infrastructure. Some of these threats are not limited to the U.S., especially those dealing with Banking and Finance, Information Technology or Communications. Thus, this report can prove valuable to those working outside of the U.S. It is also likely that you will find a couple of DHS daily concerns that are yours as well. The basic problem with the DHS report is it is so voluminous that it turns many off. However, if you take an intelligent approach to reviewing the report you will find that it is not that challenging but rather quite useful.
While I wish I was preaching to the choir, I find that an alarming number of individuals responsible for infosec either do not read the report or are not even aware of its availability. Truly, that is a shame. The DHS Daily Open Source Infrastructure Report (DOSIR) is available directly from DHS or from InfraGard and for those of you that are based in the United States I hope that you are a member of InfraGard. Yes, I know…it is a bit of a pain to join as you must pass an FBI investigation. On the other hand, not only will they eMail to you the DHS Daily Open Source Infrastructure Report in PDF format daily but also provide you access to reports that are not available to the public; that is they are limited to law enforcement, InfraGard members and others with a similar need.
Ok…you currently do not receive the DOSIR and are not a member of InfraGard. Just what do you do? Open the DOSIR link and review the most recent one as well as a few of its predecessors. You will immediately note that the average report exceeds 10+ pages and addresses a number of issues that do not directly impact your environment or concerns; or do they? While your focus is likely IT plus the business vertical in which you are employed, perhaps Information Technology and Banking and Finance or Healthcare, can you be sure that issues regarding Energy, Dams or Postal and Shipping will not impact your business? It could be well worth your while to spend 10-15 minutes each day reading the DOSIR!
Some of you are likely aware that I have been publishing an extract of the DOSIR which only focused upon the Headlines, Banking and Finance, Information Technology and Communications. My blog has been running since November 1, 2006 and all entries are accessible at http://dhs-daily-report.blogspot.com/. It may be time to close the blog as it is far wiser for you to receive the complete report rather than a limited selection. Thus, please head to the DOSIR link, scroll down the page to “Contact Information” and subscribe. You will be offered all types of other opportunities, all U.S. government, but you need not subscribe to them.
But, what if you need historical information? The DOSIR link only provides the last 10 reports. What if you want relevant reports from previous months to determine if something occurred that might have contributed to an event incurred by your firm or you are trying to develop trends on a particular topic? Are you going to research hundreds of sites to retrieve the information or would the published DOSIR prove valuable? They and a number of other DHS reports are archived at the Homeland Security Policy Institute Group web site. You might even find a few other reports you are interested in.