Month: February 2022

Corporate Security Standards, Best Practices, and Frameworks

/ bugejajoseph / Leave a comment

Effective information security management involves the use of standardized frameworks to guide decisions pertaining to security. All organizations have a responsibility to safeguard their information assets and reduce risk by using well-defined frameworks that are supported by corporate standards and best practices.

Over the years, many such standards, best practices, and frameworks have been developed for supporting information security managers. Along with ensuring that correct security controls are implemented, it is also important to be able to build and develop the business, IT, and security processes in a systematic and controlled manner. The security controls can be seen as the objects, and the processes are how these objects are used. 

A simple depiction of the different security standards, best practices, and frameworks is shown below.

If you wish to learn about any of the above, please get in touch. You are also invited to suggest themes for me to write about.

The Ultimate OSINT Collection

/ bugejajoseph / Leave a comment

For threat agents, reconnaissance (scouting) and gathering intelligence are vital. The aim is to get as much information about a potential target, as possible. With that information, they can exploit any weaknesses in a system or an individual, which will allow them to gain access to a system. One type of data that is often overlooked by victims and hackers alike is publicly available data. The collecting and analysis of data acquired from open sources (overt and publicly available sources) is known as open-source intelligence (OSINT). Some examples of OSINT are social media, forums, news, blogs, public data and reports, and other publicly available materials.

Red or blue, OSINT could effectively assist threat agents and researchers alike in discovering dark places that they may be unaware of. It allows them to create attack scenarios for red teams or hypotheses for threat hunting. Most cybersecurity initiatives, in my opinion, should include OSINT; a service that is often overlooked. A fantastic one-stop shop for the best OSINT content is compiled by @hatless1der and is available at the website: https://start.me/p/DPYPMz/the-ultimate-osint-collection.

Investigative tools/resources collection from Hatless1der OSINT collection.

Please remember to get in touch if you want to learn more about cyber security research and OSINT.