SOT

SOT

SOAR
Security Orchestration, Automation and Response

Automation of response to information security incidents using dynamic playbooks and information security tools, building an attack chain and with an object-oriented approach

NG SOAR
Next Generation SOAR

Automation of response to information security incidents with built-in basic correlation (SIEM), vulnerability Scanner (VS), collection of raw events directly from information security tools, dynamic playbooks, building an attack chain and an object-oriented approach. AM and VM are included

AM
Asset Management

Description of the IT landscape, detection of new objects on the network, categorization of assets, inventory, life cycle management of equipment and software on automated workstations and servers of organizations

VS
Vulnerability Scanner

Scanning information assets with enrichment from any external services (additional scanners, The Data Security Threats Database and other analytical databases) to analyze the security of the infrastructure.

VM
Vulnerability Management

Building a process for detecting and eliminating technical vulnerabilities, collecting information from existing security scanners, update management platforms, expert external services and other solutions

FinCERT
Financial Computer Emergency Response Team

Bilateral interaction with the Central Bank, namely the transfer of information about incidents and receipt of prompt notifications/bulletins from the regulator

GovCERT
Government Computer Emergency Response Team

Bilateral interaction with the state coordination center for computer incidents, namely the transfer of information about incidents and receipt of prompt notifications/bulletins from the regulator

Mail us to sales@securityvision.ru or get demo presentation

SDA

SDA

TIP
Threat Intelligence Platform

Cybersecurity threat data collection, analysis, enrichment, infrastructure detection, investigation and response.

UEBA
User and Entity Behavior Analytics

Building behavior models and detecting deviations from them using several dozen built-in static analysis rules.

AD + ML
User and Entity Behavior Analysis

Dynamic behavioral analysis to search for anomalies using machine learning and to search for possible incidents.

Mail us to sales@securityvision.ru or get demo presentation

GRC

GRC

RM
Risk Management

Formation of a register of risks, threats, protection measures and other control parameters, assessment using the chosen methodology, formation of a list of additional measures to change the level of risk, control of execution, periodic reassessment.

ORM
Operational Risk Management

Accounting and recording of operational risk events, monitoring of key risk indicators and self-assessment/control

CM
Compliance Management

Audit of compliance with various methodologies and standards

BCM
Business Continuity Management

Automation of ensuring continuity and restoration of activities after emergencies.

OTS
Operational Technology Security

Operational Technology Security

Mail us to sales@securityvision.ru or get demo presentation

DEMO
presentation

SOT

Technology
SOAR

Security Orchestration, Automation and Response
NG SOAR

Next Generation SOAR
AM

Asset Management
VS

Vulnerability Scanner
VM

Vulnerability Management
FinCERT

Financial Computer Emergency Response Team
GovCERT

Government Computer Emergency Response Team

GRC

Processes
RM

Risk Management
ORM

Operational Risk Management
CM

Compliance Management
BCM

Business Continuity Management
OTS

Operational Technology Security

SDA

Analytics
TIP

Threat Intelligence Platform
UEBA

User and Entity Behavior Analytics
AD + ML

User and Entity Behavior Analysis

All products

SOT

Technology

SOAR

Security Orchestration, Automation and Response

NG SOAR

Next Generation SOAR

AM

Asset Management

VS

Vulnerability Scanner

VM

Vulnerability Management

FinCERT

Financial Computer Emergency Response Team

GovCERT

Government Computer Emergency Response Team

GRC

Processes

RM

Risk Management

ORM

Operational Risk Management

CM

Compliance Management

BCM

Business Continuity Management

OTS

Operational Technology Security

SDA

Analytics

TIP

Threat Intelligence Platform

UEBA

User and Entity Behavior Analytics

AD + ML

User and Entity Behavior Analysis
All products
Clients FAQ

IRP/SOAR by law. CII

IRP/SOAR by law. CII
25.10.2021


Ruslan Rakhmetov, Security Vision


I continue to familiarise you with the regulatory requirements related to the use of IRP/SOAR/SGRC systems. In this publication, we will consider the legislation in the context of ensuring information security of enterprises - critical information infrastructure (CII) objects.


Federal Law No. 187 of 26.07.2017 ‘On the security of critical information infrastructure of the Russian Federation’.


Article 6: Powers of the President of the Russian Federation and state authorities of the Russian Federation in the field of ensuring the security of critical information infrastructure.

...

4. Federal executive authority authorised in the field of ensuring the functioning of the state system of detection, prevention and elimination of consequences of computer attacks on information resources of the Russian Federation:

...

6) approves the procedure for informing the federal executive authority authorised to ensure the functioning of the state system for detecting, preventing and eliminating the consequences of computer attacks on information resources of the Russian Federation about computer incidents, responding to them, and taking measures to eliminate the consequences of computer attacks carried out against significant critical information infrastructure objects (in the banking sector and in other areas of the financial market, approves the said procedure).

...

Article 9: Rights and obligations of critical information infrastructure entities.

...

3. Critical information infrastructure entities that own, lease or otherwise legally own significant critical information infrastructure objects, along with fulfilment of the obligations stipulated in Part 2 of this Article, shall also be obliged:

...

3) respond to computer incidents in accordance with the procedure approved by the federal executive body authorised to ensure the functioning of the state system for detecting, preventing and eliminating the consequences of computer attacks on information resources of the Russian Federation, take measures to eliminate the consequences of computer attacks carried out against significant critical information infrastructure objects;

...

Order of the FSTEC of Russia No. 31 of 14.03.2014 ‘On Approval of the Requirements for Information Protection in Automated Control Systems for Production and Technological Processes at Critically Important Facilities, Potentially Hazardous Facilities, and Facilities Presenting an Increased Risk to Human Life and Health and the Environment’ (as amended by Order of the FSTEC of Russia No. 138).


16. Information protection during the operation of the automated control system shall be provided by the operator in accordance with the operational documentation for the protection system and organisational and administrative documents on information protection and shall include the following procedures:

...

Identification of and response to incidents during the operation of the automated control system;

...

control (monitoring) of ensuring the level of protection of the automated control system.

...

16.6 To identify and respond to incidents, the following shall be carried out:

- identification of persons responsible for detecting and responding to incidents;

- Detection and identification of incidents, including service failures, failures (reboots) in the operation of technical means, software and information protection means, violations of access control rules, unlawful actions to collect information, introduction of malicious computer programmes (viruses) and other events leading to the occurrence of incidents;

- timely informing those responsible for identifying and responding to incidents of the occurrence of incidents in the automated personnel management system;

- analysing incidents, including identifying the sources and causes of incidents, and assessing their consequences;

- planning and taking measures to eliminate incidents, including restoration of the automated management system in case of service failure or after failures, elimination of consequences of violation of access differentiation rules, unlawful actions to collect information, introduction of malicious computer programmes (viruses) and other events leading to incidents;

- planning and taking measures to prevent recurrence of incidents.


16.8 In the course of control (monitoring) over ensuring the level of security of the automated control system, the following shall be carried out:

- Control over security events and personnel actions in the automated control system;

...


Appendix No. 2 to Order No. 31 of the FSTEC of Russia.

V. Security Audit (AUD):

AUD.4 - Registration of security events

AUD.7 - Security Monitoring

AUD.8 - Response to failures in the registration of security events

XII. Computer Incident Response (CIR):

INC.0 - Develop a computer incident response policy

NRC.1 - Computer Incident Detection

CPI.2 - Reporting Computer Incidents

TOOL 3 - Computer Incident Analysis

INC.4 - Computer Incident Management

INC.5 - Taking measures to prevent computer incidents from recurring.

INC.6 - Storage and protection of information on computer incidents


Order of the FSTEC of Russia No. 235 of 21.12.2017 ‘On Approval of the Requirements for the Creation of Security Systems for Significant Objects of Critical Information Infrastructure of the Russian Federation and Ensuring their Operation’ as amended by Order of the FSTEC of Russia No. 64.


10. The head of the critical information infrastructure entity shall create or determine a structural unit responsible for ensuring the security of significant critical information infrastructure objects (hereinafter referred to as the security structural unit) or appoint individual employees responsible for ensuring the security of significant critical information infrastructure objects (hereinafter referred to as security specialists).


The structural security division, security specialists shall perform the following functions:

...

- respond to computer incidents in accordance with the procedure established in accordance with clause 6, part 4, article 6 of the Federal Law ‘On the Security of Critical Information Infrastructure of the Russian Federation’;

...


17. Software and hardware-software means used to ensure the security of significant critical information infrastructure objects include information protection means, including information protection means against unauthorised access (including those embedded in system-wide and application software), firewalls, means of intrusion (computer attack) detection (prevention), anti-virus protection means, means (systems) of security control (analysis), means of security event management, with


Order of the FSTEC of Russia No. 239 of 25.12.2017 ‘On Approval of Requirements for Ensuring Security of Significant Objects of Critical Information Infrastructure of the Russian Federation’ as amended by Orders of the FSTEC of Russia No. 138, No. 60, No. 35.


13. Ensuring security during the operation of a significant facility shall be carried out by the subject of critical information infrastructure in accordance with the operational documentation and organisational and administrative documents on the security of the significant facility and shall include the implementation of the following measures:

...

e) response to computer incidents in the course of operation of the significant object;

...

h) control over ensuring the security of the significant object.

...


13.3 In the course of management (administration) of the security subsystem of the significant object the following shall be performed:

...

f) monitoring and analysis of the registered security events (hereinafter referred to as security events) in the significant object;

...


22. The following organisational and technical measures shall be implemented in the significant object depending on its category of significance and threats to information security:

...

- response to information security incidents (ISI);

...


Annex to the Order of the FSTEC of Russia No. 239.

V. Security Audit (AUD):

AUD.4 - Registration of security events

AUD.7 - Security Monitoring

AUD.8 - Response to failures in security event registration

XII. Computer Incident Response (CIR):

INC.0 - Regulate computer incident response policies and procedures

NRC.1 - Computer Incident Detection

NRC.2 - Computer Incident Reporting

INC.3 - Computer Incident Analysis

INC.4 - Computer Incident Management

INC.5 - Taking measures to prevent computer incidents from recurring.

INC.6 - Storage and protection of information on computer incidents


Order of the Federal Security Service of the Russian Federation No. 196 dated 06.05.2019 ‘On Approval of the Requirements for the means designed to detect, prevent and eliminate the consequences of computer attacks and respond to computer incidents’.

III. Requirements for detection means


4. Detection tools shall have the following functions:

- collection and primary processing of events related to information security violation (hereinafter - IS events) coming from operating systems, intrusion detection tools, firewalls, data leak prevention tools, anti-virus software, telecommunication equipment, application services, security control (analysis) tools, telecommunication equipment and communication networks management tools, telecommunication equipment condition monitoring systems, service quality monitoring systems

- automatic analysis of IS events and detection of computer incidents;

- repeated analysis of previously registered IS events and detection of computer incidents not detected earlier on the basis of such analysis.


5. When collecting and primary processing of IS events, detection tools shall provide:

- remote and/or local collection of IS events;

- collection of IS events in a continuous mode of operation or on a scheduled basis, in case of loss of communication with the sources of IS events - immediately after its restoration;

- processing of incoming IS events and saving the results of their processing;

- storage of information on IS events, including in the original form;

- collection of information directly from IS event sources, from files or by means of agents located on separate IS event sources;

- in-built support of various IS event sources and the possibility to develop additional modules providing information acquisition from new IS event sources.


6. When performing automatic analysis of IS events and detection of computer incidents, detection tools shall provide:

- selection and filtering of IS events;

- identification of sequences of heterogeneous IS events that have a logical connection and may be significant for detecting possible information security breaches (correlation) and combining homogeneous data on IS events (aggregation);

- detection of computer incidents, registration of methods (ways) of their detection;

- possibility of correlation for IS events distributed by time and (or) place of occurrence;

- correlation capability for a sequence of IS events;

- ability to view and edit correlation rules, as well as update and download new rules;

- automatic prioritisation of IS events based on user-defined indicators.


7. When re-analysing previously recorded IS events and detecting previously undetected computer incidents on the basis of such analysis, detection tools shall ensure:

- Identification of links and dependencies between IS events registered within a specified time interval and newly available any additional information allowing to identify controlled information resources (hereinafter referred to as reference information);

- identification of links and dependencies between IS events registered within a specified time interval and new or changed methods (methods) of detecting computer incidents;

- identification of links and dependencies between IS events and previously obtained information about the monitored information resources and (or) the state of security;

- the possibility of customising the parameters of the analysis being performed;

- search for previously undetected computer incidents using new methods (ways) of detecting computer incidents;

- storage of aggregated IS events for at least six months.

...


V. Requirements to the means of liquidation of consequences


13. The consequence management tools shall have the following functions:

- recording and processing of computer incidents;

- management of computer incident response and consequence management processes;

- interaction with NCCI through the use of NCCI's technical infrastructure designed to send, receive, process and store notifications and requests as part of information interaction with critical information infrastructure entities, as well as with other bodies and organisations, including foreign and international ones, that are not critical information infrastructure entities;

- information and analytical support of users.


14. When recording and processing computer incidents, consequence management tools shall ensure:

- creation and modification of formalised descriptions (hereinafter referred to as a card) of computer incidents, determination of computer incident types, determination of the composition of card fields and requirements for their completion in accordance with the type of computer incident;

- automatic creation of a computer incident card based on a notification of a threat to information security or upon detection of an IS event that contains signs of computer attacks for controlled information resources;

- a record of the current stage of the computer incident response process (the stage of receiving a report of a computer incident, the stage of collecting initial information about a computer incident, the stage of localising a computer incident, the stage of collecting information for investigating a computer incident), depending on the type of computer incident;

- recording the assignment of hazard categories and (or) prioritisation of computer incidents based on the criteria specified by the values of the computer incident card fields;

- registration and accounting of computer incident cards;

- filtering, sorting and searching computer incident cards by card field values;

- merging computer incident cards based on the criteria applied to the card field values.


15. To ensure management of computer incident response and mitigation processes, mitigation tools shall provide:

- The ability to include in the computer incident card additional information related to the computer incident and registered in the process of responding to a computer incident and dealing with the consequences of a computer attack, including messages from users of controlled information resources, information on actions taken, and technical data necessary to investigate the circumstances of the computer incident;

- the ability to assign computer incident response instructions to a computer incident card and set rules for their applicability based on information about the computer incident;

- generation of electronic messages to organise interaction and coordination of actions of employees of a critical information infrastructure entity and (or) employees of an organisation engaged by the critical information infrastructure entity in accordance with the laws of the Russian Federation and carrying out licensed information protection activities, involved in responding to a computer incident and eliminating the consequences of a computer attack.


16. In co-operation with the NCCI, consequence management facilities shall ensure:

- automated exchange of information submitted to the state system of detection, prevention and consequence elimination of computer attacks on information resources of the Russian Federation, specified in paragraph 5 of the List of information submitted to the state system of detection, prevention and consequence elimination of computer attacks on information resources of the Russian Federation, approved by Order N 367 of the Federal Security Service of Russia dated 24 July 2018;

- accounting of computer incident cards in accordance with the NCCI identification.


17. When carrying out information and analytical support, mitigation tools shall ensure the formation of data samples based on the values of the fields of computer incident cards, notifications of current information security threats and reference information.


Order of the Federal Security Service of the Russian Federation No. 367 dated 24.07.2018 ‘On Approval of the List of Information to be Submitted to the State System for Detection, Prevention and Elimination of Consequences of Computer Attacks on Information Resources of the Russian Federation and the Procedure for Submission of Information to the State System for Detection, Prevention and Elimination of Consequences of Computer Attacks on Information Resources of the Russian Federation’.


Appendix No. 1 to Order No. 367 of the Federal Security Service of the Russian Federation.


List of information to be submitted to the state system of detection, prevention and elimination of consequences of computer attacks on information resources of the Russian Federation.

...

5. Information on computer incidents related to the functioning of critical information infrastructure objects:

- date, time, location or geographic location of the critical information infrastructure object where the computer incident occurred;

- the existence of a causal link between the computer incident and a computer attack;

- connection with other computer incidents (if any);

- the composition of technical parameters of the computer incident;

- the consequences of the computer incident.


6. Other information in the area of detection, prevention and mitigation of computer attacks and response to computer incidents provided by critical information infrastructure entities and other bodies and organisations, including foreign and international ones, that are not critical information infrastructure entities.


Appendix No. 2 to Order No. 367 of the Federal Security Service of the Russian Federation.


3 The information specified in paragraph 5 of the List is submitted by critical information infrastructure entities to GOSSOPCA by sending it to NCCI in accordance with the formats determined by NCCI using the technical infrastructure of NCCI designed for sending, receiving, processing and storing notifications and requests within the framework of information interaction with critical information infrastructure entities, as well as with other bodies and organisations that are not critical information infrastructure entities, including foreign and international organisations.

...

5. The information specified in paragraph 5 of the List shall be sent by the critical information infrastructure entity to the NCCI no later than 24 hours from the moment of detection of a computer incident.

...

8. If there is a connection to the technical infrastructure of NCCI, the information specified in paragraph 6 of the List shall be sent through the use of this infrastructure.


9. The information specified in paragraph 6 of the List shall be submitted to GOSSOPCA within a timeframe sufficient for timely measures to detect, prevent and eliminate the consequences of computer attacks and respond to computer incidents.


Order of the Federal Security Service of the Russian Federation No. 368 dd. 24.07.2018 ‘On Approval of the Procedure for the Exchange of Information on Computer Incidents between the subjects of the critical information infrastructure of the Russian Federation, between the subjects of the critical information infrastructure of the Russian Federation and authorised bodies of foreign states, international, international non-governmental organisations and foreign organisations carrying out activities in the field of computer incident response, and the Procedure for Receipt by the subjects of critical information infrastructure of the Russian Federation of information on computer incidents’.

Appendix No. 1 to Order No. 368.


4 Information on computer incidents shall be exchanged by critical information infrastructure entities by means of mutual notifications in accordance with the formats for the submission of information on computer incidents to the State system for the detection, prevention and elimination of the consequences of computer attacks on information resources of the Russian Federation (hereinafter referred to as GOSSOPKA) and the composition of the technical parameters of a computer incident to be specified when submitting information to GOSSOPKA, as determined by the National Coordinating Committee of the Russian Federation.

...

6. If there is a connection to the technical infrastructure of NCCI designed for sending, receiving, processing and storing notifications and requests within the framework of information interaction with critical information infrastructure entities, as well as with other bodies and organisations, including foreign and international ones, that are not critical information infrastructure entities (hereinafter referred to as the technical infrastructure of NCCI), notifications and requests are sent through the use of this infrastructure.

...

8. Simultaneously with sending information on computer incidents within the framework of exchange, the subjects of critical information infrastructure inform NCCI about it.


9. Informing in accordance with paragraph 8 of this Procedure shall be carried out by critical information infrastructure entities using the technical infrastructure of NCCI in accordance with the formats for submitting information on computer incidents to GOSOPCA and the composition of the technical parameters of a computer incident to be specified when submitting information to GOSOPCA, as determined by NCCI.


Order of the Federal Security Service of the Russian Federation No. 282 dd. 19.06.2019 ‘On Approval of the Procedure for Informing the Federal Security Service of the Russian Federation about Computer Incidents, Response to Computer Incidents, and Taking Measures to Eliminate the Consequences of Computer Attacks Conducted against Significant Objects of the Critical Information Infrastructure of the Russian Federation’.


Annex to the Order of the Federal Security Service of the Russian Federation No. 282.

2. Critical information infrastructure subjects shall inform the FSS of Russia of all computer incidents related to the operation of critical information infrastructure objects owned, leased or otherwise legally owned by them. 3.


(3) Informing shall be carried out by sending information to the National Computer Incident Coordination Centre (hereinafter referred to as NCCIC) in accordance with the formats for submission of information on computer incidents to the state system for detection, prevention and elimination of consequences of computer attacks on information resources of the Russian Federation, using the technical infrastructure of the NCCIC designed for sending, receiving, processing and storing notifications and requests within the framework of the information system of the FSC of the Russian Federation. 4.


4 Information on a computer incident related to the operation of a significant critical information infrastructure object is sent by a critical information infrastructure entity to NCCI no later than 3 hours after the computer incident is detected, and for other critical information infrastructure objects no later than 24 hours after it is detected.


5. If a computer incident is related to the operation of a critical information infrastructure facility owned, leased or otherwise legally owned by a critical information infrastructure entity operating in the banking sector and other areas of the financial market, information on the computer incident shall also be sent to the Bank of Russia using the technical infrastructure of the Bank of Russia within the time limits set forth in paragraph 4 of this Procedure.

...

11. A critical information infrastructure entity that owns, leases or otherwise legally owns significant critical information infrastructure facilities shall, in the course of responding to computer incidents and taking measures to eliminate the consequences of computer attacks, carry out:

- Analysing computer incidents (including determining the priority of response to them), establishing their connection with computer attacks;

...

14. A critical information infrastructure entity that owns, leases or otherwise legally owns significant critical information infrastructure objects shall inform NCCI about the results of measures to respond to computer incidents and take measures to eliminate the consequences of computer attacks no later than 48 hours after the completion of such measures in accordance with paragraph 3 of this Procedure.


Critical information infrastructure entities that own, lease or otherwise legally own significant critical information infrastructure facilities operating in the banking sector and other areas of the financial market shall, along with the NCCCI, inform the Bank of Russia of the results of measures to respond to computer incidents and take measures to eliminate the consequences of computer attacks no later than 48 hours after the completion of such measures in accordance with paragraph 5 of this Procedure.

Recommended

Why and how to build data networks
Why and how to build data networks
information security

16.10.2023

Review of NIST Publication SP 800-215 "Guide to a Secure Enterprise Network Landscape"
Review of NIST Publication SP 800-215 "Guide to a Secure Enterprise Network Landscape"
information security

24.10.2022

Vulnerabilities
Vulnerabilities
information security

04.03.2024

Bespoke hacking: who does it and why, what is most often hacked
Bespoke hacking: who does it and why, what is most often hacked
information security

12.11.2024

Overview of information security tools: users and data
Overview of information security tools: users and data
information security IRP SOAR

19.09.2022

SIEM - Security Information and Event Management
SIEM - Security Information and Event Management
information security SIEM

05.12.2022

MITRE publication ‘11 Strategies for a World-Class SOC Centre’. Strategy #11 ‘Increase Efficiency by Expanding SOC Functionality’
MITRE publication ‘11 Strategies for a World-Class SOC Centre’. Strategy #11 ‘Increase Efficiency by Expanding SOC Functionality’
information security SOC MITRE

17.07.2023

A summary of NIST's special publications on information security. Part 2
A summary of NIST's special publications on information security. Part 2
information security

27.12.2021

The ethical hacker and his role in security
The ethical hacker and his role in security
information security

13.11.2023

Measuring the effectiveness of cybersecurity processes. IS metrics. Part 2
Measuring the effectiveness of cybersecurity processes. IS metrics. Part 2
information security

19.07.2021

Information interaction with the Bank of Russia's FinCERT API via API
Information interaction with the Bank of Russia's FinCERT API via API
information security

20.09.2021

Who are these agents of yours, or how to follow a large closed circuit
Who are these agents of yours, or how to follow a large closed circuit
information security SOC SIEM

04.07.2024

Recommended

Why and how to build data networks
information security

16.10.2023

Why and how to build data networks
Review of NIST Publication SP 800-215 "Guide to a Secure Enterprise Network Landscape"
information security

24.10.2022

Review of NIST Publication SP 800-215 "Guide to a Secure Enterprise Network Landscape"
Vulnerabilities
information security

04.03.2024

Vulnerabilities
Bespoke hacking: who does it and why, what is most often hacked
information security

12.11.2024

Bespoke hacking: who does it and why, what is most often hacked
Overview of information security tools: users and data
information security IRP SOAR

19.09.2022

Overview of information security tools: users and data
SIEM - Security Information and Event Management
information security SIEM

05.12.2022

SIEM - Security Information and Event Management
MITRE publication ‘11 Strategies for a World-Class SOC Centre’. Strategy #11 ‘Increase Efficiency by Expanding SOC Functionality’
information security SOC MITRE

17.07.2023

MITRE publication ‘11 Strategies for a World-Class SOC Centre’. Strategy #11 ‘Increase Efficiency by Expanding SOC Functionality’
A summary of NIST's special publications on information security. Part 2
information security

27.12.2021

A summary of NIST's special publications on information security. Part 2
The ethical hacker and his role in security
information security

13.11.2023

The ethical hacker and his role in security
Measuring the effectiveness of cybersecurity processes. IS metrics. Part 2
information security

19.07.2021

Measuring the effectiveness of cybersecurity processes. IS metrics. Part 2
Information interaction with the Bank of Russia's FinCERT API via API
information security

20.09.2021

Information interaction with the Bank of Russia's FinCERT API via API
Who are these agents of yours, or how to follow a large closed circuit
information security SOC SIEM

04.07.2024

Who are these agents of yours, or how to follow a large closed circuit

Other articles

Internet of Things and security
Internet of Things and security
information security

22.07.2024

MITRE publication ‘11 Strategies for a World-Class SOC Centre’. Strategy #11 ‘Increase Efficiency by Expanding SOC Functionality’
MITRE publication ‘11 Strategies for a World-Class SOC Centre’. Strategy #11 ‘Increase Efficiency by Expanding SOC Functionality’
information security SOC MITRE

17.07.2023

IRP/SOAR by law. Finance
IRP/SOAR by law. Finance
information security

18.10.2021

Cyberhygiene: 15 healthy habits for living with information
Cyberhygiene: 15 healthy habits for living with information
information security

09.01.2023

Review of the publication NIST SP 800-218 "Secure Software Development Framework (SSDF) Version 1.1: Recommendations for Mitigating the Risk of Software Vulnerabilities"
Review of the publication NIST SP 800-218 "Secure Software Development Framework (SSDF) Version 1.1: Recommendations for Mitigating the Risk of Software Vulnerabilities"
information security

15.02.2022

MITRE publication ‘11 Strategies for a World-Class SOC Centre’. Strategy #9 ‘Communicate, Interact, Share Information’
MITRE publication ‘11 Strategies for a World-Class SOC Centre’. Strategy #9 ‘Communicate, Interact, Share Information’
information security SOC MITRE

04.07.2023

Security automation with the MITRE matrix variety
Security automation with the MITRE matrix variety
information security SOAR SOC

11.09.2023

Security Vision's ‘Chips’: working together
Security Vision's ‘Chips’: working together
information security

06.02.2023

SSDL: Know your opensource vendor by sight and more
SSDL: Know your opensource vendor by sight and more
information security

23.05.2024

Other articles

Internet of Things and security
information security

22.07.2024

Internet of Things and security
MITRE publication ‘11 Strategies for a World-Class SOC Centre’. Strategy #11 ‘Increase Efficiency by Expanding SOC Functionality’
information security SOC MITRE

17.07.2023

MITRE publication ‘11 Strategies for a World-Class SOC Centre’. Strategy #11 ‘Increase Efficiency by Expanding SOC Functionality’
IRP/SOAR by law. Finance
information security

18.10.2021

IRP/SOAR by law. Finance
Cyberhygiene: 15 healthy habits for living with information
information security

09.01.2023

Cyberhygiene: 15 healthy habits for living with information
Review of the publication NIST SP 800-218 "Secure Software Development Framework (SSDF) Version 1.1: Recommendations for Mitigating the Risk of Software Vulnerabilities"
information security

15.02.2022

Review of the publication NIST SP 800-218 "Secure Software Development Framework (SSDF) Version 1.1: Recommendations for Mitigating the Risk of Software Vulnerabilities"
MITRE publication ‘11 Strategies for a World-Class SOC Centre’. Strategy #9 ‘Communicate, Interact, Share Information’
information security SOC MITRE

04.07.2023

MITRE publication ‘11 Strategies for a World-Class SOC Centre’. Strategy #9 ‘Communicate, Interact, Share Information’
Security automation with the MITRE matrix variety
information security SOAR SOC

11.09.2023

Security automation with the MITRE matrix variety
Security Vision's ‘Chips’: working together
information security

06.02.2023

Security Vision's ‘Chips’: working together
SSDL: Know your opensource vendor by sight and more
information security

23.05.2024

SSDL: Know your opensource vendor by sight and more

This website uses cookies to ensure you get the best experience.