Security Awareness #1

by Lamaris Davis | Apr 15, 2020 | Security Awareness

What is security awareness?

Security awareness is a formal process for training and educating employees about IT protection.

What is a IT security awareness and training program?

IT security awareness and training explains the proper rules of behavior for the use of the organizations IT systems and information. A properly set up security awareness and training program will communicate IT security policies and procedures that need to be followed.

In my opinion, Organizations must set up functional security awareness and training programs because the lack of this program will create a vulnerability through employees.

Below are some guidelines for implementing a successful security awareness and training program:

1) Obtain C-level support

2) Partner with key departments

3) Be relevant

4) Measure success

5) Be the department of how

6) Incentivize awareness

7) Use a variety of awareness tools

This information was present on csoonline therefore please visit the reference website below to get additional information.

Reference

Winkler, Ira (2017). 7 elements of a successful security awareness program. Retrieved from https://www.csoonline.com/article/2133408/network-security-the-7-elements-of-a-successful-security-awareness-program.html on 04/15/2020

Cyber Threat Intelligence

by Lamaris Davis | Apr 15, 2020 | Uncategorized

Cyber Intelligence is very important!

Why is cyber intelligence important to companies?

Cyber threat intelligence helps organizations by giving them insights into the mechanisms and implications of threats, allowing them to build defense strategies and frameworks, and reduce their attack surface with the end goals of mitigating harm and protecting their network.

The main goal of cyber intelligence is to provide organizations a better understanding of what’s happening outside their network, giving them a better understanding of current cyber threats that threaten to cause their businesses harm.

Organizations that do not use cyber intelligence are more likely to be breached by a unknown source. Here are some cyber intellgence resources that companies can utilize to keep them better informed.

1) Department of Homeland Security: Automated Indicator Sharing

2) FBI: InfraGard Portal

3) SANS: Internet Storm Center

4) VirusTotal

5) Cisco: Talos Intelligence

There are many more sources out there but these will get you started.

Memory Forensics and Incident Response: Why it’s needed.

by Lamaris Davis | Apr 15, 2020 | Uncategorized

Memory forensics and why it’s so important to incident response

Memory Forensics is the process of analyzing volatile data living within a computer’s memory dump. Everything in the computer system move across RAM (Random Access Memory).

Processes and threads
Malware
Network Sockets, URLs, IP Address
Open Files
User – generated content
Passwords, caches, clipboards
Encryption Keys
Hardware and Software configuration
Windows registry keys and event logs

RAM handles communication and enables things to get done between the CPU, Operating system. There are big advantages to conducting memory analysis like identifying malicious software activitiy, analyzing and tracking recent activity on the system and also collecting evidence that cannot be found anywhere else (Super value).

As you can see, It will be very difficult for malicious actors to get away cleanly with so many foot prints left in memory.

Data Loss Prevention

by Lamaris Davis | Apr 15, 2020 | Uncategorized

Data Loss Prevention

What does data loss mean?

This can occur when your data is either been corrupted or loss. This can happen multiple ways like stolen by means of a malicious actor. Data loss can happen if you suddenly experience hardware failure, software error or as the result of human action.

How do you prevent data loss?

There are several ways you can prevent data loss within your organization. The number one thing you can do to prevent data loss is to make sure you regularly backup your data.

2) Set recovery point objectives – Creating a backup process is setting your RPO, as this establishes the time period in which transactions might be lost from an IT service due to a major incident.

3) Patch and update systems – Patching is something else that should be a crucial part of any business’s data loss prevention policy, regardless of whether you’re a small business with a handful of computers or an enterprise with a sprawling network of different machines.

4) Know when to upgrade systems – As a business owner, you must understand that nothing last forever and must be upgraded. You’ll need to upgrade systems and software before they get to the point of becoming unstable due to age.

Four simple steps will keep your business from losing data! Please reach out to me for assistance.

(more…)

My #GCFA Training and Exam Experience

by Lamaris Davis | Dec 30, 2019 | Uncategorized

Training Journey

What a long journey It was preparing to take the GIAC Certified Forensic Analyst (GCFA) exam. I purchased this training while still pursing my masters’ degree at East Carolina University this year. This was a mistake because you only have 4 months to complete OnDemand training and take the test. After graduating I was able to start training for the #GCFA exam. I was very surprised how advanced the course material was which blew my mind. I took the first practice exam in October 2019 and scored 45%, second practice was taken November 2019 and I scored 42% on that. Before the first practice test, I purchased two extensions ($389 apiece) and was granted a third due to hurricane here in NC over the summer. Three extensions (adding 45 days each time) gave me plenty of time to study and go through the material multiple times and I did. I purchased a third practice exam and took it and scored 52% on 12/15/2019. Exam day was set for 12/28/2019. I continued to study for the next two weeks

I would make sure that you tab your book heavily and put every single term, tool and artifact in your index. You will need to watch the training videos at least two times. I think that the instructor could have been a little clearer in his explanations. The video delivery software could be a little bit better. Do not be afraid to look outside the course for extra resources. In my opinion, doing the labs and tabbing your books would be more beneficial above anything. Know your tool output! Overall the information is packed into this course tightly.

Please make sure you study with all your ability because SANS training, exams (GIAC) and even practice exams are extremely pricey to purchase. It will not serve you well to rush through the material. My advice is to take your time and really learn the material. I encourage you to use all the study time you have to properly prepare for this exam. It doesn’t matter that the test is open book because between reading a question, looking at your index and possibly the book, you simply will not have a lot of time to do that on every question. The questions are not tricky. It’s either you know it or don’t. You need to know a great deal of the material in order to pass. You need to understand the windows OS well and you need to understand NTFS timestamps without looking this information up too much.

Exam Day Experience

I was feeling very confident even with the poor practice exam scores. I have built a pretty good index as I was instructed to do so by multiple people. I carried all of the SANS books along with the index and posters into the testing center. I was told that the posters were too big and couldn’t go into the room. I made the mistake of having the posters laminated. Some Advice here, wait to laminate the posters after testing with them. The exam was multiple choice and that do not make it any easier. Some of the questions presented on screen to me were jumbled up.

It’s very important to understand that the questions are not tricky, but some are not clear in what they are asking. Time was my enemy. I had to rush a lot of my answers therefore you must know your material with confidence. After months of studying, I still came up with a 61% (71% was the passing mark). I guess I did a lot better on the actual exam compared to the practice exams. The actual exam started off so well and because of that I’m not 100% sure what went wrong. I really feel the failure was due to rushing and trying to over verify a lot of the answers I chose. I took this exam and completed the training with no prior experience in digital forensics. With that being said, I still feel anyone can succeed at passing the exam and I’m sure the next time I will be successful in my endeavor!

Good luck to all!