CloudnSec

The Governance Institute of Australia has just published a fantastic guide to effective #cyber #riskmanagement. If you are a director, in the C-suite or a #riskmanager, I encourage you to have a look. This guide has been thoughtfully been developed to assist beginners, intermediate and advanced readers better understand #cyberrisk and how to navigate the highly complex environment that is the world of #cybersecurity from a #risk, #legal and #regulatory perspective. The guide considers things such as: - The role of #governance, the #board and board committees. - Accountability and responsibility. - Cyber risk management frameworks and strategies. - The role of #culture - The role of #cyberinsurance - The regulatory landscape as at August 2024 - Notable standards and certifications, both national and international. - Useful resources to assist on your #cyberesilence journey. You can download the file directly from the Governance Institute of Australia website at https://lnkd.in/g4U65_n9 or its available below. Well done Megan Motto 😊 and the GIA team. Very proud to be a Fellow of the Governance Institute!

A few months back I had the pleasure of meeting Keanu Nys, the creator of an amazing Open source tool for offensive security called: GraphSpy. Check out my conversation with him - including a deep dive into the platform from the creator himself, here: https://lnkd.in/gtXsfUHs You can get started with the documentation in the page: https://lnkd.in/g6kwP6Nt It's a must have tool in any pentester's kitbag but also, a great validation tool for your defense and even user awareness programs. Again, thanks to Keanu for joining me and sharing about his creation! #cybersecurity #tool #offensivesecurity #pentest #graph #microsoft #msgraph CloudnSec

🔐☁️ Do you want to become - or improve as - a Cyber security / Technology professional? Well, then this one is for you 👇 https://lnkd.in/gcspcFYM Flávio Costa has been a Network and Cyber security professional for the past decade supporting Enterprises in Brazil with Cisco technologies and more recently Fortinet- and has dedicated himself to CompTIA certifications over the last couple years. In this chat, we talk about his journey and thinking behind using these certification frameworks to become a better Cyber Security Professional / Presenter and the many successes of this journey and how the work put into it has affected his professional and personal life. He's also very active in social media and maintains a number of projects (most content in Portuguese): YouTube Channel: https://lnkd.in/gtFeEGsy WhatsApp channel: https://lnkd.in/giBbE8rA Instagram: https://lnkd.in/gGKTxJAs Hope you enjoy the chat! Particularly if you're thinking about your next certification - and thank you again for joining me and sharing your time, Flavio! Join my Discord server for more Cyber / AI / Cloud / Work tips: https://lnkd.in/g8a8bqtT #cybersecurity #certifications #comptia CloudnSec

Modern Approaches to Network Access Security This week Cybersecurity and Infrastructure Security Agency (CISA) released guidance around modernizing network access security. This point to dozens of CISA Known Exploited Vulnerabilities (KEV)'s associated with legacy network access tools such as VPN's There's also an emphasis on modern capabilities such as Secure Access Service Edge (SASE) when it comes to providing more dynamic granular access control, aligned with the broader push for Zero Trust. The paper covers: - Remote Access and VPN Limitations - The role of Zero Trust - Secure Access Service Edge (SD-WAN, Next-Gen Firewalls and Hardware-Enforced Network Segmentation) - Best Practices This is a short but great read for organization's looking to modernize their network access controls and move away from more traditional models and capabilities. #zerotrust #ciso #cybersecurity

Your Purview Gift, from me 🎁 I wrote the original article (E5 Phase Deployment of Compliance) about 2 1/2 years ago. The article which is linked in my profile is still getting shared and reference, so I felt the need to update it (for my own peace of mind) So here is the new version of E5 Purview Deployment, touching base on core key pillars and new features. I’ve also done this on a document so you can download it, share it etc. Quick take. 1. Insider Risk is a god send to both Security and Identity, this needs to be enabled asap. This will support the trend of Identity attacks with integration to Entra 2. Copilot for Purview is going to be a game changer especially in the DLM/Records Management and eDiscovery to start but as it matures, Copilot will be your best friend and everyone else’s as this navigates through alerts and empowers users to make the right decisions Content ▪ Know Your Data ▪ Microsoft Purview Information Protection | Data Loss Prevention ▪ Microsoft Purview Data Lifecycle Management | Records Management ▪ Microsoft Purview Insider Risk | Communication Compliance ▪ Microsoft Purview eDiscovery ▪ Microsoft Copilot for Security in Purview (showcasing what's currently out) Key updates ✔ Insider Risk in Conditional Access (plus lots of new features) ✔ Adaptive Scopes ✔ Adaptive in DLP (in preview) ✔ Adaptive in Insider Risk (in preview) ✔ Premium eDiscovery (Premium) ✔ Copilot for Security for Purview ✔ New Purview Portal The two most common questions I get from customers who have just purchased or upgraded to E5 for Purview ‘Where do I start? What should I turn on first? So here's you personalized guide, by moi! You can also use this guide if you want to reference where you are in your Purview journey and ensure you’re in the right path. P.S. sorry for any/lots grammar mistakes, only on my first coffee :), Yes I will be writing a E5 Security version of this. Disclaimer: This is not an official Microsoft doc #datasecurity #cybersecurity #compliance #purview #microsoft Microsoft #msftadvocate #security