"The good guys need to be right all the time. The bad guys just need to be right once."

From recent Target shops in US being compromised with 40 million shopper's card details, last minute shoppers are well discouraged. So is action after being compromised! Security threats are no longer confined to 'www.',it's gone into ATMs and Card scanners or maybe more we're yet to know! You may not know which server of yours hosts unofficial access. 

A security breach can have devastating consequences for any enterprise—resulting in possible operational disruption, data leakage, reputation damage and regulatory complications. The lack of a unified incident management process, coupled with inexperienced staff, can increase the business impact of such incidents.

So, here's just the whitepaper you need.

Why Download it?

• Helps reduce risks and exposure to cyber threats
• Provides access to key resources
• Enable faster recovery and minimize business impact from incidents
• Broader view and deeper understanding of incidents
• Use of intelligence data and analytics
• Help cut costs

The last fortnight has been like real busy @CISO Platform Annual Summit, 2013. But taking into consideration the brainstorming sessions,the brimming CISOs, the altogether wonderful experience, it all seems worth it! Nevertheless, there are always great talks on which we like to catch on any time again!

( Read more:  My Key Learning While Implementing Database Security )

Can somebody hack your smart TV?

A smart TV is the smartest and dullest thing you've ever spent your bucks on! We love watching a match on it but wait!! What I say next may pose to dampen all the hype of Smart TVs.IPTVs are no more than big Smart Mobiles , that look huge but have smarter threats in our lives. For instance-

• Could it be watching over your house?
• Could it prompt news 'your president is dead' ?

Well, that's YES!.....So,Can your TV give any hacker as good remote access as any other hackable device? Or much more? How can you stop access to your private life?

Martin gave an interesting insight into the Hbb (Hybrid Broadcast Broadband) TVs. Martin Herfurt is a recognized IT Security researcher who works with a german IT security firm nruns. His research and passionate interests center around Bluetooth and mobile technologies.

More:  Want to become a speaker and address the security community?  Click here    

 WATCH the complete video here.

>> Liked the video? Then share this.

( Watch more : Latest Attacks Vectors and Threats on Aircrafts and Unmanned Arial Vehicles )

 WATCH the complete ppt here.

>> Liked the ppt? Then share this.

 (Read more:  Database Security Vendor Evaluation Guide)

Building an Android Scale Incident Response Process

Author - Anil Upadhyay, DM - ITGS, ITSD, Gujarat Gas Limited

We have listed a Key Parameter are required for Security Incident and Event Management and The Framework was attached at the end.

Major Parameters To Consider :

1. Ability to identify non-compliant machines and network activities based on Organisational Policies and Procedures.

2. Ability to demonstrate compliance and/or due diligence, with respect to ISO 27001 guidelines, Account management, Configuration Management, Authentication, Vulnerability Management

3. Ability to Identify and respond to Organisational policy violations. Web Policies of explicit material, use of clear text protocols, or Access policies, Organisational Information Security Policy.

4. Ability to Risk management of threats and exposed vulnerabilities. Identify and respond to attacks against the organization’s information systems from external threats. This includes monitoring for worms, viruses, denial-of-service, and other similar attack vectors.

5. Ability to identify compute activity trends and raise alarms for potential outbreaks (e.g., from worms)

6. Ability to identify and notify Intrusions. Isolate actual breaches while recording and suppressing false positives.

7. Ability to identify Suspicions activity in the network, monitor and record potentially malicious activity and raise alarms on thresholds.

8. Ability to identify networks being subjected to potential denial of service attacks.

9. Ability to identify and respond to attacks against the organization’s information systems from internal threats. The focus is to identify activities that could result in theft of intellectual property and/or intelligence.

10. Ability to record and generate an alarm for data leakage, track and reconstruct insider activities and identify exceptions

11. Ability to track risk i.e User Activity with early warning indicators.

12. Ability to