The company I work for has launched a new product that ingests events and alerts from other tools in an organizations security stack and allows that organization to automate real time security tips to the user who's risky action caused the event or alert via Slack or Teams. You have a way of describing things that fit in my brain:). I now understand the difference between an event and alert. Thank you so much for your videos. Now I need you to do a video on detection rules, to bring it all together for me :).
Thanks for your comment, David! The SANS has more steps than the NIST, and they basically say the same thing. I was wanted to elaborate on the cycle with more steps to create addutional explanation. They both have different value depending on the organization. NIST is for government use, and there could be a full containment, eradication, and recovery team. Another organization may have to outsource their recovery, so it fits better in its own step all together.
SANS has 6 stages NIST has 4 Stages, they both are the same. Why not just make 1 the standard in the overall cyber security industry. Everyone should all go by NIST (government). It's not really necessary trying to understand one thing in two different ways you know. Why not just call stage 2 identification instead of calling it "detection and analysis". Are we more worried about the impact of the incident or differentiating terminologies when its all the same thing.
Thanks for the input! I agree that it's silly that they essentially say the same thing, yet they are both treated as different standards. In fact, there's even ISO and ISACA to add to the list. It would have been easier to choose one, but I just wanted viewers to know the difference, as this may come up on a certification exam or asked in an interview. I tried to make the focus on the content of the steps vs the fact that they are arranged differently. As for what standard we should use, it really comes down to what an organization chooses. You may have a specific team to contain the incident and another that's primary function is to recover from it, so SANS might fit better in the IR plan layout when identifying who is in charge of what.
Thanks for your comment, Munish. I will try and slow down for the next video. In the meantime, you can slow the video down to .75x speed in the video settings. Hope this helps!
Your voice and speed make us to listen and learn enthusiastic way 😎
Fantastic video, very informative and breaks everything down well. Thanks!
this is very cool!
The company I work for has launched a new product that ingests events and alerts from other tools in an organizations security stack and allows that organization to automate real time security tips to the user who's risky action caused the event or alert via Slack or Teams. You have a way of describing things that fit in my brain:). I now understand the difference between an event and alert. Thank you so much for your videos. Now I need you to do a video on detection rules, to bring it all together for me :).
Can you specify detection rules? Like do you want more technical information on how to build one or a less technical way of how one is designed?
Great music! And video 😸. You're a gentlewoman and a scholar. 🧐
Excellent and to-the-point teaching content with excellent background music. Appreciated and already bookmarked 👍👍👍 Thanks ma'm..
You're very welcome! I greatly appreciate the feedback. I've been debating leaving out the background music, but I think it sounds nice.
Simlple and clean explanation... why did you choose SANS over NIST?
Thanks for your comment, David! The SANS has more steps than the NIST, and they basically say the same thing. I was wanted to elaborate on the cycle with more steps to create addutional explanation. They both have different value depending on the organization. NIST is for government use, and there could be a full containment, eradication, and recovery team. Another organization may have to outsource their recovery, so it fits better in its own step all together.
What is the difference between an incident and sexurity breach?
Hello! So an incident can happen for many reasons, and it doesn't have to mean a breach. A breach is a type of incident.
@@cybergraymatter understood. Thank you!
Name the step responsible for writing down every information that could be used and be classified as important. (2 words)
SANS has 6 stages NIST has 4 Stages, they both are the same. Why not just make 1 the standard in the overall cyber security industry. Everyone should all go by NIST (government). It's not really necessary trying to understand one thing in two different ways you know. Why not just call stage 2 identification instead of calling it "detection and analysis". Are we more worried about the impact of the incident or differentiating terminologies when its all the same thing.
Thanks for the input! I agree that it's silly that they essentially say the same thing, yet they are both treated as different standards. In fact, there's even ISO and ISACA to add to the list. It would have been easier to choose one, but I just wanted viewers to know the difference, as this may come up on a certification exam or asked in an interview. I tried to make the focus on the content of the steps vs the fact that they are arranged differently.
As for what standard we should use, it really comes down to what an organization chooses. You may have a specific team to contain the incident and another that's primary function is to recover from it, so SANS might fit better in the IR plan layout when identifying who is in charge of what.
@@cybergraymatter thank you very much for the knowledge. it takes a real one to share knowledge like you did.
Noice
cool bruh
Speak slow please
Thanks for your comment, Munish. I will try and slow down for the next video. In the meantime, you can slow the video down to .75x speed in the video settings. Hope this helps!