Logan Daley's Blog (24)

Time To Take A Break

Good Morning!

Just a quick note to let everyone know I will be taking a short break and will return on September 1, 2020, with more content.

Stay safe out there!

Added by Logan Daley on June 29, 2020 at 4:04am — No Comments

The Fortifying Fifteen: DR/BCP

Part 13 of 15: Business Continuity and Disaster Recovery Plans

What Is It? Disaster Recovery and Business Continuity Planning (DR/BCP) is another one on this list I think should be rated a lot higher than it is because of what it represents and how crucial it can be when it all goes…

Continue

Added by Logan Daley on June 24, 2020 at 9:34am — No Comments

The Fortifying Fifteen: System Recovery

Part 14 of 15: System Recovery Capabilities

What Is It? Often viewed as a purely technical capability, being able to recover your systems to operational capacity is imperative. Your systems are the heart and soul of your enterprise and central to your mission and ability to deliver…

Continue

Added by Logan Daley on June 24, 2020 at 9:33am — No Comments

The Fortifying Fifteen: Personnel Management

Part 15 of 15: Personnel Management

What Is It? It seems like a long time ago when I began writing this series of fifteen articles, yet here we are at the final one of the Fortifying Fifteen. Thirty-two down, including these, the Essential Eight and the Necessary Nine, and just five…

Continue

Added by Logan Daley on June 24, 2020 at 9:30am — No Comments

The Necessary Nine: Incident Response

Continuous Incident Detection and Response

What Is It? Far too much attention and resources are focused on the “Before” of a Cyber Security incident, but precious little on the “During” and “After”. Being able to detect WHEN (not if) something has happened (or more critically IS happening) and…

Continue

Added by Logan Daley on June 23, 2020 at 6:55am — No Comments

The Necessary Nine: Authentication Credentials

Protect Authentication Credentials

What Is It? The keys to the kingdom are your passwords (or passphrases as the ASD refer to them in their documentation) and must be protected. Your first line of defence in logging on to systems is arguably the most important and their compromise can have…

Continue

Added by Logan Daley on June 23, 2020 at 6:54am — No Comments

The Necessary Nine: Network Segmentation

Network Segmentation

What Is It? Think of network segmentation as dividing up your network and resources either physically or logically to mitigate an attacker’s capability to freely propagate from systems to system and from network to network. By putting controls in place, you can effectively…

Continue

Added by Logan Daley on June 23, 2020 at 6:54am — No Comments

The Necessary Nine: Local Admins

Disabling Local Administrator Accounts

What Is It? When an operating system is installed on a computer, whether a server, tablet, laptop, or desktop, it is installed with local administrator privileges. The installer sets a strong administrator password (we hope!) and maintains control of that…

Continue

Added by Logan Daley on June 23, 2020 at 6:53am — No Comments

The Necessary Nine: Generic Exploit Mitigation

Operating System Generic Exploit Mitigation

What Is It? Operating systems, as I outlined in a previous article, are critical to the daily operations of your systems and facilitate your applications the business relies on daily. While patching your operating systems is part of the Essential Eight,…

Continue

Added by Logan Daley on June 23, 2020 at 6:52am — No Comments

The Necessary Nine: Proxying

Deny Corporate Computers Direct Internet Connectivity

What Is It? Proxying can be taken many ways but at the core of it is a system that intercepts and handles requests on behalf of a client connecting to a service. They most commonly reside between the private network and…

Continue

Added by Logan Daley on June 23, 2020 at 6:51am — No Comments

The Necessary Nine: Web Filtering

Web Content Filtering

What Is It? Ah, the Internet. Remember the good old days when procrastinating involved some sort of physical activity aside from staring blankly at a screen and clicking a mouse button? Remember when we had to go find a book and look something up that…

Continue

Added by Logan Daley on June 23, 2020 at 6:51am — No Comments

The Necessary Nine: Email Filtering

Email Content Filtering

What Is It? Email could arguably be one of the most valuable tools of any organisation and likely the one that has been relied on the longest, but is probably one of the most overlooked and abused systems today. Ask anyone about email and what they like about it…

Continue

Added by Logan Daley on June 23, 2020 at 6:50am — No Comments

The Necessary Nine: Sandboxing

What Is It? The ASD strategy refers to this as “Automated dynamic analysis of email and web content run in a sandbox” but I prefer to simply call it sandboxing. At one time, to test an application you basically had to gamble on running in and we used a variety of means to do so including stand-alone…

Continue

Added by Logan Daley on June 23, 2020 at 6:49am — No Comments

The Essential Eight: Daily Backups

Part 8 of 8: Daily Backups of Important Data

What Is It?  Backing up your data has been a long-standing strategy in safeguarding your information when things go sideways.  Servers crash, laptops get lost, files get deleted accidentally, and mistakes are made. Mistakes, accidental or…

Continue

Added by Logan Daley on June 22, 2020 at 5:09am — No Comments

The Essential Eight: Multi-Factor Authentication

Part 7 of 8: Multi-Factor Authentication

What Is It? The short explanation is that it adds another layer of security by forcing you to provide another means of identifying yourself and in some cases, may include multiple means (it’s MULTI-factor, after all, and not just…

Continue

Added by Logan Daley on June 22, 2020 at 5:07am — No Comments

The Essential Eight: Application Hardening

Part 6 of 8: Application Hardening

What Is It?  Think of it kind of like spring cleaning on top of a minimalist lifestyle where you keep only what you absolutely need after taking stock of what you have. Many applications are installed with defaults (you know the Next-Next-Next-Next-OK…

Continue

Added by Logan Daley on June 22, 2020 at 5:04am — No Comments

The Essential Eight: Controlling Macros

Part 5 of 8: Disabling Untrusted Microsoft Office Macros

What Is It?  Macros are basically a batch of commands and processes all grouped together to make life a little easier when performing routine tasks. In many cases, they simply execute as the user and save untold hours, reducing…

Continue

Added by Logan Daley on June 22, 2020 at 4:58am — No Comments

The Essential Eight: Operating System Patching

Part 4 of 8: Patching Operating Systems

What Is It? One could probably argue that this is no different than Patching Applications, which I covered in Part 2 of this series. Yes, and no. Yes, because it is, in fact, applying updates and patches to your systems, and no,…

Continue

Added by Logan Daley on June 22, 2020 at 4:54am — No Comments

The Essential Eight: Restrict Admin Privileges

Part 3 of 8: Restrict Administrative Privileges

What Is It?  In nearly every environment, there are accounts that have elevated privileges beyond the everyday users to add, remove, and change elements of the information systems. These accounts, including dedicated service accounts for…

Continue

Added by Logan Daley on June 22, 2020 at 4:49am — No Comments

The Essential Eight: Patching Applications

Part 2 of 8: Patching Applications

What Is It?  In a nutshell, applications are designed to perform a specific task but often don’t account for potential flaws and vulnerabilities. Unless it’s a security-centric application, security is lower on the features list… if it makes the list at all. In some…

Continue

Added by Logan Daley on June 22, 2020 at 4:45am — No Comments

© 2020   Created by CISO Platform.   Powered by

Badges  |  Report an Issue  |  Privacy Policy  |  Terms of Service