Recommended Book:Enterprise Cybersecurity

I was positively surprised about this book “Enterprise Cybersecurity“, and I can happily recommend it to anyone working with security management. There are more than one way to do the things, and this book is showing one alternative way on how to connect the dots between different concepts in cybersecurity.

Enterprise cybersecurity

  • Title: Enterprise Cybersecurity
  • Author : Donaldson, S., Siegel, S., Williams, C.K., Aslam, A.
  • Publisher: Apress
  • Date: 2015
  • Number of pages: 490
  • Overview
    • Book is showing a holistic view on the cybersecurity, and is able to do it in a good guiding way.
  • Evaluation
    • I like the presentation thread in the first 4 chapters:
      • New Cybersecurity Mindset Figure 1-8
      • Effective Enterprise Cybersecurity Program Figure 1-9
      • Effective cyberdefense framework Figure 2-1
      • Cybersecurity Process Figure 2-3
      • Risk Management Process Figure 2-4, 2-5
      • Cybersecurity Controls Figure 2-7, 2-8
      • Enterprise Cybersecurity Architecture Figure 2-12
        • 11 functional areas:
        • Systems Administration
        • Network Security
        • Application Security
        • Endpoint, Server, and Device Security
        • Identity, Authentication, and Access Management
        • Data Protection and Cryptography
        • Monitoring, Vulnerability, and Patch Management
        • High Availability, Disaster Recovery, and Physical Protection
        • Incident Response
        • Asset Management and Supply Chain
        • Policy, Audit, E-Discovery, and Training
      • Defining Security Scopes Figure 4-3
      • Eight Types of Security Scopes Figure 4-4
      • Security Scopes for the Typical Enterprise Figure 4-7
      • Selecting Security Controls Figure 4-8
      • Selecting Security Capabilities Figure 4-9
      • Selecting Security Technologies Figure 4-10
      • Considering Security Effectiveness Figure 4-11
    • Even though there are several references to NIST framework, it is still used as part of the bigger program, and would not restrict to use any other framework as a base.

    Contents

    • Part I: The Cybersecurity Challenge
      • Chapter 1: Defining the Cybersecurity Challenge
      • Chapter 2: Meeting the Cybersecurity Challenge
    • Part II: A New Enterprise Cybersecurity Architecture
      • Chapter 3: Enterprise Cybersecurity Architecture
      • Chapter 4: Implementing Enterprise Cybersecurity
      • Chapter 5: Operating Enterprise Cybersecurity
      • Chapter 6: Enterprise Cybersecurity and the Cloud
      • Chapter 7: Enterprise Cybersecurity for Mobile and BYOD
    • Part III: The Art of Cyberdefense
      • Chapter 8: Building an Effective Defense
      • Chapter 9: Responding to Incidents
      • Chapter 10: Managing a Cybersecurity Crisis
    • Part IV: Enterprise Cyberdefense Assessment
      • Chapter 11: Assessing Enterprise Cybersecurity
      • Chapter 12: Measuring a Cybersecurity Program
      • Chapter 13: Mapping Against Cybersecurity Frameworks
    • Part V: Enterprise Cybersecurity Program
      • Chapter 14: Managing an Enterprise Cybersecurity Program
      • Chapter 15: Looking to the Future
    • Part VI: Appendices
      • Appendix A: Common Cyberattacks
      • Appendix B: Cybersecurity Frameworks
      • Appendix C: Enterprise Cybersecurity Capabilities
      • Appendix D: Sample Cybersecurity Policy
      • Appendix E: Cybersecurity Operational Processes
      • Appendix F: Object Measurement
      • Appendix G: Cybersecurity Capability Value Scales
      • Appendix H: Cybersecurity Sample Assessment
      • Appendix I: Network Segmentation
    Posted in Cybersecurity, ICT Books, ICT Leadership and Management, Risk Management, Security Management | Comments Off

    Six Thinking Hats, a method to talk about ideas, problems and challenges

    Six Thinking Hats method can be useful when taking a discussion/workshop with several participants and at the same time you want to make sure that you will get some concrete results out of the session. This method nicely gives a structured approach on how to run the session, instead of letting participants to go from one extreme into another.

    To get a quick introduction, I highly recommend to see one of the following videos:

    The picture below is from the first video.

    sixthinkinghats01

    A concrete example is available here, and a powerpoint template is here.

    How the session could look like, in which order to use the hats etc, then one could have a look here. With some examples:

    First ideas:

    • blue – definition of subject
    • white – ready knowledge
    • green – generating ideas

    Problem Solving:

    • blue – definition of problem
    • white – available info
    • green – possible solutions
    • yellow – reality check solutions
    • black – weak points solutions
    • white – connect to info
    • blue – draw conclusion

    Decision Making:

    • blue – topic of decision
    • green – offer alternatives
    • white – factual situation
    • yellow – suitability alternatives
    • black – un-suitability alternatives
    • red – making the decision
    • black – assessing decision
    Posted in ICT Leadership and Management, ICT Training and Courses, Innovation and new tech, Personal Development, Security Management, Tips | Comments Off

    Tip: flip mirror can be handy for taking photos with telescope

    I recently purchased a flip mirror and I find it very usefull when trying to take photos with telescope. In this setup one can both view the target visually and take photos. It takes some time to get the camera and visual eyepiece adjusted, but after that is done, then one only need to flip (turn) the mirror.

    flipmirror1

    When using high magnification, then eyepiece projection is good way to achieve that. The picture below shows the 2 eyepieces that are needed in this kind of setup. Camera is connected on the left (not in picture).

    Eyepiece-projection-setup

     

    The photo below shows other ways to connect a camera to an eyepiece. They do work, but are not as practical as flip mirror with DSLR. It is also possible to combine these two, and use these adapter to flip mirror in place of DSLR …

    flipmirror2

    Links

    Posted in For Fun or Interest, Gadgets, Hobbies and Other Interests, Tips, Tools | Comments Off

    loosing weight by walking, the first 1 million steps

    With the help of an Activity tracker it might be easier to achieve your weight loosing goals. These trackers take care of the tedious work to log everything. Just place the activity tracker on your wrist, and start walking…

    This blog will show some real results, when using an activity tracker during the first 1 million steps.

    This huge number of steps came as pleasant surprise, and was a good milestone to write this blog. When buying the activity tracker, the intention was to loose weight; especially by walking.

    In this period of 1M steps, one could loose weight for about 7-8 kg, which is close to 1kg/week.

    The figure below shows the weight (kg) for the 56 days (close to 9 weeks).
    looseweightwalking1

    The figure below shows the number of steps for each of the 9 weeks.
    looseweightwalking2

    The figure below shows the estimated extra Calories (C = kcal), over BMR, for each of the 9 weeks. (The numbers are given by the activity tracker).
    looseweightwalking3

    Lessons learned:

    • One needs at least 2 different tracks: one for regular short walk (min 1h), and the other for longer exercise (min 2h).
      • If you can afford, then take the long track. It is more difficult to get started than to continue walking…
      • (in my case, my favorite tracks are short walk “1h15min” and long walk “2h35min”)
    • Don’t force the walking speed too much, the duration of walking is actually even more important as this is about fat burning and not competition
    • There is such a thing as limited speed of change (weigth loss), even if you walk a lot one day, you will not loose all weight in one day; the affect takes longer to adjust
    • Yes, you can eat. If you increase your exercise (walking), then there is less chance to get more weight. Yes, sometimes the weight jumps after party, but it is not permanent.
    • Yes, you can have day(s) without exercise as long as you try to maintain some routine and monitor that you don’t start to gain weight too much.
    • At the end, it is about routine and habits. Walk when you feel for it, it can clear your mind :-)

    About activity meter

    • the activity meter on the wrist is only the data collector. The collected data is synced with the server, and that location varies depending on company. Some persons might prefer to choose to select a manufacturer that keeps the exercise data in EU…
    • The estimated calories varies depending on if you have HR (heart rate) measurement active or not.
      • With HR active, it records more calories
    • the battery does not last “long” if you have HR, GPS or bluetooth active
      • bluetooth can be used if you install an android app

    Links

    Posted in DIY, For Fun or Interest, Gadgets, GPS, Hobbies and Other Interests, Tips | Comments Off

    Test, DIY tuning a piano key

    I promised to “have a look” on a piano that did not sound “right” any longer; not for some time. A piano tuning professional had said that he does not know any piano with this name.

    After opening the piano, it turned out that the manufacturer name is visible only in the inside, and that the outside name is something else. So no wonder the professional did not recognize this piano. I had already received the piano tuning key from a local music store, and as a good surprise one of the 3 key heads fit nicely to this piano, see photo below. In some pianos, there is an agraffe that is used to guide the strings (see the horizontal metal sheet).

    piano-tuning1

    After reading the instructions in the Links chapter, it finally was quite straight forward to tune one key.

    In this piano, each key, on the right hand side of the piano, are connected to 3 strings. Before tuning, it is good to check how much the keys are out of tune, for example with and android application like Pano Tuner. Then in the tuning process, you need to damp the other strings of the same key either by finger or by home made tool (like photo below).

    piano-tuning2

    As the first timer, it took considerable amount of time for this one key. Even though I did fine tune some other keys, it would be totally another effort to try to fine tune the whole piano. At the moment, it would be way too much, as that would require a lot of “time and effort”, and coffee breaks…

    Links

    Posted in Audio and Video, Basic Tools, DIY, For Fun or Interest, Hobbies and Other Interests, Piano, Tests, Tips, Tools | Comments Off

    DIY CRM: part 2 for personal task management

    This is continuation to DIY CRM: part 1 for a small team, where the MS Access was used as a simple tool to keep track of tasks or cases for a team.

    The same tool can be used for a simple personal task management or time management. It is focussing on maintaining the list and priority of the ongoing tasks, and this can be both work and private related. For added security, it is possible to encrypt the file (menu option File->Info). The figure below shows the main concepts.

    CRMpart2-001

    The screenshot below shows how 8 tasks could look like. Task 7 is opened, and in the details form one can select the details like Priority.

    CRMpart2-002

    About Priority

    The possible values of Priority are:

    • 1 Urgent, Important
    • 2 Important, less Urgent
    • 3 Urgent, less Important
    • 4 less Urgent, less Important

    If needed then these values can be modified. There are several articles about time management. As a reference, the picture shown in Wikipedia is used.

    Timemanagementmatrix

    “Task list report” (time management matrix)

    The screenshot below shows the new report called “priority matrix” in the Task list or “Task list by prio to print” if looking the reports listed in the left menu. In addition to tasks, one could also list here the main personal goals so that they are always visible (see task 8 below).

    CRMpart2-003-tasklist-fix1

    Files

    Posted in Anvanced Tools, Basic Tools, DIY, ICT Leadership and Management, Personal Development, Recommended Free Tools, Tests, Tips, Tools | Comments Off

    DIY CRM: part 1 for a small team

    MS Access is included in the MS Office set of tools. I was playing around with it, and discovered that it comes with several build-in templates for different tasks. One of the interesting template is “Customer service” template, that was close to what I have been looking for. The figure below shows how the original template Customer Service looks like.

    CRMpart1-001

    Even though the interface looks very technical, it is straight forward to use and one can stick into the main view “Case List”. Also it is possible to modify the file, and add additional data and reporting capabilities without any programming. The figure below shows the main concepts and what data fields was added in this DIY CRM.

    CRMpart1-002

    The screenshot below is after the modifications.

    CRMpart1-003

    I have created 2 new reports to cover those new data fields: “Open Cases 2″ and “Closed Cases 2″. And the 3 data fields “Company”, “Department” and “Functional Area” are included in the “Case Details” report. The list of values for “Priority” and “Category” can be changed. In this case, they are kept as in the original template. (I have also changed all the “dates” into “short form”; personal preference. You can easily modify this in the file.)

    Files

    • DIY CRM for small team
      • This zipped Access DB file comes with sample data. (You need to unzip before using it.)
    • link to Access 2016 runtime
      • If you don’t have Access then it is possible to try this out with runtime license. One can add new data, change existing data and delete the data.
      • About the sample data. One can delete lines with “Del” key. However, with runtime version it is not possible to see the all the tables, queries and reports, and therefore one cannot delete the existing “Call” data. Any modifications need to be done in a computer with the normal Access license.

    About Part 2

    In the part 2, the same access DB is further modified so that it could be used as personal task or time management tool.

    Posted in Basic Tools, DIY, ICT Leadership and Management, Tests, Tips, Tools | Comments Off