Social Network For CISO (Chief Information Security Officers)
Cyber Kill Chain Model
In military strategy, a 'Kill Chain' is a phase model to describe the stages of an attack, which also helps inform ways to prevent attacks
Added by pritha on July 14, 2017 at 10:00am — No Comments
Added by CISO Platform on July 13, 2017 at 5:00pm — No Comments
This article highlights the Threat Management Process in Incident Response and brings in the understanding of the Kill chain model. Excerpts have been taken from a session presented at SACON - The Security Architecture Conference. You can view the full slide…Continue
Added by pritha on July 13, 2017 at 12:30pm — No Comments
Article submitted by Suryanarayanan K, ,Central Bank Of India
Phishing attacks are one of the most common security challenges that both individuals and organizations face in keeping their information secure. Phishing is the attempt to obtain sensitive information such as usernames, passwords, credit/debit card details etc., often for malicious reasons, by disguising as a trustworthy entity in an electronic communication. Phishing is typically carried out by email…Continue
Added by pritha on July 9, 2017 at 2:30pm — No Comments
Announcing Pre-registrations for the 4th edition of SACON - Security Architecture Conference in Bangalore on 10-11 November 2017.
Agenda Highlights: SACON 2017 aims to…Continue
Added by CISO Platform on July 7, 2017 at 5:30pm — No Comments
This gives a glimpse of Advanced Security Operations Centre (SOC) Features & Technical Capabilities. This document is not explicit, it assumes you have prior knowledge of the subject, therefore only pointers have been mentioned.
This was presented at SACON and speakers explain subjects in detail during sessions for deeper understanding. Next…Continue
Added by pritha on July 2, 2017 at 4:00am — No Comments
This gives a glimpse of how 'Machine Learning & Analytics' can be used for Threat Detection. This document is not explicit, it assumes you have prior knowledge of the subject, therefore only pointers have been mentioned.
This was presented at SACON and speakers explain subjects in detail during sessions for deeper understanding. Next sessions are…Continue
Added by pritha on July 2, 2017 at 2:00am — No Comments
Components of Google BeyondCorp
Device & Hosts
Added by pritha on June 24, 2017 at 2:56am — No Comments
Here's a small classification of Types Of Threats In Application Threat Modeling. This was earlier presented in SACON (International Security Architecture Conference) by Nilanjan De [Multiple patents, Zero Day Discovery, Co-Founder at FireCompass]…Continue
Added by pritha on June 20, 2017 at 12:30pm — No Comments
With Big Data and Behavior Analytics advances, the need of an SIEM at the enterprise level may be a question. This question is addressed in this report. It analyses, dissects and tries to find out the pros and cons of both sides.Continue
Added by pritha on June 14, 2017 at 12:30pm — No Comments
This report gives insight into 4 key cyber security incident trends observed in 2015. Includes top insights and detailed analysis of each attack and how one could prevent their organisation from being a target as well as mitigation.Continue
Added by pritha on June 14, 2017 at 12:00pm — No Comments
A ransomware attack crippled hundreds of computer networks across the globe. The systems were shut down and rendered useless until the attackers received the “ransom” through money transfer on Bitcoin. The ransomware essentially encrypts the files on the target microsoft windows system and makes them inaccessible to users. The initial transfer demanded by the ransomware is USD 300 which may later increase to USD 600.
After a host of different ransomware attacks that hit…Continue
Added by D V S V Prasad on June 8, 2017 at 11:30am — No Comments
Building a new SOC capability may involve lot of planning and would attract huge initial investment.
While there are multiple approaches to address this, given below are some of the simple steps one can follow:
1. Understanding Business Goals, type of business, organization culture & constraints & budgets
2. Gap Analysis with the…Continue
Added by Vishwas Pitre on June 7, 2017 at 1:00pm — No Comments
Author - Sanjay D. Tiwari, CISO, Suryoday Small Finance Bank
Prioritizing the handling of the incident is perhaps the most critical decision point in the incident handling process.
Incidents should not be handled on a first come, first served basis because of resource limitations. Instead, handling should be prioritized based on severity. Prioritizing incident defines how quickly the addressed incident need to be resolved.
Prioritization based on how quickly an incident to…Continue
Added by pritha on June 6, 2017 at 7:00pm — No Comments
In this Forrester's report they identify and analyze 13 significant firms in the IT security consulting services - Accenture, Atos, BAE Systems, Dell SecureWorks, Deloitte, EY, HPE, IBM Security Services, KPMG, Protiviti, PwC, Verizon & Wipro …Continue
Added by pritha on June 1, 2017 at 5:00pm — No Comments
Organizations around the globe are investing heavily in cyber defense capabilities to protect their critical assets. Whether protecting brand, intellectual capital, and customer information or providing controls for critical infrastructure, the means for incident detection and response to protect organizational interests have common elements: people, processes, and technology.
The maturity of these elements varies greatly across organizations and industries. In this fourth…
Added by pritha on May 30, 2017 at 5:30pm — No Comments
As mobile gains more capabilities and access to company data, mobile devices continue to play an important role in how workers do their jobs. Information workers are no longer tied to their PCs — smartphones, tablets, and laptops give them the flexibility to choose the device that best suits the context of each task performed. The internet of things (IoT)…Continue
Added by pritha on May 26, 2017 at 9:30pm — No Comments
Author - Anil Upadhyay, DM - ITGS, ITSD, Gujarat Gas Limited
We have listed the major parameters below. The framework is attached in the end.
Major Parameters To Consider :
Ability to identify non-compliant machines and network…
Added by pritha on May 26, 2017 at 1:00pm — No Comments
Author - Tushar Vartak, Director Information Security, Rak Bank
Since 12th Apr 2017, a Ransomware exploiting MS17-010 has been wreaking havoc worldwide.
Precautions to be taken:
1 - Patch Management
Added by pritha on May 25, 2017 at 5:00pm — No Comments
On 12th May, 2017 a Ransomware attack named as “WannaCry” Ransomeware, one of the largest ever cyber attacks - was reported, infecting the 19 trusts of NHS (National Health Services) in UK and infecting computers in many other countries including Spain, Russia, US, India, Ukrain etc.), at 19 different location. It was reported that day-1 itself it infected about 1,26,000 to 2,00,000 machines (mentioned in different research reports from different countries) which reached to 104…Continue
Added by Sunil Pandey on May 23, 2017 at 5:07pm — No Comments