All Blog Posts (1,323)

The Necessary Nine: Authentication Credentials

Protect Authentication Credentials

What Is It? The keys to the kingdom are your passwords (or passphrases as the ASD refer to them in their documentation) and must be protected. Your first line of defence in logging on to systems is arguably the most important and their compromise can have…

Continue

Added by Logan Daley on June 23, 2020 at 6:54am — No Comments

The Necessary Nine: Network Segmentation

Network Segmentation

What Is It? Think of network segmentation as dividing up your network and resources either physically or logically to mitigate an attacker’s capability to freely propagate from systems to system and from network to network. By putting controls in place, you can effectively…

Continue

Added by Logan Daley on June 23, 2020 at 6:54am — No Comments

The Necessary Nine: Local Admins

Disabling Local Administrator Accounts

What Is It? When an operating system is installed on a computer, whether a server, tablet, laptop, or desktop, it is installed with local administrator privileges. The installer sets a strong administrator password (we hope!) and maintains control of that…

Continue

Added by Logan Daley on June 23, 2020 at 6:53am — No Comments

The Necessary Nine: Generic Exploit Mitigation

Operating System Generic Exploit Mitigation

What Is It? Operating systems, as I outlined in a previous article, are critical to the daily operations of your systems and facilitate your applications the business relies on daily. While patching your operating systems is part of the Essential Eight,…

Continue

Added by Logan Daley on June 23, 2020 at 6:52am — No Comments

The Necessary Nine: Proxying

Deny Corporate Computers Direct Internet Connectivity

What Is It? Proxying can be taken many ways but at the core of it is a system that intercepts and handles requests on behalf of a client connecting to a service. They most commonly reside between the private network and…

Continue

Added by Logan Daley on June 23, 2020 at 6:51am — No Comments

The Necessary Nine: Web Filtering

Web Content Filtering

What Is It? Ah, the Internet. Remember the good old days when procrastinating involved some sort of physical activity aside from staring blankly at a screen and clicking a mouse button? Remember when we had to go find a book and look something up that…

Continue

Added by Logan Daley on June 23, 2020 at 6:51am — No Comments

The Necessary Nine: Email Filtering

Email Content Filtering

What Is It? Email could arguably be one of the most valuable tools of any organisation and likely the one that has been relied on the longest, but is probably one of the most overlooked and abused systems today. Ask anyone about email and what they like about it…

Continue

Added by Logan Daley on June 23, 2020 at 6:50am — No Comments

The Necessary Nine: Sandboxing

What Is It? The ASD strategy refers to this as “Automated dynamic analysis of email and web content run in a sandbox” but I prefer to simply call it sandboxing. At one time, to test an application you basically had to gamble on running in and we used a variety of means to do so including stand-alone…

Continue

Added by Logan Daley on June 23, 2020 at 6:49am — No Comments

The Essential Eight: Daily Backups

Part 8 of 8: Daily Backups of Important Data

What Is It?  Backing up your data has been a long-standing strategy in safeguarding your information when things go sideways.  Servers crash, laptops get lost, files get deleted accidentally, and mistakes are made. Mistakes, accidental or…

Continue

Added by Logan Daley on June 22, 2020 at 5:09am — No Comments

The Essential Eight: Multi-Factor Authentication

Part 7 of 8: Multi-Factor Authentication

What Is It? The short explanation is that it adds another layer of security by forcing you to provide another means of identifying yourself and in some cases, may include multiple means (it’s MULTI-factor, after all, and not just…

Continue

Added by Logan Daley on June 22, 2020 at 5:07am — No Comments

The Essential Eight: Application Hardening

Part 6 of 8: Application Hardening

What Is It?  Think of it kind of like spring cleaning on top of a minimalist lifestyle where you keep only what you absolutely need after taking stock of what you have. Many applications are installed with defaults (you know the Next-Next-Next-Next-OK…

Continue

Added by Logan Daley on June 22, 2020 at 5:04am — No Comments

The Essential Eight: Controlling Macros

Part 5 of 8: Disabling Untrusted Microsoft Office Macros

What Is It?  Macros are basically a batch of commands and processes all grouped together to make life a little easier when performing routine tasks. In many cases, they simply execute as the user and save untold hours, reducing…

Continue

Added by Logan Daley on June 22, 2020 at 4:58am — No Comments

The Essential Eight: Operating System Patching

Part 4 of 8: Patching Operating Systems

What Is It? One could probably argue that this is no different than Patching Applications, which I covered in Part 2 of this series. Yes, and no. Yes, because it is, in fact, applying updates and patches to your systems, and no,…

Continue

Added by Logan Daley on June 22, 2020 at 4:54am — No Comments

The Essential Eight: Restrict Admin Privileges

Part 3 of 8: Restrict Administrative Privileges

What Is It?  In nearly every environment, there are accounts that have elevated privileges beyond the everyday users to add, remove, and change elements of the information systems. These accounts, including dedicated service accounts for…

Continue

Added by Logan Daley on June 22, 2020 at 4:49am — No Comments

The Essential Eight: Patching Applications

Part 2 of 8: Patching Applications

What Is It?  In a nutshell, applications are designed to perform a specific task but often don’t account for potential flaws and vulnerabilities. Unless it’s a security-centric application, security is lower on the features list… if it makes the list at all. In some…

Continue

Added by Logan Daley on June 22, 2020 at 4:45am — No Comments

The Essential Eight: Application Whitelisting

Part 1 of 8: Application Whitelisting

What Is It? I consider a firewall to be a Yes / No device when you strip away all the “Next Generation” and Unified Threat Management (UTM) pieces. To some degree, Application Whitelisting works the same way by specifying which applications can execute (The…

Continue

Added by Logan Daley on June 22, 2020 at 4:30am — No Comments

Management in time of AI and ML

[Posted on Behalf of Rajeev Shukla, Founder and CEO, Castellum Labs] 

The world around you is altering in irrevocable ways. Software/s is eating the whole sectors, not just the jobs, anymore. Within next decade, "The Enterprises" and "The Jobs", will take on a very different meaning. Some key questions ... !



How and what will be job profile of the future?

What would it mean for people who are to manage…

Continue

Added by CISO Platform on June 17, 2020 at 5:18pm — No Comments

19 Things I followed in 2019 & continue to...

[Posted on Behalf of Archie Jackson, Senior Director and Head of IT & IS Incedo Inc]
C>O>P>I>S: Customer is the center of the universe. Everyone around us are customers tangibly or intangibly, including self. 


Solve Problems: Be the problem solver. If you think you can solve a problem, do not hesitate.... dive in and attempt. 


Compete with self: Local competitions are underestimation. We are a small dot in the entire…
Continue

Added by CISO Platform on June 17, 2020 at 5:14pm — No Comments

Can I Have Decent Detection and Visibility on a Badly Managed Network?

[Posted on Behalf of Anton Chuvakin, Security Strategy - chronicle Google]

Let me ask you this: do smaller businesses (say, SMBs) get more security vendor lies than large enterprises? My past analyst experience certainly seems to suggest so. When I was an analyst, the most ridiculous claims, the craziest “features” and the sleaziest marketing decks were most often seen from the vendors that target just such businesses. The word “target” here is…

Continue

Added by CISO Platform on June 17, 2020 at 5:08pm — No Comments

Who will pay for your cyber liabilities?

[Posted on Behalf of Pushkal Mishra AVP IT & CISO HDFC ERGO Health Insurance Ltd)

The 2019 edition of Symantec threat report reveals that:



- One in 10 URLs are malicious



- More than 70 million records stolen from poorly configured *S3 buckets



- 56% rise in web attacks with an average of 4,800 websites compromised each month



- Enterprise *ransomware up by…

Continue

Added by CISO Platform on June 17, 2020 at 5:04pm — No Comments

Monthly Archives

2020

2019

2018

2017

2016

2015

2014

2013

2012

1999

© 2020   Created by CISO Platform.   Powered by

Badges  |  Report an Issue  |  Privacy Policy  |  Terms of Service