Learning, Sharing, Creating
The Threat Modeling Tool is a core element of the Microsoft Security Development Lifecycle (SDL). It allows software architects to identify and mitigate potential security issues early, when they are…
This post is to summarize some knowledge points regarding Microsoft Azure learned from Internet.
Threat modeling is a process for thinking through, identifying, and documenting known threats and mitigations to a system before that system is deployed. Threat modeling acknowledges that all systems face…
What is DevOps:DevOps is the combination of cultural philosophies, practices, and tools that increases an organization’s ability to deliver applications and services at high velocity: evolving and improving products at…
Since NIST 800-53 was first introduced, the number of controls has greatly expanded; the initial version of 800-53 contained approximately 300 controls and NIST 800-53 rev 4 contains 965 controls.…
This post is to clarify the different between CSF Tiers and Maturity level. A security maturity model is a set of characteristics or indicators that represent capability and progression within…
Still Under Writing… A Threat and Risk Assessment analyzes a software or hardware system for vulnerabilities, examines potential threats associated with those vulnerabilities, and evaluates the resulting security risks. A…
NIST Framework Components The Cybersecurity Framework consists of three main components: The Framework Core provides a set of desired cybersecurity activities and outcomes using common language that is easy to…
Layered Security & Defense In Depth A layered approach to security can be implemented at any level of a complete information security strategy. Whether you are the administrator of only…
Security Architecture Roadmap
One of the most recent and wide-ranging laws impacting the security profession globally is the European Union’s General Data Protection Regulation, or GDPR. As of May 25, 2018, the GDPR…