Monitoring

CISSP Security of the Software Environments – Bk1D8T2St1P3

Deployment Environments A deployment environments is a general term that describes a relatively isolated information systems environment that is dedicated to the requirements and hosting of particular classes of applications and services. While the specific types of deployment environments can vary between organizations, the standard deployment environments are known as Development, Integration, Test, Staging, and Production. Each standard deployment has its level of trust and security. The level of trust is at its lowest starting …

CISSP Security of the Software Environments – Bk1D8T2St1P3 Read More »

Understand Log Capturing and Analysis Tools

Leave a Comment / CHFI / By Tushar Panhalkar

Understand Log Capturing and Analysis Tools in this article explain different types of log capturing tools and analysis tools which are used in forensic investigation. Log Capturing and Analysis Tools Features: Analysis of log data, including SNMP traps, Windows event logs, W3C logs, text-based logs, Syslog, SQL Servers, and Oracle audit logs Provides specific reports for some of the major compliance acts as well as other standard reports Filter-enabled charts provide access to the important …

Understand Log Capturing and Analysis Tools Read More »

ISO 27001 Annex : A.16 Information Security Incident Management

ISO 27001 Annex : A.16 Information Security Incident Management in this aerticle explain Management of Information Security Incidents and Improvements and there Responsibilities & Procedures. A.16.1 Management of Information Security Incidents and Improvements It’s objective is to ensure a clear and successful strategy, including communication on security incidents and vulnerabilities, for information security incidents management. A.16.1.1 Responsibilities and Procedures Control- In order to ensure a quick, efficient, and organized response to ISO 27001 Annex : …

ISO 27001 Annex : A.16 Information Security Incident Management Read More »

ISO 27001 : Annex 14 System Acquisition, Development and Maintenance

Leave a Comment / ISO 27001 La, Knowledge Base / By Tushar Panhalkar

ISO 27001 : Annex 14 System Acquisition , Development and Maintenance in this article is explain A.14.1 Security Requirements of Information Systems & A.14.1.1 Information Security Requirements Analysis and Specification. A.14.1 Security Requirements of Information Systems Its objective is ensuring the information management for the entire lifecycle is an important part of information systems. This also includes the information systems requirements that provide services over a public network. A.14.1.1 Information Security Requirements Analysis and Specification …

ISO 27001 : Annex 14 System Acquisition, Development and Maintenance Read More »

ISO 27001 Annex : A.12.6 Technical Vulnerability Management

Leave a Comment / ISO 27001 La, Knowledge Base / By Tushar Panhalkar

ISO 27001 Annex : A.12.6 Technical Vulnerability Management Its objective is to avoid technological vulnerabilities from being exploited. A.12.6.1 Management of Technical Vulnerabilities Control- Information on technological vulnerabilities of information systems used should be obtained in a timely manner, the exposure of the organization to such vulnerabilities should be assessed and appropriate measures taken to address the risk involved Implementation Guidance – An up-to-date and comprehensive asset inventory is necessary for the effective management of …

ISO 27001 Annex : A.12.6 Technical Vulnerability Management Read More »

ISO 27001 Annex : A.12.4 Logging and Monitoring

Leave a Comment / ISO 27001 La, Knowledge Base / By Tushar Panhalkar

ISO 27001 Annex : A.12.4 Logging and Monitoring Its objective is recording events and generating evidence. A.12.4.1 Event Logging Control- Event logs should be produced, retained, and regularly reviewed to record user activities, exceptions, defects, and information security events. Implementation Guidance- Where applicable, event logs should include: IDs of User; Activities of the system; dates, times and key events details, such as log-on and log-off; System ID or location and device recognition where possible; records …

ISO 27001 Annex : A.12.4 Logging and Monitoring Read More »

ISO 27001 Annex : A.9.1.2 Access to Networks and Network Services

Leave a Comment / ISO 27001 La, Knowledge Base / By Tushar Panhalkar

Control- ISO 27001 Annex : A.9.1.2 Access to Networks and Network Services Only network and network facilities which have expressly been approved for use will be made available to users. Implementation Guidance- A policy on the use of networks and network policy should be developed. Following points should be covered in this policy: networks and network infrastructure to which access is permitted; Authorization procedures for determining who is permitted to access which networks and Networking services; …

ISO 27001 Annex : A.9.1.2 Access to Networks and Network Services Read More »

ISO 27001 Clause 10.1 Non conformity and corrective action

Leave a Comment / ISO 27001 La, Knowledge Base / By Tushar Panhalkar

Required activity ISO 27001 Clause 10.1 Non conformity and corrective action, Clause 10 containing sections 10.1 and 10.2 covers the “Act” part W. Edwards Deming’s Plan-Do-Check-Act (PDCA) cycle. This clause helps an organisation react to nonconformities, evaluate them and take corrective actions with the end goal of continually improving how it runs its daily activities. Explanation Nonconformity may be a non-fulfilment of a requirement of the ISMS. Nonconformity cannot always be avoided, because mistakes do …

ISO 27001 Clause 10.1 Non conformity and corrective action Read More »

Explain

1 Comment / CTIA / By Tushar Panhalkar

Cyber Threat Intelligence Requirements is Defining and setting up the requirements is the first task that must be accomplished before spending the resources and time on collecting any type of intelligence information. Development of a set of requirements assists the security analysts in the following: – Profile and monitor the threat actors targeting the organization. – Collect the useful intelligence information based on the organization’s attack surface. – Understand the type of TTPs used by …

Explain Read More »

10 Steps to Cyber Security

7 Comments / CEH, CyberSecurity / By superadmin

10 steps to cybersecurity During this blog, we explain and provide advice on the way to start Risk management regime, Secure configuration, Home and mobile working, Incident management, Malware prevention, Managing user privileges, Monitoring, Network security, etc… Related Product: Certified Ethical Hacker | CEH Certification 10 steps to cyber security is a part Certified Ethical Hacking v10(CEH v10) training you learn the cyber security attacks and their impact. As technology continues to evolve so also …

10 Steps to Cyber Security Read More »

CISSP Security of the Software Environments – Bk1D8T2St1P3

Understand Log Capturing and Analysis Tools

ISO 27001 Annex : A.16 Information Security Incident Management

ISO 27001 : Annex 14 System Acquisition, Development and Maintenance

ISO 27001 Annex : A.12.6 Technical Vulnerability Management

ISO 27001 Annex : A.12.4 Logging and Monitoring

ISO 27001 Annex : A.9.1.2 Access to Networks and Network Services

ISO 27001 Clause 10.1 Non conformity and corrective action

Explain

10 Steps to Cyber Security

Course Categories

Quick Menu

Contact us

Recent Posts

Find Us Here