February 2016 Blog Posts (19)

5 Tips To Evaluate Your Readiness Before Implementing Data Loss Prevention (DLP) Solution

Here are some Tips To Evaluate Your Readiness Before Implementing Data Loss Prevention (DLP) Solution:

  • Your organization have developed appropriate policy to govern the use of Data Loss Prevention (DLP) solution

    To draw true…

Added by pritha on February 26, 2016 at 6:00pm — No Comments

CISO Guide to Next-Gen Criminal Fraud Detection

With the introduction of sophisticated threats, such as advanced phishing, pharming and malware, authentication has become less effective. Authentication methods—including out-of-band and one-time passwords—as well as security questions can be bypassed with minimal effort by fraudsters.

Consequently, more sophisticated authentication techniques…


Added by pritha on February 22, 2016 at 5:00pm — No Comments

Using 80/20 rule in Application Security Management

80/20 rule (also known as Pareto Principle) is one of the most beautiful rules which helped me to achieve as well as fail. In most of the cases where I went wrong it finally turned out to be figuring out the “right few”. This is probably one of the most elusive rules. It is easy to understand but extremely difficult to practice.

#1: Know yourself before your enemy does.

I remember in a recent conference the speaker asked the audience…


Added by bikash on February 20, 2016 at 2:30pm — No Comments

4 Areas where Artificial Intelligence Fails in Automated Penetration Testing

Formal Modeling and Automation is one of the things I love. I try to model everything and sometimes modeling helps and sometime it lands me in trouble. It helped me when I tried to model Penetration Testing and worked with my co-founder to design our first version of automated Penetration Testing Tool at iViZ. Where it did…


Added by bikash on February 20, 2016 at 2:30pm — No Comments

10 questions to ask before you start your Bug Bounty program…

Bug bounty programs are quite common these days with several of the biggest names in the industry have launched various avatars of the program. I have been asked by a few security managers and managements about should they launch a bug bounty program. Definitely bug bounty program has the advantage of crowd sourcing. However an organization should be mature and prepared enough to launch such a program. Here are some questions which shall tell you if you are prepared or not. You are ready…


Added by bikash on February 20, 2016 at 2:30pm — No Comments

Checklist To Assess The Effectiveness Of Your Vulnerability Management Program

From our experience of helping organizations in building their ‘Vulnerability Management’ program, we feel that one of the major challenge the security manager/management faces does not always know the reality on the grounds. Obviously the management is extremely busy and has got too many priorities. It is natural to get into managing whirlwinds. So, I wanted to define a few questions which can help you to find out how robust is your application security management program? Not just that, by…


Added by bikash on February 20, 2016 at 2:30pm — No Comments

How to benchmark a web application security scanner?

There is a plethora of web application scanner ; every one of which claims to be better than the other. It is indeed a challenge to differentiate between them. We need to benchmark the application scanner against hard facts and not marketing claims. Below are some of the most critical metrics against which you would like to benchmark web application scanner.

1. What is the rate of false positives?

False Positives…


Added by bikash on February 20, 2016 at 2:30pm — No Comments

Beyond Secure Software Development Life Cycle (SDLC) : Moving Towards Secure Dev-Ops

We have heard a lot about secure SDLC (Software Development Life Cycle). So, what next? Everything transforms with time and now is the time for Secure SDLC to be transformed. Secure SDLC is probably going to get metamorphosed into Secure Dev-Ops.

What is Dev-Ops?

Dev-Ops is a software development methodology which focuses on the communication, communication and integration of Developers and IT managers. In short it is an integration…


Added by bikash on February 20, 2016 at 2:30pm — No Comments

8 Questions to ask your Application Security Testing Provider !

Choosing the right Application Security Testing Service Provider is not always an easy task. By asking the right questions and knowing what answers to look for, you can conduct the thorough evaluation of the various vendors available in the market and make the most intelligent choice for your business.There are numerous options like buying tools, using cloud based testing providers or the traditional consultants. I have discussed making the right choice in another blog.…


Added by bikash on February 20, 2016 at 2:00pm — No Comments

16 Application Security Trends That You Can't Ignore In 2016

CISO Platform-Top Application Security Trends 2016

Application Security has emerged over years both as a market as well as a technology. Some of the key drivers had been the explosion in the number of applications (web and mobile), attacks moving to the application layer and the compliance needs. Following are the key Application Security Trends which we believe the industry will observe during the year…


Added by bikash on February 20, 2016 at 1:30pm — No Comments

Secure SDLC Program: “The Art of Starting Small”

I have seen several organizations trying to adopt secure SDLC and failing badly towards the beginning. One of the biggest reason is they try to use “Big Bang Approach”. Yeah, there are several consultants who will push you to go for a big project use the classical waterfall model to adopt secure SDLC. But that’s asking too much. Changing the habits of a group is not very easy.

Typically there is a big push back and depending on how determined you are and the amount of…


Added by bikash on February 20, 2016 at 12:30pm — No Comments

Fortnightly Summary Of Top IT Security News-16th Feb,2016

New White House Cyber security Plan Creates Federal CISO - 9 Feb 2016…


Added by pritha on February 16, 2016 at 4:30pm — No Comments

SAP Afaria: how to wipe mobile devices clean with one text message

In the previous blog entry, we described how to exploit an XSS vulnerability in SAP Afaria. Today’s post is dedicated to another security issue affecting Afaria.

( Read More: Checklist On Skillset Required For An Incident Management Person )



Added by Alexander Polyakov on February 15, 2016 at 1:30am — No Comments

SAP Security for CISO’s. Part two: Beginner’s introduction to SAP

This time we will speak about SAP in particular. So, what is SAP? First of all, SAP is a German company that develops and sells business software. SAP is famous for its ERP system - the most widespread business application. However, SAP provides much more than just an ERP. In 2005, it introduced its SAP Business Suite – a number of integrated business applications such as ERP, CRM, PLM, SCM, and SRM. These business applications consist of different components. For example, ERP includes…


Added by Alexander Polyakov on February 15, 2016 at 1:30am — No Comments

5 Questions You Want Answered Before Implementing Enterprise Mobility Management (EMM) Solution

Technology comes with a cost. The cost, one could never have imagined if not properly implemented. Enterprise Mobility Management (EMM) solution at place boosts the productivity, enhances mobile security, and provides easy access to corporate content. However, the important question is whether you are ready for this technology or not?…


Added by pritha on February 12, 2016 at 5:30pm — No Comments

9 Top Features To Look For In Next Generation Firewall (NGFW)

Firewall in simple terms acts as a barrier to prevent unauthorized access or malicious traffic within a system or in a network. The rapid growth of new innovative technology and alongside with the massive growth of new security threat, the traditional firewall is not enough to compete. To deal with these changes, vendors in the enterprise firewall market have created a new generation of firewall devices dubbed the Next Generation Firewall or NGFW.



Added by pritha on February 12, 2016 at 5:00pm — No Comments

11 Ways To Measure The Effectiveness Of Your Identity & Access Management (IAM) Solution

Identity Access Management (IAM) is a set of business policies, framework and processes which ensures the right person has access to the right asset/resources. Identity Access Management solutions can deliver intangible benefits that are revenue increasing and other tangible benefits that are cost reducing.



Added by pritha on February 12, 2016 at 5:00pm — No Comments

Top 6 Reasons Why Data Loss Prevention(DLP) Implementation Fails

Below are Top 6 Reasons Why Data Loss Prevention/ Data Leakage Prvention (DLP) Fails:

  • Lack of business/key-stakeholders involvement: Failure to include key stakeholders (Including Business and C-level executives) while defining requirements and formulating DLP policy make implementation…

Added by pritha on February 10, 2016 at 11:30pm — No Comments

Monthly Archives










Follow Us

Contact Us

Email: contact@cisoplatform.com

Mobile: +91 99002 62585

InfoSec Media Private Limited,First Floor,# 48,Dr DV Gundappa Road, Basavanagudi,Bangalore,Karnataka - 560004

© 2019   Created by CISO Platform   |   Powered by

Badges  |  Report an Issue  |  Privacy Policy  |  Terms of Service

Related Posts