The risks associated with mismanaged logs is measured in financial costs, penalties for non-compliance, lost opportunities, and missed discovery of indicators of compromise that would otherwise have been detected. This article discusses the log life-cycle trend in todays complex computing environments. The log generators (the source system) we’d consider part
Read moreCategory: CISM, CRISC & CDPSE
SIEMs are not for Events
In this article, we’ll explore the use of a SIEM for it’s most optimal utility. To get the best value out of a SIEM, we need to ensure the logs ingested are high-value logs (explained below) SIEM: A SIEM (Security Information and Event Management) takes in logs, assesses them against
Read moreThe Value in ISACA Certifications and Membership
I’ve thought long and hard about the value of certifications and memberships with organisations like Isaca and CompTIA and the others. My experience is limited to these two, but there’s obviously others like ISC2. So what value do we get from the certifications, what value do we get from the
Read moreCybersecurity Frameworks and Capability Maturity Models (CMM) Worth Knowing
There are plenty of frameworks and CMMs (Capability Maturity Models) to choose from. In this article, we’ll explore a few of the more popular ones, and discuss their use in general, in terms of the value they add. This article has a strong Australian sway to it because that’s where
Read moreJob Adverts Requiring Degrees vs Certifications
This article compares job adverts requiring either a university degree or industry certification. To clarify, the “required” and “ideal” (or similar words to that effect) are considered. The job adverts are limited to my Australian state (to ensure this investigation doesn’t turn into a thesis) and limited to the Cybersecurity
Read moreBlocking the Source or the Target – Attack Response Best Practices
This article discusses best practices for where to block an attack… the source or destination? Firewall administrators are taught to block nearest the source. System administrators are taught to block nearest the target. Let’s discuss this. Firewall administrators sensibly want to block an attack nearest the attacker. This limits the
Read moreReplacing Macros with AI in the Essential 8
It’s a matter of time before artificial intelligence (AI) is included as a domain in the Essential 8. But first, some background. The Essential 8 is the Australian Cyber Security Centre’s (ACSC) advisory/guide for Australian organisations to follow (sometimes a requirement, others just a recommendation) to best protect their systems.
Read moreSecrets With Expiries
The idea of a secret is much like a password, it allows a service to authenticate without using keys or cryptography. It’s a simple comparison. “Does your secret match my secret?” When sent over encrypted channels, secrets can be a simple and effective means to provide authentication. Is PKI better?
Read moreWhat would you do with extra budget in your IT department?
Do you have a shopping list for what you’d purchase for your IT department if you suddenly had the budget? If your IT department has a strategy and a plan, then you likely have a shopping list too. But we don’t typically have the budget to purchase everything we need
Read moreProtecting your SIEM, Virtual Infrastructure, and Backups
This article discussed key vital infrastructure components, the threats they face, and the measures that can be taken to remediate the risk. The three components are: SIEM, Virtual Infrastructure, and Backups. All three are targets for Hackers and Ransomware. Consider the scenario where an administrative domain account has been compromised
Read more