7MS #284: The Quest for Critical Security Controls
7 Minute Security2 Nov 2017

7MS #284: The Quest for Critical Security Controls

For a long time I've been electronically in love with the Critical Security Controls. Not familiar with 'em? The CIS site describes them as:

The CIS Controls are a prioritized set of actions that protect your critical systems and data from the most pervasive cyber attacks. They embody the critical first steps in securing the integrity, mission, and reputation of your organization.

Cool, right? Yeah. And here are the top (first) 5 that many organizations start to tackle:

  1. Inventory of Authorized and Unauthorized Devices
  2. Inventory of Authorized and Unauthorized Software
  3. Secure Configurations for Hardware and Software
  4. Continuous Vulnerability Assessment and Remediation
  5. Controlled Use of Administrative Privileges

Google searches will show you that you can definitely buy expensive hardware/software to help you map to the CSCs, but I'm passionate about helping small businesses (and even home networks!) be more secure, so I'm on a quest to find implementable (if that's a word?) ways to put these controls in place.

I'm focusing on control #1 to start, and I've heard great things about using Fingbox (not a sponsor) to get the job done, but I'm also exploring other free options, such as nmap + some scripting magic.

More on today's episode...

Avsnitt(684)

7MS #76: Lessons Learned from LastPass

7MS #76: Lessons Learned from LastPass

I know this is a bit late, but I wanted to talk a little about the LastPass breach and why I'll still remain a customer.

14 Juli 20157min

7MS #75: OFFTOPIC-My Son's Piano Recital

7MS #75: OFFTOPIC-My Son's Piano Recital

I wanted to share (what I think is) an amusing anecdote about my son's first piano recital, which was topped off by a kid playing the song "Lucky." Many LOLs commenced for me.

9 Juli 20159min

7MS #74: How to Become a More Organized Information Security Professional

7MS #74: How to Become a More Organized Information Security Professional

In this episode I share some strategies and apps that may help you stay more organized as you go about your infosec work!

8 Juli 20158min

7MS #73: PCI Pentesting 101 – Part 2 (audio)

7MS #73: PCI Pentesting 101 – Part 2 (audio)

This episode is the exciting continuation of a recent pentest I did, in which I got some serious pwnage, including cracking the domain admin password! 7MS #73: PCI Pentesting 101 – Part 2 (audio)

30 Juni 20157min

7MS #72: PCI Pentesting 101 (audio)

7MS #72: PCI Pentesting 101 (audio)

I’m pumped to talk about an about an awesome, free little tool that made my Internet connection feel like new again. 7MS #72: PCI Pentesting 101 (audio)

25 Juni 20157min

7MS #71: OFFTOPIC-Mad Max (audio)

7MS #71: OFFTOPIC-Mad Max (audio)

We’re going totally off topic today and doing a movie review of Mad Max! 7MS #71: OFFTOPIC-Mad Max (audio)

23 Juni 20158min

7MS #70: Get the Most out of Your DNS! (audio)

7MS #70: Get the Most out of Your DNS! (audio)

I’m pumped to talk about an about an awesome, free little tool that made my Internet connection feel like new again. 7MS #70: Get the Most out of Your DNS! (audio)

18 Juni 20157min

7MS #69: I’m Not Responsible for Your Information Insecurity (audio)

7MS #69: I’m Not Responsible for Your Information Insecurity (audio)

Are you too hard on yourself? Do you think the success of your client’s infosec program lives and dies with you? Listen to this episode. You might feel better. 7MS #69: I’m Not Responsible for Your Information Insecurity (audio)

16 Juni 20158min

Populärt inom Politik & nyheter

p3-krim
svd-dokumentara-berattelser-2
rss-krimstad
flashback-forever
olyckan-inifran
rss-viva-fotboll
aftonbladet-daily
rss-vad-fan-hande
svenska-fall
rss-sanning-konsekvens
krimmagasinet
rss-expressen-dok
motiv
fordomspodden
svd-nyhetsartiklar
dagens-eko
rss-frandfors-horna
blenda-2
spar
spotlight