- Видео 104
- Просмотров 226 113
InfoSec Governance
Великобритания
Добавлен 1 ноя 2019
InfoSec Governance are an information security company based in Darlington, in the North East of England. We specialise in the provision of Cyber Essentials Basic, Cyber Essentials Plus as well as the IASME Cyber Assurance and IASME Cyber Baseline certifications.
We aim to help small and medium businesses protect themselves against cyber related threats, This channel will show best practices on how to protect your business, website and devices as well as industry news.
If you would like to see more about what we do, you can visit our site at: isgovern.com
We aim to help small and medium businesses protect themselves against cyber related threats, This channel will show best practices on how to protect your business, website and devices as well as industry news.
If you would like to see more about what we do, you can visit our site at: isgovern.com
Why the Digital Operational Resilience Act (DORA) matters for your business
Are you affected by DORA for your business? Hopefully in this video you will find out and what you can do to become compliant.
More information about DORA can be found here: www.eiopa.europa.eu/digital-operational-resilience-act-dora_en
Follow us at:
► WEBSITE: isgovern.com
► LINKEDIN: linkedin.com/company/isgovern
► TWITTER: IsGovern
More information about DORA can be found here: www.eiopa.europa.eu/digital-operational-resilience-act-dora_en
Follow us at:
► WEBSITE: isgovern.com
► LINKEDIN: linkedin.com/company/isgovern
► TWITTER: IsGovern
Просмотров: 30
Видео
The CIA Triad and information security: What is it and how can it help you?
Просмотров 532 месяца назад
Todays video we are going to talk about the CIA Triad, which is made up of Confidentiality, Integrity and Availability. an how it can help protect your information within the business. Follow us at: ► WEBSITE: isgovern.com ► LINKEDIN: linkedin.com/company/isgovern ► TWITTER: IsGovern 00:00 Introduction 00:35 The CIA Triad 01:37 Confidentiality 04:52 Integrity 07:27 Availability
PROTECT Your Business with These Five Essential Information Security Pillars!
Просмотров 292 месяца назад
The five pillars of information security can play a pivotal role in ensuring the protection of information within the business. Follow us at: ► WEBSITE: isgovern.com ► LINKEDIN: linkedin.com/company/isgovern ► TWITTER: IsGovern
How do you install and configure a firewall on Ubuntu in under 3 minutes?
Просмотров 794 месяца назад
How do you install and configure a firewall on Ubuntu in under 3 minutes?
What are the challenges of complying with NIS 2 directive. #nis2
Просмотров 114 месяца назад
What are the challenges of complying with NIS 2 directive. #nis2
How to install clamAV on Linux in under 2 minutes
Просмотров 5974 месяца назад
How to install clamAV on Linux in under 2 minutes
What is Governance, Risk, compliance (GRC): An introduction
Просмотров 974 месяца назад
What is Governance, Risk, compliance (GRC): An introduction
How to answer the Cyber Essentials questionnaire: A complete guide
Просмотров 4175 месяцев назад
How to answer the Cyber Essentials questionnaire: A complete guide
How to create a risk register in under 10 minutes
Просмотров 405 месяцев назад
How to create a risk register in under 10 minutes
How to search for your Cyber Essentials certificate
Просмотров 185 месяцев назад
How to search for your Cyber Essentials certificate
Master Asset Management Policy Creation In Just 10 Minutes!
Просмотров 425 месяцев назад
Master Asset Management Policy Creation In Just 10 Minutes!
How to create an asset register in under 5 minutes
Просмотров 1586 месяцев назад
How to create an asset register in under 5 minutes
Cyber Essentials Basic vs Cyber Essentials Plus, what are they and which one should you get?
Просмотров 907 месяцев назад
Cyber Essentials Basic vs Cyber Essentials Plus, what are they and which one should you get?
Asset management: Why do you need to do it?
Просмотров 327 месяцев назад
Asset management: Why do you need to do it?
Cyber Essentials Price increase coming - 1st April 2024
Просмотров 499 месяцев назад
Cyber Essentials Price increase coming - 1st April 2024
Cyber Essentials: Common problems with Operating systems
Просмотров 539 месяцев назад
Cyber Essentials: Common problems with Operating systems
Firewalls: Do you need them? Are they important?
Просмотров 3611 месяцев назад
Firewalls: Do you need them? Are they important?
Five reasons why you should should have account separation
Просмотров 2611 месяцев назад
Five reasons why you should should have account separation
IASME Cyber Assurance Themes, what do you need to know?
Просмотров 87Год назад
IASME Cyber Assurance Themes, what do you need to know?
The new IASME Cyber Baseline certification for international companies, what is it?
Просмотров 44Год назад
The new IASME Cyber Baseline certification for international companies, what is it?
Windows Server 2012 is no more. Microsoft no longer support the Operating System.
Просмотров 92Год назад
Windows Server 2012 is no more. Microsoft no longer support the Operating System.
Are you running as a local administrator? Stop! Watch this now.
Просмотров 4492 года назад
Are you running as a local administrator? Stop! Watch this now.
Changes are coming, say hello to: IASME Cyber Assurance
Просмотров 2182 года назад
Changes are coming, say hello to: IASME Cyber Assurance
3 reasons why your IT company should outsource their information security
Просмотров 1392 года назад
3 reasons why your IT company should outsource their information security
Important changes to Cyber Essentials Scheme (24th January 2022)
Просмотров 5172 года назад
Important changes to Cyber Essentials Scheme (24th January 2022)
ExcelPoint On Point Podcast with our director, Marcus Dempsey
Просмотров 593 года назад
ExcelPoint On Point Podcast with our director, Marcus Dempsey
So this means that everyone should stop using Windows then? Finally.
😂 no comment
I am trying to complete a compliance document and i was asked the question below....please i like to know if you have any idea how to best present the answer List the organisation(s) that are being instructed to use or share the data
Without knowing more about the request, this can be a bit vague. But basically which organisations will be using, processing or sharing the information to hand? It is clients, Microsoft 365, Google, suppliers?
I am about to take the self assessment test for cyber essentials..any guide pls ?
When it comes to the self-assessment the majority of the answers will be a yes or no depending upon the requirement. Make sure for the endpoints you list the operating system version, the edition of windows, and that its supported. Also for mobile phones. Make sure web browsers are all up to date.
@@Isgovern thank you very much
When talking about the scope, what’s the best way to answer if you are using a cloud computing service to house most of the digital assets (like outsourcing to a third party like AWS) for example
Hello, sorry about the delay replying. If you are not excluding anything from the assessment. Saying "Whole Organisation" would be the best option.
Thank you it was short and useful.
Happy we can help 😁
Very succinct and clear. I have needed this information for doing tafe work, and my teacher wasn't giving any clue on how to fill the informational sheet in.
Glad it was helpful!
Question - why are we adding the SSL components? Don't we want to use SSL 2.0 and 3.0?
Hello, SSLv2 and SSLv3 are now deemed obsolete and insecure as defined by the industry. TLS 1.2 and above is now recommended to be used.
Is there a way to block all folders except for the declared ones (such as Program Files and Windows folders)?
Not that I've seen, I'm afraid, but if you find out, do let us know.
You can use software restriction policies, set de default level as user-level and then add the paths you allow as unrestricted, dont's forget to exclude or add the file types you want to whitelist.
Loved the background music. Cheers!
Glad you liked it!
Does ISO 27001 supersede Cyber Essentials?
Yes it does, ISO 27001 is a lot more indepth and is a information security framework. But it also requires a lot more attention to upkeep and cost.
FYI, someone tried to steal your video: ruclips.net/video/Lk7qbaHfpHY/видео.htmlsi=VUMHuCU05JROiLRX
Thanks Marcus
many thanks dear
Not a problem
Thanks so much! Nicely done.
Our pleasure!
this was the best instructional video I have seen in my life, more videos like this one on EVERYTHING please
Do you need to manually set for each workstation?
Yes, you would have to manually set this on each device.
thank you for making this video
This video is an absolute godsend, thank you very much for your time.
glad you like, check our website blog site for more info, if needed.
I have found a website ,.in which TLS 1.0 enabled ,.Is this a Vulnerability? Can I report it?
it's not really a vulnerability, you could recommend to them that they disable it and use tls 1.2 or higher instead and see what happens
Thanks for the video! Starting my new job soon and wanted to have a bit more context and this really helped
Congrats on the new job. Glad we could help.
Please tell me how to get this on MacOS aswell. I have been searching through the entire internet and no luck :( I pushed my labels through Purview, but I can't seem to get the "Sensitivity" option in my ribbon on MacOS?
hi there, unfortunately we're a Microsoft house so haven't tested this on macOS, but will have a play around and see if we can get to the bottom of it.
rebooting the machine for this to work is flawed... what about when you want to disable tls 1.0 and 1.1 on a production server hosting multiple clients? you can't exactly reboot it. Surely Microsoft thought of this? I wouldn't be surprised if they didn't
Yeah that's the problem with registry based systems. You may be able to try restarting the Web server service, but that Will also impact service. If it's production ideally you will have load balancers in place and multiple Web servers to keep service up during maintenance windows.
How granular is the control to give read access? Can you limit per computer and specific individuals? or only per AD OU security groups? Is it scaling well enough and still maintainable that you could setup individuals access to their own workstation only, ,but also have departmental and site IT power users that could read the admin password on a group, department, OU or site level?
It basically depends upon how you build out your AD and group structure. By default it wont be that granular as you have to define and basically assign permissions to groups against OUs. So if you are looking for flexibility you may be better off looking for a third-party solution.
lol ruclips.net/video/Lk7qbaHfpHY/видео.html found that
I saw some comments about FTP in the video and if I had an ftp on iis and disabled vulnerable protocols, would that impact FTP functionality? Would I have to make any more changes to the settings?
No it won't. even using ftps over ssl on newer systems won't cause any issues.
@@Isgovern I was audited and these were open how can I test on a windows server since sslscan doesn't work?
@@reneekoebler663 Hello, if you have a look in the registry and check the values. This website can help you learn.microsoft.com/en-us/windows-server/identity/ad-fs/operations/manage-ssl-protocols-in-ad-fs
Congratulations for the explanation! Example: I have an application on IIS, I scanned it and it presented me with weak ciphers using vulnerable protocols such as SSLv2, SSLv3, TLS 1.0 and TLS 1.2. I managed to disable the protocols, will my application after disabling the protocols work normally?
hello, yes it should, those older weaker protocols won't impact any communication on newer browsers/systems. unless your application is designed for those older protocols.
Hello, thx for the video. I created the Enabled and DisabledByDefault DWORD and set the Enabled -> 0 , DisabledByDefault->1 but, dont't work. If i check the Control Panel\Internet Option\Advanced, i see that the TLS 1.0 is active.
Hello, if you are looking in the the Control Panel section, this is mainly for support for web browsers. The changing of the registry key is separate to this and will disable TLS on the actual machine. If you wanted to disable TLS support in the browser as well (which would stop the browser accessing any old sites with TLS 1.0/TLS 1.1) you can disable this option.
Hi do we get successfully connected to TLS 1.0 ang TLS 1.1 in vulnerability report post changes done
Hello, if you would like to check that TLS 1.0/TLS 1.1 has been disabled you can either run another vulnerability scan report via something like OpenVAS, Nessus Essentials, or via a OpenSSL command such as "openssl s_client -connect www.myhost.something:443 -tls1", however you would have to download and install OpenSSL on a Windows machine.
Hi, I have disabled TLS 1.0 but still showing vulnerability in Nessus scan report
Hello, have you disabled the client and server sections? Has the machine been rebooted? Check the results from Nessus and try and compare with your results.
Hi Michael, would you consider adding an A to GRC to include audit. Audit seems to be overseen in this area though it works hand in hand with the govennace, risk and compliance topics
Definitely, you need to know what you have first, usually done as an Audit process of some sort.
Hello,thx for this video.Quick question-does this applies to rdp connection as well?
Hello, yes it will, disabling these older SSL and TLS protocols will apply to everything that uses secure connections on the Windows device.
Very good explanation 👍
How to stay secure in 2021 against this type of attack? Just use a strong password ahah
Indeed, use a password manager to generate a strong unique password. Even use two-factor authentication as well, this will stop this type of attack.
I don't have this list of pass or of users can send me God bless u
Hello, thanks for the insight. I am a uni student doing Cyber Security and for my project we need to show some IASME documentation. I did not know entirely what it was so thanks for the video!
Not a problem, the IASME website - www.iasme.co.uk have a lot of information now, especially within their Blog area.
Thank you very much for this video!..
What’s the licensing on it? How is it licensed?
Hello, Microsoft laps is a free download and can be used on any machine. The only licensing you need is a valid active directory license for your server.
Great video
Thanks for the video. How to enable the disable SMBv1 and enable SMB Signing on Windows workgroup environment
You saved my life, Thanks.
This was great! Thank you for the amazing and succinct way of putting complex information into a clear and logical maner!
Glad we could help
Really useful. What should we be answering "A2.6.1: Please list the quantities of servers, virtual servers and virtual server hosts (hypervisor). You must include the operating system." with?
for this question you need to list how many servers you have and their OS version, for example 2 x VMWare ESX 7.0, 3 x Windows Server 2019. Does this help? feel free to get in touch with us at info@isgovern.com
Thanks, never thought of the downloads folder
Not a problem, glad this helped.
Thank you so much!.
You're welcome!
Thank you very much :-)
what is the difference between server and client in the keyword. I adjustted like this video in my server. But Remote server couldnt connect to my webservice. what should I do ?
Hello, when it comes to server and client. The server part is used when used with a web server or some kind of software which will be presenting information to the web browser (the client). Whereas the client part is used to tell the operating system or web browser what security ciphers/protocols can be used and accepted from the web server. Regarding your webservice, we can't really support you on this, but if its exposed on the internet you could test it against www.ssllabs.com/ssltest/ to see if it highlights anything
Thank you, this is a nice way to do this!
Appreciate this duder. i'll be taking on these roles and this was a great run down
what did you use to do the sslscan, you were originally in powershell, then switched to something else to do the scan?
Hello Marc, in the video we were using Kali Linux and using the tools 'sslscan', its primarily designed for Linux based systems, but you can also get it working on Windows. You can find their GitHub page here: github.com/rbsec/sslscan
@@Isgovern Thanks. I got the Kali Linux box setup, but now I get a connection refused, I assume it is firewall blocking, I setup a rule to allow, but doesn't seem to be working as the connection is still being refused or rejected
@@marclewis6799 weird, not seen that before. Can you browse the site with a web browser over ssl?
@@Isgovern there is no site just trying to check a windows 10 machine and disable old protocols, once I verify it works I will implement the disablement of the protocols via group policy as you recommended. just trying to verify the disablement is working.
Sometimes it is very hard to understand you. Even the subtitels sometimes just show "indistinct" :(
Hello, thanks for the feedback, we've recently improved the audio and will look at the captioning process to ensure this doesn't happen in the future.