Cyber Economics (1) – Development of a security control baseline

This is a short post of a simple of Cyber Economics framework to help organisations develop investment strategies to reduce Cyber Risk. The framework is based on a research paper produced by AFCEA International Cyber Committee. This document was created in 2013 but the principles are still the same in 2020 as well as the…

Threat oriented cyber strategy with Cyber Prep

Cyber Prep is a preparedness methodology that aligns with a Multi-tier approach to Risk Management as defined in NIST SP 800-39. Cyber Prep supports the first step of this multi-tier approach which is Risk Framing. Risk framing pertains to the organizational level and from there it cascades all down to Mission / Business and Systems…

Understanding the threat for Organizational Cyber Preparedness

I have spent some time working in the threat industry and through my own experience, I started getting interested in looking at things from a different perspective. There are great professionals and researchers in this area of cyber security however, it lacks cohesion. A higher degree of cohesion within as well as in other areas,…

How They Rule the World: The 22 Secret Strategies of Global Power

This a short review of a geostrategy book written by Pedro Baños, Pedro is a colonel of the Spanish Army and a specialist in geostrategy, defense, security, and jihadist terrorism and he held different positions during his career from Lieutenant to Head of Counterintelligence and Security for Europe in Strasbourg. I initially got interested in this…

Russian disinformation operations for the masses

This a very good, short and to the point documentary on how Russia has been developing their disinformation operations. Having researched this field through papers and doctrine; I recommend watching this video. It is very succinct with real examples from the past and present in which the objectives and impact of these operations in western…

Free cyber intelligence courses from Augusta university

By chance, a few days ago I came across three free courses from the University of Augusta. These courses have been recognized by the NSA’s cybersecurity curriculum program. http://jagwire.augusta.edu/prestigious-nsa-recognition-for-augusta-university-cyber-security-instruction/ The courses are the following: The Global Cyber Threat Environment Cyber Conflict Strategic Cybersecurity I have not had time to go through all the courses however…

Cyber Intelligence Tradecraft Report by Carnegie Mellon University

A few days ago through my network of contacts, I found this report about Cyber Intelligence trade-craft and its evolution in the United States. This report is absolutely mind-blowing with its 176 pages of research on the evolution, challenges and best practices in the evolving field of Cyber Intelligence. The recommended audience as defined by…

Active Cyber Defence: deception and attacker control (2)

Let’s assume that until now, we have been applying active cyber defence in our environment. We are consuming intelligence, creating intelligence and working in tandem with our security operations teams to outmaneuver the adversary. We have also adopted the cyber kill chain model and other models to integrate intelligence within operations. Also, we are updating…

Cyber Deception: Building the scientific foundation

Looking to understand better cybe deception systems and current state of this technology, I made a thorough search in internet fiding this books in Amazon. The books is a compendium of different research papers aimed at defining cyber depection, its capabilities and technicalities to design them. If you are interested specifically in the design of…

Post Quantum Cryptography for the Internet of Things: PKI is ageing

It’s been a very hectic end of the year – researching technologies and working on some professional projects that will hopefully see the light this new year. It is during this last month whilst going through all these prediction reports for 2016, that I have realised that at least for the last 3 years encryption is being…

December webinars

I leave you here some interesting webinars for those looking to get some CPE credits. I am currently researching the role of the use of privileges accounts in the attack lifecycle and some of these webinars focus on the subject. The Most Travelled Attack Path: Securing the Privileged Pathway Stopping Attacks Before They Stop Business…