Cybersecurity Architecture Practice Overview
This post summarizs some popular practical security architecture designs / concepts from different security vendors.
Microsoft Threat Modeling Tool – STRIDE – Usage and Examples
The Threat Modeling Tool is a core element of the Microsoft Security Development Lifecycle (SDL). It allows software architects to identify and mitigate potential security issues early, when they are…
Azure Architecture Studying Notes
This post is to summarize some knowledge points regarding Microsoft Azure learned from Internet.
Security Modeling and Threat Modeling Resources
Threat modeling is a process for thinking through, identifying, and documenting known threats and mitigations to a system before that system is deployed. Threat modeling acknowledges that all systems face…
From DevOps to DevSecOps – SDLC
What is DevOps:DevOps is the combination of cultural philosophies, practices, and tools that increases an organization’s ability to deliver applications and services at high velocity: evolving and improving products at…
Security Controls Based on NIST 800-53 Low, Medium, High Impact
Since NIST 800-53 was first introduced, the number of controls has greatly expanded; the initial version of 800-53 contained approximately 300 controls and NIST 800-53 rev 4 contains 965 controls.…
CSF Security Tiers vs Security Maturity Level
This post is to clarify the different between CSF Tiers and Maturity level. A security maturity model is a set of characteristics or indicators that represent capability and progression within…
A Simplified TRA (Threat and Risk Assessment) Example
Still Under Writing… A Threat and Risk Assessment analyzes a software or hardware system for vulnerabilities, examines potential threats associated with those vulnerabilities, and evaluates the resulting security risks. A…
NIST CSF Core Notes
NIST Framework Components The Cybersecurity Framework consists of three main components: The Framework Core provides a set of desired cybersecurity activities and outcomes using common language that is easy to…
Cyber Security Technology with NIST Cyber Security Framework
Layered Security & Defense In Depth A layered approach to security can be implemented at any level of a complete information security strategy. Whether you are the administrator of only…