|Main distinction between an event and an incident||
Events are anything that can occur in the IT environment, while incidents are unscheduled events.
This is the textbook definition of an incident versus event. However, this question is not easy, because many sources in the IT security field define incidents differently: It’s common to think of incidents as events that have an adverse impact, or incidents are something that require response.
ISO/IEC 27034 Application Security Controls offers guidance on information security to those specifying, designing and programming or procuring, implementing and using application systems, in other words business and IT managers, developers and auditors, and ultimately the end-users of ICT. The aim is to ensure that computer applications deliver the desired or necessary level of security in support of the organization’s Information Security Management System, adequately addressing many ICT security risks.
NIST Cloud Computing Security Reference Architecture
The purpose of this document is to define a NIST Cloud Computing Security Reference Architecture (NCC-SRA)--a framework that:
|Secure Design and Development||
An immutable infrastructure is an infrastructure paradigm in which servers are never modified after they're deployed. If something needs to be updated, fixed, or modified in any way, new servers built from a common image with the appropriate changes are provisioned to replace the old ones. After they're validated, they're put into use and the old ones are decommissioned.
|SAST vs DAST Testing Coverage||
DAST AND SAST:
|CSA Security Guidance for Critical Areas of Focus in Cloud Computing v4.0 for Kindle||
The issue with Original Document, is that it's not very Kindle compatible and is very hard on eyes. Document below has improved contrast and is easier to read.
|Role of the System Owner during the accreditation process||
System Owner selects and documents the security controls for the system.
An organization’s information risk profile should include guiding principles aligned with both its strategic directives and the supporting activities of its IRMS program and capabilities. This information should be listed early in the profile to allow the reader to understand its context and intent. Common guiding principles include the following:
1. Ensure availability of key business processes including associated data and capabilities.
2. Provide accurate identification and evaluation of threats, vulnerabilities and their associated risk to allow business leaders and process owners to make informed risk management decisions.
3. Ensure that appropriate risk-mitigating controls are implemented and functioning properly and align with the organization’s established risk tolerances.
4. Ensure that funding and resources are allocated efficiently to ensure the highest level of information risk mitigation.
- Parallel changeover requires that both old and new systems operate fully for a specified period. When users, management and the IT group are satisfied that the new system operates correctly, the old system is retired. This approach entails very low risk. If the new system does not work correctly, the organization can revert to the old system as a backup.
- Abrupt changeover occurs when users are converted from the old to the new system immediately upon its operational availability. This approach is usually least expensive but involves high risk of data loss and system failure. With this approach, the organization cannot revert to the old system as a backup.
- Phased changeover involves modular implementation and simultaneous operation of discrete system components or modules. It is extremely complex to coordinate, particularly with regard to consistency of data across multiple systems or locations. However, this approach retains the possibility to revert to a previous state.