May 2013 Blog Posts (17)

How would you describe the CISO role on Twitter?

At a recent industry event discussing security, a question was rasised as to who needs to take ownership of security issues, the comment was made that it needs to be "someone senior enough to care, but junior enough to know what they are talking about"

This summarises a major issue in the cyber security industry. Security is a deeply complex issue, balancing threat, risk, business objectives, technology, process and people.

Senior business people tend to know about…


Added by Colin Robbins on May 29, 2013 at 3:00pm — 2 Comments

CISO is an acronym for Chief INFORMATION security officer not Chief INFORMATION TECHNOLOGY security officer

It disappoints me to see the huge focus on technology Not a criticism of the site or the people posting but a reflection of the, misguided, view that information is "owned" by technology because they are the people providing the mechanisms to process information. It's a bit like saying BMW are responsible if you have an accident driving a car that you bought from them!

I would like to see a move from technology solutions to information risk solutions which embrace all aspects of…


Added by Mike usher on May 24, 2013 at 3:30pm — No Comments

Vulnerabilities in Security Products increasing at 37% CAGR !

We use security products to secure our systems and our businesses. However, the very security products we use, can themselves have vulnerabilities which can leave us susceptible to attacks. We conducted a study recently to understand the vulnerability trends in security products.Read further to know more on what we discovered this time around.

How was the research conducted?

We started off with some survey on the internet to find something closely related to…


Added by bikash on May 24, 2013 at 1:00pm — No Comments

CISO Mantra on Data Sanitization

This is a fundamental principle of the data privacy jurisprudence that the organization cannot disclose personal information without having prior consent of the data subject unless it is required by law. Global data privacy laws imbibed this principle, and require the organizations, having data subject’s consent, to implement tools and techniques those assist in minimum disclosure of information only on need to know basis. Compliance with such global data privacy laws is significant for both…


Added by Rakshit Dhamija on May 23, 2013 at 7:30pm — No Comments

CISO Platform to acquire the rights of “Top 100 CISO Award”

CISO Platform today announces the initiative to acquire the rights of “Top 100 CISO Award”.  Top 100 CISO Award is the industry’s premier award to recognize the top Chief Information Security Officers and IT Security Professionals.
“Top 100 CISO Awards strategically fits the vision of CISO Platform to help top IT Security professionals to position themselves as a thought leader, network, share and learn from the industry peers. We are excited to build…

Added by CISO Platform on May 20, 2013 at 11:00am — 1 Comment

Phishers Target Social Media, Are you the Victim?

Social Media has been the buzz word recently. While I am writing this post, there are more than 500 million active users accessing Facebook and 50% of active users log on to Facebook at least once a day from their office, home , coffee-shop , school, or while on the move. Today most of the…


Added by Jaykishan Nirmal on May 17, 2013 at 1:00pm — No Comments

Should Organizations be concerned about Open Source Software Compliance?

Gone are the days when Open Source software (OSS) was only being used in educational institutions like universities, research organizations etc. Today most organizations use open source for a variety of reasons such as accelerating time-to-Market, reducing cost of development, dynamic integration etc. There are many software development organizations that work closely with their customers to determine open source strategy before making them a part of product / application development. By…


Added by Jaykishan Nirmal on May 17, 2013 at 1:00pm — 1 Comment

Announcing CISO Handbook: A Call to Authors

Why do we need a CISO Handbook?

  • There is no single consolidated source of comprehensive and precise operational knowledge that a CISO would need.
  • CISOs need to browse through a sea of information to find what is relevant to them.
  • CISOs  feel the need to have more insights from their peers, and learn from each others experiences.

Vision of the CISO…


Added by CISO Platform on May 17, 2013 at 1:00am — No Comments

NIST and Web Application Security:Is Your Organization Really Considering All of the Risks in the Enterprise?

Writing not only functional but secure applications is not a new concept or idea that has taken the Industry by storm. However, many Government and Commercial Organizations are still not adhering to or requiring their Organizations to adopt, implement, and build in security into the Systems Development Life Cycle process. Instead, Organizations are continuing to focus on the functional aspects of software, only to be surprised when a weakness or vulnerability in the…


Added by Mark Wireman on May 16, 2013 at 7:00pm — No Comments

7 Key Lessons from the LinkedIn Breach

You must have heard about recent breach at LinkedIn, which led to exposure of 6.5 million hashed passwords available for download at hacker site. Many of such passwords were decoded and published on an un-authorized website. Feds are involved in investigation to find out possible perpetrator(s) behind this criminal activity but I see there are certain takeaways from this incident and probably which would make us better prepared for possible future breaches.…


Added by Jaykishan Nirmal on May 16, 2013 at 1:30pm — No Comments

Tackling the Cyber Security challenges faced by SMEs

There is a common misconception that cyber criminals and hacktivists only target large enterprises to reap a bumper. The reality is actually very different, recently published surveys reveal that

  • 84% of Small and Medium Businesses had a security breach in the last year
  • 48% of them suffered staff related (internal employees) breaches

What is evident from these reports are that SMEs are spending less time on assessing and understanding their security…


Added by Satish Narayanan on May 16, 2013 at 11:30am — No Comments

Risk of Residual passwords

Our dependence on E-services has increased tremendously. All such services have the usernames and Passwords. This is main gateway for entry in to systems. Apart from that, transactional passwords. Even the password with secured and digital certified access portal. Portal was accessed by only the browsers. when we log in for the first time, browsers have an option to save passwords.Due to lack of awareness of the security implications users intend to say 'Yes' to save the password. One simple…


Added by TAMILVEL NATARAJAN on May 16, 2013 at 10:30am — No Comments

Top 5 Emerging Application Security Technology Trends

 1.    Run Time Application Security Protection (RASP)

Today applications mostly rely on external protection like IPS (Intrusion Prevention Systems), WAF (Web Application Firewall)etc and there is a great scope for a lot of these security features being built into the application so that it can protect itself during run time.

RASP is an integral part of an application run time environment and can be implemented as an extension of the…


Added by bikash on May 14, 2013 at 6:30pm — No Comments

How to choose your Security / Penetration Testing Vendor?


A common question is why should we get a third party penetration testing company? Why not choose a team from your current technical group to handle the network security test? For one, security audits like traditional financial audits are better done by outside companies with no bias and partiality to anyone or anything within your organization. Another reason to hire a security testing company is that one may find it difficult to hire and retain Penetration…


Added by bikash on May 14, 2013 at 6:00pm — No Comments

SAST vs DAST: How should you choose ?

What is SAST?

SAST or Static Application Security Testing is the process of testing the source code, binary or byte code of an application. In SAST you do not need a running system.


What is DAST?

DAST or Dynamic Application Security Testing is the process of testing an application during its running state.  In…


Added by bikash on May 14, 2013 at 4:00pm — No Comments

CISO Viewpoint: Safe Penetration Testing



Safe Penetration Testing – 3 Myths and the Facts behind them

Penetration testing vendors will often make promises and assurances that they can test your Web Applications safely and comprehensively in your production environment. So when performing Penetration Testing of a Web Application that is hosted in a Production Environment you need to consider the following myths and facts which can directly or indirectly end up causing you…


Added by bikash on May 14, 2013 at 3:30pm — No Comments

CISO Dictionary: Let's understand the difference between Statutes, Laws, Rules and Regulations


The legal terms have specific meanings and connotations. Leave aside the specific jargon; there is ambiguity about the very basic terms, like law, rules and regulations. In this post I have made an attempt to unravel some of these basic terms.

Statutes and Laws

A statute is a written law passed by a legislature on the state or federal level. Statutes set forth general propositions of law that courts…


Added by Rakshit Dhamija on May 13, 2013 at 5:30pm — No Comments

Monthly Archives













CISO as an enabler

Started by Maheshkumar Vagadiya Jul 30. 0 Replies

Share the instances where you were able to convince the Executive management /board that CISO function is enabler rather then a hindrance.Thanks youMaheshContinue

Has Anyone Evaluated Digital Signature (like Docusign)?

Started by CISO Platform. Last reply by Yogesh Nov 19. 2 Replies

(question posted on behalf of a CISO member)Has anyone evaluated digital signature (like Docusign), any specific risk/ security areas to be looked into while finalising a vendor? Any and all inputs will be very much appreciated.Continue

What are your strategies for using Zoom in your organization after recent vulnerabilities in news about Zoom platform?

Started by CISO Platform. Last reply by ANAND SHRIMALI May 20. 4 Replies

(question posted on behalf of a CISO member)What are your strategies for using Zoom in your organization after recent vulnerabilities in news about Zoom platform?Related Question: …Continue

[Please Suggest] Corona Virus: Security advisory for work from home

Started by CISO Platform. Last reply by Bhushan Deo Mar 20. 12 Replies

(question posted on behalf of a CISO member)Due to CORONA virus most of the organizations are allowing their employees to work form home.Has any one issued security advisory for work from home ?Continue

Tags: #COVID19

Follow us

Contact Us


Mobile: +91 99002 62585

InfoSec Media Private Limited,First Floor,# 48,Dr DV Gundappa Road, Basavanagudi,Bangalore,Karnataka - 560004

© 2020   Created by CISO Platform.   Powered by

Badges  |  Report an Issue  |  Privacy Policy  |  Terms of Service

/* */