Fancy a manual code walk-through? Well, some assistance never hurt...
I leveraged AWS X-Ray to simplify understanding the sources and sinks. Did it work, yes. Is it for anything else other than microservices (e.g., ERP / EHR / EMR, trading, AI), not really.
Showing posts with label EMR. Show all posts
Showing posts with label EMR. Show all posts
Wednesday, September 19, 2018
Wednesday, December 14, 2016
Privileged Access Management (PAM) & Approach
There are both enterprise and point PAM solutions available to organizations. With that said, as many organizations transition to a cloud-first and federated model, an enterprise solution may be the wiser choice.
While CyberArk, CA PAM, Centrify, etc. are expensive solutions, an organization may see a better return on investment (ROI) in the long run than an organization deploying multiple pointed (e.g., MSFT LAPS) solutions.
So, deploy PAM in a phased manner for AD, EUC, ERP / EHR, cloud, social media, etc. to make the cost palatable for the enterprise.
While CyberArk, CA PAM, Centrify, etc. are expensive solutions, an organization may see a better return on investment (ROI) in the long run than an organization deploying multiple pointed (e.g., MSFT LAPS) solutions.
So, deploy PAM in a phased manner for AD, EUC, ERP / EHR, cloud, social media, etc. to make the cost palatable for the enterprise.
Monday, August 15, 2016
Loss Expectancy & InfoSec Metrics
So when looking to make single / annual loss expectancy (SLE / ALE) as subjective as possible it helps to have some metrics (i.e., KPIs / KRIs).
While vulnerability scanning / DAST / SAST / pen test findings can help, the best examples are from either honeypots or via red team exercises, to include: social engineering, phishing, whaling, and / or compromised digital assets.
Such metrics will help with the providing the (estimated) annual rate of occurrence (ARO) needed to determine the SLE * ARO = ALE.
Finally, while subjective, annual net sales / days of expected outage always helps w/ determining the SLE for ERP / EMR / EHR / ICS / CRM / SFA systems.
While vulnerability scanning / DAST / SAST / pen test findings can help, the best examples are from either honeypots or via red team exercises, to include: social engineering, phishing, whaling, and / or compromised digital assets.
Such metrics will help with the providing the (estimated) annual rate of occurrence (ARO) needed to determine the SLE * ARO = ALE.
Finally, while subjective, annual net sales / days of expected outage always helps w/ determining the SLE for ERP / EMR / EHR / ICS / CRM / SFA systems.
Subscribe to:
Posts (Atom)