Category Archives: Architecture Review

Why Risk Assessments are Essential for Information Security Maturity

Posted on by

Introduction Many compliance frameworks require Information Security Risk Assessments, and some organizations may receive third-party requests for Risk Assessment results. Organizations without any compliance obligations will still benefit from Risk Assessment as they are a key tool for efficiently increasing Information Security maturity and, more importantly, aligning Information Security with business needs and constraints. This…

The post Why Risk Assessments are Essential for Information Security Maturity appeared first on TrustedSec.

Continue reading Why Risk Assessments are Essential for Information Security Maturity

More Active Directory for Script Kiddies

Posted on by

Introduction So… Active Directory is amazing. It tells me everything I want to know—a regular Ask Jeeves for the whole domain—but I’m sure there is more that it can do. What else am I missing? In a previous article, I described the Active Directory (AD) service and how a Script Kiddie might use it to…

The post More Active Directory for Script Kiddies appeared first on TrustedSec.

Continue reading More Active Directory for Script Kiddies

Active Directory for Script Kiddies

Posted on by

Introduction It seems like all these corporate types are using Active Directory. What is this “Active Directory”? And how can I use it to make my job as a Script Kiddie easier? Active Directory (AD) is a directory service developed by Microsoft for Windows networks and computers. A directory service is a shared database for…

The post Active Directory for Script Kiddies appeared first on TrustedSec.

Continue reading Active Directory for Script Kiddies

The Crucial Role of Data Center Resiliency in Business Security

Posted on by

For many organizations, data center operations are handled by the facilities team or a third-party vendor. Although these functions aren’t part of the everyday responsibilities of the IT or Security departments, they are crucial to systems availability and to the ongoing operations of the business. Having a full understanding of the capacity and capabilities of…

The post The Crucial Role of Data Center Resiliency in Business Security appeared first on TrustedSec.

Continue reading The Crucial Role of Data Center Resiliency in Business Security

WMI for Script Kiddies

Posted on by

Introduction Let’s say an ‘Administrator’ lands on a target network host and wants to look around and ‘administer’ the system without uploading any new tools… How can I do that without burning any of my Script Kiddie tools? WMI or Windows Management Instrumentation or Windows Managed Infrastructure is an interface for managed components that provides…

The post WMI for Script Kiddies appeared first on TrustedSec.

Continue reading WMI for Script Kiddies

Using Effectiveness Assessments to Identify Quick Wins

Posted on by

An organization’s overall security posture can be viewed from multiple different angles, such as technical assessments, program assessments, controls assessments, and risk assessments. A number of different frameworks for each of these assessment types exist, intended to help both technical teams as well as leadership organize security program building activities. Some of these include: Penetration…

The post Using Effectiveness Assessments to Identify Quick Wins appeared first on TrustedSec.

Continue reading Using Effectiveness Assessments to Identify Quick Wins

20 Tips for Certification Success

Posted on by

Over the years, it has been my experience that industry certifications have become standard for job consideration and/or advancement for many technical positions. This is, of course, in addition to having experience in the particular field. I obtained my first (modern-day) technical certification in 2014. It was the System Security Certified Practitioner (SSCP) offered by…

The post 20 Tips for Certification Success appeared first on TrustedSec.

Continue reading 20 Tips for Certification Success

Want Better Alerting? Consider Your Business Processes

Posted on by

Logging, monitoring, and alerting programs are some of the most critical elements of any security and compliance program, but traditional approaches for implementing and upgrading these capabilities are often noisy, expensive, and laborious. Traditional Alerting Approaches are Failing During program assessments, we find that a lot of clients are generating so many alerts that they…

The post Want Better Alerting? Consider Your Business Processes appeared first on TrustedSec.

Continue reading Want Better Alerting? Consider Your Business Processes

Why We Are Launching the TrustedSec Sysmon Community Guide

Posted on by

Today we are excited to announce the launch of the TrustedSec Sysmon Community Guide. This guide is intended to be a one-stop shop for all things Sysmon. Our goal for the project is to help empower defenders with the information they need to leverage this great tool and to help the infosec community spread the…

The post Why We Are Launching the TrustedSec Sysmon Community Guide appeared first on TrustedSec.

Continue reading Why We Are Launching the TrustedSec Sysmon Community Guide