Intro: No software project is complete without testing. In this blog series, we’ll cover how to test if your Threat Hunting platform can detect common threats.[…]

Source: Threat Simulation Overview and Setup – Active Countermeasures

Why You Need Threat Hunting!


Cyber Threat Hunting: Identify and Hunt Down Intruders


Real-Time Threat Hunting – SANS Threat Hunting & Incident Response Summit 2017


Detecting Malware Beacons with Zeek and RITA

Subscribe to DISC InfoSec blog by Email

Privilege Escalation FTW

Windows Privilege Escalation Techniques (Local)

Learn System Hacking E13: Windows 10 Privilege Escalation

Subscribe to DISC InfoSec blog by Email

https://en.wikipedia.org/wiki/Tokenization_(data_security)

Source: Tokenization vs. Encryption vs. Aliasing – How to Truly Minimize Compliance Risk

The tokenization of things | Matthew Roszak | TEDxSanFrancisco

Subscribe to DISC InfoSec blog by Email

Source: NIST Releases Version 1.0 of Privacy Framework

Tool will help optimize beneficial uses of data while protecting individual privacy

The best practice guide for an effective privacy function

Practice Guide

Open a PDF file NIST Releases Version 1.0 of Privacy Framework

Developing the NIST Privacy Framework – Part 1


Developing the NIST Privacy Framework – Part 2


Developing the NIST Privacy Framework – Part 3

Subscribe to DISC InfoSec blog by Email

The Cybersecurity Guide For Leaders in Today’s Digital World – World Economic Forum

WEF_Cybersecurity_Guide_for_Leaders

Practice Guide

Open a PDF file The Cybersecurity Guide For Leaders in Today’s Digital World.

Annual Meeting on Cybersecurity 2019 | Enabling Leadership for a Secure Digital Future | World Economic Forum


Cybersecurity in a Digital World. The Future is Bright







Subscribe to DISC InfoSec blog by Email

Threat Modeling for Data Protection

When evaluating the security of an application and data model ask the questions:

• What is the sensitivity of the data?
• What are the regulatory, compliance, or privacy requirements for the data?
• What is the attack vector that a data owner is hoping to mitigate?
• What is the overall security posture of the environment, is it a hostile environment or a relatively trusted one?

Data When threat modeling, consider the following common scenarios:

Source: Threat Modeling for Data Protection

Threat Modeling in 2019







Subscribe to DISC InfoSec blog by Email

ISO/IEC 27701 is the international standard that serves as an extension to an ISO 27001/ ISO 27002 #ISMS (information security management system). It provides guidelines for implementing, maintaining, and continually improving a #PIMS (privacy information management system).

Develop a privacy information management system as an extension to your ISO 27001-conformant ISMS with ISO/IEC 27701. Supports GDPR compliance.

SECURITY TECHNIQUES — EXTENSION TO ISO/IEC 27001 AND ISO/IEC 27002 FOR PRIVACY INFORMATION MANAGEMENT SYSTEM #PIMS

Key features:

* The Standard includes mapping to the GDPR, ISO/IEC 29100, ISO/IEC 27018, and ISO/IEC 29151
* Integrates with other management system standards, including the information security standard, ISO/IEC 27001
* Provides PIMS-specific guidance for ISO/IEC 27002
* Specifies requirements and provides guidance for establishing, implementing, maintaining, and continually improving a PIMS
* Supports compliance with the GDPR and DPA 2018
* Provides guidance for data controllers and processors responsible for processing personal data

ISO 27701 Gap Analysis Tool

Achieve full compliance with ISO 27701:2019
The ISO 27701 Gap Analysis Tool has been created to help organizations identify whether they are meeting the requirements of the Standard and where they are falling short. Note that this tool assumes that you have a complete and functioning ISO 27001:2013 ISMS (information security management system).

It helps organizations prioritise work areas in order to expand an existing ISMS to take account of privacy. It also gives organizations direction, helping project managers identify where to start.

What does the tool do?

The tool is designed to work in any Microsoft environment. It does not need to be installed like software, and it does not depend on complex databases; it relies on human involvement.



ISO 27701 The New Privacy Extension for ISO 27001


Quick Guide to ISO/IEC 27701 – The Newest Privacy Information Standard


General Data Protection Regulation (GDPR) | The California Consumer Privacy Act (CCPA)

Subscribe to DISC InfoSec blog by Email

2019 Global Threat Detection Report

via CrowdStrike

Practice Guide

Open a PDF file 2019 Global Threat Detection Report.

2019 Global Threat Report- The 1-10-60 Rule


World Economic Forum Global Risks Report 2019

“Threat Detection & Prevention” appliances

Subscribe to DISC InfoSec blog by Email

By Ena Kadribasic on Security

The fintech sector has brought consumers an endless stream of modern offerings that have enabled them to ditch several outdated banking and lending products.

Companies now have advanced B2B payment solutions at their fingertips, and online financial solutions have never been more convenient – largely thanks to the progress made by fintech startups.

But, despite being on the cutting edge of digital financial products, young fintech companies are at a disadvantage in a wildly important arena: data security.

With limited resources, growing compliance regulations around the world, and a constantly-evolving list of increasingly dangerous cyber threats, fintech startups face a uniquely difficult uphill battle.

And, with data breaches continuing to leer as an ever-present security threat, fintech firms are turning to new and advanced approaches to data privacy.

But, first, what do we mean when we talk about data security for startups?

Source: Data Security Solutions for Fintech Startups

Subscribe to DISC InfoSec blog by Email

NIST CyberSecurity Framework and ISO 27001

How to get started with the NIST Cybersecurity Framework (CSF) – Includes Preso

Written Information Security Program (WISP) – ISO 27002, NIST Cybersecurity Framework & NIST 800-53

What is ISO 27001?

Virtual Session: NIST Cybersecurity Framework Explained

PERSPECTIVES ON A ROLE

Cybersecurity Through the CISO’s Eyes

Cybersecurity CISO Secrets with Accenture and ISACA

Cybersecurity Talk with Gary Hayslip: Aspiring Chief Information Security Officer? Here are the tips

So you want to be a CISO, an approach for success By Gary Hayslip

https://www.sans.org/media/critical-security-controls/Poster_CIS-Security-Controls_2018.pdf
The best practice guide for an effective infoSec function

Five Keys for Building a Security program

Open a PDF file Five Keys for Building a Security Program.

Read how a virtual chief information security officer (vCISO) can help you uplift a struggling information security program.

Source: CISO or vCISO? The Benefits of a Contractor C-level Security Role

Webinar: vCISO vs CISO – Which is the right path for you?


CISO as a Service or Virtual CISO


The Benefits of a vCISO

Subscribe to DISC InfoSec blog by Email

It may be time to Think Differently in security.

Do you know which of your vulnerabilities are critical, those which can wait a day, vs ones that are just noise? Read this handy guide to get the 6 essential pillars for comprehensive InfoSec prioritization:

The Five Laws of Cybersecurity | Nick Espinosa | TEDxFondduLac


Your 5 Year Path: Success in Infosec


Top 20 Security Controls for a More Secure Infrastructure

Subscribe to DISC InfoSec blog by Email

 
This report examines the general state of security within business today, exploring the hurdles that are preventing companies from an ideal security posture and suggesting the steps that can lead to improved security in the digital economy.

As the technology industry enters the next phase of maturity, there are more questions about the implications of emerging trends operating on a global scale. Aside from social impact ramification, utmost reliance on digital data and the sweeping collection of personal information are highlighting the critical nature of information security and privacy.

Digital Transformation: From AI and IoT to Cloud, Blockchain, and Cybersecurity | MIT PE

Inside the CenturyLink Security Operations Center: Securing Your Digital Business

The Convergence (and Divergence) of IT and OT Cyber Security

Subscribe to DISC InfoSec blog by Email

The best practice guide for an effective infoSec function: iTnews has put together a bit of advice from various controls including ISO 27k and NIST CSF to guide you through what’s needed to build an effective information security management system (ISMS) within your organization.

This comprehensive report is a must-have reference for executives, senior managers and folks interested in the information security management area.

Practice Guide

Open a PDF file The best practice guide for an effective infoSec function.

How to Build a Cybersecurity Program based on the NIST Cybersecurity Framework

Beginners ultimate guide to ISO 27001 Information Security Management Systems

Conducting a cybersecurity risk assessment

Subscribe to DISC InfoSec blog by Email

The Adventures of CISO Ed & Co.

7 Types of Experiences Every Security Pro Should Have

Ten Must-Have CISO Skills

What CISO does for a living

CISOs and the Quest for Cybersecurity Metrics Fit for Business

CISO’s Library

Subscribe to DISC InfoSec blog by Email

Want to strengthen your writing in under an hour? Watch the video below to help you avoid the top 10 writing mistakes you may encounter when working as a cybersecurity professional.

Source: Top 10 Cybersecurity Writing Mistakes

Top 10 Writing Mistakes in Cybersecurity and How You Can Avoid Them


SANS Writing Course | Writing CheatSheet

Burying the Main Point – Common Cybersecurity Writing Mistakes


Overstuffing the Paragraphs – Common Cybersecurity Writing Mistakes

Subscribe to DISC InfoSec blog by Email

When It Come Down To It, Cybersecurity Is All About Understanding Risk

Risk Management Framework for Information Systems

How to choose the right cybersecurity framework

Improve Cybersecurity posture by using ISO/IEC 27032

Cybersecurity Summit 2018: David Petraeus and Lisa Monaco on America’s cybersecurity posture

CSET Cyber Security Evaluation Tool – ICS/OT

Subscribe to DISC InfoSec blog by Email

As payment technologies evolve, so do the requirements for securing cardholder data.

Source: Slideshows – Dark Reading

PCI DSS: Looking Ahead to Version 4.0

3 Primary Goals for PCI DSS Version 4.0

What is PCI DSS? | A Brief Summary of the Standard


How to Achieve PCI DSS Compliance on AWS

Subscribe to DISC InfoSec blog by Email