Security frameworks and compliance stuff are for old heads, right?

Security frameworks and compliance stuff are for old heads, right?

Table of Contents

🍃Quote of the week:

Being compliant does not automatically equate to being fully secure ~ ChatGPT I think

TLDWTR 🙄

  • When you get sick take a break
  • Some of the best cloud security (pentesting) resources - AWS & more
  • Security frameworks are for old heads?

Life & Sickness 🤧

I was utterly sick since the day of the first release of this newsletter. Seems it came with a curse, but I am recovering now so hopefully you’ll have more to read next week.

CloudBreach’s Breaching AWS Course 👨🏾‍💻

So I recently passed the OAWSP certification by CloudBreach. It was a great course followed by a great exam as well. A full review will be coming on the channel so look out for that. Here’s a highlight of some of the cool things I learned:

Very Long List of Cloud Security Stuff 📃

Bumped into this list of resources for Cloud Security on Linkedin. Enjoy!

Frameworks & Other ‘Boring’ Stuff 🪪

A big reason why millennials and the generations preceding them don’t like us (Gen Z) is because we consider the aspects of security they find interesting rather tedious. Who wants to go all in with security frameworks and compliance stuff right? Well, I had to do a bunch of reading on security frameworks this week, and here’s the gist of it:

Compliance vs Security

While compliance is focused on meeting set standards and is a part of security, true cybersecurity goes beyond said ‘set standards’, encompassing proactive risk management and continuous adaptation to emerging threats. Being compliant does not automatically equate to being fully secure.

Frameworks You Might Want To Know

ISO 27001 & ISO 27002

ISO 27001 focuses on establishing a risk-based approach and implementing an Information Security Management System (ISMS), while ISO 27002 provides specific security control guidelines.

NIST Cybersecurity Framework (CSF)

Developed by the U.S. National Institute of Standards and Technology, this framework provides a policy framework of computer security guidance for how private sector organizations can assess and improve their ability to prevent, detect, and respond to cyber-attacks.

CIS Controls

A set of best practices developed by the Center for Internet Security (CIS) to help organizations defend against known cyber attack vectors.

PCI DSS

The Payment Card Industry Data Security Standard is a set of security standards designed to ensure that all companies that accept, process, store, or transmit credit card information maintain a secure environment.

HIPAA Security Rule

Applies to the healthcare industry; it establishes national standards to protect individuals’ medical records and other personal health information.

Tags :
Share :

Related Posts

You get a CVE, he gets a CVE, you all get CVEs

You get a CVE, he gets a CVE, you all get CVEs

🍃Quote of the week: Job security = being very good at your job and being valuable and wanted everywhere. Have that group of peers who can give you a job tomorrow. That is real job security

Read More
Read more, bro.

Read more, bro.

🍃Quote of the week: The only truly secure system is one that is powered off, cast in a block of concrete and sealed in a lead-lined room with armed guards – and even then I have my doubts ~ Gene Spafford

Read More
SQLi is still a thing?

SQLi is still a thing?

🍃Quote of the week: SQL injection is one of the least sophisticated yet most dangerous threats to web application security ~ Kevin Mitnick

Read More