Update: The Defensive Security Strategy

September 9, 2021
By in Application Security Assessment, Leadership, Mobile Security Assessment, Penetration Testing, Security Program Assessment, Security Program Management, Security Remediation, Security Testing & Analysis, Social Engineering, Table-Top Exercises, Vulnerability Assessment

Original post:  https://www.trustedsec.com/blog/the-defensive-security-strategy-what-strategy/ Massive exposures and attacks, such as recent SolarWinds and Exchange exploit issues, have been common news lately. While the security landscape has advanced and changed, these massive exposures are continuing to occur. The question is why, and how, are they occurring? While common issues are often leveraged, the mentality around them is…

Read

Using Effectiveness Assessments to Identify Quick Wins

June 23, 2020
By in Architecture Review, Attack Path Effectiveness Review, HIPAA NIST CIS20 SOC ISO 27001 Assessments, Managed Services, Program Assessment & Compliance, Program Development, Program Maturity Assessment, Security Program Management, Vulnerability Assessment

An organization’s overall security posture can be viewed from multiple different angles, such as technical assessments, program assessments, controls assessments, and risk assessments. A number of different frameworks for each of these assessment types exist, intended to help both technical teams as well as leadership organize security program building activities. Some of these include: Penetration…

Read

Securing a Remote Workforce: Top Five Things to Focus on For Everyone

March 25, 2020
By in Business Risk Assessment, Managed Services, Operational Performance Maturity Assessment, Penetration Testing, Physical Security, Program Assessment & Compliance, Program Development, Program Maturity Assessment, Security Program Assessment, Security Program Management, Security Remediation, Security Testing & Analysis, Training, Vulnerability Assessment

Deploying a remote workforce is uncharted territory for some organizations, while others have been perfecting the model for years. Most security programs have different ways to handle their workforce. For on-premise users, which has traditionally used more of castle mentality where you attempt to prevent outsiders from penetrating the network perimeter (similar to a castle…

Read

COVID-19 and Preparing for Changing Cybersecurity Risks

March 13, 2020
By in Program Assessment & Compliance, Vulnerability Assessment

There is no denying that the COVID-19 pandemic is significantly impacting many people’s daily lives, with “social distancing” quickly being added to the social lexicon, schools closing, and events being canceled. Additionally, many businesses are rapidly moving to a remote and work from home model. While many organizations already have a large number of employees…

Read
Debian logo graphic

Malware Analysis is for the (Cuckoo) Birds – Cuckoo Installation Notes for Debian

May 18, 2018
By in Incident Response, Incident Response & Forensics, Malware Analysis, Technical Counter Surveillance Measures, Threat Hunting, Vulnerability Assessment

Cuckoo is written in the programming language Python and utilizes multiple Python libraries. First step is to verify that these libraries are in place and up to date. Cuckoo’s Documentation does a good job of listing the commands, but can be confusing. The following will outline the commands needed to install Cuckoo and provide a…

Read
cuckoo logo

Malware Analysis is for the (Cuckoo) Birds

May 18, 2018
By in Incident Response, Incident Response & Forensics, Malware Analysis, Threat Hunting, Vulnerability Assessment

There are many different options for malware analysis sandboxes. Most involve submitting samples to an online sandbox and getting a report back. While for the most part this is great, the reports contain the basic information on the type of malware and if it has been seen before. BUT what if you want to know…

Read

Continual compliance

May 14, 2015
By in Business Risk Assessment, HIPAA NIST CIS20 SOC ISO 27001 Assessments, Policy Development, Privacy & GDPR Compliance Assessment, Program Assessment & Compliance, Security Program Assessment, Vulnerability Assessment

So much has been written on security versus compliance and continual compliance that it seems at times that discussing it is beating a dead horse. That being said, it is a dead horse that needs to be beaten, as we continuously come across situations where organizations find themselves in a mad dash to get into…

Read

Why Perform a Risk Assessment with TrustedSec?

November 6, 2013
By in Architecture Review, Attack Path Effectiveness Review, Business Risk Assessment, Decision Making, Program Assessment & Compliance, Program Maturity Assessment, Vulnerability Assessment

Too often organizations spend their security budget in ways that don’t necessarily make the most sense for them. Whether this be purchasing unnecessary appliances or securing an overly broad area, wasting valuable and often scarce security dollars isn’t good for anyone, except perhaps those providing the unnecessary services. A risk assessment, as the name suggests,…

Read

  • Search the blog

  • Search by Author

  • Browse by date

  • Browse by Category

  • Clear Form