Enterprise Security Architecture To-Be

I have and will always love the challenge of defining cyber security architecture as a practice, process, lifestyle or what about system security architecture.. you know where I am going. So, there is no “cover it all” definition in my mind, as at least an enterprise security architecture is enterprise dependant and must be – it shall be business driven and therefore not globally defined. However, there are a lot of resources that help to define this.

Stacks Image 327
Credit: AssuredControl.com

Continue reading “Enterprise Security Architecture To-Be”

Pyramid of Pain, for Crisp Communication

Communicating cyber security will forever be challenging, so whatever tools I find making this easier I like to share. The “good old” Pyramid of Pain (SANS) may be useful to illustrate the complexity of detecting different types of malicious activities, as it is based on typical indicators you might use to detect. I know it does not cover all, but it speaks well. Read the paper yourself and make up your mind.

Credit: SANS

Cloud Pain Points

A brief but nice summary of pain points we have all experienced?

  • Insufficient staff skills
  • Data loss/leakage
  • API vulnerabilities
  • Malware infections
  • Insufficient identity and access management controls
  • Lack of visibility into what data and workloads are within cloud applications
  • Inability to monitor data in transit to and from cloud applications
  • Cloud applications being provisioned outside of IT visibility (e.g., shadow IT)
  • Inability to prevent malicious insider theft or misuse of data
  • Advanced threats and attacks against the cloud application provider
  • Inability to assess the security of the cloud application provider’s operations
  • Vendors failing to alert customers of vulnerabilities
  • Inability to maintain regulatory compliance
  • Misconfigurations of cloud hardware and/or cloud software

By Threatpost