Tutcyber

ITIL is a best practice framework that has been drawn from both the public and private sectors internationally It describes how IT resources should be organized to deliver Business value. It models how to document processes,functions and roles of IT S…

Active Directory Groups Security groups are used to collect user accounts,computer accounts and other groups into manageable units. 1. For Active Directory,there are two types of administrative responsible: Service Administrators. Data Administrators.…

Separate administrator account from user accounts. Privilege account: Allocate administrator accounts to perform the following administrative duties only.    1.Minimum: Create separate accounts for domain administrators,enterprise administrators or th…

Endpoint protection management is a policy-based approach to network security that requires endpoint devices to comply with specific criteria before they are granted access to network resources. Endpoint security management systems,which can be purcha…

It was introduced in 2004 by American Express,Discover,MasterCard, and Visa in response to security breaches and financial losses within the credit card industry. Since 2006 the standard has been financial losses maintained by the PCI standards counci…

Why SOC Reports? Some industry require SOC2 or local compliance audit. Many organizations who know compliance, know SOC2 Type 2  consider it a stronger statement of operational effectiveness than ISO 27001 (Continuous Testing). Many organization's…

Computer Fraud and Abuse Act (CFAA) The computer Fraud and Abuse Act is a US cyber security bill that was enacted in 1984. Federal Information Security Management Act of 2002 ( FISMA ) Federal Information Security Modernization Act of 2014 ( FISMA 201…

Security Event An event on a system or network detected by a security device or application. Security Attack A security event that has been identified by correlation and analytics tools as malicious activity that is attempting to collect,disrupt,deny,…