Threats are those things that we can not control. What I mean by this is that threats, when it comes to security, are mainly driven (when there is a human behind the actions) by motivation and skills/capabilities. To give an analogy on Threats, in traffic example, when you drive a car there are different kinds […]Read More WHAT IS THREAT MODELING?
“CISM, CISA, CRISC. Which one, of these three, is the best ISACA certification?“ I have been asked this one a couple of times since I worked my way through these certifications. And I have also been asked: I would rather switch the question around a bit and look at the subject from a couple of […]Read More CISM, CISA & CRISC – WHICH CERTIFICATION TO TAKE?
In this article, the focus will be on the Monitoring & Reporting phase in the Risk Assessment process. I will go through the phase, Monitoring & Reporting, and the elements within it. If you are new to Risk Management, I recommend you read the article What is Risk Management. If you are interested in the […]Read More THE RISK MONITORING & REPORTING PHASE EXPLAINED
I know there are different definitions and descriptions out there of what compliance is. This article is not about cutting words or saying my definition is right or others are wrong. The goal of this article is to address the subject, Compliance, from a cloud security governance perspective. Why it is a thing and how […]Read More CLOUD SECURITY GOVERNANCE – REGULATIONS, COMPLIANCE & SECURITY
In this article, the focus will be on the Risk Treatment & Response phase which is the third phase in the Risk Assessment process. I will go through the phase, Risk Treatment & Response, and the elements within it. If you are new to Risk Management, I recommend you read the article What is Risk […]Read More THE RISK TREATMENT & RESPONSE PHASE EXPLAINED
“If you only knew the power of the Dark Side!” Darth Vader, Star Wars: Episode V – The Empire Strikes Back <MUSIC> duh duh duh DUN DA DUN, DUN DA DUN </MUSIC> What is Ethical hacking, i.e. OffSec, or Offensive Security? It is the power of the Dark Side. The power of understanding and applying […]Read More THE POWER OF THE DARK SIDE! ETHICAL HACKING
TERMINAL TERMINAL ┌──(kali㉿kali)-[~] nmap -sC -sV -T4 W.X.Y.Z Starting Nmap at XXX-YY-ZZ Nmap scan report (Z.Y.X.W) Host is up, Not shown: 995 filtered ports Reason: 995 no-responses PORT STATE SERVICE22/tcp open ssh 53/tcp open domain80/tcp open http443/tcp open httpsMAC Address: ##:##:##:##:##:## (Nmap done: 1 IP address scanned) ┌──(kali㉿kali)-[~] gobuster dir -u W.X.Y.Z -w /home/kali/small.txt ==================================== […]Read More GAMING FOR SECURITY ENTHUSIASTS
About 40 million lightning strikes hit the ground in the United States each year. But the odds of being struck by lightning in a given year are less than one in a million, and almost 90% of all lightning strike victims survive. The odds of being struck multiple times is even less, with the record […]Read More WHAT IS RISK? MODELED & EXPLAINED
When you are leasing a car does not mean that you can drive around totally wreckless on the streets and skip all the rules that apply. You still need to drive the car according to certain terms, conditions, and rules. You are not allowed to be lawless and go cowboy-style. This behavior is not-so-good driver […]Read More CLOUD SECURITY GOVERNANCE – CONTRACTS & AGREEMENTS
In this article, the focus will be on the Risk Analysis phase in the Risk Assessment process. I will go through the phase, Analysis, and the elements within it. Risk Analysis is the second phase of the Risk Assessment process. If you want to read about the Risk Identification phase (which is the first phase), […]Read More THE RISK ANALYSIS PHASE EXPLAINED