Advance Persistent Threat

Cyber Economics (2) – Deployment of advanced targeted security controls with Threat Modelling and Cyber Insurance

In my previous post, I went through the need and benefits of deploying a security control baseline according to the framework researched. Two of the most important ideas extracted from the first post are: Implementing a security control baseline to address low to moderate threat sophistication is essential and economically beneficial, because it will target…

Cyber Economics (1) – Development of a security control baseline

This is a short post of a simple of Cyber Economics framework to help organisations develop investment strategies to reduce Cyber Risk. The framework is based on a research paper produced by AFCEA International Cyber Committee. This document was created in 2013 but the principles are still the same in 2020 as well as the…

Defensible architectures

Defensible architectures are those that follow a set of specific practices oriented to avoid the shortcomings of classic security architecture. In a classical security architecture, systems are hardened during the design stage and they continue like this thorough the whole life-cycle thus assuming the threat’s modus operandi is constant unlike in a defensible architecture in…

Threat oriented cyber strategy with Cyber Prep

Cyber Prep is a preparedness methodology that aligns with a Multi-tier approach to Risk Management as defined in NIST SP 800-39. Cyber Prep supports the first step of this multi-tier approach which is Risk Framing. Risk framing pertains to the organizational level and from there it cascades all down to Mission / Business and Systems…

Understanding the threat for Organizational Cyber Preparedness

I have spent some time working in the threat industry and through my own experience, I started getting interested in looking at things from a different perspective. There are great professionals and researchers in this area of cyber security however, it lacks cohesion. A higher degree of cohesion within as well as in other areas,…

Network attacks and exploitation: a framework

There is no other book like this one, indeed I would say this is the only book I have read of this nature. It has been written and edited by Matthew Monte and Dave Aitel two experts in the field. The main focus of the book is Computer Network Exploitation (CNE) from a strategic point…

Free cyber intelligence courses from Augusta university

By chance, a few days ago I came across three free courses from the University of Augusta. These courses have been recognized by the NSA’s cybersecurity curriculum program. http://jagwire.augusta.edu/prestigious-nsa-recognition-for-augusta-university-cyber-security-instruction/ The courses are the following: The Global Cyber Threat Environment Cyber Conflict Strategic Cybersecurity I have not had time to go through all the courses however…