…and design.
Got myself a Creality Ender-3 3D printer to play with. A rather nice printer to learn about 3D printing. It comes as an easy to build DIY kit. Continue reading “Just started 3D printing”
THE Book of Digital Forensics…
Last year we published the Digital Forensics book, after a long and exciting, but challenging, period of work. Together with a team of security and forensics professionals we joined forces to create this “complete” book of Digital Forensics. I had the pleasure to write about the forensics process, based on past digital forensics research and practice as a technical analyst. The book aim to provide practitioners of computer science, information security and law enforcements with a fundamental understanding of digital forensics.
Please see our latest blog post for the first chapter of the book here. The book can be found at Wiley or you can buy it straight from Amazon.
SANS Tutorials
Introduction tutorials for binching?
Crypto Sheriff for Rescue
www.nomoreransom.org to be tested when…, ehm if….
Cyber Security MindMaps
I like mind maps, they help structure stuff. There are certainly a lot of cyber security mind maps as well to help professionals, consultants as well as management cope with this growing field. Check out the following:
- amanhardikar has various security maps,
- TaoSecurity made a cyber domain map,
- SANS CISO map (PDF)
- Rafeeq R. CISO MindMap
Cyber Security Vids – Salted Hash
CSO Online makes trivial cyber security heads-up videos, and some are quite Nice actually.
NIST Cyber Security Framework 1.1
A new version of CSF is out with a few changes [NIST and csoonline]:
- better correlation of cybersecurity risk management metrics to organizational objectives
- supply chain cyber risk
- vulnerability disclosures
- refined authentication, identification and authorisation
- Internet of Things (IoT) in addition to critical infrastructure
- self-assessing cyber security
- removed Federal Alignment
Account Recovery
Ways to request access or recover data from a platform, identity and access service or social media. The best you can do is to prepare for it to be lost, establish recovery e-mail, sms, friends/family members recovery accounts etc.
CSA tools, not just useful for cloud
The CSA tools are useful not just for cloud, however ideal, but for cyber security in general.
- Cloud Controls Checklist, a set of principles that cannot be argued
- Consensus Assessment Initiative, the questionnaire
- CSA STAR Registry, and the list of registered entities
- CSA Research
ECSTRA
Enterprise Cyber SecuriTy Reference Architecture (ECSTRA) is a nice tree/taxonomy and a checklist if you like a checklist while trying to figure out what not to miss. Its not exaustive, but covers most topics, such as preventive measures, security services catalogue etc.
http://artconfusion.com/TECRA/
Also see this article its maker: https://www.linkedin.com/pulse/what-does-ciso-your-board-you-need-know-breadth-cyber-boris-taratine/