Tuesday, October 9 2018

The importance of Defense in-depth and the Open System Interconnection (OSI) Layers

This blog provides a general overview on the importance of defense in-depth and how it is tied to the OSI Layers.

Continue reading...

Thursday, October 4 2018

CSA: Top Threats to Cloud Computing: Deep Dive

Case study that attempts to connect the dots when it comes to risk management and cloud computing by providing a more technical detail dealing with architecture, compliance, risk and mitigation for each of the cloud computing threats and vulnerabilities identified.

Continue reading...

ENISA launches the Cybersecurity Strategies Evaluation Tool

This tool will help European Member states evaluate their strategic priorities and objectives related to National Cyber Security Strategies.

Continue reading...

ENISA- Towards secure convergence of Cloud and IoT

ENISA published a short paper aiming to identify and tackle the security challenges that the IoT ecosystem brings to Cloud and vice-versa.

Continue reading...

NISTIR 8202: Blockchain Technology Overview- FINAL

A technical publication that examines the history, scope, and characteristics of this emerging technology which has enabled the development of numerous cryptocurrency systems.

Continue reading...

Wednesday, October 3 2018

Importance of incorporating security within the System Development Life Cycle (SDLC)

This blog provides an overview on the importance of integrating security across the System's Development Life Cycle (SDLC) when developing or integrating new applications.

Continue reading...

NIST SP 800-37 Rev.2: RMF for Information Systems and Organizations- FINAL DRAFT Open for Comments

This publication provides guidelines for applying the Risk Management Framework (RMF) to information systems and organizations. The RMF provides a disciplined, structured, and flexible process for managing security and privacy risk that includes information system categorization; control selection, implementation, and assessment; system and common control authorizations; and continuous monitoring.

Continue reading...

Sunday, September 16 2018

NIST Risk Management - Broken into Components

This blog breaks down the NIST Risk Management Framework into five (5) unique components and explains how each must work together in order to successfully limit risk across the Enterprise.

Continue reading...

Tuesday, September 4 2018

FedRAMP- Cloud Computing Molding Deficiencies

This blog provides an overview of how the FedRAMP process fails to mold the Cloud Assessments in accordance with NIST's guidance.

Continue reading...

Monday, September 3 2018

FedRAMP - RMF Deficiencies

This blog provides an overview on the RMF deficiencies impacting FedRAMP's approach.

Continue reading...

Sunday, September 2 2018

Federal Risk and Authorization Management Program (FedRAMP)

This blog provides a general overview of FedRAMP.

Continue reading...

Saturday, September 1 2018

Indepth Analysis of NIST's CyberSecurity Framework

In this blog, I opted to look dipper into the Cybersecurity Framework and provide input on the underlying message not visible to the naked eye, those exposing key details of the framework that clearly denote the importance of an Enterprise Level Risk Management Framework.

Continue reading...

Tuesday, August 28 2018

Hybrid Cloud Deployment

This blog provides an overview of the Hybrid Cloud Deployment option.

Continue reading...

Community Cloud Deployment

This blog provides an overview of a Community Cloud Deployment.

Continue reading...

Private Cloud Deployment

This blog provides an overview of the Private Cloud Deployment option.

Continue reading...

Public Cloud Deployment

This blog provides an overview of the Public Cloud Deployment.

Continue reading...

Sunday, August 26 2018

High Level Overview of Cloud Security Standards

This provides an overview of how Cloud Security Standards evolved throughout the years since cloud computing was introduced as a viable option for organizations to deploy their systems while minimizing their resources and security responsibilities.

Continue reading...

Cloud Essentials

This blog provides a general overview on the architecture of a cloud environment.

Continue reading...

Saturday, August 25 2018

Serverless Infrastructure

This blog provides an overview of the Serverless model and general questions and answers about the technology leveraged.

Continue reading...

Friday, August 24 2018

Software as a Service (SaaS)

This blog provides an overview of the Software As A Service (SaaS) model and an overview of the responsibilities the Cloud Service Provider (CSP) addresses from a security perspective.

Continue reading...

- page 1 of 2