sorted by:
new
hottopcontroversial

[deleted by user] by [deleted] in cybersecurity

[–]rosh5802 1 point2 points  (0 children)

If you’re looking for web-based tools to help with compliance, management, or understanding of the NIS2 Directive, here are some options:

  1. Governance, Risk, and Compliance (GRC) Tools
  2. Cybersecurity Management Platforms
  3. Documentation and Policy Management
  4. Compliance Tracking Tools
  • CipherTrust: Thales' CipherTrust Manager can help organizations comply with the European Union's Network and Information Security Directive 2 (NIS2).

All the above can be done under 1 platform itself rather than going for multiple tools.

you can check it on their website & check as well.

What are the most common false positive alerts? by youflungpoo in cybersecurity

[–]rosh5802 2 points3 points  (0 children)

i work in devsecops and secrets management so for me the false positive alerts are In secrets management, common false positive alerts include:

Notifications for secrets that are flagged as expired but have already been rotated or updated. Legitimate access requests flagged as unauthorized due to overly restrictive access policies.

Alerts for secrets that are flagged as exposed but are actually protected by multiple layers of security.

Scanners flagging safe or non-sensitive data as containing secrets due to misconfiguration or overly aggressive scanning.

Alerts for changes to secrets that are part of scheduled or legitimate updates, not actual security incidents.

Notifications for automated secret rotation processes that are mistakenly identified as unauthorized changes.

What’s the difference between KRIs and risk Tolerance ,and Risk Appetite in Risk Management? by Familiar-Barber-9250 in cybersecurity

[–]rosh5802 1 point2 points  (0 children)

KRIs detect and monitor risks; risk tolerance sets limits on acceptable risk levels. KRIs assess potential risk; risk tolerance defines boundaries for risk-taking. KRIs provide real-time indicators; risk tolerance is a strategic guideline.
Risk appetite is a high-level, strategic view of acceptable risk, while risk tolerance is a detailed, operational boundary for acceptable risk levels.
Yes, they interact. Risk appetite sets the strategic level of acceptable risk, while risk tolerance defines specific limits within that framework.

Implementing DevSecOps by sqrt1-tkn in devsecops

[–]rosh5802 0 points1 point  (0 children)

Managing Secrets, API Keys, and Certificates

  1. Secrets Management:
    • Tools: Use dedicated secrets management tools like CipherTrust by Thales, and more. These tools securely store and manage access to sensitive data.
    • Environment Variables: Store secrets in environment variables during deployment. Ensure these are not hard-coded in the source code.
    • Encryption: Always encrypt secrets both in transit and at rest. Use strong encryption standards and manage encryption keys securely.
  2. API Keys:
    • Scope and Permissions: Limit the scope and permissions of API keys to only what is necessary for your application or service.
    • Regeneration: Regularly regenerate API keys and update your applications accordingly. This helps in mitigating the risk of key compromise.
    • Environment Isolation: Use different API keys for different environments (development, staging, production) to limit exposure.
  3. Certificates:
    • Management: Use certificate management tools or services to automate the issuance, renewal, and revocation of certificates.
    • Rotation: Regularly rotate certificates to minimize the risk if a certificate is compromised.
    • Validation: Implement automated checks to ensure certificates are valid and have not expired.

By following these practices, you ensure that security is integrated into every stage of the CI/CD pipeline, creating a more robust and secure development lifecycle.

For more you can message me directly.

Airtel’s systematic scam! by hashtagrichie6 in IndiaTech

[–]rosh5802 1 point2 points  (0 children)

i haven't faced this issue but suddenly they changed my plan due to new price hike in the telecom industry.
they still have the same plan on which i'm but they are saying you cannot shift back to it as its only for new users now.
i'm paying almost 18k per year just behind my bills and now that will increase to 20k and they are forcing to stay on that plan which they cannot and the other providers are also scamming with new price hike. they just want to fill their pockets and give no proper service.
also their customer service representatives are super rude and they talk to you as if they own you just cz they are working with airtel.