pritha's Posts (578)

Sort by

This exclusive brief from Enterprise Strategy Group (ESG) outlines 4 key strategies for reducing the risk of advanced, targeted threats with next-generation security.

What will you learn in the paper:

  • How the malware threat landscape is becoming more dangerous
  • Why existing defenses cannot provide adequate protection alone
  • What investments organizations are making in new processes and technologies to help the address the risks associated with APTs

>>Click here for Complete Checklist & Detailed Report

Hint: Sandboxing alone won't give you the control to take down APTs from your network.


Read More: Hardware Trojans: Sneak Peek into the Future )

Fear Facts-

  • The malware threat landscape is becoming more dangerous.
  • Existing defenses cannot provide adequate protection alone.
  • Enterprise organizations are willing to invest in new processes and technologies to help them address the risks associated with modern malware.

>>Click here for Complete Checklist & Detailed Report

Read more…

Hardware Trojans: Sneak Peek into the Future


We are safe, checking our software's for fallacy, for hacker's tricks. However we never think that the machine we run could be malicious itself. Their could be havoc if so happened, Prof. Indranil Sengupta(IIT-kgp) enlightens us about such threat and future research scope on Hardware Trojans. 

 VIEW the complete ppt here.

>> Liked the ppt? Then click here to share this on google+.

Read more:  Database Security Vendor Evaluation Guide)

WATCH the complete video here.

>> Liked the video? Then Click Here to share this on Linkedin

( Watch more : Latest Attacks Vectors and Threats on Aircrafts and Unmanned Arial Vehicles )

Excerpt from the talk

Malicious modification of the circuitry of an IC(Integrated Circuit)

  • Modifications can take place pre or post manufacturing
  • Inserted by intelligent adversary
  • Extremely small hardware overhead
  • Difficult to detect
  • IC malfunctions in field

Do they exist?

  • No concrete proof yet
  • Tampering masks in fab is highly complex
  • Reverse engineering a single IC can take months

Why worry?

  • Numerous suspected military and commercial cases(since 1976)
  • Reverse engineering in ICs is believed to be practiced in well reputed companies(like IBM)
  • Highly sophisticated commercial softwares are available for reverse engineering
  • Tampering at design stage is highly tempting and feasible

( Read more:  My Key Learning While Implementing Database Security 

Serious Implications

  • Military compromise
  • Civilian Infrastructure compromise( like power grid, transportation etc.)
  • Communication System massacre
  • Loss of human life and property
  • Monetary loss of billion dollars

( Read More: Firewall Checklist - Top 10 Things Your Next Firewall Must Do!)

Some direct malfunctioning

  • “Hardware Trojans could turn microchips into timebombs” (P. Marks, NS, Jul. 2009) tweet this
  • “Towards Countering the Rise of the Silicon Trojan” (DSTO, Australian Govt., Dec. 2008)
  • “Cracking Security Codes: Does it Matter?” (C. Tartette, IEEE Spectrum, Feb. 2010)

Why is Trojan Detection so Challenging?

  • Design overhead for Invasive methods
  • Infinite instances,Low controllability and observability for logic-testing methods
  • Large process variation,small trojan detection for side channel analysis

What are your views on 'Hardware Trojans' ? Are they really a pressing threat or not ? Share your views in the comments below.

Read more…

Can you prevent APT using NextGen Firewall?

Cybercrime and espionage have cost companies over $500 BillionTweet: Cybercrime and espionage have cost companies over $500 Billion #CISOPlatform @CISOPlatform [link] <a href=" width="33" height="30" />in lost IP and untold lost jobs and productivity. The term ‘Advanced Persistent Threat’ was originally used by US Air Force security analysts to describe a particular actor behind a series of attacks. The term has evolved into a broader meaning, now encompassing the actor, the tools, and the process used to launch long-term campaigns. Unlike the ‘smash and grab’ approach used by Hacktivists, or the opportunistic ‘spray and pray’ approach used by low level or solo actors, APTs stem from well-funded, well organized adversaries, often backed by nation-state actors with long-term strategic goals.

>>Download Whitepaper on Controlling APT using Next-Gen Firewall

3 Distinguishing attributes of APT:

  • Custom Tool and Payload
  • Patient and Strategic
  • Fatal Motive

What is Click Fraud?

Companies who advertise on the internet can get better ad placement by paying the host of their ad every time a user clicks on it. Click fraud schemes use automated methods of repeatedly clicking on a given advertisement to boost the revenues of the hosting site artificially. Click fraud is one of many ways that cyber-criminals can monetize their efforts.

>>Download Whitepaper on Controlling APT using Next-Gen Firewall

Most Famous APTs:

  • APT1 - Compromise Chinese Military Activity 
  • Flame - Circulated in Middle Eastern Countries
  • Operation Shady Rat- 2006 to 2011 McAfee
  • Stuxnet - used to sabotage Iran's Nuclear program

Socially Engineered Attacks:

Here’s an exercise you can try at home: Google yourself or friend. Follow the links to Facebook, LinkedIn, YouTube or other personal sites. Look for connected family, friends, personal interests, recent travels, or employer information.With what you find, would you be able to impersonate someone well enough to get a known associate of that person to trust (and click) an emailed link? Some of the most notorious and impactful APTs have begun just this way. Socially
engineered attacks make use of publicly available information to snare users, often through spear-phishing emails.

>>Download Whitepaper on Controlling APT using Next-Gen Firewall

What are your views on the most notorious APTs? Share your views in the comments section below.

Read more…

4th Top 100 CISO Awards, 2014 Highlights

The 4th year of “Top 100 CISO Award” @ Agra, last week saw over 120 CISOs for over 3 days making the grand celebration a huge success and the biggest ever Awards for the Information Security Executives of India. Here are the highlights of the grand event having some very great keynotes, fascinating Turbo sessions and some of most fascinating international entertainment. Post event activities and your humble feedback has kept us on the toes. Before time tides away, we could ensemble some Most Wanted Moments 2014 Highlights:


Top Keynotes 
  • Role of a CISO: Creating  self evaluation metrics - Felix Mohan
  • How to build your professional brand: A guide for CISO - Adityanath Jha (CEO-Crayon Pictures, Former Global Head of Branding- Infosys)
  • Security Trends and Landscape in Europe- Don Lee (MD- nRuns)
  • Sneak Peak into the future: A glimpse into the top security researches in the top global academia - Professor Indranil Sengupta, IIT Kharagpur
jzvdeg.png?width=300Top Turbo Sessions 
  • Believe it or not: Recent Security discoveries that shook the world
  • Inside the world of Elliptic Key Cryptography
  • How the sound of your CPU can reveal your cryptographic key: The amazing world of side channel attacks
  • Under the Hood: Strategies and Tactics used by NSA
  • Myths and Realities: APT and Truth
  • Into a malware for 180 days: Deep into a malware
  • Hacking Internet of Things: Cars, Aircrafts, UAV, TV and more
  • Silent SMS: How I know where you were yesterday night?

 And lot more..

  • Laser Man: Fascinating laser show which will take you to the world of science fiction
  • UV Dance Performance: Intriguing performers who stormed "India got talent" shall enthrall you with their magical performance
  • International artists performing world renowned Can-can dance from Paris opo4ud.png?width=350
  • Flamenco from Spain

 And lot more..

Spouse Program:

'2014' will remain memorable as your better half both enriched and vitalized the Top 100 CISO Awards. We were overjoyed to take for a spousy-tour for Agra cultural visit and shopping:

  • Kalakriti - Culture of Agra at a glance
  • Akbar International- Making of Marble Artifacts and their history
  • Sadar Bazaar- A delight for shoppers from Agra shoes to Panchhi petha
  • WhatsApp Group (Spouse Special) - 'CISOPlatformSpouseConnect'

Sunrise at Taj:

Taj Mahal, one of the 7 wonders of the World(wikipedia link to taj mahal) looks surprisingly different not just from every angle but also from day to night. 

  • Sunrise at Taj Mahal with spouse
  • Panchhi petha, a cultural remembrance 

Sachin Tendulkar:(link to tendulkar campaign)

  • Some lucky CISOs got a chance to meet the batting legend, Sachin Tendulkar
  • Some CISOs awarded with signed Sachin mini bats

Read more…

Checklist For Selecting Firewall Vendor

How should CISO define the requirement for solutions related to the Firewall domain?

  •  To ascertain total throughput required. The requirement be finalized keeping in view the current traffic as well  as expected increase in volumes over at least next 3-5 years.
  •  To ascertain what is the throughput required for individual interface.
  •  How many interfaces are required in the firewall.
  •  Do we require additional modules (IPS, anti spoofing etc). If yes then what are those.
  •  Any technological constraint or specific requirement

( Read more:  Database Security Vendor Evaluation Guide )

What are the key parameters based on which CISO would choose a vendor for the same?

  • Vendor should have prior experience in supply,installation and maintenance of information security devices. The projects should have been of comparable size. Number of successful deployments should be considered.
  • Vendor should be authorized partners of the OEM of the equipment to be supplied.
  • Previous record of supply and maintenance/ business dealings should be unblemished and of having successfully supplied and deployed information security equipment
  • Should have qualified staff on roles for support for supplied equipment. These staff should hold the certifications on the product from the OEM.
  • Licensing and free requirements are crystallized on various factors like throughputs, components, applications, sites etc.

( Read more:  Technology/Solution Guide for Single Sign-On )

Top Questions to ask vendor for evaluating the offering/Vendor Evaluation Checklist

  • Proposed solution should not be nearing end of life / end of sale / end of support currently. Residual life to be at least 5 years
  • Life road map of system should ensure that the solution is covered under support for period of at least 5 years from date of purchase / installation by OEM
  • What is the support structure of vendor and how will the support be provided (on-site, off-site, remote, session logs and audit)
  • How the updates / patches be made available (online and regular updates are preferable / fixed frequency)
  • What is the SLA (with specific reference to Uptime Assurance, Turn Around Time)
  • What is the level of engagement with OEM for the supply (It should be supply and support)
  • Responsibilities of the OEM towards the purchaser (for supply, installation and maintenance)
  • What if the front ending of the existing vendor ends abruptly, whether OEM provides an alternative and of what quality/ assurance.

( Watch more : Attacks on Smart TV and Connected Smart Devices )

Top mistakes to avoid while selecting a vendor?

  • Solution should not be nearing its end of life / end of support
  • There should be no ambiguity regarding the terms and conditions of services
  • Tenure of engagement of services of the vendor should be amply clear and accepted in writing by both the parties
  • Verification of the documents submitted by vendors should be done from original source or alternate source before selection
  • Price discovery should be done where ever possible.

-Sunil Soni, CISO, Asstt. General Manager, Punjab National Bank tells CISO Platform about Selecting Firewall Vendors

( More:  Want to share your insights? Click here to write an article at CISO Platform )

Read more…

Top Steps During Implementation Of A Firewall Project

  • Clearly defined requirements such as type of firewall, architecture, performance requirements, compliance requirement, sizing, reporting, and minimum specifications are important for identifying suitable solution
  •  Once right products are shortlisted, proof of concept or environment simulation will help finalize the product that is best fit to specific needs
  • Final preparation such as firewall architecture design, hardening, its placement, dependencies on other network and security equipment and policy rules are essential before starting with its implementation

( Read more:  My Key Learning While Implementing Database Security )


Top Implementation Mistakes Or Learning While Implementing A Firewall Project

  •  Improper capacity planning and incorrect zoning affects overall performance and quality of service
  •  In depth testing prior to purchase of such solutions would eliminate surprises at the of implementation
  •  Proper configuration of policies rules, audit and monitoring parameters helps get best out of such devices
  •  Handing over process and detail knowledge transfer to operations team is important for proficient sustenance

Top Challenges Faced During Implementation

  •  Error in policy rules, policy rule conflicts or order of policies may make some systems or  applications inaccessible
  •  Improper design of zoning and configuration may expose critical vulnerabilities
  •  Incorporating support for various applications needing dynamic ports

( Watch more : 3 causes of stress which we are unaware of ! )

Top Parameters Based On Which Success Of A Project Should Be Measured  (specifically related to the above Domain)

  •  Below are the top parameters based on which the success of a project should be measured
  •  Firewall rule set works as per requirements
  • Seamless & secure access to applications and compatibility across intra zones
  • Performance during pick and normal usage
  • Logging & data management as per organization compliance requirements
  • Vulnerability assessment and penetration testing giving positive results
  • Beside firewall policies, configuration of right security alerts, Incident Handling, Change Management, Firewall logs and auditing processes are also a key parameters for success of such implementations

-Samir Dani , Dy. General Manager-IT at Suzlon Energy Ltd tells us about Top Steps and Learning in Firewall Projects

( More: Want to become a speaker and address the security community?  Click here )

Read more…

Top steps during the Implementation of a DRM project-Points to consider for the implementation of a project:

  •  Ensure the security and document management with centralized storage. Design using open source architecture, as much as possible
  • Search of correct version/revision, managing project wise folders to be automated & simplified
  • Centralized data to ensure timely backup and secure intellectual property
  • Single point of document and project handling
  • Easy to audit
  • Security and IP protection
  • Delivery of real-time and correct version of document to all concerned cross functional area

( Read more:  BYOD Security: From Defining the Requirements to Choosing a Vendor )

Top Implementation Mistakes, Challenges or Learning while implementing DRM projects

Time & again the challenge is in distributing the correct version of document to other functions like, Finance, Manufacturing, Marketing etc. in a secured mode. Real time availability of the correct document is also a challenge along with securing the intellectual property.

To address the challenges and keeping the Intellectual property in a central location to secure “PARA-VIRTUALIZATION” is conceived with an idea of managing the vast amount of data being processed with the ability to give users the right to manage their documents and create and to track the movement of documents supported by generation of notifications upon such actions being undertaken. This can envisage with the ability to give users the right to manage their documents and create a workflow to track the movement of documents and the respective notifications upon such actions being undertaken. This solution can fully address the security of IP, Increase in productivity, decreased spending, and customer satisfaction.

In any industry, securing Intellectual property and document management is at the top most priority. These documents are very close to business growth. At the same time, making them available real-time with correct set is also important.

By adopting the customized solution, we will be able to achieve this. Though there are many ready-made packages available, considering the cost and complexity, we need to design our own system based on our needs to reach the satisfaction.Walk a thin line between walking ahead and with users to convince them to go the new way. The Importance of Self-belief.

Technology may be still in a nascent stage. I realize that we need some time to understand and get accustomed to the technology before we promise the management an ROI. We also need to run trials. It is important for CISOs to convince themselves before convincing others, especially about an initiative which is bound to bring change. With the promising results of the trial run, management will get convinced that this equation will work. But our battle is only half done.

( Watch more : 5 Implications of HTML 5 on Security )

Running Alone...The Next Challenge is user resistance. “The real test comes with end-user adaptability. Solutions to technical problems are available. But the trust people put in you and your solution cannot be bought, it needs to be earned!” It was up to IT to make end users understand that new-way would ensure business continuity and faster performance. “It may take a lot to ensure that stakeholders knew that we are actually trying to find a better solution. We need to test the response time of the solution using stop watches to compare. And users will buy it.”

Getting Vendor Support... If handling users is tough, convincing vendors is tougher. Finally we end up having a better
understanding with our partner and support. 

In hindsight, what would you have done differently?

Top Down approach..! Bring the confidence within Top Management Team and get the instructions flow from top. That would have been easier to enforce the users to adopt the new technology to secure the INFORMATION.

-Sharat M.Airani, Chief-IT (Systems & Security) , Ex-Forbes Marshall tells us about DRM(Digital Rights Management) and his Learning during Implementation of DRM project.
( More:  Join the community of 1400+ Chief Information Security Officers.  Click here ) 

Read more…

The IT GRC solution brings enterprise-wide processes(workflow, data repository, regulatory mapping etc.) onto a single platform with an objective of better control of data, its faster retrieval and processing to enable enhanced decision making and transparency with regard to compliance. It is combination of IT-related GRC functions that supports leadership in decision making and security operation functions that provides useful guidance on risk assessment and management including vulnerability management and technology-centric to meet compliance requirements.

IT GRC solutions focus on organizational security policy, knowledgebase of regulations and control standards and brings out IT compliance dashboards by carrying out IT risk assessment through controls and policy mapping ,IT control assessment and measurement.

(Read more:  Top 5 Application Security Technology Trends)

Types of organization that need such solution

As of now, the main focus is on financial and telecom service organizations as most of the frauds have been reported from these firms because of risks and security exposures arising through the firm's use of technologies such as electronic payments, mobile banking and cloud services. However, due to increasing concerns on privacy, a number of regulations are increasing throughout the globe. This necessitates almost all types of organizations to use such solutions. From Indian perspective also, The Privacy Rule of 2011, Clause 49 of SEBI and the proposed amendment in Company Act will encompass almost all organizations that handle private and financial data. All these organizations will have to report compliance to government agencies on regular basis and on demand. The trend has also been observed in due diligence exercises carried out by investors/companies wherein before infusing capital or going for merger/acquisition, the GRC status is seriously studied and existence of good IT-GRC solutions brings the first hand advantage.

Key Drivers for adoption

There are many evidences of legal and penal actions on companies that report unexpected bad news due to poor risk
management. Prevention of financial fraud, theft of PII, trade compliance, environmental, health, and safety regulations are some key drivers for adoption of IT GRC solution.

(Read more:  5 easy ways to build your personal brand !)

Compliance, Regulations and Standards that make the solution mandatory

  • There are many such compliance, regulations and standards. To name a few:-
  • Financial Institutions Related Regulations/Standards
  • Sarbanes-Oxley Act, Section 404
  • Payment Card Industry Data Security Standard (PCIDSS)
  • Gramm-Leach-B liley Act (GLBA)
  • EU Data Protection Directive
  • Basel II
  • Anti-money laundering (AML)
  • SEBI Clause 49
  • Indian IT Act 2008 & and IT Rule 2011
  • Other Industries Related Regulations/Standards
  • U.S. Bioterrorism Act 2002
  • ISO 22000 (Food Safety Management System)
  • SAFE
  • ITIL
  • Cobit
  • ISO 27000 (Information Security Management System)


Top Technology Trends for the above domain

Few trends are quite visible:-

  • Industry is seriously attempting to improve IT-GRC initiative to align with tough regulatory requirements.
  • Consumers/customers are considering IT-GRC as business differentiators while selecting the right supplier or service provider.
  •  IT-GRC solution providers are continuously improving their solution to incorporate latest cross-functional requirements of compliance, standards or regulations.

Service providers, therefore, consider compliance convergence, which streamlines controls horizontally rather
than vertically within the organization. They continuously attempt to include risk earlier in decision cycles and bring slow but steady evolution of controls automation. Many solution providers are presenting their solutions on cloud
as PaaS with emphasis on programs for content aggregation and process standardization.

-KK Chaudhary, SVP - Group Head IT & IS, Lanco Infratech Ltd tells us How should a CISO define the requirement for solutions for IT GRC Management Tools.

Read more…

Security budgets have long being suffering, though the scenario seems to be improving today. Annual Survey on Security Budget Analysis in which 331 companies have participated gives interesting insights into Security Budget Scenario.The data has been collected through the survey conducted online as well as during Top 100 CISO Awards


Ranking Based on Security Budget Allocation

Image and video hosting by TinyPic


(Read more:  Under the hood of Top 4 BYOD Security Technologies: Pros & Cons)


Detailed Analysis for Verticals

Pie Charts have been divided into 3 phases,

  1. < 5% of entire IT Budget
  2. 5% - 15% of entire IT Budget
  3. 15% -35% of entire IT Budget






 (More:  Want to share your insights? Click here to write an article at CISO Platform)


Read more…

IT industry has been hit by several revolutionary changes. No wonder it is considered as one of the most dynamic sectors, changing almost daily. Cloud computing is being noted as the 4th IT revolution after mainframe, PC and internet. It is also one the probably the most debated technology that brings with it unprecedented security concerns but appreciable convenience and greater ROI.

Our survey will demonstrate industry based cloud implementation status in which 331 companies participated. We defined the maturity level of cloud computing depends on implementation of following categories-

a) SAAS(Software-As-A-Service)

b) PAAS(Platform-As-A-Service)

c) IAAS(Infrastructure-As-A-Service)

(Read more:  Annual Survey on Security Budget Analysis Across Industry Verticals)


Cloud Compliance Score Allocation:

We also defined the compliance score as the following:

 Score 0: complete absence of any three SAAS,PAAS,IAAS
 Score 1: either SAAS or PAAS or IAAS is already in place
 Score 2: either (SAAS+PAAS) or (SAAS+IAAS) or (PAAS+IAAS) is already in place
 Score 3: all SAAS + PAAS + IAAS is already in place.


Major sector-wise maturity level of Cloud Implementation:-



Image and video hosting by TinyPic


Image and video hosting by TinyPic


Image and video hosting by TinyPic



Image and video hosting by TinyPic



Image and video hosting by TinyPic

(Read more:  5 Best Practices to secure your Big Data Implementation)


Ranks Based on complete implementation(SAAS + PAAS + IAAS):-

  1. Insurance with 20%
  2. IT/ITES with 16.67%
  3. BFSI with 8.33%

(Manufacturing and Telecom is absent in this area)

Image and video hosting by TinyPic

Ranks Based on at least one implementation (SAAS or PAAS or IAAS):-

  1. Insurance with 90%
  2. BFSI with 75%
  3. IT/ITES with 72.22%
  4. Manufacturing with 63.16%
  5. Telecom with 50%

Image and video hosting by TinyPic

 Telecom has constantly lagged, while Insurance has fairly large implementation status. While IT/ITES status shocks us, Manufacturing, Telecom and IT/ITES must soon catch-up. 

( More:  Want to become a speaker and address the security community?  Click here )

Read more…

el5ope.jpgWe are happy to announce the results of the annual survey of Security Implementation Status and Industry Benchmarking (CPSMM), in which 331 companies have participated. The data has been collected through the survey conducted online as well as during Top 100 CISO Awards. We have planned a series of interesting information which shall provide deeper insights on the state of security in the Industry. In the first series we shall present the key findings on the implementation of various security technologies.

(Read more:  Annual Survey on Cloud Adoption Status Across Industry Verticals)

State of Implementation of Key Security Technologies














(More:  Join the community of 1500+ Chief Information Security Officers.  Click here)

Read more…

4Steps to Swift Security Recovery

After Target, it's Michaels. While they diagnosed one case, bumpers have been coming all the way through Christmas. Retail chain is out of wits. It's like the accident count, where the actual count is never known, plenty devices are probably unaware of unauthorised access. But it is not less apprehended how important it is getting to know what-to-do-once-victim?

(Read more:  How Should a CISO choose the right Anti-Malware Technology?)

A 2012 study of 2,618 business leaders and security practitioners in the United States, United Kingdom, Germany, Hong Kong and Brazil found that they experienced an average of 66 attacks per week, with organizations in Germany and the U.S. reporting the highest numbers: 82 and 79 per week, respectively.

>>Download The Complete Report

What Report Says?

-Business objectives and Risk tolerance

-Proactive security plan

-Today's Inevitable Sophisticated Attack

-Building a culture of security awareness.

>>Download The Complete Report


Read more…

Breached Inspite Of All The Efforts?What Next?


Like so many other things in today’s world, cyber attacks along with those who perpetrate them are becoming more sophisticated every year. At the same time, IT resources are moving outside the firewall and enterprises are distributing their applications and data across multiple devices. It’s now clear that simply protecting an organization’s perimeter is not enough. These sophisticated attacks—which include advanced persistent threats, or APTs—are bypassing traditional defenses. 

(Read more: Top 5 Big Data Vulnerability Classes)

What's in the Report?

  • How to Prioritize your business objectives and set your risk tolerance
  • How to Protect your organization with a proactive security plan
  • How to Prepare your response to the inevitable: a sophisticated attack
  • How to Promote and support a culture of security awareness.

>>Download the Complete Report




Read more…

34g7nut.jpgWe are happy to announce the 4th Edition of our Top 100 CISO Awards. The award was conceptualized in 2010 to celebrate the success of the Chief Information Security Officers. TOP 100 CISO Awards is held every year to honor the success of the unsung heroes who continuously strive to make the cyber world a safer place.


Why Top 100 CISO Awards?
Information Security gets noticed only when things get broken. So we thought of celebrating the success of the persons who remains unnoticed when they do their job in the best manner.  The vision of Top 100 CISO Awards is:

  • To celebrate the success of the top security leaders and honor their contribution
  • To provide a platform for the Top CISOs to share their learning with each other and also the larger community

(Read more:  How to write a great article in less than 30 mins )

What’s new in 2014?

In 2014 we are coming up with several new initiatives. 

  • The India event shall happen in Agra, the city of Taj Mahal. We will also encourage spouse of the CISOs to join during the event and share the moment of celebration and joy.
  • We shall have complete global coverage with the Europe, USA and APAC awards in 2014.
  • We will have both online and regular events to celebrate the success of the CISOs.
  • We are introducing special award category this year. Few of the examples are as follows: CISO Hall of Honor (for successive 3 year winners), Best Implementation in GRC, Data Security, Vulnerability Management, APT Security, Web Security , Innovation, Community Contribution etc.


Nomination Process
Nominations for "Top 100 CISO Awards" and "Special Award" are open until February 15th for USA, Europe and APAC and until January 31st  for India. You can register online by clicking on the link: Please click here for online nomination.

We are looking forward to an exciting 2014 to share the great work of the CISOs globally. Let’s walk together as a stronger community towards creating a safer world.        

“A line is a dot that went for a walk” -  by Paul Klee. (Tweet blog)

(Read more:  Top 5 Big Data Vulnerability Classes)

About CISO Platform

CISO Platform is a online social network exclusively for Chief Security Officers to Network, Share and Learn. Our vision is to provide highest quality information to CISOs to help them excel in their role. 1400 + Global CISOs are members of CISO Platform. Few of the key initiatives are as follows:

  • CISO Handbook -Precise Operational Handbook for the CISOs, by the CISOs
  • CISO Platform Index- First framework to evaluate products based solely on CISO recommendation
  • CISO Platform Annual Summit- Annual event where 200+ CISOs gather to share knowledge through 18 minute "Turbo Sessions"




Read more…


"The good guys need to be right all the time. The bad guys just need to be right once."

From recent Target shops in US being compromised with 40 million shopper's card details, last minute shoppers are well discouraged. So is action after being compromised! Security threats are no longer confined to 'www.',it's gone into ATMs and Card scanners or maybe more we're yet to know! You may not know which server of yours hosts unofficial access. 

A security breach can have devastating consequences for any enterprise—resulting in possible operational disruption, data leakage, reputation damage and regulatory complications. The lack of a unified incident management process, coupled with inexperienced staff, can increase the business impact of such incidents.

So, here's just the whitepaper you need.

Why Download it?

  • Helps reduce risks and exposure to cyber threats
  • Provides access to key resources
  • Enable faster recovery and minimize business impact from incidents
  • Broader view and deeper understanding of incidents
  • Use of intelligence data and analytics
  • Help cut costs



Read more…

Can your SMART TV get hacked?


The last fortnight has been like real busy @CISO Platform Annual Summit, 2013. But taking into consideration the brainstorming sessions,the brimming CISOs, the altogether wonderful experience, it all seems worth it! Nevertheless, there are always great talks on which we like to catch on any time again!

( Read more:  My Key Learning While Implementing Database Security )

Can somebody hack your smart TV?

A smart TV is the smartest and dullest thing you've ever spent your bucks on! We love watching a match on it but wait!! What I say next may pose to dampen all the hype of Smart TVs.IPTVs are no more than big Smart Mobiles , that look huge but have smarter threats in our lives. For instance-

  • Could it be watching over your house?
  • Could it prompt news 'your president is dead' ?

Well, that's YES!.....So,Can your TV give any hacker as good remote access as any other hackable device? Or much more? How can you stop access to your private life?

Martin gave an interesting insight into the Hbb (Hybrid Broadcast Broadband) TVsMartin Herfurt is a recognized IT Security researcher who works with a german IT security firm nruns. His research and passionate interests center around Bluetooth and mobile technologies.

More:  Want to become a speaker and address the security community?  Click here    


 WATCH the complete video here.


>> Liked the video? Then share this.

( Watch more : Latest Attacks Vectors and Threats on Aircrafts and Unmanned Arial Vehicles )


 WATCH the complete ppt here.

>> Liked the ppt? Then share this.

 (Read more:  Database Security Vendor Evaluation Guide)




Read more…

Author - Anil Upadhyay, DM - ITGS, ITSD, Gujarat Gas Limited

We have listed a Key Parameter are required for Security Incident and Event Management and The Framework was attached at the end.


Major Parameters To Consider :

  1. Ability to identify non-compliant machines and network activities based on Organisational Policies and Procedures.

  2. Ability to demonstrate compliance and/or due diligence, with respect to ISO 27001 guidelines, Account management, Configuration Management, Authentication, Vulnerability Management

  3. Ability to Identify and respond to Organisational policy violations. Web Policies of explicit material, use of clear text protocols, or Access policies, Organisational Information Security Policy.

  4. Ability to Risk management of threats and exposed vulnerabilities. Identify and respond to attacks against the organization’s information systems from external threats. This includes monitoring for worms, viruses, denial-of-service, and other similar attack vectors.

  5. Ability to identify compute activity trends and raise alarms for potential outbreaks (e.g., from worms)

  6. Ability to identify and notify Intrusions. Isolate actual breaches while recording and suppressing false positives.

  7. Ability to identify Suspicions activity in the network, monitor and record potentially malicious activity and raise alarms on thresholds.

  8. Ability to identify networks being subjected to potential denial of service attacks.

  9. Ability to identify and respond to attacks against the organization’s information systems from internal threats. The focus is to identify activities that could result in theft of intellectual property and/or intelligence.

  10. Ability to record and generate an alarm for data leakage, track and reconstruct insider activities and identify exceptions

  11. Ability to track risk i.e User Activity with early warning indicators.

  12. Ability to

Read more…