Category: BAS – Breach and Attack Simulation

PASTA – Process for Attack Simulation and Threat Analysis in the SOC

Shuvro

Reading Time: 4 minutesThis document outlines the PASTA-SOC framework, a structured methodology to evolve a Security Operations Center (SOC) from a reactive to a proactive, threat-informed defense model. It operationalizes the seven stages of the Process for Attack Simulation and Threat Analysis (PASTA) by integrating its business-centric principles with the tactical capabilities of modern security technologies, primarily Breach and Attack Simulation (BAS), Threat Intelligence Platforms (TIPs), and Security Orchestration, Automation, and Response (SOAR).

Playbook – Designing the Security Playbook in the Enterprise

Shuvro

Reading Time: 4 minutesThis document provides a condensed blueprint for establishing a mature, enterprise-wide security playbook program

Detecting LLM Vulnerabilities and Defending Against Web LLM Attacks

Shuvro

Reading Time: 4 minutesLarge Language Models (LLMs) have created a new, dynamic, and often misunderstood attack surface for enterprises. The rapid pace of Generative AI adoption has outpaced the development of corresponding security frameworks, leading to a critical vulnerability gap.

Auditor Became CISSP – Never Performed in Projects & in IS Development, Would You Hire Him for Your Infrastructure Platform Management? Can or Should that Knowledge Gap be Admissible?

Shuvro

Reading Time: 6 minutesStatus: Final Blueprint (Summary) Author: Shahab Al Yamin Chawdhury Organization: Principal Architect & Consultant Group Research Date: June 1, 2024 Location: Dhaka, Bangladesh Version: 1.0 1. The Core Dilemma: Assessor vs. Builder Mindset We are observing worldwide adoption on CISSP Read More …