Why IAM Matters in Cloud IAM is the new perimeter in cloud security. Most cloud breaches happen due to misconfigured IAM (too much access or weak authentication). How IAM Differs in Cloud Point Meaning Spans multiple organizations Users access many cloud services; trust must extend across orgs. Different IAM models per CSP AWS IAM ≠Continue reading “CCSK Domain 5 — Identity & Access Management”
Category Archives: Uncategorized
Network Terminology
Virtual Local Area Network (VLAN) A VLAN, or Virtual Local Area Network, is a logical segmentation of a physical network allowing multiple groups of devices to be separated into distinct broadcast domains even if they share the same physical infrastructure. In simple words, imagine you have a big school with lots of classrooms and manyContinue reading “Network Terminology”
May 2025: Major Data Breaches and Cyber Attacks
South African Airways hit by cyber attack South African Airways (SAA) has become the latest organisation to fall victim to a cyber attack. In a statement released today, the flagship carrier of South Africa says it has been impacted by a significant cyber incident that began on Saturday, 3 May. According to SAA, the breachContinue reading “May 2025: Major Data Breaches and Cyber Attacks”
Transitioning to PCI DSS 4.0: Essential Compliance Updates
The shift from PCI DSS 3.2.1 to 4.0 brings critical security enhancements to protect payment card data against evolving cyber threats. If your organization processes payments, these changes will impact you. The below table highlights changes for each requirement: Requirement PCI DSS v3.2.1 PCI DSS v4.0 (Changes & Enhancements) 1: Install and maintain a firewallContinue reading “Transitioning to PCI DSS 4.0: Essential Compliance Updates”
Domain 1 – Cloud Computing Concepts & Architectures
Definition of Cloud Computing NIST (SP 800-145) Defines Cloud Computing : Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. Abstraction &Continue reading “Domain 1 – Cloud Computing Concepts & Architectures”
Vulnerability Management
It is not a scan or a one-time project. Vulnerability Management is a “program” which organizations might use. The goal is to continuously identify vulnerabilities. Then, they must address these vulnerabilities in appropriate ways. It can contain many different projects like: What, Why and How? It is the process of identifying, analyzing and ranking vulnerabilities.Continue reading “Vulnerability Management”
Monthly Round Up for the month of September 2024
Ransomware attack forces high school in London to close and send students home A high school in south London has announced it will be closed for the first half of this week due to a ransomware attack, leaving approximately 1,300 students in the lurch. Students were sent home from the Charles Darwin School on Thursday,Continue reading “Monthly Round Up for the month of September 2024”
Monthly Round Up for the month of August 2024
ADT confirms data breach after customer info leaked on hacking forum ADT, a leading American company in building security, has confirmed a data breach incident. The breach involved threat actors who allegedly leaked customer information on a well-known hacking forum. ADT, a publicly traded company, focuses on providing security and smart home solutions to bothContinue reading “Monthly Round Up for the month of August 2024”
Monthly Round Up for the month of July 2024
AT & T cyber attack A massive AT&T Cyberattack caused Hackers to Steal Millions of Customer Records. Consequently, AT&T revealed that nearly all of its wireless customers’ call and text records were exposed. Furthermore, the hackers accessed customer data stored on a third-party cloud platform. Patient reports used as paper plates at Mumbai hospital A videoContinue reading “Monthly Round Up for the month of July 2024”
Monthly Round Up for the month of June 2024
Synnovis Cyber Attack: A ransomware attack on Synnovis, a pathology laboratory in the UK, severely impacted NHS services in South East London. This attack led to the postponement of over 800 elective procedures and 700 outpatient appointments between June 3 and June 9, 2024. The recovery process is ongoing, and NHS England is working withContinue reading “Monthly Round Up for the month of June 2024”
