Jump to content

All Activity

This stream auto-updates     

  1. Last week
  2. Earlier
  3. dbarden

    A deeper look into the Framework

    Thank you to everyone. I am new at this site and can already tell its a cool place to share ideas. You have already given me a lot to think about and research. Thanks!
  4. World has been shocked by ransomware attack. Until today countries still pinned point to each other as nobody know who activate the virus. I'm attached security cum forensic agency and I'm a bot perplex with the Law & governed the Digital Forensics. The big question is why the culprits seemed to be always get away with the crime? Aren't the existing Law strong enough?
  5. Greg, I am new to the CFORUM. I was trying to watch your presentation on ISACA processes to apply CSF. The link reply is the page cannot be found any longer. Is there any way I can obtain a link and or the presentation to review. I am just starting a contract position where I need to implement information security practice using CSF and any insight to using other processes would be helpful. Respectfully, Don Wray
  6. Phil Wilson

    Multi-User CSA's

    Hi All, We are interested in finding out how many members are using some sort of Control Self-Assessment (CSA) instrument, model, app, template or tool. For instance, are you using a self-created CSA on Excel or Word? The reason that we are asking this is to see if any of you have explored the use of a CSA tool that is designed for multiple users. Let us your thoughts as well as how you are currently measuring your company's progress in implementing the NIST Cybersecurity Framework (CSF)? Thank you, Phil Wilson The GRC Sphere http://GRCsphere.org
  7. Greg, I have been working on an infrastructure for a number of years. The infrastructure is now ready for review and improvement. A working group of interested individuals is needed. I have contacted the INCOSE security working group in the hope of creating a subgroup to review this infrastructure. NIST, ISO, IEEE, INCOSE and other working groups are all needed to help in forming a working group to investigate and develop techniques and standards for better system reliability and security. A subgroup would investigate the infrastructure that I have been working on. I would appreciate any help that you can provide in this matter. Thanks, Gene
  8. Good afternoon! I think there's a lot of merit in your suggestion. The adversaries have certainly figured out how to leverage multiple endpoints working as a large infrastructure. What might be the next steps to identify specific outcomes that would lead to your solution? BTW - I don't think there's a particular forum for this. Many of the others deal with specific elements of the Cybersecurity Framework, and I agree with you that this is a topic of general interest. Have a great day! Greg
  9. The current approach to Cyber security is usually about one computer and a response to a newly discovered vulnerability. This approach has led to the current Cyber security crisis. A new approach and pattern views a system as many computers working together. A basic assumption is that a computer within a system will become infected. The requirements for such a system are: - Work and bulk data should be protected from an infected system component. - Work and bulk data should be replicated on multiple computers to maximize reliability. - A system should seamlessly recover from or avoid failure situations. One solution approach is for system programs to use an infrastructure for client to server access and to exchange messages. A client and server check point work recovery information along with exchanged messages. The work and client to server communication of a failed client or server can be recovered by the same kind of program running on a different computer. A server knows the identity of a client and what work a client is authorized to request. A server validates that a client request is permitted before performing work. If a client request is not permitted then the client system can be isolated and repaired. This approach and pattern can be used to improve system reliability and security. The software community needs to evaluate this approach and possible infrastructures that help programs within a system to achieve this pattern. Question to forum administrator: Is there a more appropriate forum to post this topic?
  10. madisonquinn

    To secure data stored in the cloud

    Hello, There are some best ways to secure the data in cloud using Cybersecurity The first extra-security option comes in the form of a simple text message, and companies like Google and Microsoft have been offering it for a while. It involves sending a code to a consumer’s cellphone, and asking them to enter it along with their password. This second method relies on apps and is offered by firms like Duo and Authy. These apps offer an ever-changing series of numbers that serve as the extra step to go along with a consumer’s password. The app method is slightly more convenient because the user doesn’t have to wait for a text message, and crooks can’t compromise it by going through the phone company. The key method is extra-secure since it requires a user to prove they have a physical object before they can log-in from a strange computer—something that would be nearly impossible for a hacker to do. The key method can also be quicker since it doesn’t involve entering a code delivered to a phone. Hope this helps you, Thanks.
  1. Load more activity