We help IT Professionals succeed at work.

Cyber Security





The cyber security specialization covers the fundamental concepts underlying the construction of secure systems, from the hardware to the software to the human-computer interface, with the use of cryptography to secure interactions. cyber security focuses on protecting computers, networks, programs and data from unintended or unauthorized access, change, theft or destruction. This includes controlling physical access to the hardware, as well as protecting against the harm that may come via network access, data and code injection, and due to malpractice by operators, whether intentional, accidental, or due to them being tricked into deviating from secure procedures.

I am looking to develop a questionnaire to assess the current state of an organization so I can develop a plan to help the organization understand what do they need to do to implement an enterprise DLP program.   I have found the following information on the internet and have been using the steps below but have been unsuccessful with developing an appropriate questionnaire. Can you please suggest a sample or template I can use to perform a data loss prevention program gap analysis:

data loss prevention program implementation steps guide I am following: http://www.cyberradarsystems.com/gap-assessments/

1. Prioritize data. Not all data is equally critical. ...
2. Categorize (classify) the data. ...
3. Understand when data is at risk. ...
4. Monitor all data movement. ...
5. Communicate and develop controls. ...
6. Train employees and provide continuous guidance. ...
7. Roll Out.

Any information will be helpful and thanks in advance.
a leading 1-ERP cloud provider (one of those 3 like SAP, Oracle, MS)
has replied to us that they can't share the hardenings that they have
in place for their OS;  neither would they sign on the hardening
checklist as well as share the penetration test report.

What's typically the way from a customer's Cyber Governance that
we can do?  Ask for SOC2 report or which report which would have
certified that they have performed the required (CIS) hardening &
penetration testings?

Or we can still demand to sight the hardening settings & pentest
reports?  We are using their SaaS
I have a question about security when it comes to remote apps like TeamViewer. How secure is team viewer? Is the connection encrypted and how is it compared to if we were to VPN? What’s advisable in the area remoting into work
Our corporate have a batch of Samsung tablets designated
for specific use only.

It's going to take a while to identify a free MDM to control
these tablets so for time being, I'll need a checklist in terms
of cybersecurity & usage control (ie restrict to that app only).

The checklist will be used by our IT support when the
tablets are brought to them for installation/support &
the IT Support maydo quarterly checks manually by
referencing this checklist:

Offhand I can only think of the following, pls add on :

1. updates/patches are up-to-date
2. PlayStore app is not present (ie disabled/deinstalled)
     so that users can't install unnecessary apps
3. Only designated browser ie Chrome & one other
    & the app that we required for that designated use
    is present
4.   ...   ?

Also help recommend any free MDM that could
enforce the above checklist of items.
Just found a couple of Android charging apps that
prolong the phone's built-in battery but they either
require rooting or 3rd party battery:

Battery Charging Limit app:

Chargie app with external pwr bank:

However, I can't root my device as my corporate MDM will block it
while I find getting an external pwr bank rather unwieldy (besides
the cost).

Any other apps which don't require rooting or external hardware?
I am looking for examples of a configuration management plan that describes baseline security/applications/programs for workstations and servers. I have found lots of information on how to do this in a large company by using lots of people to hold lots of meetings and write lots of papers. I only have me. I'm looking for some generic example of what this would look like. Maybe it's writer's block. Key words would be NIST and cyber security.
I'm hoping you have come across something like this in the past.
We are subscribing to Teammate SaaS (that's hosted in AWS)
& our data to be hosted is deemed sensitive.

by default is data at rest encrypted by default (whether it's
default offering by AWS or by Teammate)?

Is backup offered by default (by Teammate or by AWS?) or
this is an optional item that we must subscribe/purchase

For data sovereignty purpose, can we specify to Teammate
(or is it AWS) that the data must be hosted in AWS DC in
the local country only & not 'synced' to overseas?
Anyone can point me to a good study material & model answers for
CIA (Certified Internal Auditor) examination?

Any free online sample test (with immediate answer) CBT will be
good too
Question from our legal department:
if our customers send us their personal particulars (eg:
NRIC, Social security number) via email, what's the best
practice out there in terms of
a) how long we retain the email?
b) after how long that we dont need it that we ought to
     purge/delete it away?
c) do we need to show evidence that it's been purged?
d) any other treatment of such customers' information?

Currently we are on O365
Given the turf wars between Firefox and Google over how they handle and display "secure" web sites, are EV SSL Certificates of any value any more?  

To the general public user that is; I know the CAs think they are of value!

The green bar of IE was nice in its day but that has long gone. A LetsEncrypt certificate site looks pretty much the same as an EV certificate site now to all intents and purposes. I mean, how many users are actually checking this - real world users that is, not us.

And are there any policies enforcable by anything that would prevent accessing a NON-EV certificated site?

We're installing IP cameras, yet to determine which model.

What are the cybersecurity measures we ought to take?

Any hardenings that can be done?  Any other cyber measures
to take?

Cameras to be connected to user VLANs or a totally dedicated
VLAN by itself or ??

The recorded videos will be archived to a server?  Encrypt it with
which encryption & any other handling methods?

Reckon IP cameras are treated as IOTs so in the event they need
to be connected to Internet, what further measures ought to be

Should we do a pentest using Tenable/nessus against it?  I recall
we ever did it with a PABX (which runs a custom RHEL & many of
the vulnerabilities of RHEL are applicable)
My insurance broker client, who sells policies via their e-commerce website, received an email from New York State Department of Financial Services (DFS) asserting a requirement that my client file a "Certification of Compliance" by February 15, 2020.

I've never heard of this before, nor has my client. The entity's website is www.dfs.ny.gov. I assume we must file as indicated, but I can't tell if this is something required only of businesses incorporated in NY State, which my client's company is not.

I'd be grateful to know if anyone here knows whether whether a response on my client's part is required. Following are the money quotes from the email:

"All regulated entities and licensed persons of the DFS were required to file an annual cybersecurity regulation Certification of Compliance under Part 500.  Although you did not file a Certification of Compliance this year, this is an early reminder that one is due by February 15, 2020.  If you are compliant with all sections of the Part 500 that apply to you by the end of the year, then please file your Certification in a timely manner.   If you do not file a Certification because you were not compliant with Part 500, then please keep appropriate documentation including any remedial plans....

"The Department will consider a failure to submit a Certification of Compliance as an indicator that the cybersecurity program of the Covered Entity has a substantive deficiency.  Any current or future deficiencies of Part 500 …
I'd like to obtain the ISO 27001 certification.  From my understanding this is an intermediate level security/audit certification.  Where exactly does one start?  For example training resources; who offers or sponsors this certification; it's costs, etc.  Any input towards this is greatly appreciated.  Thank you!
Dear all,

My laptop (Microsoft Windows 10,  Enterprise 2016 LTSB, Build 14393). It's a Dell Latitude and a bit old but was working OK. Lately, it has been slow and displays erratic behaviors (strange processes, pop ups, power Shell down based on Event viewer, will come back to this in a second). Besides the Falcon Sensor Free trial and a paid version of Symantec End point protection, I've run different scans such as ESET  Online Scan, Restoro, I have done that for days with no luck so I think it could be a bad Windows 10 version.

Today when I checked the USERS folder in C, there was a new user! and there were traces of strange events on the event  viewer including the log on of this user (DAU1-2106).

On the other hand, I was installing Visual studio yesterday when the "log on" happened, can Visual Studio create a new user during installation?

I also tried identifying the username of the SID by using the wmic command in cmd and it was not found to be in the domain.

Please let me know if it's safe to attach the files on here as they can contain sensitive information of my network and user names, etc.

Thank you very much and I will check back in a few minutes.

Kind Regards,
Our Enterprise Risk Mgmt wants to establish Cyber security KRI (Key Risk Indicators):
I think this is something that must be manageable (ie can be remediated) & measurable
so I suggested :
a) # of virus/malware outbreaks
b) Sev 1 & Sev 2 incidents for the month
c) patching metrics (how many servers & PCs & other devices : % patched)
d) any other ?

What about phishing?  I think this is something we can't control as the spammers
or phishers' activities can fluctuate wildly.   It's left to the email security tools &
user awareness.  Besides, I felt that each time a phishing test is conducted, the
results tend to vary widely.   In fact in 2017,  local monetary association organized
a sector-wide phishing test for 11 banks: you'll find the click rate can be from
3 to 27% :  so I beg to differ with the industry click-rate that Proofpoint provided
(I'll extract that article later)  which shows Transport sector's click-rate as 3-4%
lower than Defense/Government.  The figures can't represent anything as it
depends on how good is the phishing campaign.  Anyone care to comment?
Hi All,

In Mcafee EPO how can we identify the hash value of files and how to search and verify the malicious files with their hash values ?

Please advise

Best Regards,
Is blocking of Date of Birth, person's home addr & mobile telephone numbers a practice out there?
I think it's not feasible for Date of Birth  &  home address as they can come in countless formats:
1. dd/mm/yyyy
2. dd MMM YYYY
3. mm/dd/yyyy  : US format
4. yyyy-mm-dd
5. dd-MMM-YYYY

For mobile telephone numbers reckon, it's not something sensitive or is it??

Does O365 DLP function has capability to block Date of Birth??

Currently we use O365 to block NRIC  (sort of unique identification #) but
passport#  is something that varies for different countries & changes each
time the passport is renewed
We get an audit finding from one of the Big Four audit firms as follows:
"A study should be conducted to determine the granularity of the segmentation of end-users. Minimally,
  IT administrators should be in a separate network segment from the rest of the end-users."
"Inadequate network segmentation increases the ease and risk of lateral movement by cyber-
  attacks, if a server or device in the segment is compromised."

As sysadmins have "privileged" access to servers & compromise of their PCs will risk compromising
the servers in a 'privileged' way, we'll adopt the recommendation.

I'll need some good points/arguments to support our stand of not further segmenting each
departments from each other:

a) the main exposures are from "Internet surfing" & emails access (lots of malicious attachments,
    phishing, spam emails seen in email gateways) besides USB ports

b) all other users belong to same trust domain as they read emails & surf internet (yes, the
     sysadmins are encouraged to surf internet on PCs not used to surf Net & read emails)

c) for workstations used for Industrial Control Systems/Operations Tech, they don't have email
    access & Internet surfing &  have been rightfully segregated as per existing set-up

d) To prevent lateral attacks, EDR, AV & email security (forwarding of malicious emails to
     other colleagues) are in place with SIEM for detecting such events in the pipeline

e) if we were to segregate every departments (eg:…
How can I lower the Java Security Rules for internal networks only?

Currently our users are needing to manually enter an internal web address in their Java Exception list.  I have been charged with trying to make the process more automatic for our users.  Specifically to allow all URL's for internal web addresses to allow the Java Applet.

I did find a way to create an Exception list for the computer:  https://community.spiceworks.com/how_to/123766-java-site-exceptions-list-and-certificates-for-all-users

but, this option takes away the user's ability to have their own list or to add the web sites that they want and the list will be managed by the local administrator.  Equally important, if I used the above mentioned web page documentation then it will overwrite any Java exception list that the user already created.  We do not want to go that route.

Is there a way to allow internal web addresses to have a lower Java Security level then external web addresses?  TO actually allow Java to be run on those internal web url's.
Is there a technology related with Cybersecurity called Lawful Interception Solutions . If yes, what does this do ? Is it cloud based or on-prem. ? Which vendors has it etc .

Looking for basics to understand the concept and any links for me to move further .

Dear Ladies and Gentlemen

we need to find whether D-Link DWM-222 Dongles have any security vulnerability (with latest firmware update).
Do you know any? If not where should I start?

I'm trying to configure a rule in Cisco CES cloud platform the stops people masquerading as the CEO
for attempted Phishing. So on our previous FW we had if the mail has the sender as 'our ceo' but does not come from
our Domain, then drop. I can see where to configure this in the CES.
I have a question about ransomware.  If my computers C drive is already encrypted, is it still possible for ransomware to hold my computer hostage by encrypting files?  if we have office 365 and all the files are also backed up to the cloud through OneDrive, doesn’t that also create a level of protection?
IP conflict in 2 of 8 security cameras recently added of the OOSSXX type.  How to fix. All 8 are remotely viewable but the 2 conflicting cameras show the images shared and flipping between their two images. Windows 10 pro PCs and Apple in use. please advise easy, best way to resolve the IP conflicts. Thanks tons

My site has not stopped planting for a while.
I was advised to check my logs and I see that there is this IP 150.918 times in my logs from 00:00:07am to 12:36:01am

what do you advise me to do?

I added this Deny from to my .htaccess but ip continues to show...

Thank you for your advice,

Cyber Security





The cyber security specialization covers the fundamental concepts underlying the construction of secure systems, from the hardware to the software to the human-computer interface, with the use of cryptography to secure interactions. cyber security focuses on protecting computers, networks, programs and data from unintended or unauthorized access, change, theft or destruction. This includes controlling physical access to the hardware, as well as protecting against the harm that may come via network access, data and code injection, and due to malpractice by operators, whether intentional, accidental, or due to them being tricked into deviating from secure procedures.