ISACARuSec – Telegram
ISACARuSec
@IsacaRuSec
2.27K subscribers
1.77K photos
13 videos
303 files
5.64K links
Канал направления ИБ Московского отделения ISACA

Направление канала новости ISACA, новости в области управления ИБ в России и мире, обмен лучшими практиками.

https://engage.isaca.org/moscow/home

Связь с администрацией
@popepiusXIII
Download Telegram
About
Blog
Apps
Platform
Join
ISACARuSec
2.27K subscribers
ISACARuSec
https://twitter.com/thor_scanner/status/1459549486070513670

https://youtu.be/ONuK9NIXoOs

https://t.co/tdt4CNt9Yz
Twitter
Nextron Systems
Aurora - Free Sigma-based EDR Agent Preview - Introduction - Features - Advantages over other solutions - Response Actions - Roadmap - Live Demo Video session youtube.com/watch?v=ONuK9N… Slides nextron-systems.com/wp-content/upl…
448 viewsedited  
ISACARuSec
https://www.scmagazine.com/analysis/security-awareness/mastercard-launches-cybersecurity-group-focused-on-third-party-risk
Scmagazine
Mastercard launches cybersecurity group focused on third-party risk
Mastercard announced the launch of its own global “cybersecurity alliance” to help financial firms and their vendors reduce the ever-growing threats they face.
422 views
ISACARuSec
https://cloudsecurityalliance.org/artifacts/devsecops-pillar-4-bridging-compliance-and-development/
cloudsecurityalliance.org
DevSecOps - Pillar 4 Bridging Compliance and Development | CSA
This document provides guidance to ensure the gap between compliance and development is addressed by recognizing compliance objectives, translating them to appropriate security measures, and identifying inflection points within the software development lifecycle…
430 views
ISACARuSec
https://twitter.com/cyb3rops/status/1491156207029334019

https://docs.google.com/spreadsheets/d/1BhR3cymZ53ZJfJdKAGKszuB-jgsr8GBJBOCJl50WGKE/htmlview
Twitter
Florian Roth ⚡️
Years ago I've created a spreadsheet that maps audit policy settings to corresponding events It's an outdated list but people still find it useful It also contains columns in which I've estimated the volume & rated the usefulness of these events docs.goo…
441 viewsedited  
ISACARuSec
первый пост в серии по разделу ответственности в public cloud.

https://medium.com/anton-on-security/who-does-what-in-cloud-threat-detection-a7a4f44e7672
Medium
Who Does What In Cloud Threat Detection?
This post is a somewhat random exploration of the cloud shared responsibility model relationship to cloud threat detection.
450 views
ISACARuSec
Forwarded from Пост Лукацкого
Росстандарт утвердил ГОСТ Р 59548-2022 "Защита информации. Регистрация событий безопасности. Требования к регистрируемой информации", который был введен в действие с 1-го февраля 2022 года.
fstec.ru
Приказ от 13 января 2022 г. N 2-ст - ФСТЭК России
Официальный сайт Федеральной службы по техническому и экспортному контролю (ФСТЭК России)
173 views
ISACARuSec
Forwarded from Пост Лукацкого
В пару с ГОСТом по регистрации событий, Росстандарт утвердил еще и ГОСТ Р 59547-2021 "Защита информации. Мониторинг информационной безопасности. Общие положения", который введен в действие с 4-го января 2022 года.
202 views
ISACARuSec
Forwarded from Пост Лукацкого
gost_r_59547-2021.pdf
91.3 KB
206 views
ISACARuSec
https://cloudsecurityalliance.org/artifacts/manufacturing-industry-cybersecurity-challenges/
CSA
Cybersecurity Best Practices for the Manufacturing Industry | CSA
437 views
ISACARuSec
https://docs.microsoft.com/en-us/azure/security/fundamentals/steps-secure-identity
Docs
Secure your Azure AD identity infrastructure - Azure Active Directory
This document outlines a list of important actions administrators should implement to help them secure their organization using Azure AD capabilities
446 views
ISACARuSec
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-install-prerequisites#harden-your-azure-ad-connect-server
Docs
Azure AD Connect: Prerequisites and hardware - Microsoft Entra
This article describes the prerequisites and the hardware requirements for Azure AD Connect.
443 views
ISACARuSec
https://www.enisa.europa.eu/news/enisa-news/why-security-concerns-drive-customers-towards-public-dns-resolvers
ENISA
Why Security Concerns Drive Customers Towards Public DNS Resolvers
The European Union Agency for Cybersecurity (ENISA) analyses the security pros and cons of using public DNS resolvers.
421 views
ISACARuSec
NIST has published NISTIR 8286B, Prioritizing Cybersecurity Risk for Enterprise Risk Management. This report builds on the risk strategy and risk identification activities described in NISTIR 8286A and illustrates the need to ensure that enterprise context, priorities, and strategies are considered when making decisions about how best to respond to cybersecurity risks.

Additionally, a draft companion document – NISTIR 8286C, Staging Cybersecurity Risks for Enterprise Risk Management and Governance Oversight – describes activities to help complete the CSRM/ERM integration cycle throughout the enterprise and is currently available for public comment. Submit your public comments by March 11, 2022.
https://csrc.nist.gov/publications/detail/nistir/8286/final
CSRC | NIST
NIST Internal or Interagency Report (NISTIR) 8286, Integrating Cybersecurity and Enterprise Risk Management (ERM)
The increasing frequency, creativity, and severity of cybersecurity attacks means that all enterprises should ensure that cybersecurity risk is receiving appropriate attention within their enterprise risk management (ERM) programs. This document is intended…
447 viewsedited  
ISACARuSec
https://cloud.google.com/blog/products/identity-security/security-automation-lessons-from-site-reliability-engineering-for-security-operations-center
Google Cloud Blog
Security Automation Lessons from Site Reliability Engineering for Security Operations Center (SOC) | Google Cloud Blog
Your Security Operations Center (SOC) can learn a lot from what IT operations learned during the SRE revolution. In this post of the series, we plan to extract the lessons for your SOC centered on another SRE principle - automation as a force multiplier.
383 views
ISACARuSec
https://twitter.com/cloudsa/status/1491850240290398215

https://cloudsecurityalliance.org/artifacts/cloud-controls-matrix-v4/
Twitter
CloudSecurityAlliance
CCM v4 has now been mapped to PCI DSS v3.2.1 and #NIST Special Publication 800-53 rev5! With this update, the CCM #cloudsecurity controls are now accompanied by nine total mappings. Download the CCM and all of its mappings here → bit.ly/3uD3bDF
389 viewsedited  
ISACARuSec
https://twitter.com/ISACANews/status/1491888350940303360

https://www.isaca.org/resources/isaca-journal
Twitter
ISACA Global
The ISACA Journal is turning 50 and we’re celebrating all year! As a member-exclusive benefit, the ISACA Journal offers the latest industry news and insights. Download the digital version or sign up to get your print copy here: bit.ly/3Lq3Nmk
370 viewsedited  
ISACARuSec
Пригодится и для локальных репозиториев =)
360 views
ISACARuSec
Forwarded from Social Engineering
⚙️ S.E.Заметка. GitHub дорки.

🖖🏻 Приветствую тебя user_name.

• Для быстрого и удобного поиска скрытой информации касательно GitHub, мы можем использовать всем известные дорки. Сегодня ты узнаешь о полезной табличке, из которой можешь подчеркнуть для себя полезные запросы и найти скрытую информацию.

📌 В дополнение:

• Дорки:
https://news.1rj.ru/str/S_E_Reborn/1389
http://recruitin.net
https://github.com/techgaun/github-dorks
https://github.com/H4CK3RT3CH/github-dorks
https://github.com/jcesarstef/ghhdb-Github-Hacking-Database

• Инструменты:
https://github.com/BishopFox/GitGot
https://github.com/Talkaboutcybersecurity/GitMonitor
https://github.com/michenriksen/gitrob
https://github.com/tillson/git-hound
https://github.com/kootenpv/gittyleaks
https://github.com/awslabs/git-secrets https://git-secret.io/

• Полезный мануал: https://shahjerry33.medium.com/github-recon-its-really-deep-6553d6dfbb1f

‼️ Другую дополнительную информацию ты можешь найти по хештегу #СИ и #OSINT. Твой S.E.
178 views
ISACARuSec
https://www.govinfosecurity.com/us-sec-proposes-48-hour-incident-reporting-requirement-a-18493
Govinfosecurity
US SEC Proposes 48-Hour Incident Reporting Requirement
The SEC voted 3-1 to advance new, mandatory cybersecurity rules for registered investment advisers, companies and funds. The proposal - open for a 30-day public
416 views
ISACARuSec
Forwarded from Пост Лукацкого
Интересная заметка про реальность и маркетинг вокруг Zero Trust. Схожая ситуация и с другими разрекламированными концепциями, например, XDR. На картинке все хорошо, но реальность вносит свои коррективы
Mayakaczorowski
BeyondCorp is dead, long live BeyondCorp
No organization has successfully implemented a fully zero trust architecture. Many proponents of zero trust, including the US government, have ignored device...
👍2
176 views
ISACARuSec
https://twitter.com/HackingLZ/status/1492170470929674246

В ответах на твит есть полезные ссылки.
Twitter
Justin
Besides Elastic and Sigma who else publishes detection logic to Github at some scale?
409 viewsedited