Embedded Files
Vulnerability Management
Vulnerability Management
Identify and mitigate potential weaknesses in systems, networks, and processes.
Threat Detection & Response
Threat Detection & Response
Monitor for malicious activities and respond to security incidents quickly and effectively.
Incident Response
Incident Response
Contain, Eradicate, and Recover from security incidents.
Security Awareness
Security Awareness
Educate employees about security risks and best practices.
Methodologies & Concepts
Methodologies & Concepts
Threat Intelligence
Digital Forensics
Incident Response
Tools
Tools
📃 Log Tools
📃 Log Tools
🔍 Digital Forensics
🔍 Digital Forensics
Notes
Linux
Tools
Autopsy (GUI)
Volatility (Memory Analysis)
Binwalk (Firmware Analysis)
Foremost (File Recovery)
🧠 Threat Intelligence
🧠 Threat Intelligence
🧰 General Tools
🧰 General Tools
💻 Operating Systems
💻 Operating Systems
Windows
Registry
Events
WMIC Command CheatSheet
PowerShell Cheatsheet
Linux
Regulations vs Standards vs Frameworks vs Accreditation
Regulations vs Standards vs Frameworks vs Accreditation
Regulations -
Definition: Mandatory rules or laws set by a government or regulatory body.
Purpose: Protect public interests, e.g., health, safety, and the environment.
Enforcement: Enforced through legal means, with consequences for non-compliance.
Examples: General Data Protection Regulation (GDPR) and Health Insurance Portability and Accountability Act (HIPAA)
Standards -
Definition: A Document that specifies the (mandatory or voluntary) requirements for a product, process, or service.
Purpose: Ensure a consistent level of quality and safety.
Enforcement: Enforced if incorporated into a contract or regulation; else it is a guideline.
Examples: ISO/IEC 27001 (Establishing Information Security Management Systems - ISMS) and Payment Card Industry Data Security Standard (PCI DSS).
Frameworks -
Definition: A voluntary system of rules, ideas, or beliefs used to plan or decide.
Purpose: Provide a structure or foundation for a system or process.
Enforcement: Not enforced; rather, it provides guidance.
Examples: NIST Cybersecurity Framework (CSF) - high-level structure (Identify, Protect, Detect, Respond, Recover, Govern) to manage risk.
Accreditation -
Definition: A voluntary process of certifying an organisation's compliance with standards.
Purpose: Demonstrate an organisation's commitment to quality.
Enforcement: Certification can be revoked if the organisation ceases to meet the defined standards.
Examples: ISO 27001 Certification (organisations demonstrate their ISMS meets the standard's requirements).
Frameworks & Standards
Frameworks & Standards
Security frameworks (and standards):
Are guidelines used to build plans to help mitigate risks and threats to the confidentiality, integrity, and availability of data and systems
Other frameworks provide guidance on how to detect and respond to security incidents.
Support an organisation's ability to adhere to compliance laws and regulations.
Security controls are safeguards designed to reduce specific security risks, e.g. implementation of MFA.
Page updated
Google Sites
Report abuse