First I must say I did not go to Las Vegas, all I did is hunt the Internet for pieces of information and did not copy completely, but edited to make it easier to understand when reading only (versus giving presentation within the hall): “Controlled Chaos” the Inevitable Marriage of DevOps & Security (Kelly Shortridge … Read more
Since a picture says a thousand words here is an attempt at explanation of Risk Analysis. The rows are “Impact on Environment”: none, minimal, minor, significant, major, critical The “Likelihood” or “Likely – what is % to happen” is the columns: not likely, low, medium, medium-high, high, will happen. These are not “real” systems in … Read more
Is it better to focus on compliance or a on a framework system? I.e. PCI or HIPAA compliance versus ITIL or COBIT for example. There are more regulations coming so let’s add a couple of the US based ones. SHIELD(Stop Hacks and Improve Electronic Data Security) and CCPA(California Consumer Privacy Act). SHIELD – Stop Hacks … Read more
We should hunt for threats in our network – i.e. find possible attacks in our network to see what is being attacked and whether we can start to counter the attacker’s moves. In case you don’t know below is the ATT&CK MITRE framework green highlights are the items you may want to pay attention to. … Read more
The Number 1 reason is: “We do not do an adequate job of patching and paying attention to security!” Again and again we can find reports and stories of entities not doing basic tasks: Above image is from Protiviti report Why are the basics not being done? Because a concerted effort to manage IT … Read more
