Security Managment

更多类似内容

Health & Safety

由Alan Crooks

Lesson 1: What is a digital footprint?

由Summer Ly

Futures Wheel

由Amy Spielmaker

Training vs Learning

由DAVID ALEJANDRO MALAVER RODRIGUEZ

Security Managment

Security Operations

Incidents

Response

SOAR

Monitor

Synthetic

Passive

Logs

Configuration and system managment

Antimalware

IDS / IPS

Asset managment

Patching and vulns

Vulnerability scan

Vulnerability Managment

Patch Managmente

System to manage

Configuration Managment

Automation

Baseline ( images)

EOS

EOL

Applying people

Travel

Priviledge Account Manager

Mandatory Vacations

M of N

Two Person control

Need to know and least priviledge

IAM

Protection Methods

Logon notification

Lockout

Masking

MFA

Salt and pepper

Access control

Access Controls

Atritube based

Rule Based

Role Base

Mandatory

Discretionary

Implementing SSO internal

RADIUS

TACACS+

SESAME

Kerberos

Access Review

Account Maintenance

New Role

Deprovisioning

Provisioning

Implementing SSO External

Federal

OIDC

Oauth

OpenID

SAML

Factors

Something you are

Something you have

Something you know

Laws Regulations and Compliance

Authorize to operate

Regulations

GDRP

SOX

HIPPA

PCI

Policies

Procedures

Policie

Data store

Privacy policie

NIST or ISO27000

Guideline

Baseline

Standard

Privacy

Import / Export

Licenses

Intelectual property

Disater Recover

Maintenence

Lesson learned

Full interrumpt

Parallel

Simulation

Structured Walk- trough

Read-Through

Development

Escrow arragment

Backups

Personnel and communications

Emergency response

Strategy

DB recovery

Sites

Workgroup recovery

Emergency communications

Crisis Managment

Bussenss priorities

Fault Tolerance

Power sources

UPS

Servers

Load Balancer

Clusters

Hard drive

RAID

Bussiness Continuity

Approval and Implementation

Excercise

Emergency

Vital Records

Statment of urgency

Statment of importance

Cp Goals

BCP documentation

Continuity Plan

Provisions and process

Buldings / Facilities

Warm site

Hot Site

Cold site

People

Strategy develpment

Bussiness Impact Analysis

Project scope and planning

Legal and regulation

Resources requeriments

BCP team Selection

Originitional review

Risk Assessment

Monitoring

Mitigate

Technical

Administrative

Directive

Recover

Corrective

Compensating

Detective

Deterrent

Preventive

Physical

Threat Modeling

Priorization and response

Ignoring

Aceptance

Avoidance

Transfer

Mitigation

Reduction Analysis

Detemining and diagramming potential attack

Identify threats

Identify

Supply Chain

Qualitative

Impact

Likehood

Quantitative

Anualized loss of ocurrance

Annualized rate of ocurrance

Single loss expectation

Exposure Factor

Asset Value

Application

Memory

Pointer reference

Resource exhaustion

Code security

API

Practices

Hard code credential

Erros Handling

Comments

Resilence

Elasticiiy

Scalability

Integrity measurement

Se diversity

Reuse

Signing

Controls

Parameter pollution

Metcharacter

Input

Software Devolpment

DB

Security

Obfuscation and camuflage

Parameterized

ODCB

ACID

Inference

Agregation

Concurrency

Devlop

Scrum

PERT

Gant

Models

Agile

Cascade

SAM

IDEAL

CMM

Lifecycle

Maintence

Testing

Code review

Coding

Desing Review

Control Specification

Functional requeriments

Conceptual

Secuity Asssessment and Testing

Security Managment process

KPI

Train and Awarness

Disaster Recovery and Bussiness Continuity

Account Manager

Log review

Testing code

Test coverage

Misue Case

Interface

Code review ( Fagan)

Assessment

Compliance check

Pentest

Black

Gray

White

Vulnerabilities

Infraestructure

Website

Communication and Network Security

Other technologies

NFC

RFID

Bluethoot

Secure Comunication

SPF

DKIM

PGP

Endpoint

MSSP = XDR Central + Premise and cloud + SOC

XDR = EDR + MRR + EPP + NTA + NIDS + NIPS

EPP = ERR with IPS / IDS

MDR = SIEM + NTA + EDR + TDS

EDR = AV + IDS+ FW

Switching

Virtual

Packet

Firewall

Circuit

Statefull

Next Gen

WAF

Static

Protocols

TLS

SSH

Kerberos, Radius, TACACS

Components

Screened subnet

Bastion host

Screened host

Architectures

VPN

Proxy

VxLAN

SDN

CDN

Load balancing

Active vs pasive

Active vs active

Wireless

Secure

NAC

WIDS

VoIP

RTP

SIPS

Security Architecture

Site and Facilities

Fire Prevention

Restricted Work Area security

Evidence store

Media Store

Acces Abuse

Camares

IDS

Data Center

Wiring closet

Equipment Failure

Security Models

Take Grant

Brewer Nash

Clark Wilson

Bell La Padula

Biba

Cryptography

Certificates

PKI

Hashing

Asymetric

Symetric

Ensuring CIA

Trust and assurance

Access controls

Isolation

Bounds

Confinement

Secure Design Principles

Trust but verify

Privacy by design

Zero Trust

Keep it simple

Fail Secure

Secure Defaults

Open and close

Object and subject

Security Assets

Roles

Custodian and admins

Data processor and controllers

Bussiness Owner

Asset Owners

Data Owners

Data protection Mechanism

Maskering

Anonymization

Tokenization

Pseudonymization

Cloud access security Broker

Digital Right Managment

Data classification

Requiriments

Destruction

Shredding

Destroy

Purging

Erasing

Data Location

Collect Limitation

Handling sensitive

Labeling

DLP

Host

Network

Data Maintenance

Personnel Security

Offboarding

Offboarding process

Publish fired

Reuse place

Chat

Card

Email

Network access

Mobile

Transfer

Oversight

Train & Awarness

Need to know

Separation of duties

Mandatory Vacation

Job Rotation

Onboarding

Least Priviledge

No Disclosure Agreement

Sign Security Policies

IAM and provisioning