How to configure a SSL-VPN with certificate authentication on a FortigateThis guide details the steps to configure an SSL VPN with certificate authentication on a Fortigate device, using OPENSSL to generate the necessary CA and certificates. Key steps include generating a root certificate, creating server and client certificate signing requests (CSRs), signing the CSRs, and importing the certificates into the Fortigate. The guide also covers configuring PKI users, SSL-VPN settings, and troubleshooting commands.
4 tabletop exercises every security team should run | CSO OnlineSecurity teams should run tabletop exercises to prepare for ransomware, third-party risks, insider threats, and distributed denial-of-service (DDoS) attacks. These exercises help identify vulnerabilities, improve response strategies, and ensure compliance with regulatory requirements. Key questions for each scenario include data encryption, partner vetting, insider threat detection, and DDoS mitigation plans. Regularly conducting these exercises with relevant stakeholders, including legal and communications teams, enhances overall cybersecurity readiness.
SOC2 – IndexThis document provides information about SOC2, including objectives related to privacy, controls per TugboatLogic, types of SOC2 reports, SSAE 18, management insights, additional frameworks, and references. SOC2 focuses on controls and policies related to access control, security operations, risk management, business continuity, organization and management, asset management, information and communications, audit and compliance, data security, SDLC security, and continuous compliance. It is important for service organizations to comply with SOC2 requirements to ensure the security and privacy of data.
Guidelines for secure AI system development - NCSC.GOV.UKThese guidelines provide recommendations for secure AI system development, covering secure design, development, deployment, and operation. They emphasize the importance of security throughout the system's life cycle and align with established practices from the NCSC, NIST, and CISA. Key priorities include taking ownership of security outcomes, transparency, accountability, and making secure design a top business priority.
Incident Response Plan: Frameworks and Steps - CrowdStrikeThis document discusses incident response frameworks and steps, specifically focusing on the frameworks developed by NIST and SANS. It compares the two frameworks and highlights the importance of preparation in incident response. The document also emphasizes the need for defining the CSIRT, developing and updating a plan, acquiring and maintaining the proper infrastructure and tools, improving skills and supporting training, and possessing up-to-date threat intelligence capabilities. It further explains the steps of detection and analysis, containment, eradication, and recovery, as well as post-incident activities. The document concludes by mentioning CrowdStrike's incident response services and providing information about the author.
Cross-Sector Cybersecurity Performance Goals | CISACISA's Cybersecurity Performance Goals (CPGs) are a set of voluntary practices aimed at reducing risks to critical infrastructure and the American people. These goals serve as a benchmark for measuring and improving cybersecurity maturity, provide recommended practices for IT and OT owners, and align with NIST's Cybersecurity Framework functions.