“One of the main cyber-risks is to think they don’t exist. The other is to try to treat all potential risks. (Fix the basics, protect first what matters for your business and be ready to react properly to pertinent threats. Think data, but also business services integrity, awareness, customer experience, compliance, and reputation).” -Stephane Nappo (Quote of the week: Risk Management | Mars 17, 2018)
How not to suck in SIEM implementation
This article will focus mainly on important considerations when it comes to SIEM implementation. It also exposes some oversights during the run phase.
"Computer security can simply be protecting your equipment and files from disgruntled employees, spies, and anything that goes bump in the night, but there is much more. Computer security helps ensure that your computers, networks, and peripherals work as expected all the time and that your data is safe in the event of hard disk crash or a power failure resulting from an electrical storm. Computer security also makes sure no damage is done to your data and that no one is able to read it unless you want them to." -Bruce Schneier (Quote of the week: Computer Security | Feb 10, 2018)
Should we review our cybersecurity basics?
Only a few minutes before the end of 2017, a heavy year on cybersecurity from huge breaches through ransomware spreading and new vulnerabilities disclosers, to new defense technologies loudly evolving all around. I feel however almost tactless when I look the other way around and try to depict all of this in the real-world projects […]
"The methods that will most effectively minimize the ability of intruders to compromise information security are comprehensive user training and education. Enacting policies and procedures simply won't suffice. Even with oversight the policies and procedures may not be effective: my access to Motorola, Nokia, ATT, Sun depended upon the willingness of people to bypass policies and procedures that were in place for years before I compromised them successfully." - Kevin Mitnick (Quote of the week : Security Education | Oct 23, 2017)
How to actually implement Threat Intelligence
As a starting point, a good basic understanding of possible Treat Intelligence integrations is a must. This will allow us to imagine fitting basic setup and future evolutions as TI operations mature inside the organization. We can form our first TI integration strategy on simple…
"Information is a significant component of most organizations’ competitive strategy either by the direct collection, management, and interpretation of business information or the retention of information for day-to-day business processing. Some of the more obvious results of IS failures include reputational damage, placing the organization at a competitive disadvantage, and contractual noncompliance. These impacts should not be underestimated." - Institute of Internal Auditors (Quote of the week : Data Protection | Oct 7, 2017)
Why Equifax and Deloitte attacks detection took months?
Equifax and Deloitte breaches detection took months! Why is it the case for big firms like Equifax & Deloitte? A SOC specialist analysis.
Indicators of Compromise in Threat Intelligence – Let’s speak some InfoSec Jargon
Indicators of Compromise (IOC) are items of forensic data (like information found in event logs or network flows), that highly indicate conceivably nasty activity in an organization’s system…
"If you spend more on coffee than on IT security, you will be hacked. What's more, you deserve to be hacked" - Richard Clarke. (Quote of the week : Work hard! | Sep 25, 2017)