Достаточно давно я придерживаюсь мнения, что "продажа страха" как метод продвижения информационной безопасности давно устарел и он не дает того эффекта, которым был ему присущ ранее. Да, конечно, если "влить" в это направление много денег или воспользоваться…

Explore the essentials of threat hunting: its importance, methodologies, and how proactive measures can protect against advanced cyber threats.

The DevOps movement (and its offshoot DevSecOps) aims to improve the frequency and quality of software deployments by breaking down silos between teams. When the walls between teams disappear we often see tasks ‘shift left,’ or move earlier in the development…

An introduction to the Mitre ATT&CK framework, the Mitre ATT&CK Navigator, and some example processes to get you started.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has published a list of free cybersecurity services and tools to help organizations increase their security capabilities and better defend against cyberattacks.

Как сообщили в начале января 2022 года сайты Международной организации по стандартизации (ИСО) и Британского института стандартов (BSI), в н...

Project Abstract Increasingly, healthcare delivery organizations (HDOs) are relying on telehealth and RPM capabilities to treat patients at home. RPM is convenient and cost-effective, and its adoption rate has increased. However, without adequate privacy…

Как сообщили в начале января 2022 года сайты Международной организации по стандартизации (ИСО) и Британского института стандартов (BSI), в н...

Once a month we get in front of our exec/senior leadership team and talk about #SOC performance relative to our business goals (grow ARR, retain customers, improve gross margin). A 🧵on how we translate business objectives to SOC metrics.

There is no shortage of guidance on how to design, configure and deploy Fabric solutions. This paper provides insights into how the three layers of blockchain technology interact with enterprise security services to deliver specific security outcomes. This…

The Cloud Security Podcast from Google is a weekly news and interview show with insights from the cloud security community.

Windows security log quick reference for SOC Analysts #CyberSecurity

TLDR: no, this post still does not contain the Ultimate Answer for XDR, Life and Everything Question. Moreover, I don’t think anything ever…

The model of computing implemented by Active Directory isn't the problem, they said. Use Kerberos with it instead of NTLM, they said. We're in an era where self-managed home computers can be more secure than corporate ones because of how easy AD makes arbitrary…

Best of OSI Model Cheatsheet #infosec #cybersecurity #pentesting #oscp #informationsecurity #hacking #cissp #redteam #DataSecurity #CyberSec #Hackers #networking #networks

The debate over the form and scope of a U.S. privacy law is still underway, and experts are divided when it comes to enforcement. Some believe a standalone agency would best enforce any new rules.

New guidance from HHS Cybersecurity Coordination Center urges the use of red and blue teaming, in combination with endpoint detection and response to combat ongoing EMR risks.

Welcome to the first episode of our new podcast series, “Coffee with The Council”. I'm Alicia Malone, senior manager of public relations for the PCI Security Standards Council. Today, we'll be talking about what you can expect in the year ahead for PCI SSC…

Методике оценки угроз я решил посвятить отдельную заметку, продолжающую рассказ о конференции ФСТЭК. Все-таки я достаточно активно критиковал этот документ и мне интересно, что получится после внесения изменений, которые и были озвучены в докладе Ирины Гефнер…

Данная заметка эксперта в области э-раскрытия Дуга Остина (Doug Austin – на фото) была опубликована 17 февраля 2022 года на его блоге «Э-рас...

Как сообщил сайт Международной организации по стандартизации (ИСО), в настоящее время идёт голосование национальных органов по стандартизаци...