cybersecurity-architects

prerequisite videos ( Core Processes of CASP about 70-80 minutes)

https://learning.oreilly.com/videos/casp-preparing/9780996619172/9780996619172-CASP0007_PRE_SSA1/ https://learning.oreilly.com/videos/casp-preparing/9780996619172/9780996619172-CASP0007_PRE_SSA2/ https://learning.oreilly.com/videos/casp-preparing/9780996619172/9780996619172-CASP0007_PRE_SSA3/ https://learning.oreilly.com/videos/casp-preparing/9780996619172/9780996619172-CASP0008_PRE_PSE0/ https://learning.oreilly.com/videos/casp-preparing/9780996619172/9780996619172-CASP0009_PRE_THR0/ https://learning.oreilly.com/videos/casp-preparing/9780996619172/9780996619172-CASP0010_PRE_COM0/

SABSA as the framework reading

https://learning.oreilly.com/library/view/enterprise-security-architecture/9781578203185/

Requirements Collection video

https://learning.oreilly.com/videos/casp-preparing/9780996619189/9780996619189-CASP0102_ARC_REQ3/

800-160 Original to build process videos

https://learning.oreilly.com/videos/casp-preparing/9780996619189/9780996619189-CASP0102_ARC_REQ3/ or the readings in the github folder

PARMEDIC to define controls videos

https://learning.oreilly.com/videos/casp-preparing/9780996619172/9780996619172-CASP0010_PRE_COM0/ or https://learning.oreilly.com/videos/cissp-8-domains/9780996619141/9780996619141-CISSP00_10/

Books

https://learning.oreilly.com/library/view/enterprise-security-architecture/9781578203185/K16265_part001.xhtml https://learning.oreilly.com/library/view/practical-cybersecurity-architecture/9781837637164/B19705_01.xhtml

Best Book for beginners

https://learning.oreilly.com/library/view/cybersecurity-architects-handbook/9781803235844/

In Class Links

Ai

https://sloanreview.mit.edu/article/the-genai-blind-spot-leaders-have-now/

What do SEC Arch do?

https://docs.google.com/spreadsheets/d/1mVX4chdRONrQPkVxhCxR97Zn0a-0fPCD_lRV10ge_nA/

NICCS

https://niccs.cisa.gov/workforce-development/cyber-career-pathways-tool?selected-role=SP-ARC-002

What we use:

TOGAF / SABSA as the framework

https://learning.oreilly.com/library/view/enterprise-security-architecture/9781578203185/

Landol for Risk assessment

https://learning.oreilly.com/library/view/the-security-risk/9781000413250/

800-160 Original to build process

https://learning.oreilly.com/videos/casp-preparing/9780996619189/9780996619189-CASP0102_ARC_REQ3/ https://csrc.nist.gov/pubs/sp/800/160/v1/upd2/final

PARMEDIC to define controls

https://learning.oreilly.com/videos/cissp-8-domains/9780996619141/9780996619141-CISSP00_10/

Super process to identify delivery protocol

https://learning.oreilly.com/videos/casp-preparing/9780996619189/9780996619189-CASP0102_ARC_REQ1/ https://learning.oreilly.com/videos/casp-preparing/9780996619189/9780996619189-CASP0102_ARC_REQ2/

CSA EA:

https://ea.cloudsecurityalliance.org/index.php/explore/

Compare Frameworks:

https://pubs.opengroup.org/architecture/togaf8-doc/arch/chap37.html

Critiques:

https://www.bcs.org/articles-opinion-and-research/a-comparison-of-the-top-four-enterprise-architecture-frameworks https://web.archive.org/web/20170310132123/https:/msdn.microsoft.com/en-us/library/bb466232.aspx

3 types:

https://conexiam.com/the-three-types-of-enterprise-architecture-framework/

SABSA:

https://sabsa.org/sabsa-executive-summary/

book

https://learning.oreilly.com/library/view/enterprise-security-architecture/9781578203185/

Comparative analysis of enterprise architecture frameworks:

https://ceur-ws.org/Vol-2470/p19.pdf

LAB prioritize vulnerabilities

Open all 5 of these links in separate tabs:

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6271

https://en.wikipedia.org/wiki/Stagefright_(bug)

https://sploitus.com/?query=POODLE#exploits

https://www.exploit-db.com/exploits/47153

LAB RISK ASSESSMENT REVIEW:

https://docs.google.com/spreadsheets/d/18NEEU-XPZNYJsAcPo5OTG1lMhwoj-uwFddqbdqHYevU/