Manual inspections are human reviews that typically test the security implications of people, policies, and processes. Manual inspections can also include inspection of technology decisions such as architectural designs. They are usually conducted by analyzing documentation or performing interviews with the designers or system owners. While the concept of manual inspections and human reviews is …
Cobalt Strike 4.6 is now available. This isn’t a consistent release, as it mostly focuses on security updates. There are also a couple of useful updates for users. A major release is planned for this summer, so this release lays the groundwork for the changes that are coming at that point. Security Updates This is …
Sooty Sooty is a tool developed with the task of aiding SOC analysts with automating part of their workflow. One of the goals of Sooty is to perform as many of the routine checks as possible, allowing the analyst more time to spend on deeper analysis within the same time-frame. Details for many of Sooty’s …
The source code and repositories that make up an application can represent hundreds or thousands of hours of work and comprise important intellectual property for an organization. Organizations must be prepared to take multiple levels of risk mitigation to protect the code, as well as the applications. Security of the software environments. Historically, security has …
How to Identify and Apply Security Controls in Development Environments Read More »
In this Post we are discusses the various methods and considerations when developing an application. The lifecycle of development does not typically have a final goal or destination. Instead, it is a continuous loop of efforts that must include steps at different phases of a project. Development methodologies. There are many different development methodologies that …
This post covers personnel safety — making sure employees can safely work and travel. While some of the techniques are common sense, others are less obvious. Travel. The laws and policies in other countries can sometimes be drastically different than your own country. Employees must be familiar with the differences prior to traveling. For example, …
How to Address Personnel Safety and Security Concerns Read More »
Physical security represents securing your physical assets such as land, buildings, computers and other company property. Perimeter security controls. The perimeter is the external facility surrounding your buildings or other areas, such as the space just outside of a data center. Two key considerations are access control and monitoring: Access control. To maximize security, your …
Linux has been branded for its various distributions that provide to various needs. One of the most well-known distribution is Kali Linux, a penetration testing orientated OS. Since its announcement, Kali has gone through various repetitions in the form of updates while other penetration testing/ cybersecurity related distributions were also being developed around the world. In …
Business continuity includes disaster recovery, but it covers other things as well. Disaster recovery is a very specific series of processes to recovery from a disaster. Business continuity focuses on ensuring the business experiences minimal or no downtime (with the hope that a disaster recovery process won’t be needed). Think of business continuity as a …
How to Participate in Business Continuity (BC) Planning and Exercises Read More »
Testing your disaster recovery plans is an effective way to ensure your company is ready for a real disaster. It also helps minimize the amount of time it takes to recover from a real disaster, which can benefit a company financially. There are multiple ways of testing your plan: Read-through/tabletop. The disaster recovery teams (for …
