Ahmed Sharaf

Mitigating Cloud Vulnerabilities – National Security Agency

National Security Agency – Mitigating Cloud Vulnerabilities National Security Agency guidance on how to reduce overall exposure to the risk cloud presents and how to enhance your security posture. While careful cloud adoption can enhance an organization’s security posture, cloud services can introduce risks that organizations should understand and address both during the procurement process and while operating in the cloud. Fully evaluating security implications when shifting resources to the cloud will help ensure continued resource availability and reduce risk of sensitive information exposures. To implement effective mitigations, organizations should consider cyber risks to cloud resources, just as they would in an on-premises environment. This document divides cloud vulnerabilities into …

Mitigating Cloud Vulnerabilities – National Security Agency Read More »

National Security Agency - Mitigating Cloud Vulnerabilities

Aligning to the NIST CSF in the AWS Cloud

Aligning to the NIST CSF in the AWS Cloud Abstract: Governments, industry sectors, and organizations around the world are increasingly recognizing the NIST Cybersecurity Framework (CSF) as a recommended cybersecurity baseline to help improve the cybersecurity risk management and resilience of their systems. This paper evaluates the NIST CSF and the many AWS Cloud offerings public and commercial sector customers can use to align to the NIST CSF to improve your cybersecurity posture. It also provides a third-party validated attestation confirming AWS services’ alignment with the NIST CSF risk management practices, allowing you to properly protect your data across AWS. DOWNLOAD

Aligning to the NIST CSF in the AWS Cloud

Data Protection and Privacy Compliance in the Cloud

Data Protection and Privacy Compliance in the Cloud: Privacy Concerns Are Not Slowing the Adoption of Cloud Services, but Challenges Remain Executive Summary: The Ponemon Institute is pleased to present the findings of Data Protection and Privacy Compliance in the Cloud, sponsored by Microsoft. The purpose of this research to better understand how organizations undergo digital transformation while wrestling with the organizational impact of complying with such significant privacy regulations as the GDPR. This research explored the reasons organizations are migrating to the cloud, the security and privacy challenges they encounter in the cloud, and the steps they have taken to protect sensitive data and achieve compliance. Key Findings: Privacy concerns are …

Data Protection and Privacy Compliance in the Cloud Read More »

Data Protection and Privacy Compliance in the Cloud

Mapping Microsoft Cyber Offerings to NIST

Mapping Microsoft Cyber Offerings to: NIST Cybersecurity (CSF), CIS Controls and ISO27001:2013 Frameworks The NIST Cybersecurity Framework (CSF) is a voluntary Framework consisting of standards, guidelines, and best practices to manage cybersecurity-related risk. The Framework complements an organization’s risk management process and cybersecurity program. The organization can use its current processes and leverage the Framework to identify opportunities to strengthen and communicate its management of cybersecurity risk while aligning with industry practices. Alternatively, an organization without an existing cybersecurity program can use the Framework as a reference to establish one. Microsoft Cyber Offerings that can help an organization meet the security functions Certain functions that should be fulfilled by the …

Mapping Microsoft Cyber Offerings to NIST Read More »

Mapping Microsoft Cyber Offerings to NIST

The Disaster Recovery Difference

Backup versus Disaster Recovery: Making the Right Assessment In data protection, recognizing when a data loss event is a minor blip versus a major catastrophe adds tremendous value to our clients – determining the action taken and the impact to their bottom line. Sometimes accessing a secure backup is sufficient. Other times critical data must be instantaneously recovered.      

The Disaster Recovery Difference

Active Shooter Defense

You should feel safe where you work, worship, learn, & play… Defendry watches your security cameras 24/7 to automatically detect, deter, and report potential threats in just seconds. Early detection can even automatically lock a shooter out before entering. 2,808 Causalities from Active Shooter Incidents in the United States from 2000 to October 2019 Automatic Lockdown 24/7 Human Verification Immediate Emergency Notifications

Active Shooter Defense

DHS, federal agencies urge vigilance from infrastructure operators, facilities

Then last week, the CISA published another Insights bulletin – Enhancing Chemical Security During Heightened Geopolitical Tensions – which “urges facilities with chemicals of interest (COI)…to consider enhanced security measures to decrease the likelihood of a successful attack.” COI is a term used for a list of more than 300 hazardous chemicals that if misused could cause harm to individuals, facilities or society in general, such as if they were stolen and converted into weapons. Utilities should report any physical security incidents or threats to WaterISAC (analyst@waterisac.org or 866-H2O-ISAC), their local police department, and the FBI (via a local field office). Malicious cyber activity should be reported to WaterISAC as well as to the FBI …

DHS, federal agencies urge vigilance from infrastructure operators, facilities Read More »

DHS, federal agencies urge vigilance from infrastructure operators, facilities

Recommendations for IoT Device Manufacturers

Foundational Activities and Core Device Cybersecurity Capability Baseline (2nd Draft)   Date Published: January 2020 Comments Due: February 7, 2020 Email Comments to: iotsecurity@nist.gov Author(s) Michael Fagan (NIST), Katerina Megas (NIST), Karen Scarfone (Scarfone Cybersecurity), Matthew Smith (G2) Abstract Internet of Things (IoT) devices often lack device cybersecurity capabilities their customers—organizations and individuals—can use to help mitigate their cybersecurity risks. Manufacturers can help their customers by improving how securable the IoT devices they make are, meaning the devices provide functionality that their customers need to secure them within their systems and environments, and manufacturers can also help their customers by providing them with the cybersecurity-related information they need. This publication describes voluntary, recommended activities related to …

Recommendations for IoT Device Manufacturers Read More »

Recommendations for IoT Device Manufacturers

Mitre Adds ICS-Specific Techniques To ATT&CK Framework

#MITRE has released a version of its ATT&CK knowledgebase covering tactics and techniques used in attacks against industrial control systems. MITRE’s ATT&CK, which stands for Adversarial Tactics, Techniques and Common Knowledge, is a framework widely used by cybersecurity professionals to check whether their defenses are enough to detect and block attacks. The first ATT&CK model was released in 2013 with a focus on Microsoft Windows. Since then, it has expanded to include Linux, Mac OS, and cloud platforms. The matrix of tactics and techniques describe how attackers break into and move within systems, from initial access and exfiltration. By breaking out different tactics into specific categories, defenders can detect and …

Mitre Adds ICS-Specific Techniques To ATT&CK Framework Read More »

MITRE ATT&CK FRAMEWORK

DHS Issues Rare Warning to Firefox Users: Update Your Browser Immediately

DHS Issues Rare Warning to Firefox Users: Update Your Browser Immediately The Cybersecurity and Infrastructure Security Agency (#CISA) encourages users and administrators to review the Mozilla Security #Advisory for Firefox 72.0.1 and Firefox ESR 68.4.1 and apply the necessary updates. By default, Firefox will update automatically, but you can always do a manual update. Manual updates will still let Firefox download an update, but it won’t install it until you restart Firefox. Here’s how to set it up: On the menu bar click the Firefox menu and select About Firefox. The About Firefox window will open. Firefox will begin checking for updates and downloading them automatically. When the download is …

DHS Issues Rare Warning to Firefox Users: Update Your Browser Immediately Read More »

DHS Issues Rare Warning to Firefox Users to Update Your Browser Immediately
Scroll to Top