The Cyber Metric Library is a list of security metrics that can be used as a baseline for any executive reporting platform. The list is not exhaustive, and is focussed primarily on technical controls that can be measured easily with available tooling.
There are cases where you record data in a number of data sources, and then need to generate documentation from that data. One case I get involved in from time-to-time is to generate documentation from data collected in various data sources. Rather than copying-and-pasting, we can use code to dynmically generate documentation. In this post, I will show you some examples in how we can use jinja2 to generate markdown in Python.
Route 53 is the DNS service on Amazon Web Services. It does everything from domain registration to the hosting and management of domain names.
Many of us have the need to develop code, code that may have access to very sensitive data, or code that has the ability to wreck havoc on an environment. Whatever the development requirement is, there is a need to be vigilant with the code you develop, and ensuring that you do not inadvertently introduce security issues that could otherwise have been avoided.
An involuntary data breach is a data breach where you information got compromised without your direct involvement. This is typically where your information is stored in a data location that you're unaware of, or have no control over. In a recent security incident, my own contact details have been exposed, through a friend's compromised phone. This is the story of that event.
Single Sign-On (SSO) is an authentication process that allows users to access multiple applications or services with one set of login credentials—typically a username and password. Instead of having to log in separately to each application, users authenticate once through a central identity provider, which then grants access to connected systems. This approach simplifies the user experience by reducing password fatigue and improving productivity, as users no longer need to manage multiple accounts or remember numerous passwords. SSO also enhances security by centralizing authentication and allowing for more robust controls, such as multi-factor authentication and centralized monitoring, thereby reducing the attack surface for potential breaches.
Another security breach has made the news. This time the folks at Ticketek are having a hard time explaining why ...customers' names, emails and dates of birth may have been accessed in cyber security breach.
I will always have a soft spot for AWS as my preferred cloud provider. A few weeks ago I was asked to develop a solution on Google Cloud, and while at first I had my reservations, it didn't take long for me to start liking it.
Having some form of automated security reporting platform will help organisations to have real-time visibility of the security posture across their environment. By tailoring the dashboards to different audiences (or personas), CISOs and CIOs can leverage data for decision-making, giving visibility to all levels within the organisation.
Back in 2021, I talked about how I moved my website away from Wordpress and onto a static-generated site using mkdocs. A few things have changed since then.