Note-to-self: extended reprint of a LinkedIn post…
I might have mentioned it already, but if you have passed the CCSK exam before, better logon to your CCSK profile on the CSA website and check if you still have an exam token left.
By default you get 2 tokens each exam registration, so…
If you pass your exam the first time, the “second try” backup token is left unused in your profile.
And (if not yet expired) you can use it to upgrade your CCSK to v4.
Tokens stay valid for 2 years after purchase.
On that page you can also find the required study material for the exam.
You can download the CCSK v4 prep kit from :
It’s an online exam and thus open book exam, using the below reference guides.
But realise: 60 questions in 90 minutes still is hard work, so better do some prep work up front to maximize your chances.
Once you pass this one, you can go for the
(ISC)² CCSP with more confidence…
best practices, certification, Cloud, corporate security, cybersecurity, enterprise security, guidance, Learning, Security and tagged ccsk, ccsp, cloud security, cloud security alliance, cloudsecurityalliance, course, csa, download, isc², note-to-self on .
Mon 9 Apr 2018
Leave a comment
From the introduction: ”
In the current world of Information Technology, protective measures do not stop at the network edge. Recent news reports based on security breach post-mortems indicate the need to protect assets using measures that reduce administrative access. While the principle of least privilege has always been known to IT Security professionals, there is a need in the industry for a standardized method of constructing an operator experience that reduces access with a more sophisticated level of granularity than what is available in many traditional access control models.
Just Enough Administration (JEA) is a solution designed to help protect Server systems. This is accomplished by allowing specific users to perform administrative tasks on servers without giving them administrator rights, and then auditing all actions that these users performed. JEA is based on Windows PowerShell constrained runspaces, a technology that is already being used to secure administrative tasks in environments such as Microsoft Exchange Online.”
For the latest information, please see
http://blogs.msdn.com/powershell/ and http://aka.ms/buildingclouds
Don’t need to tell you that you should definitely save these in your favorites. (Well, just did it… so no excuses..)
AAD, Active Directory, Azure Active Directory, Cloud, corporate security, cybersecurity, enterprise security, powershell, Security and tagged active directory, cloud security, enterprise security, powershell, security on .
Wed 28 Jan 2015
Leave a comment
Microsoft has released a series of whitepapers that are designed to help organizations understand and manage the risk posed by targeted attacks by determined adversaries. These papers include:
In addition, they have published a short series of videos that introduce many of the topics covered in these papers.
Full details at:
The shortcut below:
Introduction to Determined Adversaries and Targeted Attacks:
Mitigating Pass-the-Hash Attacks:
Anatomy of a Cyber-attack Part 1:
Anatomy of a Cyber-attack Part 2:
Importance of Securing Active Directory:
I’ve collected some interesting base resources for getting started with AAD Sync at :
Feel free to comment or suggest other resources to be added.
Few days ago Microsoft launched a new release of the Azure AD Sync tool.
As mentioned in the
AAD Sync Version Release History, this build adds the following features:
Password synchronization from multiple on-premise AD to AAD
Localized installation UI to all Windows Server languages
Get an overview and comparison for Directory Integration with Azure AD
Azure Active Directory Synchronization Tool (DirSync)
Azure Active Directory Synchronization Services (AAD Sync)
Forefront Identity Manager 2010 R2
The download location for AADSync (
http://aka.ms/AADSyncDownload) has not changed, but has been updated with the new version.
AADSync, Azure Active Directory, Community, download, enterprise security, FIM, Hotfix, Microsoft Azure, Security and tagged AADSync, Azure AD, Azure AD Sync, cloud, cloud security, download, new features, password sync, password synchronization on .
Wed 29 Oct 2014
Leave a comment
In this months newletter you’ll find guidance on:
Windows Phone 8.1 Security Overview
Windows Phone Security Forum for IT Pros
Create Stronger Passwords and Protect Them
Inlcuding free online tool offered by Microsoft Research, called
Telepathwords, for those that would rather have a randomly generated strong password created for them.
Two-Factor Authentication for Office 365
Multi-Factor Authentication for Office 365
Configuring Two-Factor Authentication in Lync Server 2013
Adding Multi-Factor Authentication to Azure Active Directory
Enabling Multi-Factor Authentication for On-Premises Applications and Windows Server
Building Multi-Factor Authentication into Custom Apps
Get Started with Virtual Smart Cards
Plus much more… check it out at
Active Directory, authentication, Azure Active Directory, Cloud, Direct Access, enterprise security, Microsoft, Microsoft Azure, multi factor, password, Security, smart cards and tagged Azure AD, Azure AD Sync, cloud, cloud security, security on .
Fri 26 Sep 2014
Leave a comment
New Azure Active Directory Synchronization Services (AAD Sync) has reached general availability.
are more details about this – and Here is the related documentation. here
If you just want to get started, just click here to
. download AAD Sync
As discussed on the release blog post:
“AAD Sync capabilities in this release include the following;
Active Directory and Exchange multi-forest environments can be extended now to the cloud.
Control over which attributes are synchronized based on desired cloud services.
Selection of accounts to be synchronized through domains, OUs, etc.
Ability to set up the connection to AD with minimal Windows Server AD privileges.
Setup synchronization rules by mapping attributes and controlling how the values flow to the cloud.
Preview AAD Premium password change and reset to AD on-premises.”
AADSync, Active Directory, Azure Active Directory, Cloud, Microsoft, Microsoft Azure, Security and tagged AADSync, Azure AD, Azure AD Sync, cloud, cloud security, microsoft on .
Tue 16 Sep 2014 1 Comment