Tag: InfoSecWOTD

InfoSecWOTD#6 Blue Team ๐Ÿ›ก

Today’s #infosec Word of the Day #6 is

#Blueteam ๐Ÿ›ก

You may have heard the term, Blue Team, sometimes also used in a discussion on security assessments. Also used is Pen Testing* & Red Team. The concept of the blue team & red team has their humble beginnings in the military. The idea behind this is that one group attacks another team & the second team tries to defend themselves. 

So a blue team is a group of individuals who work tirelessly to ensure security, identify security flaws, verify the effectiveness of each security measure, and make certain all security measures will continue to be effective after implementation. Essentially they work for the company from the inside.

That was it for today, follow me for more tidbits, and hit that like button on this post to automatically engage in a conversation and keep. A new word* will be posted tomorrow.

#learning!#threatassessment #cybersecurityawareness #cybersecurity #blueteam #penetrationtesting #INFOSECWOTD

InfoSecWOTD#4 PKI ๐Ÿ“ƒ

Thank you for your feedback and comments. Let us get down a little deeper in #Infosec today.

Today’s #infosec Word of the Day #4 is

#PKI ๐Ÿ“ƒ – Public Key Infrastructure

If you work for any organization today, most likely in the role of asset owners, risk managers, principal engineers and various positions who are responsible for your organizations systems, products and solutions, you will come across this term #PKI. It stands for Public Key Infrastructure.

Simply put, a PKI is a system of software, hardware, creation, storage, and distribution of digital certificates.

The core of most security systems is authentication and access control and the digital certificates give us the ability to identify people and machines behind the information that is presented either on the screen or to other systems for further processing.

They also provide the ability to secure sensitive electronic information as it is passed back and forth between two parties, and provides each party with a key to encrypt and decrypt the digital data

#sslcertificates are one prime example of these. As an exercise of your cyber-hygiene, go ahead and click on the ๐Ÿ”“ icon on any website, and see which PKI Organization issued the SSL Certificate.

That was it for today, follow me on LinkedIn and hit that like button on this post to automatically engage in a conversation and keep #learning!

#digitalcertificates #threatassessment #cybersecurityawareness #cybersecurity #cyberhygiene #INFOSECWOTD

InfoSecWOTD#3 Cyberhygiene ๐Ÿงน

Today’s #infosec Word of the Day #3 is

#Cyberhygiene ๐Ÿงน

One of the buzz word thrown around in many discussions around best practices in #Infosec with respect to the security culture in a company.

Cyber hygiene is the cybersecurity equivalent to the concept of personal hygiene in public health. 

The European Union’s Agency for Network and Information Security (ENISA) states that “cyber hygiene should be viewed in the same manner as personal hygiene and, once properly integrated into an organization will be simple daily routines, good behaviors, and occasional checkups to make sure the organization’s online health is in optimum condition”.

ENISA even published a report in 2016 -https://lnkd.in/e5kkdbd

That was it for today, follow me on LinkedIn and hit that like button on this post to automatically engage in a conversation and keep #learning!

#riskmanagement #threatassessment #cybersecurityawareness #cybersecurity #cyberhygiene #INFOSECWOTD

InfoSecWOTD#2

Today’s #infosec Word of the Day #2 :
#PASTA ๐Ÿ (-threat modelling methodology)

This PASTA is for a different kind of appetite, the one associated with threats aka #Riskappetite.

PASTA is a threat modelling methodology to identify threats in a very systematic way. It stands for Process for Attack Simulation and Threat Analysis , a 7 step risk centric method to identify threats.

That was it for today, follow me on LinkedIn and hit that like button on this post to automatically engage in a conversation and keep #learning!
#riskmanagement #threatassessment #cybersecurityawareness  #cybersecurity
#INFOSECWOTD