Architecture

A Simplified TRA (Threat and Risk Assessment) Example

A Simplified TRA (Threat and Risk Assessment) Example

Still Under Writing… A Threat and Risk Assessment analyzes a software or hardware system for vulnerabilities, examines potential threats associated with those vulnerabilities, and evaluates the resulting security risks. A vulnerability is any “flaw or weakness in system security procedures, design, implementation, or internal controls that could be exercised (accidentally triggered or intentionally exploited) and …

A Simplified TRA (Threat and Risk Assessment) Example Read More »

NIST CSF Core Notes

NIST Framework Components The Cybersecurity Framework consists of three main components: The Framework Core provides a set of desired cybersecurity activities and outcomes using common language that is easy to understand.   The Framework Implementation Tiers assist organizations by providing context on how an organization views cybersecurity risk management.  Framework Profiles are an organization’s unique alignment …

NIST CSF Core Notes Read More »

Cyber Security Technology with NIST Cyber Security Framework

Layered Security & Defense In Depth A layered approach to security can be implemented at any level of a complete information security strategy. Whether you are the administrator of only a single computer, accessing the Internet from home or a coffee shop, or the go-to guy for a thirty thousand user enterprise WAN, a layered …

Cyber Security Technology with NIST Cyber Security Framework Read More »

Understanding GDPR from Security Professional’s Perspective

Understanding GDPR from Security Professional’s Perspective

One of the most recent and wide-ranging laws impacting the security profession globally is the European Union’s General Data Protection Regulation, or GDPR. As of May 25, 2018, the GDPR is a legal and enforceable act of the European Union. In this post, we will detail the key findings as a security professional how to …

Understanding GDPR from Security Professional’s Perspective Read More »

Cyber Security Frameworks and Integrated with TOGAF

Cyber Security Frameworks and Integrated with TOGAF

When cyber security professionals talking about related frameworks, it always comes to two which is ISO and NIST. There are lots of confusions  between them and also between Frameworks and Security architecture methodology. Here is some discussion for those topics I collected from online which I believe at certain points, it clarified some of my …

Cyber Security Frameworks and Integrated with TOGAF Read More »

From DevOps to DevSecOps

From DevOps to DevSecOps

What is DevOps: DevOps is the combination of cultural philosophies, practices, and tools that increases an organization’s ability to deliver applications and services at high velocity: evolving and improving products at a faster pace than organizations using traditional software development and infrastructure management processes. This speed enables organizations to better serve their customers and compete more effectively in the market. (from AWS) …

From DevOps to DevSecOps Read More »