WELCOME TO CRONINITY

Standard IR Data Analysis phases A practical way to evaluate AI’s impact on incident response (IR) is by examining how it enhances the data analysis phases that analysts perform during alert triage and incident handling. These are analytical stages, distinct from the traditional IR lifecycle of Identification, Containment, Eradication, Recovery, and Lessons Learned. The core data analysis phases include: Planning, Search (including Data Collection and Parsing), Normalization,

Test Plan - Test 1: Installation and Configuration of Microsoft Security Copilot and Applicable Plugins Background Microsoft Security Copilot leverages AI-driven orchestration across Microsoft security tools using integrated plugins and agents. Its performance depends on Security Compute Units (SCUs), the measure of compute capacity required to run Copilot workloads. SCUs are billed per hourly activation, not per-minute increments. Each activation incurs a minimum charge of o

CRISC IT Systems Topic areas: Information Technology Principles Enterprise architecture: Managing and governing the overall structure of an organization's IT systems. IT operations management: Handling the day-to-day IT processes, such as change management, IT asset management, and incident management. Project management: Applying risk management principles throughout the system development life cycle (SDLC). Disaster recovery management (DRM): Creating and maintaining a plan

Moving from Risk Assessment to Risk response & Reporting Once a risk has been identified and assessed, the next step is to ask: What will we do about it? This is where risk treatment or risk response comes into play, selecting the most appropriate action to manage the risk. Risk Response Risk and Control Ownership: Assigning accountability for risks and the controls that address them. Risk Treatment/Response Options: Deciding on the appropriate strategy for addressing ident

Risk Evaluation & Risk Assessment Once the scope of the risk analysis is clearly defined, the next critical phase is Risk Assessment & Evaluation. This stage involves assessing the potential risks to the organization's people, assets, and data within the context of the defined system or environment. Risk Assessment & Evaluation serves as the analytical core of any cyber risk management process. While much of the industry content and discussion around cyber risk tends to focus

CRISQ Topic area overview Cyber risk management often feels complex due to the variety of frameworks, terminology, and implementation approaches in circulation. This article serves as a study aid for the Certified in Risk and Information Systems Control (CRISC) certification by breaking down key concepts within a simplified, practical risk management framework. At a high level, effective risk management can be distilled into four core functions: Risk Governance – Define the m

Security Copilot Product Testing These concepts are presented to establish a foundation for evaluating what Security Copilot can do today, the effort required to implement those capabilities, and how that may evolve with future enhancements. For instance, the transition from the Planning phase to Data Search may not yet be fully dynamic, particularly when the data required for analysis originates outside the Microsoft ecosystem. Microsoft has long incorporated guided response

The Microsoft SC-100 'Microsoft Certified: Cybersecurity Architect Expert' credential is a Microsoft expert level credential that...

broser extensions detections https://github.com/elastic/protections-artifacts/blob/b427449015fcbd81bbf2f0aa5f4dc800f64ccb96/behavior/rules/macos/persistence_suspicious_browser_preference_file_modification.toml?utm_source=substack&utm_medium=email brwoser crdes stealing https://github.com/elastic/protections-artifacts/blob/b427449015fcbd81bbf2f0aa5f4dc800f64ccb96/behavior/rules/windows/credential_access_failed_access_attempt_to_web_browser_files.toml?utm_source=substack&utm_me

Understanding Identity in Transit vs. Identity at Rest: The Session Hijack Problem This article breaks down a key issue in modern identity protection: the critical difference between “Identity at Rest” and “Identity in Transit.” 1. Identity at Rest Identity at rest refers to credentials stored on systems or in databases, password hashes, key material, etc. Traditional attacks here include: Breaches targeting hashed credentials. Well-defined defenses exist for this space: Stro

I recently came across a post about the Netherlands passing a stricter espionage law, explicitly extending to cyber activities, and it...

The Complexity of the AI Data Center Supply Chain At first glance, an AI service might appear to be delivered solely by a major cloud...

Gladstone AI, an organization focused on mitigating national security threats from advanced AI systems, including weaponization and loss...

While power is the foundation of any data center, cooling and thermal management are equally critical, especially in AI-intensive...

While other articles in this series take a deeper dive into specific power generation methods, like onsite gas turbines, this piece...

What Are Methane Turbines, and Why Are They in the AI Spotlight? Recent headlines about Elon Musk’s xAI "Colossus" data center in...

Sentinel Detections and Automations In the previous section, we explored Workspace Manager, Data Connectors, and Settings. This section dives deeper into Sentinel's detection and response capabilities, focusing on: Analytics Watchlists Automation Configuration and settings for these features can also be found under the sentinel Configuration section. Sentinel Analytics (Detection Rules) Analytics rules are the core of Sentinel’s threat detection engine. These rules run querie

Powering AI - The Role of Gas Turbines in the Energy Supply Chain In the previous post, we explored the explosive growth of data centers...