Building a Cybersecurity Framework 

Thanks so much for all the kind words! I’m so glad to hear that these videos have been helpful! Feedback like yours is what makes it all worthwhile

As someone also pivoting from a non IT background myself, do you have any tips or pointers for me? I'm looking to get into networking and later, cloud computing

I’m so glad to hear that you got that from it!

Glad it was helpful!

What do you mean exactly by “synched” ? Can you elaborate a little bit?

I never heard so much no sense coming from someone about security

1) systems fail. Even the security systems that are meant to protect against unauthorized access, so nothing will ever provide complete protection. 2) syncing clocks has problems too because they can also have drift over time. FIDO passkeys are a better solution for user authentication because they don’t require this. I have two videos on the channel about this

As 2. First, have you checked your cell phone's clock to see how accurate it is? As using this method, the advantages are 1 it does not require any new hardware. For example, any computer system can implement this method (software update) to authenticate between them without any human intervention, additional hardware, or other system assistence 2 Nothing is parmanent. Unlike passkey, it may require your thumb, facial recognition, which doesn't change at all and can be compromised. This method uses sync clock and mathmatic array to generate a new token. The clock does not need to be the same as standard UTC and it can run faster or slower than the standard clock speed. The method array can have trillions entris that it is very hard to guess which entry will be used next time to generate a new token. 3 It is impossible to use historical data to guess the new token as both clock and methed are changing. The re-play method will not work. 4 Disgruntled empolyee (especially, from the provider) can't steal useful informatio and sell it on the dark website As for 1. We can work to build a system that is safer.

It means the clocks are the same. Check your cellphone's clock. It is synchronized with the cell tower. If you are in Microsoft AD, your PC clock is synced with PDC. NTP protocol can be used to sync the clock.

Glad you liked it!

I’m so glad to hear that you liked it! Thanks for subscribing!

So glad you liked it!

It is Security Information and Event Management. A quick online search would show that. It also makes sense because a SIEM collects information and correlates those to create events. A SIEM usually does not determine or manage incidents. The analyst does that based on events reported by the SIEM.

Glad you liked the video! Try googling “what does SIEM stand for” and I think you’ll see it’s “information” not “incident.” Gartner and all the vendors in the space define it that way

It's security information and Event Management

Thanks! There’s a lot of great work by NIST and I’m not able to cover all of it but I’m glad this helped

Just don’t ask for a refund 😂😂😂 but seriously, I’m glad you like them!

@@jeffcrumeLoL . It’s much worth than paid one

I’m glad you liked it. Good suggestion

Thanks so much!

You are very kind to say so!

Glad you liked the video … in spite of the scary ending 😊

Thanks so much for the great feedback!

Thanks so much!

Thanks for watching!

Glad you liked it!

Thanks for watching!

Thanks!

I did write a book called “What Hackers Don’t Want You to Know” but it’s 24 years old now and isn’t specific to architecture. I do have a 10-part architecture series here on the channel, though, that you might want to check out

Great question! 800-53 is more detailed and prescriptive whereas CSF is more high level and suggestive. 800-171 is specifically for contractors and subcontractors of the federal government. ISO is more similar to 800-53 whereas HIPAA and PCI are industry specific regulations with detailed requirements and certifications. They are all trying to improve security but come from different sources and carry different weights in terms of specifics and enforcement

Thanks for the reply Jeff appreciate it. For the frameworks listed, is there one that if a company with a lot of different regulated data could adopt which would then map across all the requirements?

Thanks for watching!

Thanks so much for saying so!

I’m glad you liked it! No cert that I’m aware of for this. It’s more DEscriptive than PREscriptive.

Glad you liked it. Sorry for the misstatement. Hopefully, the important content is still conveyed

Thanks so much for watching!

I’m glad you liked it!

saar

I’m teaching a class this semester at North Carolina State University that I call “Secure Thinking: Issues in Cybersecurity and Privacy”

Much love back to Nigeria!

Thanks for the suggestion!

Maybe if it rains enough while you are cooking outdoors, it will prevent your rice from burning! 😊

Thanks so much! Actually I do teach at North Carolina State University, although my students may wish I didn’t 😂

Your zero trust concept ideas were most helpful. Transfer to UNC, you’ll like our teams too

Thanks so much!

Believe me, they already know. That’s why they are so successful. I’m just trying to level the playing field and take back some of the advantage

Thank you for saying so!

Thanks so much for the great feedback! More to come!