CISSP for Dummies - ISC2 Approved

The CISSP certification is widely held as the professional standard for information security professionals. It enables security professionals to distinguish themselves from others in the information security field by validating both their knowledge and experience. Likewise, it enables businesses and other organizations to identify qualified information security professionals and verify the knowledge and experience of candidates for critical information security roles in their respective organizations. Thus, the CISSP certification is more relevant and important than ever before.

CIS Controls Cloud Companion Guide

The CIS Controls™ are a prioritized set of actions that collectively form a defense-in-depth set of best practices that mitigate the most common attacks against systems and networks. The CIS Controls are developed by a community of IT experts who apply their first-hand experience as cyber defenders to create these globally accepted security best practices. The experts who develop the CIS Controls come from a wide range of sectors including, retail, manufacturing, healthcare, education, government, defense, and others.

How 'the invisible network' poses a major security threat

If a hacker managed to switch off a life-support machine, the results could be fatal

Imagine a hacker remotely turning off a life support machine in a hospital, or shutting down a power station. These are the nightmare scenarios we face because many organizations haven't a clue how many unsecured devices are connected to their networks, cyber-security experts warn.
It was an ordinary day at a busy hospital - doctors, nurses and surgeons rushed about attending to the health of their patients.
For Hussein Syed, chief information security officer for the largest health provider in New Jersey, it was the health of his IT network that was keeping him busy.

Web Server Penetration Testing Checklist

Web server pen testing performing under 3 major category which is identity, Analyse, Report Vulnerabilities such as authentication weakness, configuration errors, protocol Relation vulnerabilities.

1. “Conduct a serial of methodical and Repeatable tests “ is the best way to test the web server along with this to work through all of the different application Vulnerabilities.

Active Directory - DNS and DHCP Security Checklists - Basic

 

Active Directory 

• Review the domain controller disk space reports.
• Backups of – AD, backup includes capturing system state, information related to AD database, logs, registry, boot files, SYSVOL and other system files.
• Evidence for AD replication is working correctly.
• Snapshot of event logs for persistent errors.
• Is defragmentation is done to increase performance as large directories running for long time can get large and fragmented.
• Proof of integrity of AD DS database files with respect to AD semantics using NTDSUTIL.
• Where password files are kept and who is responsible.
• Is there any formal method exists for adding new users?
• Is there any formal method of notifying the Administrator of staff changes exists, with access levels being amended without delay (particularly if staff are required to leave the organisation)?
• Any formal mechanism exists for changing users / access rights to the files.
• What is the User account/ID lockout due to invalid passwords attempts
• Are the IT Administrator users are also complying with these policies and IS there any generic IDs created in Active Directory?

Singapore leads the world in cyber attacks

More cyber attacks are launched from Singapore than anywhere else in the world, according to a report from Israeli data security firm Check Point Software Technologies.

The small Southeast Asian country has overtaken Russia, China and the US as the top attacking nation.

Eying Wee, Check Point's Asia-Pacific spokeswoman, told Bloomberg that it was not unusual for Singapore to be featured among the top attacking countries as much of the internet traffic flowing through Singapore doesn't actually originate there.