Security&Governance

AAL (Authenticator Assurance Level ) decision tree

AAL (Authenticator Assurance Level ) decision tree

Identity proofing establishes that a subject is who they claim to be. Digital authentication establishes that a subject attempting to access a digital service is in control of one or more valid authenticators associated with that subject’s digital identity. For services in which return visits are applicable, successfully authenticating provides reasonable risk-based assurances that the […]

AAL (Authenticator Assurance Level ) decision tree Read More »

Agile Project Management Tool: Jira, Trello Studying Notes

Agile Project Management Tool: Jira, Trello Studying Notes

Trello (Acquired by Atlassian) is a simple, customizable kanban type board for teams that want to work agile, but aren’t observing the whole liturgy of agile development. Trello is largely designed for more general usages. Trello is a lightweight project management tool, designed as a Kanban board tool, you can visualize your task flow of anything

Agile Project Management Tool: Jira, Trello Studying Notes Read More »

Windows 2008 2012 2016 Security Baseline Setup Script

Windows 2008 2012 2016 Security Baseline Setup Script

A security baseline is a group of Microsoft-recommended configuration settings that explains their security impact. These settings are based on feedback from Microsoft security engineering teams, product groups, partners, and customers. Microsoft enables various controls to Windows users by providing multiple configuration capabilities since the organization needs to implement control over their security configurations. Here

Windows 2008 2012 2016 Security Baseline Setup Script Read More »

Change Approval Board (CAB) Charter

Change Approval Board (CAB) Charter Template

Contents 1.    Mission Statement 2 2.    Members and Attendees. 2 3.    Responsibilities. 3 4.    Authority. 4 5.    Approval Process. 4 5.1 Voting Process. 4 5.2 Voting Options. 4 5.3 Voting Members. 4 6.    Prioritization & Scheduling. 5 7.    Meeting Preparation.. 5 8.    Meeting Protocol 6 9.    Meeting Agenda. 6 10.  Post-Deployment Review.. 8 11.      Emergency

Change Approval Board (CAB) Charter Template Read More »

Security Awareness Deployment Plan

Overview : The purpose of this document is to outline a proposed approach to deploying the security awareness and training program at the ITPROSEC.  This document will outline the proposed approach, timing and materials the ITPROSEC’s Information Security team would like to deploy over the course of the upcoming fiscal year (FY2017/2018).  The intended audience

Security Awareness Deployment Plan Read More »

Some Useful Information Security Websites/Blogs to Visit

1. Brian Krebs 2. Wombat Security 3.  Errata Security 4. Kaspersky Labs 5. Security Bloggers Network 6. Sophos 7. Paul’s Security Weekly 8. Akamai 9. The Security Ledger 10. Graham Cluley 11. Akamai 12. McAfee AntiVirus securing tomorrow 13. Naked Security 14. Shodan  15. NoMoreRansom 16. National Cyber Security Centre 17. Reddit:  r/infosec  r/sysadmin  r/crypto  r/cybersecurity  r/opsec  r/privacy r/intelligence  r/asknetsec 18. Google’s Digital Attack Map 19. OSINT

Some Useful Information Security Websites/Blogs to Visit Read More »