Objective You have been asked to implement your organization’s virtual networking infrastructure and test to ensure it is working correctly. In particular: Exercise 1: Create the virtual networking infrastructure Step 1: Type Virtual networks and press the Enter key and click + Create. Step 2: Fill in the details On the IP addresses tab ofContinue reading “Lab 2: Network Security Groups and Application Security Groups”
Tag Archives: compliance
PDCA and Clauses
Plan(P) Do(D) Check(C) Act(A) ISO/IEC 27001:2022: Clause 4 of 10 Clause 4: Context of Organization ISO/IEC 27001:2022: Clause 5 of 10 Clause 5: Leadership ISO/IEC 27001:2022: Clause 6 of 10 Clause 6: Planning ISO/IEC 27001:2022: Clause 7 of 10 Clause 7: Support ISO/IEC 27001:2022: Clause 8 of 10 Clause 8: Operation ISO/IEC 27001:2022: Clause 9Continue reading “PDCA and Clauses”
Threat, Risk and Vulnerability
Threat: A potential cause of an unwanted Incident, which may result in harm to a System or OrganizationVulnerability: A vulnerability is a weakness of an asset or control that could potentially be exploited by one or more threats.Risk: A combination of the probability of an Event and its Consequence Risk Assessment is the total sumContinue reading “Threat, Risk and Vulnerability”
What is ISMS,CIA Triad
Information Security Management System (ISMS) Information Security Management System (ISMS) is a management system made of multiple interacting components. What is information? As per ISO/IEC 27000:“Information (knowledge or data) is an asset which, like other important business assets is of value to an organization and consequently needs to be suitably protected”. Information can be: InformationContinue reading “What is ISMS,CIA Triad”
Lab 1: Role Based Access Control
Objective You have been asked to create a proof of concept showing how Azure users and groups are created. Also, how role-based access control is used to assign roles to groups. Specifically, you need to: Step 1: Login to the portal Step 2: Go to Microsoft Entra ID and click on add user Step 3:Continue reading “Lab 1: Role Based Access Control”
Wazuh
Setting up Wazuh on Virtual Machine (OVA) User: wazuh-user Password: wazuh In our case it will be https://192.168.29.160 You will get the following web page User: admin Password: admin Setting up an agent on the endpoint. Once you login into the wazuh dashboard you can add agents: On clicking Agents option you will get theContinue reading “Wazuh”
Weekly roundup for August 20 to 26
SEIKO Data Breach The watch manufacturing company Seiko, targeted by the threat group BlackCat/ALPHV who operates as ransomware as a service. On August 10, the company notified its customers about a data breach after they detected unauthorized access to its server. Cloud Host Lost All Data There has been a cyber attack on two cloudContinue reading “Weekly roundup for August 20 to 26”
HackTheBox – Photobomb
NMAP Scanning Added address in /etc/hosts and open the web page Upon clicking the link it asks for credentials. As we do not have any credentials I got the page below. I tried to view the source code and found the photobomb.js file. After opening that file I got the credentials. Username: pH0t0 Password: b0Mb!Continue reading “HackTheBox – Photobomb”
Domain 2: Asset Security
Asset Types Asset Classification Asset Storage Apply appropriate controls based on classification Data is more valuable than the media Asset Security Data Classification Type of Data Data Stakeholders Data Remanence Data left over after a removal and deletion process Data Destruction Scoping Portion of standards that will be applicable for organization Tailoring Customizing standards asContinue reading “Domain 2: Asset Security”
Domain 1: Security and Risk Management
CIA Triad: IAAA: Accounting: The action owner logs are reviewed for violations Non-repudiation: The action owner cannot deny his/her actions Governance(Not us): Management(Us): Principle: There are 2 types of principles: Standards and Frameworks There are many security frameworks and standards available for security implementation and guidance for any organization. A few examples are Protection MethodsContinue reading “Domain 1: Security and Risk Management”
