Social Network For Security Executives: Network, Learn & Collaborate
At a recent industry event discussing security, a question was rasised as to who needs to take ownership of security issues, the comment was made that it needs to be "someone senior enough to care, but junior enough to know what they are talking about"
This summarises a major issue in the cyber security industry. Security is a deeply complex issue, balancing threat, risk, business objectives, technology, process and people.
Senior business people tend to know about…Continue
It disappoints me to see the huge focus on technology Not a criticism of the site or the people posting but a reflection of the, misguided, view that information is "owned" by technology because they are the people providing the mechanisms to process information. It's a bit like saying BMW are responsible if you have an accident driving a car that you bought from them!
I would like to see a move from technology solutions to information risk solutions which embrace all aspects of…
Added by Mike usher on May 24, 2013 at 3:30pm — No Comments
We use security products to secure our systems and our businesses. However, the very security products we use, can themselves have vulnerabilities which can leave us susceptible to attacks. We conducted a study recently to understand the vulnerability trends in security products.Read further to know more on what we discovered this time around.
How was the research conducted?
We started off with some survey on the internet to find something closely related to…Continue
Added by bikash on May 24, 2013 at 1:00pm — No Comments
This is a fundamental principle of the data privacy jurisprudence that the organization cannot disclose personal information without having prior consent of the data subject unless it is required by law. Global data privacy laws imbibed this principle, and require the organizations, having data subject’s consent, to implement tools and techniques those assist in minimum disclosure of information only on need to know basis. Compliance with such global data privacy laws is significant for both…Continue
Added by Rakshit Dhamija on May 23, 2013 at 7:30pm — No Comments
Social Media has been the buzz word recently. While I am writing this post, there are more than 500 million active users accessing Facebook and 50% of active users log on to Facebook at least once a day from their office, home , coffee-shop , school, or while on the move. Today most of the…Continue
Added by Jaykishan Nirmal on May 17, 2013 at 1:00pm — No Comments
Gone are the days when Open Source software (OSS) was only being used in educational institutions like universities, research organizations etc. Today most organizations use open source for a variety of reasons such as accelerating time-to-Market, reducing cost of development, dynamic integration etc. There are many software development organizations that work closely with their customers to determine open source strategy before making them a part of product / application development. By…Continue
Vision of the CISO…Continue
Added by CISO Platform on May 17, 2013 at 1:00am — No Comments
Writing not only functional but secure applications is not a new concept or idea that has taken the Industry by storm. However, many Government and Commercial Organizations are still not adhering to or requiring their Organizations to adopt, implement, and build in security into the Systems Development Life Cycle process. Instead, Organizations are continuing to focus on the functional aspects of software, only to be surprised when a weakness or vulnerability in the…Continue
Added by Mark Wireman on May 16, 2013 at 7:00pm — No Comments
You must have heard about recent breach at LinkedIn, which led to exposure of 6.5 million hashed passwords available for download at hacker site. Many of such passwords were decoded and published on an un-authorized website. Feds are involved in investigation to find out possible perpetrator(s) behind this criminal activity but I see there are certain takeaways from this incident and probably which would make us better prepared for possible future breaches.…Continue
Added by Jaykishan Nirmal on May 16, 2013 at 1:30pm — No Comments
There is a common misconception that cyber criminals and hacktivists only target large enterprises to reap a bumper. The reality is actually very different, recently published surveys reveal that
What is evident from these reports are that SMEs are spending less time on assessing and understanding their security…Continue
Added by Satish Narayanan on May 16, 2013 at 11:30am — No Comments
Our dependence on E-services has increased tremendously. All such services have the usernames and Passwords. This is main gateway for entry in to systems. Apart from that, transactional passwords. Even the password with secured and digital certified access portal. Portal was accessed by only the browsers. when we log in for the first time, browsers have an option to save passwords.Due to lack of awareness of the security implications users intend to say 'Yes' to save the password. One simple…Continue
Added by TAMILVEL NATARAJAN on May 16, 2013 at 10:30am — No Comments
1. Run Time Application Security Protection (RASP)
Today applications mostly rely on external protection like IPS (Intrusion Prevention Systems), WAF (Web Application Firewall)etc and there is a great scope for a lot of these security features being built into the application so that it can protect itself during run time.
RASP is an integral part of an application run time environment and can be implemented as an extension of the…Continue
Added by bikash on May 14, 2013 at 6:30pm — No Comments
A common question is why should we get a third party penetration testing company? Why not choose a team from your current technical group to handle the network security test? For one, security audits like traditional financial audits are better done by outside companies with no bias and partiality to anyone or anything within your organization. Another reason to hire a security testing company is that one may find it difficult to hire and retain Penetration…Continue
Added by bikash on May 14, 2013 at 6:00pm — No Comments
What is SAST?
SAST or Static Application Security Testing is the process of testing the source code, binary or byte code of an application. In SAST you do not need a running system.
What is DAST?
DAST or Dynamic Application Security Testing is the process of testing an application during its running state. In…Continue
Added by bikash on May 14, 2013 at 4:00pm — No Comments
Safe Penetration Testing – 3 Myths and the Facts behind them
Penetration testing vendors will often make promises and assurances that they can test your Web Applications safely and comprehensively in your production environment. So when performing Penetration Testing of a Web Application that is hosted in a Production Environment you need to consider the following myths and facts which can directly or indirectly end up causing you…Continue
Added by bikash on May 14, 2013 at 3:30pm — No Comments
The legal terms have specific meanings and connotations. Leave aside the specific jargon; there is ambiguity about the very basic terms, like law, rules and regulations. In this post I have made an attempt to unravel some of these basic terms.
Statutes and Laws
A statute is a written law passed by a legislature on the state or federal level. Statutes set forth general propositions of law that courts…Continue
Added by Rakshit Dhamija on May 13, 2013 at 5:30pm — No Comments