cissp

#DiyakoSecureBow ———————————— CISO as A Service (vCISO) Ransomware Diaries Volume 4: Ransomed and Exposed — The Story of RansomedVC RansomedVC stands out as one of the most unconventional ransomware operations I’ve investigated. Its leadership strategically employs propaganda, influence campaigns, and misinformation tactics to gain fame and notoriety within the criminal community. While I may have my assessment of RansomedVC, I cannot deny the effectiveness of its tactics It also rubbed many people the wrong way, including other criminals Special Thanks❤️😇👍🏽🙏 Analyst1 -Secure Business Continuity- 2024.07.14 —————————————————— #CyberSecurity #Ransomware #Malware #EDR #IOC #SecureBusinessContinuity https://www.linkedin.com/posts/diyako-secure-bow_ransomware-2024-activity-7218258121205440512-c2wk?utm_source=share&utm_medium=member_ios

#DiyakoSecureBow ———————————— CISO as A Service (vCISO) AI SECURITY FRAMEWO Artificial Intelligence (AI) has revolutionized numerous domains, transforming the way we live and work. Its algorithms and models have proven their mettle by outperforming traditional methods in various applications, from natural language processing to self-driving cars. However, as AI permeates our lives, it introduces new security risks that can have catastrophic consequences. A compromised model could cause car accidents, misdiagnose illnesses, jeopardize lives, create fake content in news or manipulate stocks, impacting serious financial crises. To harness AI’s potential, while safeguarding against vulnerabilities, regular audits, adversarial testing, and transparent model development are essential. A practical framework for securing AI systems is crucial, ensuring that the future lies at the intersection of innovation and resilience. Join us as we explore the delicate balance between progress and security in the era of technological marvels. Special Thanks❤️😇👍🏽🙏 Snowflake -Secure Business Continuity- 2024.07.14 —————————————————— #CyberSecurity #AI #ML #Impact #Mitigations #SecureBusinessContinuity https://www.linkedin.com/posts/diyako-secure-bow_ai-security-framework-2024-activity-7218106831649329152-bIjQ?utm_source=share&utm_medium=member_ios

#DiyakoSecureBow ———————————— CISO as A Service (vCISO) MODERN APPROACHES TO NETWORK ACCESS SECURITY -Publication: 2024 The Cybersecurity and Infrastructure Security Agency (CISA) has frequently identified virtual private network (VPN) solutions that have been involved in many recent high-profile incidents, both with cyber criminals and nation-state actors. CISA has discovered over 22 Known Exploited Vulnerabilities (KEVs) related to VPN compromise, leading to broad access to victim networks. These incidents and associated vulnerabilities are prompting some to consider replacing their legacy VPN solutions with modern network access solutions. The shift of more services into the cloud also points to the value of Secure Access Service Edge (SASE) instead of a traditional security stack located in an on-premises data center. While some VPN solutions are inherently more secure than others—and not always the cause of major cyber incidents— current hybrid networks require adopting modern network access security solutions to help organizations protect corporate resources. Moreover, these network access solutions provide opportunities to integrate granular access control not inherent to traditional VPN approaches. CISA encourages a careful analysis of how your security needs have changed in light of increased use of cloud services and leveraging any technology updates to progress in your Zero Trust journey. Organizations that embrace these newer practices will reach an overall outcome closer to zero trust (ZT) principles. Special Thanks❤️😇👍🏽🙏 U.S. Department of State Cybersecurity and Infrastructure Security Agency @U.S. Federal Bureau of Investigation @New Zealand’s Government Communications Security Bureau @New Zealand’s Computer Emergency Response Team Canadian Institute for Cybersecurity -Secure Business Continuity- 2024.07.13 —————————————————— #CyberSecurity #CISA #NSA #CISO #DOD #SecureBusinessContinuity https://www.linkedin.com/posts/diyako-secure-bow_modern-approaches-2-nas-2014-activity-7217778531131396096-hmCX?utm_source=share&utm_medium=member_ios

#DiyakoSecureBow ———————————— CISO as A Service (vCISO) Reversing LogoFail: Security implications of image parsing during system boot 2023. Special Thanks❤️😇👍🏽🙏 BlackHat BINARLY -Secure Business Continuity- 2024.07.12 —————————————————— #CyberSecurity #Fuzz #Fuzzer #SecureBusinessContinuity https://www.linkedin.com/posts/diyako-secure-bow_log0fail-2023-activity-7217417999060787200-NZ3w?utm_source=share&utm_medium=member_ios

#DiyakoSecureBow ———————————— CISO as A Service (vCISO) Threat Research Game of Cross Cache: Let's win it in a more effective way! 2024. Special Thanks❤️😇👍🏽🙏 BlackHat -Secure Business Continuity- 2024.07.09 —————————————————— #CyberSecurity #Linux #Vulnerability #SecureBusinessContinuity https://www.linkedin.com/posts/diyako-secure-bow_game-crosscache-2024-activity-7216259176593817603-i_OX?utm_source=share&utm_medium=member_ios

#DiyakoSecureBow ———————————— CISO as A Service (vCISO) The internal audit & risk agend 2024 : looks to be another year of permacrisis with significant geopolitical disruption continuing. Most of the world’s major economies are undergoing elections in the coming year and the conflicts in the Ukraine and the Middle East continue to impact the global economy. Organisations that are only just beginning to recover from the disruption of three years of pandemic face further uncertainty in respect of inflation, interest rates, energy supply costs and talent shortages. knowledge and softer skills essential to the role internal auditors now need to enhance their understanding of governance and regulatory requirements and to develop their technical knowledge of information technology, data analytics, programme and project management, business resilience and ESG. The new global internal audit standards reflect this and look to raise the bar by making actions that were previously good practice into mandatory requirements for high performing internal audit functions. In addition to this the new standards now include the Audit Committee’s responsibilities for the first time. Heads of Internal Audit need to work with their Committee Chairs to make sure these are understood and addressed. Internal Audit therefore has a key role to play in supporting organisations to navigate a path through this uncertain and changing risk landscape. This document sets out some of the key challenges on the horizon that Heads of Internal Audit should be considering when thinking about the wider risks relevant to their organisations and the technical skills required to deliver meaningful assurance. Dependency on technology has increased even though cyber threats are higher than ever. Despite this, digitalisation is driving business transformation and recent developments in Artificial Intelligence and Blockchain present new opportunities for innovation but these carry a heightened level of risk. Cyber, privacy and digital transformation risks are understandably high on the Audit Committee agenda. Non-financial data is taking on a much higher profile with reporting obligations and stakeholder requirements being extended to compel disclosure of ESG performance and responses to climate change risks. This has required organisations to introduce new systems and controls to ensure that this data will stand up to stakeholder scrutiny. Regulators have sought to keep pace with these changes - introducing new legislation and disclosure requirements that need to be complied with. Expectations of Internal Audit remain high with demand for assurance expanding to cover a wider range of areas than ever before. Alongside the traditional controls Special Thanks❤️😇👍🏽🙏 BDO Spain -Secure Business Continuity- 2024.07.08 —————————————————— #CyberSecurity #Audit #Risk #Assesment #Security #SecureBusinessContinuity https://www.linkedin.com/posts/diyako-secure-bow_internal-audit-and-risk-2024-activity-7215809344045518849-kbFR?utm_source=share&utm_medium=member_ios

ESG (Environment, Social and Governance) 2023 saw an increase in regulatory reporting requirements across the globe and the launch of the International Sustainability Standards Board's (ISSB) global sustainability standards, following the aim to increase the consistency and quality of ESG reporting, to focus on material sustainability risks and opportunities and address greenwashing concerns. The trend of increasing regulatory and reporting requirements is expected to continue for the foreseeable future alongside an increasing demand for assurance over non-financial disclosures to add credibility to disclosures. For organisations to create and protect value and to be able to communicate effectively, ESG should not be considered as a year-end reporting requirement but be embedded within business as usual activities and decision making. ESG is a mechanism to quantify and report on an organisations sustainability efforts and goals and is increasingly important to internal and external stakeholders. This is because embedding sustainable business practices and ESG within the organisational strategy creates value, protects value and manages risk. To achieve this, it is critical to understand what sustainability and ESG means in the context of the organisation and its mission. Key considerations to achieve this include:  Which ESG topics represent the greatest potential risk or opportunity to the organisation and its long-term success?  Have clear ESG and sustainability objectives and targets been set and communicated across the organisation?  Are climate and sustainability risks integrated into wider risk management activities? Have key risk indicators been identified?  Are there robust processes, controls and systems in place across each of the ESG priority areas?  Is quality data readily available to enable performance to be monitored?  Is ESG reporting transparent, balanced, credible and fair? Does it focus on the material ESG risks to the organisations enterprise value?

#DiyakoSecureBow ———————————— CISO as A Service (vCISO) Welcome! This roadmap is intended to be a step-by-step path that I would take to becoming a cloud security engineer today, if I was embarking on this exciting journey. I will keep this roadmap updated with feedback from all who pass through here, and look to make this a useful resource for people looking to start a rewarding and fun career as a cloud security engineer. Let’s just start by saying – there is no one correct route to getting started in cybersecurity and cloud security. Every path and story are different, and this unique path will be a positive differentiator in your career. This roadmap has sections that provide individual guidance on transitioning to cloud security based on five common starting points: Cloud Engineer Security Engineer Systems Administrator Software Developer No or Little IT Background Special Thanks❤️😇👍🏽🙏 Pwned Labs Pwned Labs for Business -Secure Business Continuity- 2024.07.08 —————————————————— #CyberSecurity #CloudSecurity #CCSK #Vmware #Google #MicrosoftCloud #SecureBusinessContinuity https://www.linkedin.com/posts/diyako-secure-bow_cloud-security-roadmap-2024-activity-7215806636337078274-jraV?utm_source=share&utm_medium=member_ios

#DiyakoSecureBow ———————————— CISO as A Service (vCISO) Welcome to the 9th edition of the Edgescan Vulnerability Stats Report 2024. This report demonstrates the state of full stack security based on thousands of security assessments and penetration tests on millions of assets that were performed globally from the Edgescan Cybersecurity Platform in 2023. This is an analysis of vulnerabilities detected in the systems of hundreds organizations across a wide range of industries – from the Fortune 500 to medium and small businesses.🤓 The report provides a statistical model of the most common weaknesses faced by organizations to enable data-driven decisions for managing risks and exposures more effectively. We hope this report will provide a unique by-the-numbers insight into trends, statistics and a snapshot of the overall state of cybersecurity for the past year, from the perspective of vulnerabilities discovered and remediated, as well as penetration testing success rates. We are proud that this yearly report has become a reliable source for approximating the global state of vulnerability management. This is exemplified by our unique dataset being part of the Verizon Data Breach Investigations Report (DBIR), which is the de facto standard for insights into the common drivers for incidents and breaches today. This year we delve into Risk Density to describe where critical severity vulnerabilities and exposures are clustered in the IT technical stack, quantification of attack surface management exposures and risks, and Mean Time To Remediate (MTTR) critical vulnerabilities. Special Thanks❤️😇👍🏽🙏 Edgescan -Secure Business Continuity- 2024.07.07 —————————————————— #CyberSecurity #Vulnerability #Pentest #ASM #ThreatIntelligence #Risk #Patch #Hardening #SecureBusinessContinuity https://www.linkedin.com/posts/diyako-secure-bow_vulnerability-statistics-report-2024-activity-7215469671758647296-YRgp?utm_source=share&utm_medium=member_ios

#DiyakoSecureBow ———————————— CISO as A Service (vCISO) The enterprise guide to AI-powered DevSecOps: DevSecOps is a practice and methodology that seeks to make shifting left a reality by integrating security into every step of the software development lifecycle (SDLC). At its core, DevSecOps works to align security work, and in some cases, engineering and security roles that historically would be done separately, directly into the DevOps workfow. As a result, DevSecOps reduces the cost and impact of security breaches, and enables teams to ship secure software faster. In fact, IBM’s 2023 Cost of a Data Breach report cites a $1.68M cost savings for organizations with high DevSecOps adoption compared to those with low or no adoption. As Result DevSecOps =Culture😊 Special Thanks❤️😇👍🏽🙏 GitHub And My lovely Mate Hadess | حادث -Secure Business Continuity- 2024.07.07 —————————————————— #CyberSecurity #DevSecOp #SDLC #Security #CISO #SecureBusinessContinuity https://www.linkedin.com/posts/diyako-secure-bow_devsecops-ai-2024-activity-7215458337432231936-bVoD?utm_source=share&utm_medium=member_ios