All Blog Posts Tagged 'Amazing' (68)

Can your SMART TV get hacked?

 

The last fortnight has been like real busy @CISO Platform Annual Summit, 2013. But taking into consideration the brainstorming sessions,the brimming CISOs, the altogether wonderful experience, it all seems worth it! Nevertheless, there are always great talks on which we like to catch on any time again!

( Read more: …

Continue

Added by pritha on December 16, 2013 at 6:00pm — No Comments

CISO Guide for Denial-of-Service (DoS) Security

Denial-of-Service (DoS) attacks have existed since the early days of computing and have evolved into complex and overwhelming security challenges. Organizations have had to worry not just about DoS attacks, but Distributed DoS attacks (DDoS), and more recently, Distributed Reflector DoS (DRDoS) attacks. Additionally the size, complexity, and sophistication of DDoS attacks are increasing at alarming rates.

In general distributed denial-of-service (DDoS) attacks target network…

Continue

Added by CISO Platform on September 12, 2013 at 12:30pm — No Comments

Action List Before Adopting a Cloud Technology

Firstly the CISO has to work with the CIO and the business to understand the business need to implement this and then clearly articulate associated risk exposure to the firm and its stakeholders.

A detailed due diligence has to be completed following which the risk posture and risk mitigation guidance has to be provided. Subsequently a corporate policy along with the mitigating controls has to be implemented and training imparted to the relevant business users.

( Read more: …

Continue

Added by CISO Platform on August 28, 2013 at 4:00pm — 1 Comment

Technology/Solution Guide for Single Sign-On

Top technologies / solutions available for the Single Sign-On are :

1.Common Standard Solutions:

  • The Generic Security Service Application Program Interface GSS-API.
  • OSF Distributed Computing Environment DCE.
  • Pluggable Authentication Modules PAM

 2.Broker-Based SSO Solutions: having one server for central authentication & user account management.                  

  • Kerberos: Trusted Kerberos…
Continue

Added by CISO Platform on August 28, 2013 at 3:30pm — 1 Comment

Database Security Vendor Evaluation Guide



Requirement for solutions related to Database security

A CISO should define the requirement for solutions related to Database security by first understanding the business and threat environment and decide on the most applicable threats and security parameters while balancing performance of application and security.

( Read more: …

Continue

Added by CISO Platform on August 28, 2013 at 2:00pm — No Comments

My Key Learning While Implementing Database Security



Top steps during the implementation of a project related to Database Security



1.As most of the times, application developers or persons implementing the applications also work as database administrators, it is important that database administration is handled by different persons in the team. For bigger projects, you should have a separate database team. This helps on most of the occasions to have better control on database management and…

Continue

Added by CISO Platform on August 28, 2013 at 1:30pm — No Comments

BYOD Security: From Defining the Requirements to Choosing a Vendor

A CISO need to understand the exact requirement before designing the BYOD domain in the organization. Keeping in mind the exact business need and value add which can be or intended to obtain using this technology.

(Read more:  5 easy ways to build your personal brand !)

Build of solution for BYOD is directly related to business requirement without any compromise to security of information…

Continue

Added by CISO Platform on August 27, 2013 at 5:30pm — No Comments

Under the hood of Top 4 BYOD Security Technologies: Pros & Cons

Top technologies / solutions available for BYOD Security:

Task for companies who utilize BYOD is to develop a policy that defines exactly what sensitive company information needs to be protected and which employees should have access to this information, and then to educate all employees on this policy.

Technologies for security of BYOD :

1.     VDI- One popular software-based security method gaining steam in BYOD environments is…

Continue

Added by CISO Platform on August 27, 2013 at 5:30pm — No Comments

How Should a CISO choose the right Anti-Malware Technology?

Now this is a very subjective term as “Right” to each is quite different. More so, the subject “Information Security” by itself is quite a dynamic and an evolving term. Here, any measure stick with constant attributes may not provide a true insight for the choice of Technology. However, certain parameters of the selection process can be generalized for operational efficiency.

(Read more: …

Continue

Added by CISO Platform on August 27, 2013 at 4:30pm — No Comments

5 Best Practices to secure your Big Data Implementation

Here are the key best practices that organizations need to adopt for securing their Big Data.

 1. Secure your computation code:

  • Proper access control, code signing, auditing should be implemented to secure computation code.
  • Implement a strategy to protect data in presence of an untrusted computation code.

2. Implement comprehensive end-point input validation/filtering:

  • Implement validation and filtering of input…
Continue

Added by Jitendra Chauhan on August 20, 2013 at 7:30pm — No Comments

Top 5 Big Data Vulnerability Classes

Recently, we were pentesting a Data mining and Analytics company. The amount of data that they talked about is phenomenal and they are planning to move to Big Data. They invited me to write a blog on state of the art, Big Data security concerns and challenges and I happily accepted.

( Read more:  Top 5 Application…

Continue

Added by Jitendra Chauhan on August 20, 2013 at 6:30pm — No Comments

How to write a great article in less than 30 mins

We all face difficulties in expressing our thoughts. Here are a few pointers which will help a person to write great articles in just 30 mins.

Step 1: Define the headline

When you write the articles ask yourself 3 questions:

  1. Are you saying something new?
  2. Are you saying something old but in a new way?
  3. Are you saying something which will help others to save time, money or effort?

If any…

Continue

Added by CISO Platform on June 5, 2013 at 5:30pm — No Comments

5 easy ways to build your personal brand !

How important is your personal brand in professional success?

Nobody can deny that personal reputation is critical in the path of professional success. Definitely the most important factor is "who you are?" but it is equally important "how others perceive you?".

In today's world due to online tools it is lot easier to build your personal brand. Here are the top steps:

 

Step 1:…

Continue

Added by CISO Platform on June 4, 2013 at 12:00pm — No Comments

7 Key Lessons from the LinkedIn Breach

You must have heard about recent breach at LinkedIn, which led to exposure of 6.5 million hashed passwords available for download at hacker site. Many of such passwords were decoded and published on an un-authorized website. Feds are involved in investigation to find out possible perpetrator(s) behind this criminal activity but I see there are certain takeaways from this incident and probably which would make us better prepared for possible future breaches.…

Continue

Added by Jaykishan Nirmal on May 16, 2013 at 1:30pm — No Comments

Top 5 Application Security Technology Trends

 

 1.    Run Time Application Security Protection (RASP)

Today applications mostly rely on external protection like IPS (Intrusion Prevention Systems), WAF (Web Application Firewall)etc and there is a great scope for a lot of these security features being built into the application so that it can protect itself during run time.

RASP is an integral part of an application run time environment and can be implemented as an extension…

Continue

Added by bikash on May 14, 2013 at 6:30pm — No Comments

How to choose your Security / Penetration Testing Vendor?

 

A common question is why should we get a third party penetration testing company? Why not choose a team from your current technical group to handle the network security test? For one, security audits like traditional financial audits are better done by outside companies with no bias and partiality to anyone or anything within your organization. Another reason to hire a security testing company is that one may find it difficult to hire and retain Penetration…

Continue

Added by bikash on May 14, 2013 at 6:00pm — No Comments

SAST vs DAST: How should you choose ?

What is SAST?

SAST or Static Application Security Testing is the process of testing the source code, binary or byte code of an application. In SAST you do not need a running system.

 

What is DAST?

DAST or Dynamic Application Security Testing is the process of testing an application during its running state.  In…

Continue

Added by bikash on May 14, 2013 at 4:00pm — No Comments

CISO Viewpoint: Safe Penetration Testing

 

 

Safe Penetration Testing – 3 Myths and the Facts behind them

Penetration testing vendors will often make promises and assurances that they can test your Web Applications safely and comprehensively in your production environment. So when performing Penetration Testing of a Web Application that is hosted in a Production Environment you need to consider the following myths and facts which can directly or indirectly end up causing you…

Continue

Added by bikash on May 14, 2013 at 3:30pm — No Comments

APT Secrets that Vendors Don't Tell

APT (Advanced Persistent Threats) is the talk of the town. There is too much of noise and confusion. Everybody wants to make money. Quite a few uses FUD (Fear Uncertainty and Doubt) to sell their products. I wanted to highlight the APT secrets which vendors don't tell (well mostly).

 

There is no single solution for APT

APT is a like a war. No single solution is good enough. You cannot have a solution to your APT problem.…

Continue

Added by bikash on April 20, 2013 at 10:30am — No Comments

Checklist: How to choose between different types of Application Security Testing Technologies?

 

Static Application Security Testing (SAST)

SAST or Static Application Security Testing is the process of testing the source code, binary or byte code of an application. In SAST you do not need a running system.

 

Pros

• SAST can pin point the code where the flaw is.

• you can detect vulnerabilities before it is deployed:…

Continue

Added by bikash on April 17, 2013 at 9:30pm — No Comments

Monthly Archives

2019

2018

2017

2016

2015

2014

2013

2012

1999

Follow Us

Contact Us

Email: contact@cisoplatform.com

Mobile: +91 99002 62585

InfoSec Media Private Limited,First Floor,# 48,Dr DV Gundappa Road, Basavanagudi,Bangalore,Karnataka - 560004

© 2019   Created by CISO Platform   |   Powered by

Badges  |  Report an Issue  |  Privacy Policy  |  Terms of Service

Related Posts