Collaborate Disseminate
Another question inspired by a recent discussion in the ‘The DMZ’ chatroom.
Long story short: IT guys are worried that accountants’ workstations may become compromised because accountants watch cat meme websites. Proposed solution: Lock do… Continue reading Realistically, how likely it is to have a computer compromised from browsing random websites?
What is the best books for beginners on Incident Management & Monitoring ?
who have especially advice for a beginner?
share me pls
This summer, I get the chance to do a Data and Security Analyst internship. The project I will be working on is supposed to focus on Data Loss Prevention. After doing some research in the beginning phases of this project, I have run into a… Continue reading What is the difference from DLP, EPP, and EDR?
Background:
We got a few new model SIP phones. Each phone has built-in unique certificate issued by the manufacturer.
Previous models had certs issued by a different CA and that CA cert was published, so I could verify the phone’s identity… Continue reading Why would device manufacturer refuse to publish root CA that signs devices but provides the CA via support ticket attachment
I think the title itself defines my question. Can anyone help me with identifying tolerance level/parameters/targets that should be considered while framing security readiness system?
I am struggling to appreciate the differences between the 7 steps of the NIST Framework for Improving Critical Infrastructure, which should help an organisation implement it.
Step 1: Prioritize and Scope. The organization identifies its
b… Continue reading What are the differences between "identifying threats and vulnerabilities" and "risk management"?
An asset has a value of Rs 2,000,000. In an attack, it is expected to lose 60 percent of its value. Countermeasure X will cut the loss by one-third. Countermeasure Y will cut the loss by half. Both countermeasures will cost Rs 2000 per Mon… Continue reading Calculate risk in this scenario [closed]
To says things simple ; when someone wants to learn offensive web application (or system) hacking, one could just download OWASP DVWA or register to Hackthebox and watch Ippsec videos to see "how to walk the walk". This is very t… Continue reading Why practical risk analysis tutorials do not exists?
Generally speaking we can specify the potential risk into 2 categories: user-agent risk and client server risk.
As for the 3 client types mentioned in section 2.1 of the Oauth 2.1 draft (https://tools.ietf.org/html/draft-parecki-oauth-v2-1… Continue reading The trade-off between user-agent risk and client server risk in Oauth 2.0 / 2.1 security framework
I am attempting to construct a ranking of US publically-traded companies according to how much they would put their customers at risk when a data breach happens.
My question to infosec practioners with experience of real breaches is, what … Continue reading Company Security Policy Ranking Metrics [closed]