0P3N Blog

The "Application of the MITRE ATT&CK Framework" course by Cybrary is an excellent training offering. The course covers how to apply the attack framework to mitigate cyber threats. During the course, the 12 core areas of the MITRE ATT&CK Framework are discussed in detail. Also, learners will get detailed explanations of the various attack vectors used by ...

How the different layers of cybersecurity protect business in an evolving threat landscape As industries innovate at breakneck speed to keep up with modern demands, they’re facing a serious challenge mitigating the risks along the way. Every extra user account, device, online service, and application adds another potential entry point for cyberattackers. Attack surfaces have expanded to the point they’ve ...

As most people have witnessed during the COVID-19 pandemic, cybercriminals are more active, easily attacking organizations who never imagined having to focus on a new security front - their employees who are forced to work from home. Indeed, their infrastructures weren't ready to handle large amounts of VPN traffic, security around video conferencing, etc. As a consequence, attackers found ways ...

News leaks, sensitive information going public, companies facing lawsuits over data leakage, and more other unfortunate events occur every day. These events are caused by the negligence of the digital infrastructure that is used daily. The systems used can be poorly designed and, hence, can leak sensitive data and credentials to hackers in real-time. In this course of “Session Hijacking,” the ...

Why good negotiation skills are critical for enterprise security leadership This article was written to supplement Dr. Amoroso's course Enterprise Security Leadership: Negotiation Skills for Cyber Leaders. For decades, cybersecurity was purely the domain of the IT department. Measures to protect an organization against cyberthreats were viewed almost entirely from a technical perspective. For everyone else, cybersecurity knowledge barely extended beyond ...

Microsoft Azure is a large collection of technologies that can transform and revolutionize an entire company, within days, if not sooner. With its interwoven solutions and pay-as-you-go model, Microsoft Azure has become a sought-out destination for new and existing businesses, large and small. However, with the availability and flexibility that Microsoft offers to its Cloud subscribers, it should be noted ...

Overview The National Institute of Standards and Technology (NIST) provides a robust, risk-based cybersecurity assessment tool, known as the NIST Cybersecurity Framework (NIST CSF); or, simply as “The Framework.” 1 The original intent of the NIST CSF is to provide a cybersecurity risk-based assessment tool, to protect the nation’s sixteen critical infrastructure (CI) sectors. The Framework is also ...

Often, you’ll find that it’s the candidates who have IT certifications on their resume, which make it past the initial screening. Job recruiters may use this information to narrow down their lists of candidates and in deciding who they will call for an interview. Currently, the information technology industry is overflowing with open positions, and there are not enough qualified IT ...

What is CRISC? Why take a CRISC course during preparation for the final exam? The Certification in Risk and Information Systems Control (CRISC) is for IT and business professionals who develop and maintain information system controls, and whose job revolves around security operations and compliance. It is developed by a team of risk management industry-leading professionals. The CRISC certification is ...

One of the most widely used techniques for performing a scam is phishing. This is usually done by tricking a user into providing personal information or clicking a link to a webpage, which is fraudulent. Two very common examples: 1) The one where the user supposedly won the lottery, or someone wants to donate money, so the sender asks for personal ...