Jonathan T. Cohen jcohen66
jcohen66
/ cism_security_policy.txt
Last active
July 26, 2024 23:29
CISM IT Security Policy #cism #security #policy
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Writing Security Policies | |
| https://www.cyberpilot.io/it-security-policy-downloada | |
| Purpose | |
| - Provide a framework | |
| - Sets objectives for IT Security | |
| - Delegates responsibility | |
| - Creates guidelines and rules for employees to follow | |
jcohen66
/ cism_continuityofenterprise.txt
Last active
July 25, 2024 19:52
CISM Continuity of the Enterprise #cism #business #continuity #disaster #recovery #planning
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Continuity of the Enterprise | |
| - Get Sr Mgt buyin | |
| - Build a Charter | |
| Business Continuity | |
| - Incorporates Info Systems AND everything else! | |
| - In for the long haul | |
| - Starts as incident/Ends as disaster | |
| - Coordinated strategy involving plans, procedures, and technical measures | |
| - Enable the recovery of info systems, operations and data after a disruption |
jcohen66
/ CISM_inicient_response.txt
Created
July 25, 2024 18:40
CISM Incident Response #cism #incident #response #plan #prepare #protect #contain #triage #respond
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Incident Response | |
| - Hands off! | |
| - We dont act/we advise | |
| Prepare | |
| - Coordinate Planning and Design | |
| - Identify Incident Management Requirements | |
| - Obtain Funding and Sponsorship | |
| - Develop Policies, Plans, Processes |
jcohen66
/ cissp_designing_secure_systems.txt
Created
July 23, 2024 15:40
CISSP Designing Secure Systems #cissp #secure #system #design #best #practice
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Designing Secure Systems | |
| Authentication | |
| - Scenarios to Protect | |
| - User logins | |
| - Employee access to internal systems | |
| - Design Points | |
| - String password policy | |
| - Multi-factor authentication (MFA) |
jcohen66
/ cissp_endpoint_best_practice.txt
Created
July 23, 2024 00:15
CISSP Endpoint Best Practices #cissp #endpoint #best #practice
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Essential Endpoint Best Practices | |
| Regular Updates and Patching | |
| - Ensure all devices and software are kept up to date on all patches and updates | |
| - This practice fixes vulnerabilities that could be exploited by attackers and enhances the overall security posture | |
| Strong Authentication and Access Control | |
| - Implement strong password policies and multi-factor authentication (MFA) to reduce the risk of unauthorized access | |
| - Apply the Principle Of Least Privilege (PLP) by restricting user access rights to only what is necessary for their role. |
jcohen66
/ cissp_rbac.txt
Created
July 22, 2024 14:45
CISSM Role Based Access Control (RBAC) #cissp #rbac #role #based #access #control
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Role Based Access Control | |
| - Has Role | |
| - Has Permission | |
| - User | |
| - Role | |
| - Permission | |
| - User can have 1-n Roles (User-Role) | |
| - Role can have 1-n Permissions (Rolex-Permission) |
jcohen66
/ cissp_crowdstrike.txt
Last active
July 22, 2024 19:29
CISSP Crowdstrike Bug SMM #cissp #crowstrike #edr #ring #uefi
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| https://insights.sei.cmu.edu/blog/uefi-terra-firma-for-attackers/ | |
| Kernel Driver Failed | |
| - Ring 0 | |
| - Kernel Mode (OS Code) | |
| - Can see all memory | |
| - When kernel mode code crashes -> The System Crashes | |
| - Blue Screens since alternative could be worse | |
| - OS doesnt know what to do | |
| - Application code is not separated from one another |
jcohen66
/ cism_risk_stages.txt
Created
July 21, 2024 03:10
CISM Risk Stages #cism #risk #stages #analysis #identification #evaluation #management
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Risk Identification | |
| - The first and most fundamental stage | |
| Risk Analysis | |
| - Follows Identification | |
| - Structured process that involves identifying ways to achieve goals, anlyzing consequences and assessing the likelihood of hazardous events. | |
| Risk Evaluation | |
| - Follows Analysis | |
| - Risks should be ranked and prioritized |
jcohen66
/ cism_global_local.txt
Created
July 20, 2024 17:55
CISM Global Organization Policy #cism #global #local #policy #legal #compliance #law #data #privacy
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Infromation Security Program Global/Local Policies | |
| Local Entity | |
| - Must comply with local law for data collected in the country | |
| - Sr Management is accountable for legal compliance | |
| - Policy takes 2nd place to law | |
| - Law supercedes internal policy | |
| - Local regulations can differ from the country where the organization is HQ | |
| - Not likely that org policy will cover all local legal requirements | |
| - Local law supercedes law of country where HQ |
jcohen66
/ cism_strategies.txt
Last active
July 20, 2024 17:10
CISM Strategies #cism #cobit #cmmi #togaf #zachman #sabsa #27002 #fisma #itil #20000 #800-53 #iso #nist #framework #architecture #best #practice #federal
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Strategy Methodologies | |
| Frameworks | |
| - COBIT | |
| - Framework | |
| - IT Governance and Management | |
| - CMMI | |
| - Framework | |
| - Process Improvement |
NewerOlder