- "The goal of the DoD Cybersecurity Policy Chart is to capture the tremendous breadth of applicable policies, some of which many cybersecurity professionals may not even be aware of, in a helpful organizational scheme. The use of colors, fonts, and hyperlinks is designed to provide additional assistance to cybersecurity professionals navigating their way through policy issues in order to defend their networks, systems, and data.
- At the bottom center of the chart is a legend that identifies the originator of each policy by a color-coding scheme. On the right-hand side are boxes identifying key legal authorities, federal/national level cybersecurity policies, and operational and subordinate level documents that provide details on defending the DoD Information Network (DoDIN) and its assets. Links to these documents can also be found in the chart."
This blog is about understanding, auditing, and addressing risk in cloud environments. Systems and architectures are rapidly converging, hiding complexity with additional layers of abstraction. Simplicity is great for operations - as long as risks are understood and appropriately addressed.
Thursday, August 18, 2022
Federal Auditing is... Complicated.
Wednesday, August 17, 2022
Global 500 vs Fortune (US) 500 Sector Comparisons - I.e. Profit Margins!
Tuesday, August 16, 2022
Brilliant Article: (Don’t) Focus on Your Job at the Expense of Your Career
Credit to HBR and specifically Dorie Clark. Brilliant. Young people need to hear this.
Don’t Focus on Your Job at the Expense of Your Career (hbr.org)
Summary: "The gap between what we have to do today and where we see ourselves in the future can be vexing. We’d like to advance toward our goals, but we feel dragged down by responsibilities that seem banal or off-target for our eventual vision. In this piece, the author offers four strategies you can try so that you can simultaneously accomplish what’s necessary for the short-term while playing the long game for the betterment of your career."
- Analyze the strategic value of your activities.
- Enlist allies.
- Manage your brand.
- Be willing to experiment with “120% time.”
- Put in the time when you are young because you have the energy, mental capacity, and the greatest amount of neural plasticity.
- The world and the workplace are not fair. Position yourself to capitalize on opportunities. That can be many things - training, visibility, kindness, someone others want to be around and emulate.
- Embrace the opposite of Imposter Syndrome. Be confident and go for it. Why not you?
- Hard work beats talent when talent doesn't work hard.
Thursday, August 11, 2022
Open Cybersecurity Schema Framework (OCSF)
What: They have collaborated on a joint initiative to solve a critical bottleneck in the sharing of threat information: The different data formats currently in use across multiple cybersecurity tools and products.
- Schema includes: Activity; Activity ID; Category; Category ID; Class; Class ID; Count; Duration; End Time; Enrichments; Event Time; Message; Metadata; Observables; Original Time; Product; Profiles; Raw Data; Reference Event Code; Reference Event ID; Reference Event Name; Severity; Severity ID; Start Time; Status; Status Code; Status Details; Status ID; Timezone Offset; Type ID; Type Name; Unmapped Data
Thoughts: There's still a tremendous amount of work
to be done and it will realistically be quite some time before the value is
realized from this effort. However, it's good to see some progress and
interest. This has been a problem for a very, very long time.
Tags: Open Cybersecurity Schema Framework (OCSF)
Sources:
- News: https://www.cnn.com
- Github here: https://github.com/ocsf/
- Schema here: Open Cybersecurity Schema Framework (ocsf.io)