Tag Archives: compliance

AWS Security – Part 1- Securing Root Account with MFA

Task: Create AWS account and set up for below tasks What is the need to perform this: Securing an AWS root account is crucial because it has unrestricted access to all resources and services within your AWS environment. If compromised, an attacker could delete resources, steal data, or even lock you out of your ownContinue reading “AWS Security – Part 1- Securing Root Account with MFA”

Audit Conclusions

Objectives of Audit Conclusions Preparing Audit Conclusions ISO 19011, clause 6.4.9 Before the closing meeting, the auditors meeting consult each other to: Discussing Audit Conclusions with the Auditee It is important to discuss audit findings and conclusions with the management before the closing meeting and submitting the final report to: Closing Meeting Agenda Model PreparingContinue reading “Audit Conclusions”

Stage 2 audit

Objectives of Stage 2 Audit Step 1 Conducting the opening meeting ISO 19011, Clause 6.4.3 The purpose of the opening is to: Step 2 Collecting Information Information can be collected in the form of: and many more… Audit Procedure – Interview Ask employees and other interested persons (third parties) questions (verbal or written) to gatherContinue reading “Stage 2 audit”

Stage 1 Audit

Objectives of the Stage 1 Audit Stage 1 Audit steps Site Visit Activities To be Carried Out Document review The main objectives of the document audit are: • General understanding of the operation of the management system • Evaluation of the design of the management system as well as the related processes and controls •Continue reading “Stage 1 Audit”

Cybersecurity Breaches: Recent High-Profile Cases in the month of February 2025

OpenAI Data Breach – Threat Actor Allegedly Claims 20 Million Logins for Sale Threat actors from dark web forums claim to have stolen and leaked 20 million OpenAI user login credentials, potentially making OpenAI the latest high-profile target of a significant data breach. This alleged breach has raised serious concerns among tech users and cybersecurityContinue reading “Cybersecurity Breaches: Recent High-Profile Cases in the month of February 2025”

DevSecOps – Secure Software Development

TryHackMe’s DevSecOps Learning Path focuses on securing pipelines and introducing Infrastructure as Code (IaC) and Containerisation security techniques. You’ll learn the tools and practices to ensure robust development processes and secure software deployment workflows. From fortifying pipelines to automating infrastructure management, you will gain practical insights into modern DevSecOps methodologies. Secure Software Development Lab: IntroductionContinue reading “DevSecOps – Secure Software Development”

Cybersecurity Breaches: Recent High-Profile Cases in the month of January 2025

Ransomware attack on New York Blood Center forces workarounds, drive cancellations One of the largest independent blood centers serving over 75 million people across the U.S. has been hit by a ransomware attack, forcing officials to reschedule blood drives and implement workarounds. New York Blood Center Enterprises said its team discovered suspicious activity affecting theContinue reading “Cybersecurity Breaches: Recent High-Profile Cases in the month of January 2025”

Monthly Round Up for the month of December 2024

Deloitte UK Reportedly Cyberattacked for 1 TB of Sensitive Data by Ransomware Group The Brain Cipher Ransomware group has reportedly claimed responsibility for a cyberattack on Deloitte UK. They allege that they have exfiltrated over 1 terabyte of data. This breach, if confirmed, could have serious implications for Deloitte’s clients and its professional reputation. However,Continue reading “Monthly Round Up for the month of December 2024”