ITPROSEC Information Security Policy and Standards

ITPROSEC Information Security Policy and Standards

Leave a Comment / Privacy&Compliance / /

This document defines the general information security policy for the protection of the integrity, confidentiality and availability of the IT Profession Security’s (ITPROSEC) networks, computer systems and information. This document is one in a series that defines information security policy that are applicable to people, processes and technology at the ITPROSEC. This documented is aligned […]

ITPROSEC Information Security Policy and Standards Read More »

ITPROSEC General Security Requirements

ITPROSEC General Security Requirements

Leave a Comment / Privacy&Compliance / /

This document defines the general security requirements for the protection of the integrity, confidentiality and availability of the IT Professional Security’s (ITPROSEC) networks, computer systems and information. This document is one in a series that defines security requirements that are applicable to people, processes and technology at the ITPROSEC. This documented is aligned with four

ITPROSEC General Security Requirements Read More »

ITProSec Data Classification and Control Process

ITProSec Data Classification and Control Process

Leave a Comment / Privacy&Compliance / /

The objective of the ITPROSEC Data Classification and Control Process is to protect the information assets of the ITPROSEC by ensuring the confidentiality, integrity and availability of the assets. Information has many forms including conversations, speeches, printed documents, handwritten notes, information stored on computer systems in electronic form, video and audio tapes, etc. Information assets

ITProSec Data Classification and Control Process Read More »

Information Security Incident Response Policy and Procedures

Information Security Incident Response Policy and Procedures

Leave a Comment / Cybersecurity / /

Overview: This document offers a recommended, cyclic approach to managing both cybersecurity and information security related events in a systematic manner. The phased incident response approach outlined in this document aligns with the approach recommended by the US National Institute of Standards and Technology (NIST).

Information Security Incident Response Policy and Procedures Read More »

Security Awareness Deployment Plan

Security Awareness Deployment Plan

Leave a Comment / Security&Governance / /

Overview : The purpose of this document is to outline a proposed approach to deploying the security awareness and training program at the ITPROSEC.  This document will outline the proposed approach, timing and materials the ITPROSEC’s Information Security team would like to deploy over the course of the upcoming fiscal year (FY2017/2018).  The intended audience

Security Awareness Deployment Plan Read More »

Securely Remote Connect to MySQL with Navicat SSH

Securely Remote Connect to MySQL with Navicat SSH

Leave a Comment / Network / /

Navicat connects to the MySQL database through ssh, without opening the database port (3306 by default), and without creating another user that allows external network connections, which can greatly improve security. Of course, if your server is enabled with ssh service. The following uses Mac version of Navicat as an example to teach you how to

Securely Remote Connect to MySQL with Navicat SSH Read More »

Several Methods to Run Mimikatz

Several Methods to Run Mimikatz

Leave a Comment / Hacking&Pen Test / /

Mimikatz is an artifact that can obtain memory from the Windows Authentication (LSASS) process, and obtain plaintext passwords and NTLM hashes. Mimikatz is commonly used in intranet penetration to obtain plaintext passwords or hash values ​​to roam the intranet. However, in actual application, we often encounter the interception of killing soft, so here I refer to the information on

Several Methods to Run Mimikatz Read More »

Some Useful Information Security Websites/Blogs to Visit

Some Useful Information Security Websites/Blogs to Visit

Leave a Comment / Security&Governance / /

1. Brian Krebs 2. Wombat Security 3.  Errata Security 4. Kaspersky Labs 5. Security Bloggers Network 6. Sophos 7. Paul’s Security Weekly 8. Akamai 9. The Security Ledger 10. Graham Cluley 11. Akamai 12. McAfee AntiVirus securing tomorrow 13. Naked Security 14. Shodan  15. NoMoreRansom 16. National Cyber Security Centre 17. Reddit:  r/infosec  r/sysadmin  r/crypto  r/cybersecurity  r/opsec  r/privacy r/intelligence  r/asknetsec 18. Google’s Digital Attack Map 19. OSINT

Some Useful Information Security Websites/Blogs to Visit Read More »