Posts

Artificial Intelligence: A Force for Good

-
  Artificial intelligence (AI) is a rapidly developing technology with the potential to revolutionize many aspects of our lives. While there are some concerns about the potential negative impacts of AI, there are also many ways that it can be used for good. Here are some examples of how AI is being used for good: Healthcare: AI is being used to develop new drugs and treatments, improve diagnosis and treatment of diseases, and provide personalized healthcare. For example, AI-powered systems are being used to analyze medical images and data to detect cancer and other diseases earlier and more accurately than ever before. Education: AI is being used to personalize learning, provide real-time feedback, and help students learn at their own pace. For example, AI-powered tutors can provide personalized feedback to students on their homework and help them identify areas where they need additional help. Environment: AI is being used to monitor and protect the environment. For exampl
Post a Comment
Read more

User Acceptance Testing

-
What is User Acceptance Testing?              User Acceptance Testing (UAT) is the final stage in the software development life cycle. At this stage, users will test the software to see if they can carry out tasks that the software was designed to do and check for any issues that can be brought to the developer for tweaking. A well designed UAT test provides a thorough vetting of the application. Also, a UAT test provides a macro-level overview of how complete an application is. How are they administered?                Several steps need to be considered before performing a UAT test. Following these phases is essential to a successful test result which are: 1. Knowledge Gathering for Test Plan                A UAT test planning should always be done first as gathering information required to perform a comprehensive test. It requires extensive collaboration between the integration manager, the relevant business process owners, and the different functional leads. The informati
1 comment
Read more

A Look at Defense-in-Depth

-
Image
What is Defense-in-Depth?                 Defense-in-Depth is the method to which multiple layers of defense protect a network. These defenses are intended to delay an attacker's attempt to further into a system but not stop them completely. By slowing down the attacker, the IT team has time to reacted and mitigate any damage to the network. The idea behind Defense-in-Depth stems from a military strategy that revolves around having a weaker perimeter defense and intentionally yielding space to buy time. In the case of cybersecurity, the approach here involves multiple layers of control but not give up any ground. Here is a video that can bring a little light on to the idea of Defense-in-Depth from Network Direction: Below is the topology of how Defense-in-Depth would potentially look like: Fig 1. A large scale highly secure deployment of  Siebel Business Applications Having a setup, such as the one above, would bring security to any business of any size. In this case, for the
Post a Comment
Read more

What is Single Sign-On and How it may benefit a company.

-
Image
Hello, and Welcome to my blog! This week we will be discussing how single sign-on is used and how it can be beneficial to a company. What is Single Sign-On?                 Single sign-on (SSO) is a session and user authentication service that permits a user to use one login credentials to access multiple applications with a username and password. How does it work? When you are signing on to a website, you may be presented to sign on with a username and password from Facebook, Google, or Apple. These are what is called single sign-on or SSO. This allows users to sign on to a website using credentials from other accounts, such as Google or your Apple ID. It is a federated identity management (FIM) arrangement, and the use of such a system is sometimes called identity federation.  O-Auth , which stands for Open Authorization and is pronounced "oh-auth," is the framework that enables an end user's account information to be used by third-party services, such as Fa
Post a Comment
Read more

A quick look at NIST CSF (Cybersecurity Framework) core and how they are organizes into functions.

-
Hello, and Welcome to my blog! This week, I will be discussing how the NIST CSF (Cybersecurity Framework) core organizes into functions. What is a NIST Cybersecurity Framework?                 The National Institute of Standards (NIST) and Framework’s Cybersecurity (CSF) was published in February 2014 in response to Presidential Executive Order 13636, “Improving Critical Infrastructure Cybersecurity,” which called for a standardized security framework for critical infrastructure in the United States. What are the NIST CRF Framework cores areas? The NIST CSF is comprised of four core areas. These include Functions, Categories, Subcategories, and References. We will be talking about the different functions in the NIST CSF core and how they are organized for today. What are the Framework Functions? The NIST CSF is organized into five core functions, which are also known as the Framework Core. These functions are arranged with one another to represent a security cycle. Each p
Post a Comment
Read more

Incident Response and Forensic Analysis, a relationship.

-
Hello, and Welcome to my blog! This week, we will be discussing how forensics is related to incident response. Before we dive in, if you are not familiar with incident response, check out this  link  that will take you to one of my other posts that describes what incident response is. The forensics part that is related to the incident response takes place after everything has happened. After the response team has done what they can, the forensic team comes in and analyze what has been taken. This team can be part of the response team or a separate group from the response team. They have their own goals, data requirements, team skills, and benefits for both teams they have, and each of these has differences between them. It is also possible for a person to have both sets of skills and maybe both teams. Incident Response vs. Forensic Analysis Both of these are two related disciplines that use similar tools. Here are the essential highlights. Incident Response: Goals: ·     
Post a Comment
Read more

Phases of Incident Response and How They Impact a Company.

-
Hello, and Welcome to my blog!   This week we will be looking at the phases of Incident Response and how they may impact a company.   What is an Incident Response? An incident response plan is well a documented, written plan with six distinct phases that help IT professionals and staff identify and deal with a cybersecurity incident, such as a data breach or cyberattack. Properly create and manage an incident response plan that involves regular updates and training.    The plan contains six phases: Preparation, Identification, Containment, Eradication, Recovery, and Lessons Learned.   Preparation   This phase will be the main workhorse of the Incident Response plan and the most crucial phase to protect your business. The response plan should be well documented and thoroughly explains everyone’s roles and responsibilities. It is best to test the said plan as practice makes perfect and prepared if something was to occur.   Identification This is where a determination will b
Post a Comment
Read more

What is Penetration Testing?

-
Hello, and welcome to my blog!   This week, I will be discussing the topic of penetration testing and what it means for cybersecurity.   So, you may be wondering what penetration testing is and what is its purpose? Penetration testing, also known as pen testing, is a simulated cyberattack against a computer system to check for exploitable vulnerabilities. Pen testing is used to breach several applications, such as application protocol interfaces (APIs), and front-end/back-end servers. It can also be used to fine-tune the web application firewall (WAF). Pen the testing process can be broken down into five stages.   Planning and reconnaissance , which includes defining the scope and goals of the test, the systems to be addressed, the testing methods to be used, and intelligence gathering.   Scanning , which is to understand how the target application will respond to various intrusion attempts. This includes:   ·         Static analysis  – Inspecting an application’s
1 comment
Read more