Security Protection for Cloud Native Technologies
Is there any framework / security practices model which we can use to protect and monitor Cloud Native Technologies ?
Continue reading Security Protection for Cloud Native Technologies
Collaborate Disseminate
Is there any framework / security practices model which we can use to protect and monitor Cloud Native Technologies ?
Continue reading Security Protection for Cloud Native Technologies
I am trying to onboard CTI feed for our SIEM. As part of the procurement process, I need to make sure that there are certain SLA`s which should be included in the contract terms for accountability of the managedĀ service. Any thoughts whic… Continue reading SLA for Managed Services (CTI)
We are using Thales HSM solution to bring BYOK encryption in Azure tenant at the moment. Now for an offline backup of keys via Thales and Azure Key Vault for disaster recovery, what is the best option ? i.e. Encrypt USB with Bitlocker and … Continue reading Encryption (BYOK) Offline backup options
Microsoft offers RAP as a Service for various platforms like AD, Exchange, Windows Servers/Desktops etc. Does anyone have an insight about these services from Microsoft vs other free tools like for AD Bloodhound is a really good one to hig… Continue reading RAP as a Service vs other freeware software tools
What are the security best practices for files on a shared drive:
Apply the principle of least privilege?
Access level should be approved by the Manager and audited regularly?
Some of the technical details are also listed here which are s… Continue reading security best practices for shared folder on a drive
As a context for my small project:
I need to summarize the major breaches in last 12 months with a rationale. i.e. https://www.hackmageddon.com/2020/08/13/june-2020-cyber-attacks-statistics/ I can use these stats to start with.
Quantify … Continue reading what are the major breaches in the last 12 months? [closed]
how to know which website is secure to open ? i.e.
https://cdn.redhat.com/
why am I getting a security notification even when the site relates to Redhat ?
Thanks
Continue reading website legitimate or not, how to evaluate?
How can I measure the effectiveness of a Penetration Testing carried out in a Cloud Environment (IaaS/PaaS) by a third Party Vendor ? Should I ask for a CVSS score or something else ?
Any advise will be highly appreciated.
… Continue reading Penetration Testing of IaaS/PaaS environment – CVSS Score
We have white-listed full domains and that creates uncertainty i.e. myservice.com
Anyone can send spam mails and we can’t block it.
We have white-listed specific emails / IP addresses and there is no immediate concern.
Are there any recommendations to create a security reference architecture for remote access. It should be valid across both on-premise and cloud access. I have couple of documents from various organizations i.e. CSA, NIST, Op… Continue reading Securing Remote Access – High Level Architecture