Security / incident response Dark mode Building a CSIRT: Incident Response Team Roles A Computer Security Incident Response Team, or CSIRT, is the group that runs the response when an incident is declared. It is not a single department. It is a cross-functional team that pulls in technical, legal, communications, and executive roles, each with […]
Security / incident response Dark mode The Incident Response Lifecycle: 6 Steps Most security incidents follow the same arc, and so does a good response. The incident response lifecycle breaks that response into six phases, from the work you do before anything happens to the review you do after it is over. The first letters […]
Security / incident response Dark mode How to Build an Incident Response Plan An incident response plan is the document that tells your organization exactly what to do when a security incident hits. Its real job is to remove improvisation from the worst hour of your year, so the people responding follow a process they […]
Security / what is infosec Dark mode Types of Security Controls: Categories and Functions Security controls are the safeguards you put in place to reduce risk. There are a lot of them, but they sort cleanly along two axes: how a control is implemented, and what it is meant to do. Understanding both is the […]
Security / what is infosec Dark mode What Is Defense in Depth? Layered Security Explained Defense in depth is the practice of layering multiple, overlapping security controls so that if one fails, another still protects the asset. It is one of the oldest and most widely used ideas in security, borrowed from how castles were […]
Security / what is infosec Dark mode Information Security vs Cybersecurity: What Is the Difference? People use information security and cybersecurity as if they mean the same thing. They are closely related, and they share the same goal of protecting an organization from harm, but they are not identical in scope. InfoSec vs CyberScopeOverlapCompared4 min […]
Security / what is infosec Dark mode What Is Information Security? The CIA Triad and Core Concepts Information security is the practice of designing, implementing, and managing programs that protect an organization’s sensitive assets from threats. It is not a single tool or a one-time project. It is an ongoing discipline that spans people, processes, […]
Security / frameworks explained Dark mode NIST CSF vs ISO 27001: What Is the Difference? NIST CSF 2.0 and ISO 27001 are two of the more widely referenced security frameworks, and teams often treat them as rivals. They are not. They solve overlapping problems in different ways, and many organizations use both. NIST CSF vs […]
Security / frameworks explained Dark mode What Is MITRE ATT&CK? Tactics, Techniques, and the Matrix MITRE ATT&CK is a curated knowledge base of how real adversaries behave. It catalogs the tactics and techniques attackers use across the phases of an intrusion, based on observations of actual attacks rather than theory. MITRE ATT&CK14 TacticsEnterprise / Mobile […]
Security / frameworks explained Dark mode What Are the CIS Controls? The CIS Critical Security Controls v8.1 The CIS Critical Security Controls are a prioritized set of actions that defend against the cyberattacks that actually happen. They began as a grassroots effort to study real-world attacks and turn that knowledge into constructive action for defenders, […]