Alexander Knorr opexxx
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| CCSK Foundation | |
| Module 1 - Cloud Architecture | |
| Unit 1 - Introduction to Cloud Computing | |
| Unit 2 - Introduction & Cloud Architecture | |
| Unit 3 - Cloud Essential Characteristics | |
| Unit 4 - Cloud Service Models | |
| Unit 5 - Cloud Deployment Models | |
| Unit 6 - Shared Responsibilities | |
| Module 2 - Infrastructure Security for Cloud | |
| Unit 1 - Infrastructure Security for Cloud Computing |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| CCSK Foundation Introduction | |
| Introduction to Your Learning Environment | |
| Foundation Overview | |
| Module 1 - Cloud Architecture | |
| Unit 1 - Introduction to Cloud Computing | |
| Unit 2 - Introduction & Cloud Architecture | |
| Unit 3 - Cloud Essential Characteristics | |
| Unit 4 - Cloud Service Models | |
| Unit 5 - Cloud Deployment Models | |
| Unit 6 - Shared Responsibilities |
opexxx
/ Senior Information Security Analyst
Created
November 22, 2021 12:25
Job Specification: Senior Information Security Analyst
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Mission | |
| The Information Security function manages information security risk, assuring and governing in line with the wider GfK business risk appetite and ensuring we comply with regulatory obligations and GfK policies. | |
| Key Accountabilities | |
| Oversee, evaluate, and support the documentation, validation and assessment of Information Security Management System (ISMS) processes necessary to assure that existing and new information and information processing systems meet the organisation's cybersecurity and risk requirements. | |
| Ensure that the appropriate treatment of risk, compliance, and assurance is followed from both internal and external perspectives | |
| Conduct comprehensive assessments of the management, operational, and technical security controls and control enhancements deployed within or inherited by an information and information processing systems, advising and assisting the Infrastructure Services team to prioritise corrective actions | |
| Reviews risk assessments, analyses the effectiveness of information secu |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Security Governance | |
| SG1 Security Governance Approach | |
| SG1.1 Security Governance Framework | |
| SG1.2 Security Direction | |
| SG2 Security Governance Components | |
| SG2.1 Information Security Strategy | |
| SG2.2 Risk Appetite | |
| Information Risk Assessment | |
| IR1 Information Risk Assessment Framework |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| What is Application Governance? | |
| • Application owners manage business applications consisting of entitlements and roles | |
| • Once defined, owners manage how access to these applications can be requested in the IT shop | |
| • Key Performance Indicators help validate compliance against business objectives | |
| • Governance-relevant information can be defined based on an application | |
| • The next release of Identity Manager will include the new Application | |
| Governance module that bring applications as first-class citizens to the architecture | |
| What Application Governance is not | |
| • It’s not about connectors or mapping fields |
opexxx
/ ISF_SOGP2020.txt
Created
October 26, 2021 08:25
Standard of Good Practice for Information Security 2020
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| The SOGP 2020 | |
| 1 | SG: Security Governance | |
| 2 | IR: Information Risk Assessment | |
| 3 | SM: Security Management | |
| 4 | PM: People Management | |
| 5 | IM: Information Management | |
| 6 | PA: Physical Asset Management | |
| 7 | SD: System Development | |
| 8 | BA: Business Application Management | |
| 9 | SA: System Access |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Domain 1: Governance of Enterprise IT (40%) | |
| Governance Framework | |
| Components of a Governance Framework | |
| Organizational Structures, Roles, and Responsibilities | |
| Strategy Development | |
| Legal and Regulatory Compliance | |
| Organizational Culture | |
| Business Ethics | |
| Technology Governance |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Question 1 – Sourcing and fair selection process | |
| Provide documentation describing your company’s sourcing/fair selection process; or | |
| Include detailed description of the process including: | |
| a. Key evaluation components, | |
| b. Stakeholders involved in the process, | |
| c. Way in which the results are documented. | |
| NOTE: If answered ‘Yes’, Question 1 requires a mandatory attachment. In case no official sourcing/fair selection procedure document is available, please attach detailed process description in a doc/pdf file. | |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ZeroTrust Principles: | |
| • Trust no one and nothing, until validated and verified (make no assumptions). | |
| • Design the system from the inside out (start from the assets you want to protect) | |
| • Enforce the need to know and least privilege access principles. | |
| • Monitoring continuously what’s happening. | |
| • Change policies based on context. | |
| ZeroTrust Tenets and Pillars (according to NIST/DoD): | |
| • Users/identities | |
| • Devices/endpoints |
opexxx
/ infosec_frameworks.txt
Created
September 17, 2021 09:14
infosec frameworks, legislations, standards
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Cybersecurity Maturity Model Certification (CMMC) Version 1.02 | |
| General Data Protection Regulation May 25 2018 | |
| Health Insurance Portability and Accountability Act of 1996 (HIPAA) | |
| NIST 800-171 (Protecting CUI in Nonfederal Systems and Organizations) | |
| NIST CSF Core 1.1 April 2018 | |
| NIST SP 800-53 Rev. 4 | |
| North American Electric Reliability Corporation (NERC) CIP Standard Version 5 | |
| NY DFS Framework 23 NYCRR 500 1.0 | |
| Payment Card Industry (PCI) Data Security Standard (DSS) 3.2.1 | |
| Payment Card Industry DSS Version 3.1 |