Threat Simulation Overview and Setup – Active Countermeasures

Intro: No software project is complete without testing. In this blog series, we’ll cover how to test if your Threat Hunting platform can detect common threats.[…]

Source: Threat Simulation Overview and Setup – Active Countermeasures

Why You Need Threat Hunting!


Cyber Threat Hunting: Identify and Hunt Down Intruders


Real-Time Threat Hunting – SANS Threat Hunting & Incident Response Summit 2017


Detecting Malware Beacons with Zeek and RITA





Subscribe to DISC InfoSec blog by Email

Leave a Comment

Hunting For Privilege Escalation in Windows Environment


Privilege Escalation FTW

Windows Privilege Escalation Techniques (Local)

Learn System Hacking E13: Windows 10 Privilege Escalation



Subscribe to DISC InfoSec blog by Email

Leave a Comment

Tokenization vs. Encryption vs. Aliasing – How to Truly Minimize Compliance Risk

 

https://en.wikipedia.org/wiki/Tokenization_(data_security)

Source: Tokenization vs. Encryption vs. Aliasing – How to Truly Minimize Compliance Risk

The tokenization of things | Matthew Roszak | TEDxSanFrancisco


Subscribe to DISC InfoSec blog by Email

Leave a Comment

NIST Releases Version 1.0 of Privacy Framework

Source: NIST Releases Version 1.0 of Privacy Framework

Tool will help optimize beneficial uses of data while protecting individual privacy

The best practice guide for an effective privacy function

Practice Guide

Open a PDF file NIST Releases Version 1.0 of Privacy Framework

Developing the NIST Privacy Framework – Part 1


Developing the NIST Privacy Framework – Part 2


Developing the NIST Privacy Framework – Part 3




Subscribe to DISC InfoSec blog by Email

Leave a Comment

The Cybersecurity Guide For Leaders in Today’s Digital World

The Cybersecurity Guide For Leaders in Today’s Digital World – World Economic Forum

WEF_Cybersecurity_Guide_for_Leaders



The best practice guide for an effective infoSec function

Practice Guide

Open a PDF file The Cybersecurity Guide For Leaders in Today’s Digital World.




Annual Meeting on Cybersecurity 2019 | Enabling Leadership for a Secure Digital Future | World Economic Forum


Cybersecurity in a Digital World. The Future is Bright







Subscribe to DISC InfoSec blog by Email

Leave a Comment

Threat Modeling for Data Protection

 

Threat Modeling for Data Protection

When evaluating the security of an application and data model ask the questions:

  • What is the sensitivity of the data?
  • What are the regulatory, compliance, or privacy requirements for the data?
  • What is the attack vector that a data owner is hoping to mitigate?
  • What is the overall security posture of the environment, is it a hostile environment or a relatively trusted one?

Data When threat modeling, consider the following common scenarios:

Source: Threat Modeling for Data Protection



Threat Modeling in 2019







Subscribe to DISC InfoSec blog by Email

Leave a Comment

ISO/IEC 27701 2019 Standard and Toolkit

ISO/IEC 27701 is the international standard that serves as an extension to an ISO 27001/ ISO 27002 #ISMS (information security management system). It provides guidelines for implementing, maintaining, and continually improving a #PIMS (privacy information management system).

Develop a privacy information management system as an extension to your ISO 27001-conformant ISMS with ISO/IEC 27701. Supports GDPR compliance.

SECURITY TECHNIQUES — EXTENSION TO ISO/IEC 27001 AND ISO/IEC 27002 FOR PRIVACY INFORMATION MANAGEMENT SYSTEM #PIMS

Key features:

* The Standard includes mapping to the GDPR, ISO/IEC 29100, ISO/IEC 27018, and ISO/IEC 29151
* Integrates with other management system standards, including the information security standard, ISO/IEC 27001
* Provides PIMS-specific guidance for ISO/IEC 27002
* Specifies requirements and provides guidance for establishing, implementing, maintaining, and continually improving a PIMS
* Supports compliance with the GDPR and DPA 2018
* Provides guidance for data controllers and processors responsible for processing personal data


ISO 27701 Gap Analysis Tool


Achieve full compliance with ISO 27701:2019
The ISO 27701 Gap Analysis Tool has been created to help organizations identify whether they are meeting the requirements of the Standard and where they are falling short. Note that this tool assumes that you have a complete and functioning ISO 27001:2013 ISMS (information security management system).

It helps organizations prioritise work areas in order to expand an existing ISMS to take account of privacy. It also gives organizations direction, helping project managers identify where to start.


What does the tool do?

  • Contains a set of sample audit questions
  • Lists all ISO 27701:2019 requirements, identifying where documentation is mandatory for compliance
  • Provides a clear, colour-coded report on the state of compliance
  • The executive summary displays the results of compliance in a clear table so that you can report on your results and measure the closure of gaps.

  • The tool is designed to work in any Microsoft environment. It does not need to be installed like software, and it does not depend on complex databases; it relies on human involvement.



    ISO 27701 The New Privacy Extension for ISO 27001


    Quick Guide to ISO/IEC 27701 – The Newest Privacy Information Standard


    General Data Protection Regulation (GDPR) | The California Consumer Privacy Act (CCPA)

    Subscribe to DISC InfoSec blog by Email

    Leave a Comment

    Global Threat Detection Report



    2019 Global Threat Detection Report

    2019 Global Threat Detection Report

    via CrowdStrike





    The best practice guide for an effective infoSec function

    Practice Guide

    Open a PDF file 2019 Global Threat Detection Report.




    2019 Global Threat Report- The 1-10-60 Rule


    World Economic Forum Global Risks Report 2019



    “Threat Detection & Prevention” appliances




    Subscribe to DISC InfoSec blog by Email

    Leave a Comment

    Data Security Solutions for Fintech Startups

    By Ena Kadribasic on Security

    The fintech sector has brought consumers an endless stream of modern offerings that have enabled them to ditch several outdated banking and lending products.

    Companies now have advanced B2B payment solutions at their fingertips, and online financial solutions have never been more convenient – largely thanks to the progress made by fintech startups.

    But, despite being on the cutting edge of digital financial products, young fintech companies are at a disadvantage in a wildly important arena: data security.

    With limited resources, growing compliance regulations around the world, and a constantly-evolving list of increasingly dangerous cyber threats, fintech startups face a uniquely difficult uphill battle.

    And, with data breaches continuing to leer as an ever-present security threat, fintech firms are turning to new and advanced approaches to data privacy.

    But, first, what do we mean when we talk about data security for startups?

    Source: Data Security Solutions for Fintech Startups


    Subscribe to DISC InfoSec blog by Email

    Leave a Comment

    NIST CyberSecurity Framework and ISO 27001

    NIST CyberSecurity Framework and ISO 27001

    NIST_ISO_Green_Paper_NEW_V3___Final_Edits

    How to get started with the NIST Cybersecurity Framework (CSF) – Includes Preso

    Written Information Security Program (WISP) – ISO 27002, NIST Cybersecurity Framework & NIST 800-53

    What is ISO 27001?

    Virtual Session: NIST Cybersecurity Framework Explained





    Enter your email address:

    Delivered by FeedBurner

    Leave a Comment

    Cybersecurity Through the CISO’s Eyes

    PERSPECTIVES ON A ROLE

    Cybersecurity Through the CISO’s Eyes

    Cybersecurity CISO Secrets with Accenture and ISACA

    Cybersecurity Talk with Gary Hayslip: Aspiring Chief Information Security Officer? Here are the tips



    So you want to be a CISO, an approach for success By Gary Hayslip


    Enter your email address:

    Delivered by FeedBurner

    Leave a Comment

    Five Keys for Building a Security program


    https://www.sans.org/media/critical-security-controls/Poster_CIS-Security-Controls_2018.pdf
    The best practice guide for an effective infoSec function

    Five Keys for Building a Security program

    Open a PDF file Five Keys for Building a Security Program.

     


    Enter your email address:

    Delivered by FeedBurner

    Leave a Comment

    CISO or vCISO? The Benefits of a Contractor C-level Security Role

    Read how a virtual chief information security officer (vCISO) can help you uplift a struggling information security program.

    Source: CISO or vCISO? The Benefits of a Contractor C-level Security Role

    Webinar: vCISO vs CISO – Which is the right path for you?


    CISO as a Service or Virtual CISO


    The Benefits of a vCISO


    Subscribe to DISC InfoSec blog by Email

    Leave a Comment

    6 Essential Pillars for InfoSec Prioritization

    It may be time to Think Differently in security.

    Do you know which of your vulnerabilities are critical, those which can wait a day, vs ones that are just noise? Read this handy guide to get the 6 essential pillars for comprehensive InfoSec prioritization:



    The Five Laws of Cybersecurity | Nick Espinosa | TEDxFondduLac


    Your 5 Year Path: Success in Infosec


    Top 20 Security Controls for a More Secure Infrastructure


    Subscribe to DISC InfoSec blog by Email

    Leave a Comment

    CyberSecurity for Digital Operations

    DigitalSecurity

     
    This report examines the general state of security within business today, exploring the hurdles that are preventing companies from an ideal security posture and suggesting the steps that can lead to improved security in the digital economy.

    As the technology industry enters the next phase of maturity, there are more questions about the implications of emerging trends operating on a global scale. Aside from social impact ramification, utmost reliance on digital data and the sweeping collection of personal information are highlighting the critical nature of information security and privacy.

    Digital Transformation: From AI and IoT to Cloud, Blockchain, and Cybersecurity | MIT PE

    Inside the CenturyLink Security Operations Center: Securing Your Digital Business

    The Convergence (and Divergence) of IT and OT Cyber Security


    Subscribe to DISC InfoSec blog by Email

    Leave a Comment

    The best practice guide for an effective infoSec function

    Building ISMS

    The best practice guide for an effective infoSec function: iTnews has put together a bit of advice from various controls including ISO 27k and NIST CSF to guide you through what’s needed to build an effective information security management system (ISMS) within your organization.

    This comprehensive report is a must-have reference for executives, senior managers and folks interested in the information security management area.

     

    Practice Guide

    Open a PDF file The best practice guide for an effective infoSec function.

    How to Build a Cybersecurity Program based on the NIST Cybersecurity Framework

    Beginners ultimate guide to ISO 27001 Information Security Management Systems

    Conducting a cybersecurity risk assessment


    Subscribe to DISC InfoSec blog by Email

    Leave a Comment

    The Adventures of CISO


    The Adventures of CISO Ed & Co.

    7 Types of Experiences Every Security Pro Should Have

    Ten Must-Have CISO Skills

    What CISO does for a living

    CISOs and the Quest for Cybersecurity Metrics Fit for Business

    CISO’s Library


    Subscribe to DISC InfoSec blog by Email

    Leave a Comment

    Top 10 Cybersecurity Writing Mistakes

    Want to strengthen your writing in under an hour? Watch the video below to help you avoid the top 10 writing mistakes you may encounter when working as a cybersecurity professional.

    Source: Top 10 Cybersecurity Writing Mistakes

    Top 10 Writing Mistakes in Cybersecurity and How You Can Avoid Them


    SANS Writing Course | Writing CheatSheet

    Burying the Main Point – Common Cybersecurity Writing Mistakes


    Overstuffing the Paragraphs – Common Cybersecurity Writing Mistakes


    Subscribe to DISC InfoSec blog by Email

    Leave a Comment

    A CISO’s Guide to Bolstering Cybersecurity Posture

    iso27032

    When It Come Down To It, Cybersecurity Is All About Understanding Risk

    Risk Management Framework for Information Systems

    How to choose the right cybersecurity framework

    Improve Cybersecurity posture by using ISO/IEC 27032

    Cybersecurity Summit 2018: David Petraeus and Lisa Monaco on America’s cybersecurity posture

    CSET Cyber Security Evaluation Tool – ICS/OT


    Subscribe to DISC InfoSec blog by Email

    Leave a Comment

    5 Updates from PCI SSC That You Need to Know

    As payment technologies evolve, so do the requirements for securing cardholder data.

    Source: Slideshows – Dark Reading

    PCI DSS: Looking Ahead to Version 4.0

    3 Primary Goals for PCI DSS Version 4.0

    What is PCI DSS? | A Brief Summary of the Standard


    How to Achieve PCI DSS Compliance on AWS


    Subscribe to DISC InfoSec blog by Email

    Leave a Comment