Mapping Certificate and Key Security to Critical Security Controls I travel all over the world to meet with CIOs and CISOs and discuss their top-of-mind concerns. Our discussions inevitably return to the unrelenting barrage of trust-based attacks. Vulnerabilities like Heartbleed and successfully executed trust-based attacks have demonstrated just how devastating these attacks can be: if … Read moreTrust Is a Necessity, Not a Luxury
Mapping the SANS 20 to NIST 800-53 to ISO 27002 The SANS 20 Overview SANS has created the “20 Critical Security Controls” as a way of providing effective cyber defense against current and likely future Internet based attacks. Following these 20 controls will help establish, in their words, a “prioritized baseline of information security measures … Read moreThe SANS 20 Critical Security Controls
The 20 critical controls (I’ll call them the “Controls” from here on out) talk about four tenets: Offense informs defense: Use knowledge of actual attacks that have compromised systems to provide the foundation to build effective defenses. Metrics: Establish common metrics to provide a shared language for executives, IT specialists, auditors, and security officials to … Read moreWhat are the SANS 20 Critical Security Controls
Governments and international business are only just waking up to the threats posed by a lack of cyber security. Sophisticated systems, interconnecting across international borders, are increasingly being targeted by cyber criminals, terrorist groups and foreign governments as a way of stealing data, blackmailing and virus attack. Business is failing to meet the challenge posed … Read moreLack of Cyber Security
Triple-A ratings are normally associated with chief financial officers keeping a tab on John Moody’s bond credit rating. In the world of IT however, how can a chief information officer or information technology decision maker (ITDM) rate the efficiency of an IT security implementation? IT security is one of the main concerns for ITDM’s with attacks … Read moreThe ‘Triple A’ Security Approach
Source: DDoS attacks are Dangerous (original in German) Brian Krebs is an IT security specialist journalist. On 20 September 2016 his WordPress blog was attacked with a DDoS attack. DDoS means “Distributed Denial of Service”, i.e. “distributed denial of service”. It conceals tons of pointless requests that a server flooding until it crashes. You can … Read moreThe Internet of Things is dangerous!
This is yet again about awareness and how vulnerable you are… I was talking with a colleague of mine about this topic and decided to write something about this, maybe that we come aware of the real threat’s and that we have them even under are own control. There is something strange going on and … Read moreSecurity and free Analytical Software
Recently I was writing my former blogs “Finance a Hacker” and “No 100% awareness of Cyber and Data Security within many companies worldwide” I want to go a little deeper in to these topics and hope to make people aware of the known risks. There are still companies, security architects who think that when you … Read moreInnovations, Awareness and anticipating on Security threat’s
White Hat | Grey Hat | Black Hat When we talk about computer security, it does not mean our computer is going to burn or get blasted. Instead it means that someone going to gain unauthorized access to do something which is not supposed to be done by you. For Example: A hacker can attempt … Read moreTypes of Hackers
Knowing and reading everyday all over the internet that some hackers making millions of dollar by hacking your company and steal your precious data and use this for their own benefit is actually financing the hacker, that is why I used the title of this topic “Finance a Hacker” and the funny thing is that … Read moreFinance a Hacker
