16255
@cissp International channel 4 Transmission Knowledge In the Field of Cyber Security with a Focus on the Content of the CISSP-ISC2 Course - - - - - - - - - - +also group: https://t.me/cisspgroup ————————— @alirezaghahrood
Techbook
Pentesting APIs: A practical guide to discovering, fingerprinting, and exploiting APIs 2024.
-Cyber Security awareness-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
2025.01.23
#DiyakoSecureBow
————————————
CISO as A Service (vCISO)
🌐 Exploring Corelight: The Power of Network Detection and Response :
When it comes to elevating network security, few companies stand out like Corelight. This innovative company specializes in Network Detection and Response (NDR) solutions that empower organizations to detect, investigate, and stop cyber threats with unparalleled visibility.
🔑 What makes Corelight exceptional?
Corelight leverages the power of open-source technologies like Zeek (formerly Bro) and Suricata, providing a high-performance platform for threat detection and forensics. Their solutions are trusted by leading enterprises and government agencies worldwide to combat modern cyber threats effectively.
💡 Key Products and Features:
Corelight Sensors: Deliver deep network visibility for real-time and retrospective analysis.
Data Fusion & Enrichment: Helps analysts speed up investigations by enriching logs with contextual data.
Cloud-Ready Solutions: Seamlessly integrate with hybrid and multi-cloud environments for robust protection.
Corelight empowers cybersecurity teams to work smarter, not harder, with detailed network insights, faster incident response, and reliable threat intelligence.
For those passionate about advancing network security, Corelight represents innovation at its finest. Check out their website for more: corelight.com
Special Thanks❤️😇👍🏽🙏
Corelight
-Secure Business Continuity-
2025.01.22
——————————————————
#CyberSecurity #vCISO #NDR
#SecureBusinessContinuity
https://www.linkedin.com/posts/diyako-secure-bow_threat-hunting-by-log-2025-activity-7287841689468100608-JhVf?utm_source=share&utm_medium=member_ios
#DiyakoSecureBow
————————————
CISO as A Service (vCISO)
Analytics
Blue Report 2024:
The State of Threat Exposure Management
emphasizes the need for a holistic approach to Continuous Threat Exposure Management (CTEM) to strengthen defenses against cyber threats. While we’ve
seen significant advancements since the 2023 Blue Report, several critical vulnerabilities persist, underscoring the necessity for continuously optimizing your organization’s defenses. Automated penetration tests conducted by Picus Attack Path Validation (APV) revealed that 40% of tested environments had paths leading to domain administrator access, posing severe risks of compromised total network control.
The analysis of attack simulations performed by the Picus Security Control Validation (SCV) revealed notable variability in the real-world performance of leading cybersecurity products. Even top performers in controlled evaluations like MITRE ATT&CK showed differing effectiveness in operational environments, underscoring how critically important it is to continuously validate and fine-tune your security controls.
Special Thanks❤️😇👍🏽🙏
Picus Security
-Secure Business Continuity-
2025.01.18
——————————————————
#CyberSecurity #vCISO #Threat
#SecureBusinessContinuity
https://www.linkedin.com/posts/diyako-secure-bow_blue-report-2024-activity-7286240765310099456-hl6Y?utm_source=share&utm_medium=member_ios
https://www.linkedin.com/newsletters/diyako-insights-and-solutions-7272620333562482688
Читать полностью…
#DiyakoSecureBow
————————————
CISO as A Service (vCISO)
Comprehensive Cyber Risk Management, Overcoming Challenges with Strategic Approaches:
In today’s digital era, cyber threats are more complex and frequent than ever, jeopardizing assets, trust, and continuity. This article explores how organizations can address these risks effectively highlighting the importance of a proactive approach to compliance, operational resilience, and stakeholder collaboration. The Diyako Secure Bow’s experience, the insights shared empower businesses to protect critical infrastructures, prevent breaches, and foster customer’s trust. Cyber risk management isn’t just a technical challenge it’s a cornerstone of organizational survival.
مدیریت جامع ریسک سایبری، غلبه بر چالشها با رویکردهای استراتژیک:
در دنیای دیجیتال امروز، تهدیدات سایبری بیش از هر زمان دیگری پیچیده و فراگیر شدهاند و داراییها، اعتماد مشتریان و تداوم کسبوکارها را به خطر میاندازند. این مقاله به بررسی روشهای مؤثر مدیریت این ریسکها میپردازد و بر اهمیت یک رویکرد پیشگیرانه در حوزه انطباق، تابآوری عملیاتی و همکاری با ذينفعان تأکید میکند. با رویکرد به تجربه کمان امن دیاکو، این مقاله بینشهایی ارائه میدهد که به سازمانها کمک میکند زیرساختهای حیاتی خود را حفاظت کنند، از نفوذها جلوگیری کنند و اعتماد مشتریان خود را تقویت نمایند. مدیریت ریسک سایبری فقط یک چالش فنی نیست، بلکه سنگبنای بقا و موفقیت سازمانها است.
-Secure Business Continuity-
2025.01.06
——————————————————
#CyberSecurity #vCISO #Strategic #SecurityLeader #CISOInsights #DigitalResilience #DataProtection #DigitalRisk #Leadership #Resilience
#SecureBusinessContinuity
https://www.linkedin.com/posts/diyako-secure-bow_diyakosecurebow-cybersecurity-vciso-activity-7281774553477902337-nYQ0?utm_source=share&utm_medium=member_ios
Google Launches Free Cybersecurity Course
Google has announced plans to offer a comprehensive and free cybersecurity course starting early next year. This initiative reflects the growing importance of cybersecurity and the increasing demand for skilled professionals in the field, as predicted by experts and industry data.
The course will be accessible on Coursera starting December 30. You can join via this link.
Google also aims to identify talented professionals through this course. Participants who complete the program will receive a recognized certificate and may have the opportunity to join Google, its subsidiaries, or over 150 other U.S.-based companies actively seeking cybersecurity talent.
https://www.coursera.org/google-certificates/cybersecurity-certificate
برگزاری دوره رایگان امنیت سایبری توسط گوگل
گوگل اعلام کرده است که قصد دارد از ابتدای سال آینده، یک دوره جامع و رایگان در حوزه امنیت سایبری ارائه دهد. این تصمیم با توجه به اهمیت روزافزون امنیت سایبری و افزایش تقاضای پیشبینیشده برای متخصصان این حوزه اتخاذ شده است.
این دوره از تاریخ ۳۰ دسامبر در بستر کورسرا در دسترس خواهد بود و علاقهمندان میتوانند از طریق لینک مربوطه به آن دسترسی پیدا کنند.
گوگل همچنین هدف دارد از طریق این دوره آموزشی، متخصصان مستعد را شناسایی کرده و با ارائه مدرک معتبر در پایان دوره، زمینه همکاری آنان را با گوگل، شرکتهای زیرمجموعه آن و بیش از ۱۵۰ شرکت آمریکایی فراهم کند
بگذريم؛ و چقدر غمانگیز است
اینکه آدم بخواهد تماموقت مراقب خود باشد،تا آنچه را احساس میکند، به زبان نیاورد… هفته گذشته در يك جلسه با يك سازمان گسترده كه به شدت موضوع حسابرسي فناوري و امنيت داغ داغ بود، پبشنهاد فروش جدي تري براي شركت مطرح شد🥹خوشحالم كه در سطحي رسيديم طي اين حدودا ٢ سال به كمك تك تك همكاران و دوستاني كه كمك كردن مستقيم و غير مستقيم به كمان امن دياكو از منظر خروجي خدمات فني، رضايت مندي سطح بالاي مشتريان، برندينگ و خدمات نو اورانه كه پيشنهاد خريد و واگذاري شركت مطرح شده است ، قطعا اولين بازخود من نه بود، و به راحتي دست از اين سفره كه به شدت روي خدمات متمايز با كسب درامد سالم در كنار همكاران ايجاد كرده ايم بر نخواهم داشت👍🏽😊
+ تصويري از جلسات همكاران توانمند و پر انرژي جهت ايجاد تمايز در راهكارهاي ارتباط با مشتريان و كنترل پروژه بر خط
-Cyber Security awareness-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
2025.01.02
Tech book
"Practical Linux Security Cookbook.
Second Edition.
-Cyber Security awareness-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
2024.12.31
Tech book
"Building a Next-Gen SOC with IBM QRadar: Accelerate your security operations and detect cyber threats effectively", 2024.
-Cyber Security awareness-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
2024.12.31
MLSecOps
Tech book
"The Developer’s Playbook for Large Language Model Security: Building Secure AI Applications", 2024.
-Cyber Security awareness-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
2024.12.31
SCADA Security
False Data Injection Attacks Against Distribution Automation Systems", 2024.
-Cyber Security awareness-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
2024.12.31
MLSecOps
Tech book
Large Language Models in Cybersecurity: Threats, Exposure and Mitigation", 2024.
-Cyber Security awareness-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
2024.12.31
DevOps
Techbook
Seccode review
Clean Code Principles and Patterns: A Software Practitioner’s Handbook",
2nd Edition, 2024.
-Cyber Security awareness-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
2024.12.31
#DiyakoSecureBow
————————————
CISO as A Service (vCISO)
False Data Injection Attacks Against Distribution
Automation Systems
Author: Ryan McAndrews
Advisor: Clay Risenhoover
Accepted: 2024
Utility companies increasingly rely on automated switching to provide their customers with a reliable electric power supply. These automation systems, which offer significant operational benefits for the utility, also present a growing security risk.
With adequate knowledge of the function of these automation systems and their algorithms, an adversary could implement false data injection to amplify or hide real issues that these automation systems solve.
An adversary would be challenging to detect without authentication, auditing, or appropriately logged field data. Researchers have proposed these attacks theoretically, and this research intends to evaluate claims of unidentifiable false data
injection attacks experime
Special Thanks❤️😇👍🏽🙏
Ryan McAndrews
Clay Risenhoover
-Secure Business Continuity-
2024.12.21
——————————————————
#CyberSecurity #vCISO #Attack #OT
#SecureBusinessContinuity
https://www.linkedin.com/posts/diyako-secure-bow_fdia-2024-cybersecurity-activity-7275977183137792000-K2kt?utm_source=share&utm_medium=member_ios
At Diyako Secure Bow, we believe that knowledge-sharing is the cornerstone of advancing cybersecurity and building trust within the industry. That’s why we’re proud to launch our newsletter, a platform to provide valuable insights, practical strategies, and the latest innovations in the field of cybersecurity.
The purpose of this newsletter is to bridge the gap between technical security concepts and organizational needs, empowering businesses to tackle cybersecurity challenges with confidence. Each edition focuses on key topics that highlight our expertise and commitment to enhancing the resilience and success of organizations.
This edition of our newsletter takes you beyond the traditional view of Security Operations Centers (SOCs) to explore a transformative approach to cybersecurity operations. We examine how strategic thinking, enhanced processes, and innovative solutions can elevate security from a reactive function to a proactive enabler of organizational trust and resilience. Dive into our insights on reducing vulnerabilities, fostering quality systems, and redefining the essence of security in today’s digital landscape.
ما در شرکت کمان امن دیاکو بر این باوریم که اشتراک دانش، زیربنای پیشرفت در حوزه امنیت سایبری و ایجاد اعتماد در صنعت است. به همین دلیل، با افتخار روزنامه(گاهنامه) دیجیتال خود را راهاندازی کردهایم؛ بستری برای ارائه بینشهای ارزشمند، استراتژیهای کاربردی و آخرین نوآوریها در حوزه امنیت سایبری. هدف این گاهنامه دیجیتال، ایجاد پلی بین مفاهیم فنی امنیت و نیازهای سازمانی است تا به کسبوکارها در مقابله با چالشهای امنیت سایبری، با اعتمادبهنفس بیشتری کمک کند. هر شماره بر موضوعات کلیدی تمرکز دارد که تخصص و تعهد ما را در تقویت پایداری و موفقیت سازمانها برجسته میکند
برای انتقال شکاف موجود، از سال 1390 و اولین و بزرگترین پروژه امنیت سایبری در دهه گذشته با محوریت مرکز عملیات امنیت و پاسخدهی به حملات سایبری که شامل تحلیل و کنترل ترافیک ورودی و خروجی کشور و نقاط توزیع شده بود، تجربه شخصی من در این حوزه شروع شد. امروز، پس از گذشت ۱۴ سال از فعالیت در این مراکز، همچنان شاهد کمبودهایی در بهرهبرداری موثر از مراکز عملیات امنیت در کشور هستیم
این مراکز اغلب به جای مدیریت جامع تهدیدات بر مبنای رویدادها و هوشمندسازی فرآیندها، به مدیریت تهدیدات محدود شدهاند. در بسیاری از ممیزیهای فنی و سیستمی، چه در بخش بانکی، دولتی، و چه خصوصی، بیش از ۶۵ تا ۷۰ درصد انحراف از معیار وجود داشته است. با این حال، نمیتوان تنها به داشتن یک فناوری مثل اسپلانک با افزونههای
مرتبط بهعنوان یک مرکز عملیات امنیت حتی حداقلی اتکا کرد، فارغ ار اخلاقیات رنگ باخته
رویکرد صحیح در مراکز عملیات امنیت باید شامل تمامی جنبههای عملیاتی مانند
سیاستگذاری، ممیزی، نظارت، و کنترلهای پیشگیرانه از ابتدا تا انتها باشد. تمرکز صرف بر شکار تهدیدات بدون توجه به کنترلهای پیشگیرانه کامل، تنها به پروژههای انتقال پول و اهداف محدود ختم میشود و منجر به کاهش کیفیت در اجرای پروژهها خواهد شد. هدف ما باید ایجاد مراکزی باشد که به صورت یکپارچه و هماهنگ تمامی جنبههای امنیتی را مدیریت کنند و موجب ارتقای کیفی و ساختاری امنیت سازمانی شوند
@CisoasaService
2024.12.13
https://www.linkedin.com/posts/alirezaghahrood_at-diyako-secure-bow-we-believe-that-knowledge-sharing-activity-7273287519998214144--VTs?utm_source=share&utm_medium=member_ios
#DiyakoSecureBow
————————————
CISO as A Service (vCISO)
Supply chain security has become one of the most critical aspects of modern cybersecurity. With growing threats like ransomware, data breaches, and sophisticated malware targeting interconnected systems, attackers exploit vulnerabilities at every stage of the supply chain. Ensuring the integrity and security of networks, software, and data has never been more essential.
To help organizations tackle these challenges, "Supply Chain Security" provides clear answers to five vital questions:
1. How are trusted networks protected?
2. How do you prevent network-level attacks?
3. How do you protect against novel malware and ransomware threats?
4. How do you prevent data theft, leakage, and exfiltration?
5. How do you secure beyond the software?
This eBook was designed to offer actionable insights and expert guidance to help businesses strengthen their defenses and build resilient supply chains.
We would like to extend our heartfelt thanks to Everfox for their valuable contributions to this work.❤️😇👍🏽🙏
-Secure Business Continuity-
2025.01.23
——————————————————
#CyberSecurity #vCISO #SupplyChainSecurity
https://www.linkedin.com/posts/diyako-secure-bow_supply-chain-security-activity-7288058471130816512-mlPE?utm_source=share&utm_medium=member_ios
#DiyakoSecureBow
————————————
CISO as A Service (vCISO)
Analytics
ThreatResearch
Malware analysis
Red Report 2024:
The Top 10 Most Prevalent MITRE ATT&CK Techniques. The Rise of Hunter-Killer Malware.
Marking its fourth year of publication, the Red Report 2024™ provides a critical dive into the evolving threat landscape, presenting a detailed analysis of adversaries' most prevalent tactics, techniques, and procedures (TTPs) used throughout the past year. Conducted by Picus Labs, this annual study examines over 600,000 malware samples and assesses more than 7 million instances of MITRE ATT&CK® techniques. It gives security teams invaluable insights into the techniques that pose the most critical cyber risk to organizations.
This year's findings are especially important for organizations looking to enhance defense mechanisms against increasingly evasive 'Hunter-killer' malware that systematically targets and impairs existing security controls. Much like sophisticated Hunter-killer submarines that move silently through deep waters and defeat enemies, Hunter-killer malware actively hunts
for defenses in the compromised system and kills them, and by doing so ensures that it remains stealthy for a longer time. By prioritizing the top ten TTPs, The Red Report 2024 empowers cybersecurity teams with
strategic intelligence to preemptively strengthen their defenses, reduce their attack surface, and adapt their security posture to today's dynamic threat environment.
Special Thanks❤️😇👍🏽🙏
Picus Security
-Secure Business Continuity-
2025.01.18
——————————————————
#CyberSecurity #vCISO #MitreAttack
#SecureBusinessContinuity
https://www.linkedin.com/posts/diyako-secure-bow_red-report-2024-cyber-security-activity-7286246873852514304-dTxt?utm_source=share&utm_medium=member_ios
#DiyakoSecureBow
————————————
CISO as A Service (vCISO)
A Remarkable Achievement in the Mitre Attack 2024 Evaluation
The Mitre Attack 2024 evaluation, recognized as the most credible benchmark for assessing the performance of security tools and services, once again showcased the power of simulating real-world attacks to evaluate cybersecurity capabilities. Diyako Secure Bow, through customized strategies, advanced technical and Systematic audits, and continuous improvement programs, successfully identified and completely blocked all stages of the simulated attacks. The company also managed to neutralize threats at the very first step of each attack.
This achievement not only highlights the company’s commitment to combating complex cyber threats but also provides an opportunity for security leaders to benefit from effective and practical solutions to safeguard their infrastructures.
دستاوردی بینظیر در ارزیابی Mitre Attack 2024
ارزیابی Mitre Attack 2024، به عنوان معتبرترین آزمون سنجش عملکرد ابزارها و خدمات امنیتی، بار دیگر قدرت شبیهسازی حملات واقعی را برای ارزیابی توانمندیهای امنیت سایبری نشان داد. شرکت کمان امن دیاکو با استفاده از استراتژیهای سفارشیسازیشده، ممیزیهای فنی و سیستمی پیشرفته و برنامههای بهبود مستمر، توانست تمامی مراحل حملات شبیهسازیشده را شناسایی و به طور کامل مسدود کند. این شرکت همچنین موفق به خنثیسازی تهدیدات در نخستین گام هر حمله شد.
این موفقیت نه تنها نشاندهنده تعهد این مجموعه به مقابله با تهدیدات پیچیده سایبری است، بلکه فرصتی برای رهبران امنیتی فراهم میآورد تا از راهکارهای اثربخش و عملیاتی برای حفاظت از زیرساختهای خود بهرهمند شوند.
-Secure Business Continuity-
2025.01.16
——————————————————
#CyberSecurity #vCISO #Strategic #MitreAttack #CISOInsights #CyberAttack #CyberDefense
#SecureBusinessContinuity
https://www.linkedin.com/posts/diyako-secure-bow_diyakosecurebow-cybersecurity-vciso-activity-7285614200683466752-FxA2?utm_source=share&utm_medium=member_ios
#DiyakoSecureBow
————————————
CISO as A Service (vCISO)
Diyako Secure Bow extends heartfelt wishes to all Christians and everyone around the globe on the joyous occasion of the New Year. We hope this new year brings you immense success, peace, and happiness.
The New Year is a time for fresh beginnings, opening new chapters in life, and striving toward meaningful goals. May all your dreams and efforts turn into outstanding achievements and unforgettable moments this year. We also wish you and your family a year filled with good health, prosperity, love, and serenity. May the angels of happiness always be by your side, lighting your path to a brighter future. As we step into another year, Diyako Secure Bow reaffirms its commitment to working alongside you to create a safer and happier world. We look forward to deeper collaborations and stronger friendships in the year ahead.
Happy New Year!❤️😇🙏
شرکت کمان امن دیاکو فرارسیدن سال نو میلادی را به تمامی مسیحیان و تمامی مردمان این کره خاکی تبریک میگوید و آرزومند است که این سال جدید برای شما سرشار از موفقیت، آرامش و شادی باشد.
سال نو میلادی فرصتی است برای آغازهای تازه، نوشتن فصلهای جدید در زندگی و رسیدن به اهداف بزرگ. امیدواریم که تمامی رویاها و تلاشهای شما در این سال به دستاوردهایی چشمگیر و لحظاتی خاطرهانگیز تبدیل شوند. همچنین آرزومندیم که این سال نو برای شما و خانوادهتان مملو از سلامتی، رفاه، عشق و آرامش باشد و فرشتههای خوشبختی همواره همراه شما باشند. شرکت کمان امن دیاکو، در کنار شما برای ساختن دنیایی امنتر و شادتر تلاش میکند و امیدوار است که این سال جدید، همکاریهای عمیقتر و دوستیهای پایدارتر را برای همه ما به ارمغان بیاورد.
❤️😇🙏سال نو مبارک!
-Secure Business Continuity-
2025.01.02
——————————————————
#CyberSecurity #vCISO #2025
#SecureBusinessContinuity
https://www.linkedin.com/posts/diyako-secure-bow_diyakosecurebow-cybersecurity-vciso-activity-7280630154098278400-W8f5?utm_source=share&utm_medium=member_ios
#DiyakoSecureBow
————————————
CISO as A Service (vCISO)
Cybersecurity with Diyako Secure Bow’s Compass
In today’s complex and dynamic digital world, cybersecurity serves as a guiding compass for navigating organizations toward safety and resilience. At Diyako Secure Bow, we have distilled this approach into a comprehensive framework focusing on three key stages:
1. pre-incident preparedness,
2. incident response,
3. post-incident recovery.
This framework is built on years of experience in executing national and international projects, from managing cyber crises in critical infrastructures to advanced threat analysis and practical solutions for digital resilience.
Our mission is to empower organizations to tackle cybersecurity challenges through threat analysis, infrastructure reinforcement and workforce training.
Every incident is a learning opportunity and at Diyako Secure Bow, we are dedicated to fostering a strong culture of security within organizations.
امنیت سایبری با قطبنمای کمان امن دیاکو
در جهان پیچیده و پویای دیجیتال امروز، امنیت سایبری بهعنوان یک قطبنما برای هدایت سازمانها به سمت ایمنی و تابآوری عمل میکند. در کمان امن دیاکو، این رویکرد را به یک چارچوب جامع تبدیل کردهایم که بر سه مرحله اصلی استوار است:
1. آمادگی پیش از وقوع حوادث،
2. مدیریت بحران در هنگام حادثه،
3. و بازیابی و بهبود پس از حادثه.
این چارچوب نتیجه سالها تجربه در اجرای پروژههای ملی و بینالمللی، از مدیریت بحرانهای سایبری در زیرساختهای حیاتی گرفته تا تحلیلهای پیشرفته و ارائه راهکارهای عملی برای تابآوری دیجیتال است
هدف ما این است که با ترکیب تحلیل تهدیدها، تقویت زیرساختها و آموزش نیروی انسانی، سازمانها را برای مقابله با چالشهای امنیت سایبری توانمند سازیم
هر حادثه فرصتی برای یادگیری و بهبود است و ما در کمان امن دیاکو همواره به دنبال تقویت فرهنگ امنیت در سازمانها هستیم
-Secure Business Continuity-
2024.12.30
——————————————————
#CyberSecurity #vCISO #CSF
#BCP #DRP #ISO22301
#SecureBusinessContinuity
https://www.linkedin.com/posts/diyako-secure-bow_diyakosecurebow-cybersecurity-vciso-activity-7279520426286813184-VfmM?utm_source=share&utm_medium=member_ios
Research
Hardware Security
"Hardware Designs for Secure Microarchitectures".
-Cyber Security awareness-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
2024.12.31
Tech book
"Machine Learning Security Principles:
Keep data, networks, users, and applications safe from prying eyes", 2022.
-Cyber Security awareness-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
2024.12.31
Whitepaper
Blue Team Techniques
Never Trust, Always Verify: Effectiveness of Endpoint Detection and Response Tools Versus Zero Trust Endpoint Controls in Enterprise Environments", 2024.
-Cyber Security awareness-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
2024.12.31
Tech book
IDS and IPS with Snort 3:
Get up and running with Snort 3 and discover effective solutions to your security issues", 2024.
-Cyber Security awareness-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
2024.12.31
DFIR
Tech book
Mobile Security
Practical Forensic Analysis of Artifacts on iOS and Android Devices: Investigating Complex Mobile Devices.
-Cyber Security awareness-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
2024.12.31
#DiyakoSecureBow
————————————
CISO as A Service (vCISO)
SEC Cybersecurity Incident Disclosure Report:
Imagine a 60% rise in cyber incidents since new SEC rules.This report dives deep into 75 disclosures from 48 companies (December 2023 and October 2024).
↳ Key Insights:
• Less than 10% described the material impact.
• 78% disclosed within eight days, with 42% updating their Form 8-K.
• One in four breaches were third-party incidents.
• Threat actors used SEC rules as extortion tactics, even submitting whistleblower reports.
↳ Authors analyzed these disclosures, focusing on:
• Information disclosed about Cybersecurity Incidents.
• Methods of disclosure to the SEC.
• Future compliance strategies.
↳ Key Findings:
• 75% of incidents notified law enforcement.
• 13% included press releases or blog references.
• 42% filed multiple disclosures for the same incident.
↳ Timing of Disclosures:
• 32% within four days of discovery.
• 78% within eight days.
↳ Examples of Material Impact:
• Bassett Furniture Industries: Business operations affected.
• Sonic Automotive: Quarterly results impacted.
• First American Financial: Fourth-quarter operations affected.
↳ Industries Affected:
• Financial Services
• Healthcare
• Retail
• Technology
↳ Recommendations:
• Evaluate and test disclosure controls.
• Prepare for SEC enforcement actions.
Special Thanks❤️😇👍🏽🙏
Sherrese Smith
Aaron Charfoos, CIPP US
Jeremy Berkowitz
@Michelle Reed
@Dave Coogan
-Secure Business Continuity-
2024.12.30
——————————————————
#CyberSecurity #vCISO #CSF #Incidents
#SecureBusinessContinuity
https://www.linkedin.com/posts/diyako-secure-bow_cybersecurity-incident-disclosure-report-activity-7279381883124088833-Kr7x?utm_source=share&utm_medium=member_ios
#DiyakoSecureBow
————————————
CISO as A Service (vCISO)
Introduction & Synopsis:
Welcome to the 9th edition of the Edgescan
Vulnerability Stats Report 2024.
This report demonstrates the state of full stack
security based on thousands of security assessments
and penetration tests on millions of assets that were
performed globally from the Edgescan Cybersecurity
Platform in 2023. This is an analysis of vulnerabilities detected in the systems of hundreds of organizations across a wide range of industries – from the Fortune 500 to medium and small businesses. The report provides a statistical model of the most common weaknesses faced by organizations to enable data-driven decisions for managing risks and exposures more effectively.
We hope this report will provide a unique
by-the-numbers insight into trends, statistics and
a snapshot of the overall state of cybersecurity for
the past year, from the perspective of vulnerabilities
discovered and remediated, as well as penetration
testing success rates. We are proud that this yearly report has become a reliable source for approximating the global state of vulnerability management. This is exemplified by our unique dataset being part of the Verizon Data Breach Investigations Report (DBIR), which is the de facto standard for insights into the common drivers for incidents and breaches today.
This year we delve into Risk Density to describe
where critical severity vulnerabilities and exposures
are clustered in the IT technical stack, quantification
of attack surface management exposures and
risks, and Mean Time To Remediate (MTTR) critical
vulnerabilities.
Special Thanks❤️😇👍🏽🙏
Edgescan
-Secure Business Continuity-
2024.12.015
——————————————————
#CyberSecurity #vCISO #Vulnerability #Hardening
#SecureBusinessContinuity
https://www.linkedin.com/posts/diyako-secure-bow_open-2024-vulnerability-report-activity-7273931272748494848-6iB2?utm_source=share&utm_medium=member_ios
#DiyakoSecureBow
————————————
CISO as A Service (vCISO)
Hardening
Enhanced Visibility and Hardening Guidance for Communications Infrastructure 2024.:
Network Infrastructure Security Guide, ver.1.2
https://media.defense.gov/2022/Jun/15/2003018261/-1/-1/0/CTR_NSA_NETWORK_INFRASTRUCTURE_SECURITY_GUIDE_20220615.PDF
Cisco Guide to Securing NX-OS Devices
https://sec.cloudapps.cisco.com/security/center/resources/securing_nx_os.html
Cisco IOS XE Hardening Guide, 2024
https://www.cisco.com/c/en/us/support/docs/ios-nx-os-software/ios-xe-16/220270-use-cisco-ios-xe-hardening-guide.html
Special Thanks❤️😇👍🏽🙏
CISA Alumni Group
National Security Agency
National Cyber Security Centre
@canadian centre for cyber Security
Australian Signals Directorate
Cybersecurity and Infrastructure Security Agency
-Secure Business Continuity-
2024.12.04
——————————————————
#CyberSecurity #vCISO #CISA #Hardening
#SecureBusinessContinuity
https://www.linkedin.com/posts/diyako-secure-bow_ev-hardening-guide-2024-activity-7269914274351730688-D9Gt?utm_source=share&utm_medium=member_ios