Difference between revisions of "Cybersecurity Frameworks, Architectures & Roadmaps"
m |
m |
||
| Line 26: | Line 26: | ||
|| | || | ||
<youtube>5LyY_gHzc64</youtube> | <youtube>5LyY_gHzc64</youtube> | ||
| − | <b> | + | <b>Cybersecurity Roadmap: Global Healthcare Security Architecture |
| − | </b><br> | + | </b><br>Nick H. Yoo, Chief Security Architect, Global Healthcare IT Using NIST cybersecurity framework, one of the largest healthcare IT firms in the US developed global security architecture outlining foundational and differentiated controls for their most sensitive applications. |
|} | |} | ||
|<!-- M --> | |<!-- M --> | ||
| Line 34: | Line 34: | ||
|| | || | ||
<youtube>_5AFRQo4JwU</youtube> | <youtube>_5AFRQo4JwU</youtube> | ||
| − | <b> | + | <b>ISMS [ ISO 27001 ] | INFORMATION SECURITY POLICY - How to Write |
| − | </b><br> | + | </b><br>ISMS [ ISO 27001 ] - How to write Information Security Policy |
|} | |} | ||
|}<!-- B --> | |}<!-- B --> | ||
| Line 43: | Line 43: | ||
|| | || | ||
<youtube>I49iK8AzU2I</youtube> | <youtube>I49iK8AzU2I</youtube> | ||
| − | <b> | + | <b>DEVNET 1158 - Cognitive Threat Analytics - Behavioral Breach Detection via TAXII/STIX API |
| − | </b><br> | + | </b><br>Speaker: Petr Cernohorsky. Introducing Cognitive Threat Analytics (CTA), Cisco's automated breach detection technology based on statistical modeling and machine learning of network traffic behaviors, whose goal is to identify end-user devices within the monitored network that from network perspective do not represent a communication of a legitimate human user behind their web browser, but actually represent a malware-infected (breached) device establishing its command & control communication to an external malicious infrastructure. The CTA technology produces actionable security intelligence for security operations and threat research to act on. The STIX/TAXII API standards are being used for the security intelligence interchange. An integration is available with the leading SIEM vendors and other STIX/TAXII compliant clients. For all the DevNet Zone 2015 San Diego |
|} | |} | ||
|<!-- M --> | |<!-- M --> | ||
| Line 51: | Line 51: | ||
|| | || | ||
<youtube>gBgeULfhmFo</youtube> | <youtube>gBgeULfhmFo</youtube> | ||
| − | <b> | + | <b>DEFCON 19 (2017) We (the government) are Here to Help: How FIPS 140 Helps (and Hurts) Security |
| − | </b><br> | + | </b><br>Speaker: Joey esca Many standards, especially those provided by the government, are often viewed as more trouble the actual help. The goal of this talk is to shed a new light onto onesuch. Speaker: Muhaimin Dzulfakar Security Consultant, security-assessment.com This talk focuses on how MySQL SQL injection vulnerabilities can be used to gain rem. DEFCON 19 (2017) - |
|} | |} | ||
|}<!-- B --> | |}<!-- B --> | ||
Revision as of 18:13, 7 September 2020
- Case Studies
- Cybersecurity References
- Offense - Adversarial Threats/Attacks
- Capabilities
- NIST Cybersecurity Framework - consists of standards, guidelines, and best practices to manage cybersecurity-related risk.
- NIST FedRAMP security for the cloud
- United States Computer Emergency Readiness Team (US-CERT)
- Cybersecurity Reference Architecture | Microsoft
- ISO/IEC 15408-1 ISO/IEC Information Technology Task Force (ITTF)
- FIPS 140-2 Security Requirements for Cryptographic Modules
- How STIX, TAXII and CybOX Can Help With Standardizing Threat Information
- OASIS Cyber Threat Intelligence (CTI) TC OpenC2
- Using the Cybersecurity Framework
Not necessarily restricted to artificial intelligence-based solutions.
|
|
|
|
