Alexander Knorr opexxx
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| SIG Lite 2022 Section A - Enterprise Risk Management - (Enhanced) | |
| 0 | |
| SURVEY SUBMITTED | |
| SIG Lite 2022 Section B - Security Policy - (Enhanced) | |
| 0 | |
| SURVEY SUBMITTED | |
| SIG Lite 2022 Section C - Organizational Security - (Enhanced) | |
| 0 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Before starting studying, you must know very well what this certification is about and what are the prerequisite | |
| The topics included in the CCSP Common Body of Knowledge (CBK) ensure its relevancy across all disciplines | |
| in the field of cloud security. Successful candidates are competent in the following 6 domains: | |
| – Architectural Concepts & Design Requirements (19%) | |
| – Cloud Data Security (20%) | |
| – Cloud Platform & Infrastructure Security (19%) | |
| – Cloud Application Security (15%) | |
| – Operations (15%) | |
| – Legal & Compliance (12%) | |
| It is a 4 hours exam in front of a computer (and under video camera :)) |
opexxx
/ TECHNISCHE UND ORGANISATORISCHE MASSNAHMEN, EINSCHLIESSLICH ZUR GEWÄHRLEISTUNG DER SICHERHEIT DER DATEN
Created
March 15, 2022 13:32
TECHNISCHE UND ORGANISATORISCHE MASSNAHMEN, EINSCHLIESSLICH ZUR GEWÄHRLEISTUNG DER SICHERHEIT DER DATEN
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| TECHNISCHE UND ORGANISATORISCHE MASSNAHMEN, EINSCHLIESSLICH ZUR GEWÄHRLEISTUNG DER SICHERHEIT DER DATEN | |
| ERLÄUTERUNG: | |
| Die technischen und organisatorischen Maßnahmen müssen konkret (nicht allgemein) beschrieben | |
| werden. Beachten Sie hierzu bitte auch die allgemeine Erläuterung auf der ersten Seite der Anlage; | |
| insbesondere ist klar anzugeben, welche Maßnahmen für jede Datenübermittlung bzw. jede Kategorie von | |
| Datenübermittlungen gelten. | |
| Beschreibung der von dem/den Datenimporteur(en) ergriffenen technischen und organisatorischen | |
| Maßnahmen (einschließlich aller relevanten Zertifizierungen) zur Gewährleistung eines angemessenen | |
| Schutzniveaus unter Berücksichtigung der Art, des Umfangs, der Umstände und des Zwecks der |
opexxx
/ APPENDIX D INFORMATION SECURITY STANDARDS
Created
March 10, 2022 13:32
APPENDIX D INFORMATION SECURITY STANDARDS
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| APPENDIX D | |
| INFORMATION SECURITY STANDARDS | |
| 1. Information Security: | |
| Service Provider warrants and represents that it has adopted and implemented and covenants that it shall maintain a comprehensive written information security program (“Service Provider’s Information Security Program”) incorporating reasonable and appropriate administrative, technical, organizational and physical safeguards: (a) to ensure the confidentiality of Client Confidential Information in its possession or control; (b) to protect against any anticipated threats or hazards to the security or integrity of Client Confidential Information; (c) to protect against the compromise of, unauthorized access to or use of Client Confidential Information, including without limitation programs to train Service Provider’s Personnel in safeguarding the same; (d) to prevent the unauthorized acquisition, disclosure, loss, destruction or alteration of Client Confidential Information; (e) to destroy all electronic and hardcopy materials containing Clien |
opexxx
/ Information Security Program LinkedIn
Last active
February 11, 2022 16:54
Information Security Program LinkedIn
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Information Security Program | |
| LinkedIn maintains a robust and extensive security program with policies and detailed security requirements that guide the program's execution. The objective of this program is to maintain the confidentiality, integrity and availability of information, intellectual property, and systems of LinkedIn and/or its users, members, guests, employees and business partners while meeting industry standards. | |
| Compliance | |
| LinkedIn policies, procedures, and standards are based on the International Organization for Standardization (ISO)/International Electrotechnical Commission (IEC) 27001. In addition, we use an independent third-party body to audit our compliance with leading industry standards periodically. | |
| Please see LinkedIn’s Security and Compliance page: https://security.linkedin.com/trust-and-compliance | |
| Incident Management |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| CIS Controls v8 | |
| Control 1: Inventory and Control of Enterprise Assets | |
| Control 2: Inventory and Control of Software Assets | |
| Control 3: Data Protection | |
| Control 4: Secure Configuration of Enterprise Assets and Software | |
| Control 5: Account Management | |
| Control 6: Access Control Management | |
| Control 7: Continuous Vulnerability Management | |
| Control 8: Audit Log Management | |
| Control 9: Email and Web Browser Protections |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| CIS TOP 20 SOGP 2020 | |
| Reference Sub-Control Reference Topic | |
| CSC 1-1 Utilize an active discovery tool to identify devices connected to the organization's network and update the hardware asset inventory. SM2.6 Asset Registers | |
| CSC 1-1 Utilize an active discovery tool to identify devices connected to the organization's network and update the hardware asset inventory. PA1.1 Hardware Lifecycle Management | |
| CSC 1-1 Utilize an active discovery tool to identify devices connected to the organization's network and update the hardware asset inventory. PA1.5 Specialised Computing Equipment and Devices | |
| CSC 1-2 Utilize a passive discovery tool to identify devices connected to the organization's network and automatically update the organization's hardware asset inventory. SM2.6 Asset Registers | |
| CSC 1-2 Utilize a passive discovery tool to identify devices connected to the organization's network and automatically update the organization's hardware asset inventory. PA1.1 Hardware Lifecycle Management | |
| CSC 1-3 Use Dynamic Host Conf |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| SOGP 2020 | |
| Reference Topic Topic: Principle and Objective | |
| SG1.1 Security Governance Framework "Principle: A framework for information security governance should be established, and commitment demonstrated by the organisation’s governing body. | |
| Objective: To ensure that the organisation’s overall approach to information security supports high standards of governance." | |
| SG1.2 Security Direction "Principle: Control over information security should be provided by a high-level working group, committee or equivalent body, and managed by a board-level executive (or equivalent). | |
| Objective: To provide a top-down management structure and mechanism for coordinating security activity (e.g. an information security programme) and supporting the information security governance approach." | |
| SG2.1 Information Security Strategy "Principle: An information security strategy should be maintained that is demonstrably integrated with the organisation’s strategic objectives. |
opexxx
/ gist:71eb30d464ae80acc5e4ac3371c97141
Created
February 8, 2022 18:00
#CIS Controls (version 8)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #CIS Controls (version 8) | |
| 18 Controls | |
| 153 Safeguards | |
| - IG1: 56 | |
| - IG2: 74 | |
| - IG3: 23 | |
| The following COBIT 19 Management Objectives were not mapped to the CIS Controls: |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Sarbanes Oxley COSO | |
| " - Risk Assessment | |
| - Objective Setting | |
| - Event Identification" | |
| " - Risk Response | |
| - Event Identification" | |
| " - Internal Environment | |
| - Objective Setting |