براي توسعه نرم افزار
از شروع طراحي بايد امنيت را دخيل كرد،
تا سطوح ريسك به حداقل برسد.
از استاندارد ها و بهروش هاي بين المللي چقدر در اين موضوع بهره ميبريد.
- بروز باشيد -
آگاهي رساني امنيت سايبري
@CisoasaService
98.08.16
از شروع طراحي بايد امنيت را دخيل كرد،
تا سطوح ريسك به حداقل برسد.
از استاندارد ها و بهروش هاي بين المللي چقدر در اين موضوع بهره ميبريد.
- بروز باشيد -
آگاهي رساني امنيت سايبري
@CisoasaService
98.08.16
https://mega.nz/#F!3hcVHSSJ!gz4G5wtQxM18ZV85WCNvxA
محتواي آموزشي تخصصي
هكينگ API
لينك بعد از ٢ هفته منقضي ميشود.
- بروز باشيد -
آگاهي رساني امنيت سايبري
@CisoasaService
98.08.16
محتواي آموزشي تخصصي
هكينگ API
لينك بعد از ٢ هفته منقضي ميشود.
- بروز باشيد -
آگاهي رساني امنيت سايبري
@CisoasaService
98.08.16
mega.nz
MEGA provides free cloud storage with convenient and powerful always-on privacy. Claim your free 20GB now
به ازاي كنترل هاي امنيتي براي ارتقا امنيت شبكه سازمان
ابزار هاي مناسب و متن باز👍🏽
- بروز باشيد -
آگاهي رساني امنيت سايبري
@CisoasaService
98.08.16
ابزار هاي مناسب و متن باز👍🏽
- بروز باشيد -
آگاهي رساني امنيت سايبري
@CisoasaService
98.08.16
تمارين و نمونه سوالات امنيت پايه سايبري مبتني بر Security plus Comptia 2019
- بروز باشيد -
آگاهي رساني امنيت سايبري
@CisoasaService
98.08.16
- بروز باشيد -
آگاهي رساني امنيت سايبري
@CisoasaService
98.08.16
Take this short CISSP Practice Quiz and see if you are truly an expert:
https://www.isc2.org/certifications/quiz?campaign=H-HQ-CISSPquiz&utm_campaign=H-HQ-CISSPquiz&utm_source=isc2linkedin&utm_medium=organicsocial&utm_term=Oct21
- بروز باشيد -
آگاهي رساني امنيت سايبري
@CisoasaService
98.08.17
https://www.isc2.org/certifications/quiz?campaign=H-HQ-CISSPquiz&utm_campaign=H-HQ-CISSPquiz&utm_source=isc2linkedin&utm_medium=organicsocial&utm_term=Oct21
- بروز باشيد -
آگاهي رساني امنيت سايبري
@CisoasaService
98.08.17
دوره مقدماتي و پايه امنيت سايبري -
شخصي/سازماني
- بروز باشيد -
آگاهي رساني امنيت سايبري
@CisoasaService
98.08.17
شخصي/سازماني
- بروز باشيد -
آگاهي رساني امنيت سايبري
@CisoasaService
98.08.17
بوت كمپ آگاهي رساني امنيت سايبري
براي مردم و تمامي كارمندان سازماني( خصوصي / دولتي)
- بروز باشيد -
آگاهي رساني امنيت سايبري
@CisoasaService
98.08.17
براي مردم و تمامي كارمندان سازماني( خصوصي / دولتي)
- بروز باشيد -
آگاهي رساني امنيت سايبري
@CisoasaService
98.08.17
👇🏻
تحليل هدر ايميل هاي ورودي- مخرب و مشكوك
گام به گام 👍🏽
- بروز باشيد -
آگاهي رساني امنيت سايبري
@CisoasaService
98.08.17
تحليل هدر ايميل هاي ورودي- مخرب و مشكوك
گام به گام 👍🏽
- بروز باشيد -
آگاهي رساني امنيت سايبري
@CisoasaService
98.08.17
تعدادي از روش هاي شناسايي حوادث و حملات سايبري:
1.Unusual behavior from privileged user accounts.
Any anomalies in the behavior of a privileged user account can indicate that someone is using it to gain a foothold into a company's network.
2.Unauthorized insiders trying to access servers and data.
Warning signs include unauthorized users attempting to access servers and data, requesting access to data that isn't related to their jobs, logging in at abnormal times from unusual locations or logging in from multiple locations in a short time frame.
3.Anomalies in outbound network traffic.
It's not just traffic that comes into a network that organizations should worry about. This could include insiders uploading large files to personal cloud applications; downloading large files to external storage devices, such as USB flash drives; or sending large numbers of email messages with attachments outside the company.
4.Traffic sent to or from unknown locations.
For a company that only operates in one country, any traffic sent to other countries could indicate malicious activity. Administrators should investigate
5.Excessive consumption.
An increase in the performance of server memory or hard drives may mean an attacker is accessing them illegally.
6.Changes in configuration.
Changes that haven't been approved, including reconfiguration of services, installation of startup programs or fw changes, are a sign of possible malicious activity. The same is true of scheduled tasks that have been added.
7.Hidden files.
These can be considered suspicious because of their file names, sizes or locations, which indicate the data or logs may have been leaked.
8.Unexpected changes.
These include user account lockouts, password changes or sudden changes in group memberships.
9.Abnormal browsing behavior.
This could be unexpected redirects, changes in the browser configuration or repeated pop-ups.
10.Suspicious registry entries.
This happens mostly when malware infects Windows systems. It's one of the main ways malware ensures it remains in the infected system
, ...
- بروز باشيد -
آگاهي رساني امنيت سايبري
@CisoasaService
98.08.17
1.Unusual behavior from privileged user accounts.
Any anomalies in the behavior of a privileged user account can indicate that someone is using it to gain a foothold into a company's network.
2.Unauthorized insiders trying to access servers and data.
Warning signs include unauthorized users attempting to access servers and data, requesting access to data that isn't related to their jobs, logging in at abnormal times from unusual locations or logging in from multiple locations in a short time frame.
3.Anomalies in outbound network traffic.
It's not just traffic that comes into a network that organizations should worry about. This could include insiders uploading large files to personal cloud applications; downloading large files to external storage devices, such as USB flash drives; or sending large numbers of email messages with attachments outside the company.
4.Traffic sent to or from unknown locations.
For a company that only operates in one country, any traffic sent to other countries could indicate malicious activity. Administrators should investigate
5.Excessive consumption.
An increase in the performance of server memory or hard drives may mean an attacker is accessing them illegally.
6.Changes in configuration.
Changes that haven't been approved, including reconfiguration of services, installation of startup programs or fw changes, are a sign of possible malicious activity. The same is true of scheduled tasks that have been added.
7.Hidden files.
These can be considered suspicious because of their file names, sizes or locations, which indicate the data or logs may have been leaked.
8.Unexpected changes.
These include user account lockouts, password changes or sudden changes in group memberships.
9.Abnormal browsing behavior.
This could be unexpected redirects, changes in the browser configuration or repeated pop-ups.
10.Suspicious registry entries.
This happens mostly when malware infects Windows systems. It's one of the main ways malware ensures it remains in the infected system
, ...
- بروز باشيد -
آگاهي رساني امنيت سايبري
@CisoasaService
98.08.17
سازمان ها بايد روي دو المان در جهت بلوغ امنيت، دارايي هاي اطلاعاتي اشان تمركز كنند:
١-شناسايي و رصد حملات سايبري
٢-هندل كردن و پاسخگويي به حوادث سايبري
براي شروع تمركز روي پاسخگويي به حملات ترند و وكتور هاي آن:
1.External/removable media. The attack is executed from removable media -- e.g., CD, flash drive or a peripheral device.
2.Attrition. This type of attack uses brute force to compromise, degrade or destroy networks, systems or services.
3.Web. The attack is executed from a website or web-based application.
4.Email. The attack is executed via an email msg attach.A hacker entices the recipient to either click on a link that takes him to an infected website or to open an infected attachment.
5.Improper usage. This type of incident stems from the violation of an organization's acceptable-use policies by an authorized user.
6.Drive-by downloads. A user views a website that triggers a malware download; this can happen without the user's knowledge. Drive-by downloads, which take advantage of vulnerabilities in web browsers, inject malicious code using JavaScript and other browsing features.
7.Ad-based malware (malvertising). The attack is executed via malware embed on websites. Merely viewing a malicious ad could inject malicious code into an unsecured device. In addition, malicious ads can also be embedded directly into otherwise trusted apps and served via them.
8.Mouse hovering. This takes advantage of vulnerabilities in well-known software, such as PowerPoint. When a user hovers over a link -rather than clicking on it -to see where it goes, shell scripts can be launched automatically. Mouse hovering takes advantage of system flaws that make it possible to launch programs based on innocent actions of the user.
9.Scareware. This persuades a user to purchase and download unwanted and potentially dangerous software by scaring him. Scareware tricks a user into thinking that his computer has a virus, then recommends that he download and pay for fake antivirus software to remove the virus. However, if the user downloads the software and allows the program to execute, his systems will be infected with malware.
...
- بروز باشيد -
آگاهي رساني امنيت سايبري
@CisoasaService
98.08.18
١-شناسايي و رصد حملات سايبري
٢-هندل كردن و پاسخگويي به حوادث سايبري
براي شروع تمركز روي پاسخگويي به حملات ترند و وكتور هاي آن:
1.External/removable media. The attack is executed from removable media -- e.g., CD, flash drive or a peripheral device.
2.Attrition. This type of attack uses brute force to compromise, degrade or destroy networks, systems or services.
3.Web. The attack is executed from a website or web-based application.
4.Email. The attack is executed via an email msg attach.A hacker entices the recipient to either click on a link that takes him to an infected website or to open an infected attachment.
5.Improper usage. This type of incident stems from the violation of an organization's acceptable-use policies by an authorized user.
6.Drive-by downloads. A user views a website that triggers a malware download; this can happen without the user's knowledge. Drive-by downloads, which take advantage of vulnerabilities in web browsers, inject malicious code using JavaScript and other browsing features.
7.Ad-based malware (malvertising). The attack is executed via malware embed on websites. Merely viewing a malicious ad could inject malicious code into an unsecured device. In addition, malicious ads can also be embedded directly into otherwise trusted apps and served via them.
8.Mouse hovering. This takes advantage of vulnerabilities in well-known software, such as PowerPoint. When a user hovers over a link -rather than clicking on it -to see where it goes, shell scripts can be launched automatically. Mouse hovering takes advantage of system flaws that make it possible to launch programs based on innocent actions of the user.
9.Scareware. This persuades a user to purchase and download unwanted and potentially dangerous software by scaring him. Scareware tricks a user into thinking that his computer has a virus, then recommends that he download and pay for fake antivirus software to remove the virus. However, if the user downloads the software and allows the program to execute, his systems will be infected with malware.
...
- بروز باشيد -
آگاهي رساني امنيت سايبري
@CisoasaService
98.08.18
Memory Palace CISSP Notes
https://www.studynotesandtheory.com/single-post/Memory-Palace-CISSP-Notes
دانلود كرده و بهره ببريد.
- بروز باشيد -
آگاهي رساني امنيت سايبري
@CisoasaService
98.08.18
https://www.studynotesandtheory.com/single-post/Memory-Palace-CISSP-Notes
دانلود كرده و بهره ببريد.
- بروز باشيد -
آگاهي رساني امنيت سايبري
@CisoasaService
98.08.18
studynotesandtheory
Memory Palace CISSP Notes
Note: this document may not download on a mobile device. If so, try switching to Desktop Mode". Otherwise you may have to download it from a laptop or desktop. Thanks. Some security professionals become a member of the site to watch the videos, take…
استخدام کارشناس فروش در شرکت نگین پردازش
•حداقل 2 سال سابقه فروش ( الویت با سابقه فعالیت در شرکتهای IT و یا فروش محصولات IT)
•آشنایی با مفاهیم اولیه شبکه، امنیت ( دارا بودن مدارک مرتبط مزیت محسوب می شود )
•دارای توانمندی در زمینه فن بیان، مذاکره و فروش ( B2B )، پیگیر، خلاق، علاقمند به کار تیمی
•توانایی آنالیز قیمت، بررسی بازار، ایجاد ارتباط پیوسته با مشتریان شرکت
•آشنایی با روند برگزاری مناقصات و تهیه مستندات مربوطه
لطفا رزومه های خود را به آدرس saber@neginpardazesh.com ارسال نمایید
- بروز باشيد -
آگاهي رساني امنيت سايبري
@CisoasaService
98.08.18
•حداقل 2 سال سابقه فروش ( الویت با سابقه فعالیت در شرکتهای IT و یا فروش محصولات IT)
•آشنایی با مفاهیم اولیه شبکه، امنیت ( دارا بودن مدارک مرتبط مزیت محسوب می شود )
•دارای توانمندی در زمینه فن بیان، مذاکره و فروش ( B2B )، پیگیر، خلاق، علاقمند به کار تیمی
•توانایی آنالیز قیمت، بررسی بازار، ایجاد ارتباط پیوسته با مشتریان شرکت
•آشنایی با روند برگزاری مناقصات و تهیه مستندات مربوطه
لطفا رزومه های خود را به آدرس saber@neginpardazesh.com ارسال نمایید
- بروز باشيد -
آگاهي رساني امنيت سايبري
@CisoasaService
98.08.18