One of the most recent and wide-ranging laws impacting the security profession globally is the European Union’s General Data Protection Regulation, or GDPR. As of May 25, 2018, the GDPR is a legal and enforceable act of the European Union. In this post, we will detail the key findings as a security professional how to work to satisfy the requirements…
When cyber security professionals talking about related frameworks, it always comes to two which is ISO and NIST. There are lots of confusions between them and also between Frameworks and Security architecture methodology. Here is some discussion for those topics I collected from online which I believe at certain points, it clarified some of my confusions. ====================================================================== A Cyber Security…
What is DevOps: DevOps is the combination of cultural philosophies, practices, and tools that increases an organization’s ability to deliver applications and services at high velocity: evolving and improving products at a faster pace than organizations using traditional software development and infrastructure management processes. This speed enables organizations to better serve their customers and compete more effectively in the market. (from AWS) Prior to 2010, Structured Development…
Enterprise Security Architecture (ESA) is a relatively new concept to most business & IT stakeholders. However it is gaining an increase in adoption due to the need by the CISO’s of enterprises to strategically address information security debt and meet the increasing burden of Privacy related compliance. This post is going to collect some useful online resources which started to…
A Brief History of Enterprise Architecture (From Arnab Chattopadhaya ‘s Enterprise Security Architecture) Enterprise Architectural Methodologies • Consortia-developed Frameworks – ISO 19439 – RM-ODP (ITU-T X.901-904) – TOGAF • Defense Industry Framework – DoDAF – MODAF – NAF • Government Framework – ESAAF – FEAF – NIST Enterprise Architecture Model • Open Source Frameworks – TRAK – SABSA • Proprietary Frameworks…
Today’s businesses require secure 24/7 access to their cloud applications and data, and require more than Web Single Sign-On to propel their business forward. The world has changed, allowing an almost infinite number of identities and accounts on different platforms and devices including cloud, mobile, social, and personal networks. Having an identity and access management strategy in place is more…
Here are some collections from Internet about Threat Hunting tools, information and resources. 1. Kansa GitHub – Davehull/Kansa http://trustedsignal.blogspot.com/search/label/Kansa http://www.powershellmagazine.com/2014/07/18/kansa-a-powershell-based-incident-response-framework/ Kansa: A PowerShell-based incident response framework
IT research and advisory firm Gartner, Inc. has evaluated different vendors in the Magic Quadrant for Security Awareness Computer-Based Training (CBT). Gartner’s evaluation criteria includes market understanding, marketing strategy, sales strategy, product strategy and offering, business model, vertical/industry and geographic strategy, and innovation. What is security awareness computer-based training? End-user-focused security education and training is a rapidly growing market. Demand is…
IBM Security Guardium is designed to help safeguard critical data. Guardium is a comprehensive data protection platform that enables security teams to automatically analyze what is happening in sensitive-data environments (databases, data warehouses, big data platforms, cloud environments, files systems, and so on) to help minimize risk, protect sensitive data from internal and external threats, and seamlessly adapt to IT…