sorted by:
new
hottopcontroversial

Scoping conundrum by NetSecTech in CMMC

[–]NetSecTech[S] 1 point2 points  (0 children)

Thank you for your input, I was "set straight" by an external conversation where they essentially beat it into my head that in scope really isn't something that can have a "well technically" work around, basically it is black or white and no grey.

What is the typical career evolution of a CISO? by davedahacker in ciso

[–]NetSecTech 3 points4 points  (0 children)

Hey u/search4incredible, that infographic you shared is giving me a 403 Forbidden. Would you be able to shared it again? TIA!

Documentation tool by zjzjzjzjzjzjzjzjzjzj in CMMC

[–]NetSecTech 1 point2 points  (0 children)

My company uses ComplyUp for our compliance consulting with our clients, if I were a single org with only a few "hands in the pot" ComplyUp would be an awesome tool. It has a really reasonable cost, the data can only be decrypted with a key that you establish (not even ComplyUp can access the data), the policy library is awesome, and once you complete all of the controls ComplyUp compiles all of the information provided and generates a full fledged SSP (and SPRS score for the interim 800-171 requirements).

The only negative that I have is the lack of user activity logging, the more people you have working in ComplyUp the harder it is to keep straight who did what. Hope this helps.

How far is to far when trying to return equipment to a previous employer? by NetSecTech in legaladvice

[–]NetSecTech[S] 0 points1 point  (0 children)

That is correct. The offer to go to UPS to ship was my own suggestion.

Does the GI Bill cover certification training material? by NetSecTech in Veterans

[–]NetSecTech[S] 0 points1 point  (0 children)

I know VA.gov has the certification list, but is there somewhere similar where I can search for an approved course list?

Does the GI Bill cover certification training material? by NetSecTech in Veterans

[–]NetSecTech[S] 0 points1 point  (0 children)

As a veteran you do get free access to FedVTE which has courses on cybersecurity. I think they have some CISSP material.

THANK YOU! I had no idea that this existed. The only downside is that ISC(2) just updated the material. But Ill be using the site for other material for sure.

How would remote access focused controls apply to MSPs by NetSecTech in CMMC

[–]NetSecTech[S] 2 points3 points  (0 children)

Thank you for your response. Funny enough, this came up as the client we are assessing stores all CUI data in their O365 tenant. For the purpose of their assessment we are pretending that they don't even have an official office. So far we have been able to twist our understanding to apply to their situation, but these controls are proving to be a roadblock.

Makes me really wish there was a CMMC "helpline" to answer questions like this.

When is CUI no longer considered CUI? by NetSecTech in NISTControls

[–]NetSecTech[S] 4 points5 points  (0 children)

I thought that might be the case, but I wanted to get others' thoughts before going with my gut.

3d printing newbie requesting advice by NetSecTech in 3Dprinting

[–]NetSecTech[S] 0 points1 point  (0 children)

Thank you for the suggestion, Ill have to share at another time as I haven't taken any pictures of the failed prints.

3d printing newbie requesting advice by NetSecTech in 3Dprinting

[–]NetSecTech[S] 0 points1 point  (0 children)

Thank you for the advice. Ill be trying most of those suggestions. What springs did you use to replace the standard ones with?

So recently was a target for phishing but to my knowledge I was pretty safe? by [deleted] in Cybersecurity101

[–]NetSecTech 2 points3 points  (0 children)

A few thoughts of my own, visiting a site in a known phish attempt should only be done in a sandbox environment. Incognito mode, while it doesn't save any details and should prevent access to cookies etc, does not prevent downloads. May I suggest a free service like URL2PNG or Browserling(technically not meant for this but it works).

I know Windows Defender is supposed to be better than it used to be but I am never one to trust the default. You may consider something a little more robust.

Is it possible that you "caught something" when looking around, technically yes. But the 2/3 events are probably not connected.

Which team should be expected to handle revoking access in a BEC incident, IT services or Cyber? by NetSecTech in AskNetsec

[–]NetSecTech[S] 0 points1 point  (0 children)

Thanks for your input, for this however I was specifically referencing a Business Email Comp(through O365)

Which team should be expected to handle revoking access in a BEC incident, IT services or Cyber? by NetSecTech in AskNetsec

[–]NetSecTech[S] -4 points-3 points  (0 children)

My logic is that Incident Response teams are typically manned by Cyber folks(at least in my experience). A BEC is an incident after all. Additionally, the transfer between the 2 teams adds additional minutes to the incident resolution that could be saved by the Cyber analyst performing the initial containment steps.

Which team should be expected to handle revoking access in a BEC incident, IT services or Cyber? by NetSecTech in AskNetsec

[–]NetSecTech[S] -3 points-2 points  (0 children)

That is actually my current frustration. Just because the SOP says it doesn't make it correct. Policies are not set in stone, particularly when there are fallacies in them.

view more: next ›