InfoSec Governance
InfoSec Governance
  • Видео 104
  • Просмотров 226 113
Why the Digital Operational Resilience Act (DORA) matters for your business
Are you affected by DORA for your business? Hopefully in this video you will find out and what you can do to become compliant.
More information about DORA can be found here: www.eiopa.europa.eu/digital-operational-resilience-act-dora_en
Follow us at:
► WEBSITE: isgovern.com
► LINKEDIN: linkedin.com/company/isgovern
► TWITTER: IsGovern
Просмотров: 30

Видео

The CIA Triad and information security: What is it and how can it help you?
Просмотров 532 месяца назад
Todays video we are going to talk about the CIA Triad, which is made up of Confidentiality, Integrity and Availability. an how it can help protect your information within the business. Follow us at: ► WEBSITE: isgovern.com ► LINKEDIN: linkedin.com/company/isgovern ► TWITTER: IsGovern 00:00 Introduction 00:35 The CIA Triad 01:37 Confidentiality 04:52 Integrity 07:27 Availability
PROTECT Your Business with These Five Essential Information Security Pillars!
Просмотров 292 месяца назад
The five pillars of information security can play a pivotal role in ensuring the protection of information within the business. Follow us at: ► WEBSITE: isgovern.com ► LINKEDIN: linkedin.com/company/isgovern ► TWITTER: IsGovern
How do you install and configure a firewall on Ubuntu in under 3 minutes?
Просмотров 794 месяца назад
How do you install and configure a firewall on Ubuntu in under 3 minutes?
What is the NIS2 Directive
Просмотров 764 месяца назад
What is the NIS2 Directive
What are the challenges of complying with NIS 2 directive. #nis2
Просмотров 114 месяца назад
What are the challenges of complying with NIS 2 directive. #nis2
How to install clamAV on Linux in under 2 minutes
Просмотров 5974 месяца назад
How to install clamAV on Linux in under 2 minutes
What is Governance, Risk, compliance (GRC): An introduction
Просмотров 974 месяца назад
What is Governance, Risk, compliance (GRC): An introduction
How to answer the Cyber Essentials questionnaire: A complete guide
Просмотров 4175 месяцев назад
How to answer the Cyber Essentials questionnaire: A complete guide
What are the 8 CISSP domains
Просмотров 3345 месяцев назад
What are the 8 CISSP domains
How to create a risk register in under 10 minutes
Просмотров 405 месяцев назад
How to create a risk register in under 10 minutes
How to search for your Cyber Essentials certificate
Просмотров 185 месяцев назад
How to search for your Cyber Essentials certificate
Master Asset Management Policy Creation In Just 10 Minutes!
Просмотров 425 месяцев назад
Master Asset Management Policy Creation In Just 10 Minutes!
How to create an asset register in under 5 minutes
Просмотров 1586 месяцев назад
How to create an asset register in under 5 minutes
Cyber Essentials Basic vs Cyber Essentials Plus, what are they and which one should you get?
Просмотров 907 месяцев назад
Cyber Essentials Basic vs Cyber Essentials Plus, what are they and which one should you get?
Asset management: Why do you need to do it?
Просмотров 327 месяцев назад
Asset management: Why do you need to do it?
Cyber Essentials Price increase coming - 1st April 2024
Просмотров 499 месяцев назад
Cyber Essentials Price increase coming - 1st April 2024
Cyber Essentials: Common problems with Operating systems
Просмотров 539 месяцев назад
Cyber Essentials: Common problems with Operating systems
Firewalls: Do you need them? Are they important?
Просмотров 3611 месяцев назад
Firewalls: Do you need them? Are they important?
Five reasons why you should should have account separation
Просмотров 2611 месяцев назад
Five reasons why you should should have account separation
IASME Cyber Assurance Themes, what do you need to know?
Просмотров 87Год назад
IASME Cyber Assurance Themes, what do you need to know?
The new IASME Cyber Baseline certification for international companies, what is it?
Просмотров 44Год назад
The new IASME Cyber Baseline certification for international companies, what is it?
Windows Server 2012 is no more. Microsoft no longer support the Operating System.
Просмотров 92Год назад
Windows Server 2012 is no more. Microsoft no longer support the Operating System.
Are you running as a local administrator? Stop! Watch this now.
Просмотров 4492 года назад
Are you running as a local administrator? Stop! Watch this now.
Changes are coming, say hello to: IASME Cyber Assurance
Просмотров 2182 года назад
Changes are coming, say hello to: IASME Cyber Assurance
3 reasons why your IT company should outsource their information security
Просмотров 1392 года назад
3 reasons why your IT company should outsource their information security
Important changes to Cyber Essentials Scheme (24th January 2022)
Просмотров 5172 года назад
Important changes to Cyber Essentials Scheme (24th January 2022)
ExcelPoint On Point Podcast with our director, Marcus Dempsey
Просмотров 593 года назад
ExcelPoint On Point Podcast with our director, Marcus Dempsey
Managing your assets: 3 easy ways
Просмотров 1143 года назад
Managing your assets: 3 easy ways
What is the Data Protection Act?
Просмотров 3383 года назад
What is the Data Protection Act?

Комментарии

  • @savagesarethebest7251
    @savagesarethebest7251 Месяц назад

    So this means that everyone should stop using Windows then? Finally.

    • @Isgovern
      @Isgovern Месяц назад

      😂 no comment

  • @EmmyIyen
    @EmmyIyen 2 месяца назад

    I am trying to complete a compliance document and i was asked the question below....please i like to know if you have any idea how to best present the answer List the organisation(s) that are being instructed to use or share the data

    • @Isgovern
      @Isgovern 2 месяца назад

      Without knowing more about the request, this can be a bit vague. But basically which organisations will be using, processing or sharing the information to hand? It is clients, Microsoft 365, Google, suppliers?

  • @EmmyIyen
    @EmmyIyen 2 месяца назад

    I am about to take the self assessment test for cyber essentials..any guide pls ?

    • @Isgovern
      @Isgovern 2 месяца назад

      When it comes to the self-assessment the majority of the answers will be a yes or no depending upon the requirement. Make sure for the endpoints you list the operating system version, the edition of windows, and that its supported. Also for mobile phones. Make sure web browsers are all up to date.

    • @EmmyIyen
      @EmmyIyen 2 месяца назад

      @@Isgovern thank you very much

  • @EmmyIyen
    @EmmyIyen 2 месяца назад

    When talking about the scope, what’s the best way to answer if you are using a cloud computing service to house most of the digital assets (like outsourcing to a third party like AWS) for example

    • @Isgovern
      @Isgovern 2 месяца назад

      Hello, sorry about the delay replying. If you are not excluding anything from the assessment. Saying "Whole Organisation" would be the best option.

  • @vision6D
    @vision6D 3 месяца назад

    Thank you it was short and useful.

    • @Isgovern
      @Isgovern 3 месяца назад

      Happy we can help 😁

  • @lunyxappocalypse7071
    @lunyxappocalypse7071 5 месяцев назад

    Very succinct and clear. I have needed this information for doing tafe work, and my teacher wasn't giving any clue on how to fill the informational sheet in.

    • @Isgovern
      @Isgovern 5 месяцев назад

      Glad it was helpful!

  • @rcooper9110
    @rcooper9110 7 месяцев назад

    Question - why are we adding the SSL components? Don't we want to use SSL 2.0 and 3.0?

    • @Isgovern
      @Isgovern 7 месяцев назад

      Hello, SSLv2 and SSLv3 are now deemed obsolete and insecure as defined by the industry. TLS 1.2 and above is now recommended to be used.

  • @Nico-pk4px
    @Nico-pk4px 9 месяцев назад

    Is there a way to block all folders except for the declared ones (such as Program Files and Windows folders)?

    • @Isgovern
      @Isgovern 7 месяцев назад

      Not that I've seen, I'm afraid, but if you find out, do let us know.

    •  5 месяцев назад

      You can use software restriction policies, set de default level as user-level and then add the paths you allow as unrestricted, dont's forget to exclude or add the file types you want to whitelist.

  • @hazeljust7001
    @hazeljust7001 9 месяцев назад

    Loved the background music. Cheers!

    • @Isgovern
      @Isgovern 7 месяцев назад

      Glad you liked it!

  • @workshopmanual
    @workshopmanual 9 месяцев назад

    Does ISO 27001 supersede Cyber Essentials?

    • @Isgovern
      @Isgovern 7 месяцев назад

      Yes it does, ISO 27001 is a lot more indepth and is a information security framework. But it also requires a lot more attention to upkeep and cost.

  • @michaelhollinger2742
    @michaelhollinger2742 11 месяцев назад

    FYI, someone tried to steal your video: ruclips.net/video/Lk7qbaHfpHY/видео.htmlsi=VUMHuCU05JROiLRX

  • @ibrahimandong1572
    @ibrahimandong1572 Год назад

    Thanks Marcus

  • @alhakam70
    @alhakam70 Год назад

    many thanks dear

    • @Isgovern
      @Isgovern 7 месяцев назад

      Not a problem

  • @philoscr123
    @philoscr123 Год назад

    Thanks so much! Nicely done.

  • @Good-Enuff-Garage
    @Good-Enuff-Garage Год назад

    this was the best instructional video I have seen in my life, more videos like this one on EVERYTHING please

  • @beerzo
    @beerzo Год назад

    Do you need to manually set for each workstation?

    • @Isgovern
      @Isgovern Год назад

      Yes, you would have to manually set this on each device.

  • @jenniferstarotpositivefree
    @jenniferstarotpositivefree Год назад

    thank you for making this video

  • @Kwassikk
    @Kwassikk Год назад

    This video is an absolute godsend, thank you very much for your time.

    • @Isgovern
      @Isgovern Год назад

      glad you like, check our website blog site for more info, if needed.

  • @Englishmaster-Conquer
    @Englishmaster-Conquer 2 года назад

    I have found a website ,.in which TLS 1.0 enabled ,.Is this a Vulnerability? Can I report it?

    • @Isgovern
      @Isgovern 2 года назад

      it's not really a vulnerability, you could recommend to them that they disable it and use tls 1.2 or higher instead and see what happens

  • @CarlosWGomez
    @CarlosWGomez 2 года назад

    Thanks for the video! Starting my new job soon and wanted to have a bit more context and this really helped

    • @Isgovern
      @Isgovern 2 года назад

      Congrats on the new job. Glad we could help.

  • @TheIntroFX
    @TheIntroFX 2 года назад

    Please tell me how to get this on MacOS aswell. I have been searching through the entire internet and no luck :( I pushed my labels through Purview, but I can't seem to get the "Sensitivity" option in my ribbon on MacOS?

    • @Isgovern
      @Isgovern 2 года назад

      hi there, unfortunately we're a Microsoft house so haven't tested this on macOS, but will have a play around and see if we can get to the bottom of it.

  • @slingerjoe6724
    @slingerjoe6724 2 года назад

    rebooting the machine for this to work is flawed... what about when you want to disable tls 1.0 and 1.1 on a production server hosting multiple clients? you can't exactly reboot it. Surely Microsoft thought of this? I wouldn't be surprised if they didn't

    • @Isgovern
      @Isgovern 2 года назад

      Yeah that's the problem with registry based systems. You may be able to try restarting the Web server service, but that Will also impact service. If it's production ideally you will have load balancers in place and multiple Web servers to keep service up during maintenance windows.

  • @UrsRau
    @UrsRau 2 года назад

    How granular is the control to give read access? Can you limit per computer and specific individuals? or only per AD OU security groups? Is it scaling well enough and still maintainable that you could setup individuals access to their own workstation only, ,but also have departmental and site IT power users that could read the admin password on a group, department, OU or site level?

    • @Isgovern
      @Isgovern 2 года назад

      It basically depends upon how you build out your AD and group structure. By default it wont be that granular as you have to define and basically assign permissions to groups against OUs. So if you are looking for flexibility you may be better off looking for a third-party solution.

  • @tracerv0
    @tracerv0 2 года назад

    lol ruclips.net/video/Lk7qbaHfpHY/видео.html found that

  • @infosec3592
    @infosec3592 2 года назад

    I saw some comments about FTP in the video and if I had an ftp on iis and disabled vulnerable protocols, would that impact FTP functionality? Would I have to make any more changes to the settings?

    • @Isgovern
      @Isgovern 2 года назад

      No it won't. even using ftps over ssl on newer systems won't cause any issues.

    • @reneekoebler663
      @reneekoebler663 7 месяцев назад

      @@Isgovern I was audited and these were open how can I test on a windows server since sslscan doesn't work?

    • @Isgovern
      @Isgovern 7 месяцев назад

      @@reneekoebler663 Hello, if you have a look in the registry and check the values. This website can help you learn.microsoft.com/en-us/windows-server/identity/ad-fs/operations/manage-ssl-protocols-in-ad-fs

  • @infosec3592
    @infosec3592 2 года назад

    Congratulations for the explanation! Example: I have an application on IIS, I scanned it and it presented me with weak ciphers using vulnerable protocols such as SSLv2, SSLv3, TLS 1.0 and TLS 1.2. I managed to disable the protocols, will my application after disabling the protocols work normally?

    • @Isgovern
      @Isgovern 2 года назад

      hello, yes it should, those older weaker protocols won't impact any communication on newer browsers/systems. unless your application is designed for those older protocols.

  • @Screew55
    @Screew55 2 года назад

    Hello, thx for the video. I created the Enabled and DisabledByDefault DWORD and set the Enabled -> 0 , DisabledByDefault->1 but, dont't work. If i check the Control Panel\Internet Option\Advanced, i see that the TLS 1.0 is active.

    • @Isgovern
      @Isgovern 2 года назад

      Hello, if you are looking in the the Control Panel section, this is mainly for support for web browsers. The changing of the registry key is separate to this and will disable TLS on the actual machine. If you wanted to disable TLS support in the browser as well (which would stop the browser accessing any old sites with TLS 1.0/TLS 1.1) you can disable this option.

  • @deepamahadevan4803
    @deepamahadevan4803 2 года назад

    Hi do we get successfully connected to TLS 1.0 ang TLS 1.1 in vulnerability report post changes done

    • @Isgovern
      @Isgovern 2 года назад

      Hello, if you would like to check that TLS 1.0/TLS 1.1 has been disabled you can either run another vulnerability scan report via something like OpenVAS, Nessus Essentials, or via a OpenSSL command such as "openssl s_client -connect www.myhost.something:443 -tls1", however you would have to download and install OpenSSL on a Windows machine.

  • @vinodkp1
    @vinodkp1 2 года назад

    Hi, I have disabled TLS 1.0 but still showing vulnerability in Nessus scan report

    • @Isgovern
      @Isgovern 2 года назад

      Hello, have you disabled the client and server sections? Has the machine been rebooted? Check the results from Nessus and try and compare with your results.

  • @eggersw
    @eggersw 2 года назад

    Hi Michael, would you consider adding an A to GRC to include audit. Audit seems to be overseen in this area though it works hand in hand with the govennace, risk and compliance topics

    • @Isgovern
      @Isgovern 2 года назад

      Definitely, you need to know what you have first, usually done as an Audit process of some sort.

  • @Serpentar9000
    @Serpentar9000 2 года назад

    Hello,thx for this video.Quick question-does this applies to rdp connection as well?

    • @Isgovern
      @Isgovern 2 года назад

      Hello, yes it will, disabling these older SSL and TLS protocols will apply to everything that uses secure connections on the Windows device.

  • @shyampal1980
    @shyampal1980 2 года назад

    Very good explanation 👍

  • @albertobarbieri8280
    @albertobarbieri8280 2 года назад

    How to stay secure in 2021 against this type of attack? Just use a strong password ahah

    • @Isgovern
      @Isgovern 2 года назад

      Indeed, use a password manager to generate a strong unique password. Even use two-factor authentication as well, this will stop this type of attack.

    • @mohamedmahdy5116
      @mohamedmahdy5116 2 года назад

      I don't have this list of pass or of users can send me God bless u

  • @Shawn-on7ej
    @Shawn-on7ej 3 года назад

    Hello, thanks for the insight. I am a uni student doing Cyber Security and for my project we need to show some IASME documentation. I did not know entirely what it was so thanks for the video!

    • @Isgovern
      @Isgovern 3 года назад

      Not a problem, the IASME website - www.iasme.co.uk have a lot of information now, especially within their Blog area.

  • @jimfbocales6292
    @jimfbocales6292 3 года назад

    Thank you very much for this video!..

  • @flumbz5266
    @flumbz5266 3 года назад

    What’s the licensing on it? How is it licensed?

    • @Isgovern
      @Isgovern 3 года назад

      Hello, Microsoft laps is a free download and can be used on any machine. The only licensing you need is a valid active directory license for your server.

  • @devendrasinghgautam7822
    @devendrasinghgautam7822 3 года назад

    Great video

  • @jagadish0007
    @jagadish0007 3 года назад

    Thanks for the video. How to enable the disable SMBv1 and enable SMB Signing on Windows workgroup environment

  • @zeeali2
    @zeeali2 3 года назад

    You saved my life, Thanks.

  • @toyinokunuga3605
    @toyinokunuga3605 3 года назад

    This was great! Thank you for the amazing and succinct way of putting complex information into a clear and logical maner!

    • @Isgovern
      @Isgovern 3 года назад

      Glad we could help

  • @glensaxton8617
    @glensaxton8617 3 года назад

    Really useful. What should we be answering "A2.6.1: Please list the quantities of servers, virtual servers and virtual server hosts (hypervisor). You must include the operating system." with?

    • @Isgovern
      @Isgovern 3 года назад

      for this question you need to list how many servers you have and their OS version, for example 2 x VMWare ESX 7.0, 3 x Windows Server 2019. Does this help? feel free to get in touch with us at info@isgovern.com

  • @clarkeyi721
    @clarkeyi721 3 года назад

    Thanks, never thought of the downloads folder

    • @Isgovern
      @Isgovern 3 года назад

      Not a problem, glad this helped.

  • @allsmiles3281
    @allsmiles3281 3 года назад

    Thank you so much!.

    • @Isgovern
      @Isgovern 3 года назад

      You're welcome!

  • @mayhemresurrection
    @mayhemresurrection 3 года назад

    Thank you very much :-)

  • @slymaneem
    @slymaneem 3 года назад

    what is the difference between server and client in the keyword. I adjustted like this video in my server. But Remote server couldnt connect to my webservice. what should I do ?

    • @Isgovern
      @Isgovern 3 года назад

      Hello, when it comes to server and client. The server part is used when used with a web server or some kind of software which will be presenting information to the web browser (the client). Whereas the client part is used to tell the operating system or web browser what security ciphers/protocols can be used and accepted from the web server. Regarding your webservice, we can't really support you on this, but if its exposed on the internet you could test it against www.ssllabs.com/ssltest/ to see if it highlights anything

  • @josephbeaudion344
    @josephbeaudion344 3 года назад

    Thank you, this is a nice way to do this!

  • @SeattleFira
    @SeattleFira 3 года назад

    Appreciate this duder. i'll be taking on these roles and this was a great run down

  • @marclewis6799
    @marclewis6799 3 года назад

    what did you use to do the sslscan, you were originally in powershell, then switched to something else to do the scan?

    • @Isgovern
      @Isgovern 3 года назад

      Hello Marc, in the video we were using Kali Linux and using the tools 'sslscan', its primarily designed for Linux based systems, but you can also get it working on Windows. You can find their GitHub page here: github.com/rbsec/sslscan

    • @marclewis6799
      @marclewis6799 3 года назад

      @@Isgovern Thanks. I got the Kali Linux box setup, but now I get a connection refused, I assume it is firewall blocking, I setup a rule to allow, but doesn't seem to be working as the connection is still being refused or rejected

    • @Isgovern
      @Isgovern 3 года назад

      @@marclewis6799 weird, not seen that before. Can you browse the site with a web browser over ssl?

    • @marclewis6799
      @marclewis6799 3 года назад

      @@Isgovern there is no site just trying to check a windows 10 machine and disable old protocols, once I verify it works I will implement the disablement of the protocols via group policy as you recommended. just trying to verify the disablement is working.

  • @ashketchum7307
    @ashketchum7307 3 года назад

    Sometimes it is very hard to understand you. Even the subtitels sometimes just show "indistinct" :(

    • @Isgovern
      @Isgovern 3 года назад

      Hello, thanks for the feedback, we've recently improved the audio and will look at the captioning process to ensure this doesn't happen in the future.