Showing posts with label Architecture. Show all posts
Showing posts with label Architecture. Show all posts

Friday, December 7, 2018

Understanding GDPR from Security Professional's Perspective

One of the most recent and wide-ranging laws impacting the security profession globally is the European Union's General Data Protection Regulation, or GDPR. As of May 25, 2018, the GDPR is a legal and enforceable act of the European Union.

In this post, we will detail the key findings as a security professional how to work to satisfy the requirements of GDPR.


General Data Protection RegulationGDPR


Chapter 11  2  3  4
Chapter 25  6  7  8  9  10  11
Chapter 312  13  14  15  16  17  18  19  20  21  22  23
Chapter 424  25  26  27  28  29  30  31  32  33  34  35  36  37  38  39  40  41  42  43
Chapter 544  45  46  47  48  49  50
Chapter 651  52  53  54  55  56  57  58  59
Chapter 760  61  62  63  64  65  66  67  68  69  70  71  72  73  74  75  76
Chapter 877  78  79  80  81  82  83  84
Chapter 985  86  87  88  89  90  91
Chapter 1092  93
Chapter 1194  95  96  97  98  99

Tuesday, December 4, 2018

Cyber Security Frameworks and Integrated with TOGAF

When cyber security professionals talking about related frameworks, it always comes to two which is ISO and NIST. There are lots of confusions  between them and also between Frameworks and Security architecture methodology. Here is some discussion for those topics I collected from online which I believe at certain points, it clarified some of my confusions.

======================================================================
A Cyber Security Framework is a risk-based compilation of guidelines designed to help organizations assess current capabilities and draft a prioritized road map toward improved cyber security practices. (From Arnab Chattopadhaya 's Enterprise Security Architecture)

Well Known Cyber Security Frameworks
• Sherwood Applied Business Security Architecture (SABSA)
• ISO/IEC 27001 & 27002 (formerly ISO 17799)
• ISO/IEC 31000
• NIST SP 800-53: Security and Privacy Controls for Federal Information Systems and Organizations
• NIST SP 800-39: Risk Management Framework


Essential security and risk concepts and their position in the TOGAF ADM (Source: TOGAF Security Guide)
Other standards / frameworks related to Cyber Security Frameworks
• COBIT
• ITIL
• COSO
• Other Major IT Cyber Security Frameworks
     -O-ESA
     -O-ISM3
     -Open Fair

From DevOps to DevSecOps


What is DevOps:
DevOps is the combination of cultural philosophies, practices, and tools that increases an organization’s ability to deliver applications and services at high velocity: evolving and improving products at a faster pace than organizations using traditional software development and infrastructure management processes. This speed enables organizations to better serve their customers and compete more effectively in the market. (from AWS)


Prior to 2010,

  • Structured Development methodologies
  • Clent-server
  • Waterfall Model


Now,

  • Moved from structured development methodologies to object-oriented paradigm
  • Moved from client-server to service-oriented architecture
  • Moved from the waterfall model to agile methods

Continuous Integration and Continuous Delivery (CI/CD) relies on the automation of routine work.

Agile and DevOps

Sunday, December 2, 2018

Enterprise Security Architecture Resources

Enterprise Security Architecture (ESA) is a relatively new concept to most business & IT stakeholders. However it is gaining an increase in adoption due to the need by the CISO’s of enterprises to strategically address information security debt and meet the increasing burden of Privacy related compliance. This post is going to collect some useful online resources which started to explore a creative method to build a mature enterprise security architecture.

IT vs Information Security vs Cyber Security vs Business Continuity vs Risk Management

IT vs Information Security vs Cyber Security vs Business Continuity vs Risk Management
From: 9 steps to Cyber Security


Friday, November 16, 2018

Threat Hunting Tools

Here are some collections from Internet about Threat Hunting tools, information and resources.

1. Kansa

Tuesday, October 23, 2018

Threat Modeling Resources

This post is to collect Internet resources regarding threat modeling. There are some other similar posts regarding Threat Intelligence and Threat hunting. Search my blog you will find more.


Threat Modeling Methodologies for IT Purposes
Conceptually a threat modeling practice flows from a methodology. Numerous threat modeling methodologies are available for implementation. Based on volume of published online content, the four methodologies discussed below are the most well known.


Saturday, May 26, 2018

CISO Leadership Overview

Cyber Security Mind Map Examples:
  • 网络安全绪论
  • 扫描与防御技术
  • 口令破解及防御技术
  • 拒绝服务供给与防御技术
  • Web及防御技术
  • 计算机病毒
  • 网络安全发展与未来
  • SANS Cisco Mind Map
  • 企业安全工作要点思维导图
Free Cloud Mind Map Website: Mind Mup2 - https://drive.mindmup.com/

A CISO (Chief Information Security Officer) has a complex role within a company. They have a wide array of tasks to perform, that involves many differing parts, which the average individual is not always aware of.

CISO Mind Map is an overview of responsibilities and ever expanding role of the CISO.  This Security Leadership poster made by SANS shows exactly the matters a CISO needs to mind when creating a world class IT Security team. It also highlights the essential features necessary of a Security Operations Centre (SOC).