All Blog Posts (1,012)

Database Security Vendor Evaluation Guide

Requirement for solutions related to Database security

A CISO should define the requirement for solutions related to Database security by first understanding the business and threat environment and decide on the most applicable threats and security parameters while balancing performance of application and security.

(


Added by CISO Platform on August 28, 2013 at 2:00pm — No Comments

My Key Learning While Implementing Database Security

Top steps during the implementation of a project related to Database Security

1.As most of the times, application developers or persons implementing the applications also work as database administrators, it is important that database administration is handled by different persons in the team. For bigger projects, you should have a separate database team. This helps on most of the occasions to have better control on database management and…


Added by CISO Platform on August 28, 2013 at 1:30pm — No Comments

Anti Spam Security Project Implementation Guide and Top Common Mistakes

Top steps during the implementation of a project related to Anti Spam Security

  • Incorporation of spam detectors to block malicious/ fraudulent e-mails
  • Installation of filters for automatic detection/ deletion of malicious software
  • Deployment of software for blocking outgoing delivery of sensitive information to malicious parties
  • Implementation of standard anti-virus, filtering, and anti-spam software…

Added by CISO Platform on August 28, 2013 at 12:30am — No Comments

CISO Viewpoint: Choosing the Right Anti-Spam Security Solution

There are many technologies /solutions available to control Spam. There is no one technology which is complete solution by itself. With most anti-spam solutions, the key challenge is trying to balance false negatives (missed spams) vs false positives (rejecting good email). This is critical for a successful anti-spam deployment. Each approach has its own associated costs in time and effort.

Spam filtering can be done at the gateway or the client level.  There are options of using…


Added by CISO Platform on August 28, 2013 at 12:00am — No Comments

BYOD Security: From Defining the Requirements to Choosing a Vendor

A CISO need to understand the exact requirement before designing the BYOD domain in the organization. Keeping in mind the exact business need and value add which can be or intended to obtain using this technology.

(Read more:  5 easy ways to build your personal brand !)

Build of solution for BYOD is directly related to business requirement without any compromise to security of information…


Added by CISO Platform on August 27, 2013 at 5:30pm — No Comments

Under the hood of Top 4 BYOD Security Technologies: Pros & Cons

Top technologies / solutions available for BYOD Security:

Task for companies who utilize BYOD is to develop a policy that defines exactly what sensitive company information needs to be protected and which employees should have access to this information, and then to educate all employees on this policy.

Technologies for security of BYOD :

1.     VDI- One popular software-based security method gaining steam in BYOD environments is…


Added by CISO Platform on August 27, 2013 at 5:30pm — No Comments

CISO Viewpoint: Key advantages of using BYOD Security

Key advantages of using BYOD Security:

■ Extend corporate security policies to mobile devices

  • Device password policy configuration
  • Lock out after failed attempts
  • Disallow previously used passwords

■ Easily disable lost or stolen devices to protect corporate assets

  • Remote Locking
  • Remote Profile remove
  • Remote Wipe out

■ On-device…


Added by CISO Platform on August 27, 2013 at 5:00pm — No Comments

Top Questions to ask vendor for evaluating Anti-Malware Security offering

There are so many Endpoint Security Products in the market and every solution has atleast one or more unique feature in their product. So, it’s a tough job for a CISO to choose one of them for his organization. However, a Best Fit Analysis would be best practice for each organization as per own business processes and Infrastructure.

Before the evaluation process one should identify and classify the critical and sensitive Data. Next, map them with different Business processes. Once…


Added by CISO Platform on August 27, 2013 at 5:00pm — No Comments

How Should a CISO choose the right Anti-Malware Technology?

Now this is a very subjective term as “Right” to each is quite different. More so, the subject “Information Security” by itself is quite a dynamic and an evolving term. Here, any measure stick with constant attributes may not provide a true insight for the choice of Technology. However, certain parameters of the selection process can be generalized for operational efficiency.

(


Added by CISO Platform on August 27, 2013 at 4:30pm — No Comments

A CISO AND the cost of a data

The 2012 Cost of Data Breach Study conducted provides some valuable information about the average cost of an enterprise data breach. The study, released in March’13, also recognized that organizations with a chief information security officer (CISO) in place experienced reduced costs for data breaches, which is right on target from my experience.

I am right in suspecting that an organization without a CISO is more prone to a security fault.

The role of a…


Added by Sharat AIRANI on August 22, 2013 at 4:30pm — No Comments

DDoS Security Checklist


Since the early days of the internet, DDoS had been a favorite weapon of cyber-criminals. Recently there was news about the biggest DDoS attack in history targeted towards Spamhaus, an anti-spam group. The attacks reportedly peaked at 300 Gb/s (gigabits per second) which is way over what had been seen earlier. Modern DDoS attacks are getting obscenely large for even big organizations to handle effectively.

(


Added by Nilanjan De on August 20, 2013 at 7:30pm — No Comments

5 Best Practices to secure your Big Data Implementation

Here are the key best practices that organizations need to adopt for securing their Big Data.

 1. Secure your computation code:

  • Proper access control, code signing, auditing should be implemented to secure computation code.
  • Implement a strategy to protect data in presence of an untrusted computation code.

2. Implement comprehensive end-point input validation/filtering:

  • Implement validation and filtering of input…

Added by Jitendra Chauhan on August 20, 2013 at 7:30pm — No Comments

Top 5 Big Data Vulnerability Classes

Recently, we were pentesting a Data mining and Analytics company. The amount of data that they talked about is phenomenal and they are planning to move to Big Data. They invited me to write a blog on state of the art, Big Data security concerns and challenges and I happily accepted.

( Read more:  Top 5 Application…


Added by Jitendra Chauhan on August 20, 2013 at 6:30pm — No Comments

CISO and the business

I have seen many blogs, articles and most of them stated as, CISO need the ability to adopt the business. The role of the CISO in any organisation is to protect the business and bring the operations under secured mode, under the policy defined, governance so on and so forth. So obviously he has to aware of the business, competition and more than that the risk to the organisation and compliance matter.

Here I am putting this in other side of the context. Does business also need to…


Added by Sharat AIRANI on August 1, 2013 at 2:30pm — No Comments

CISO – You need to speak NOW..

If you start off blowing the whistle too quickly, too early on — and believe me, early in my career, I did — I didn't make any friends, didn't get any further with the program of work I was trying to do.

 You are going to discover some very, very ugly things. The secret that I have personally found is when you find the ugly stuff, don't go trumpet it to everybody and say, 'Hey, I've found all these flaws’.

 Instead, what you need to do is to sit with the IT operations staff,…


Added by Sharat AIRANI on July 12, 2013 at 1:00pm — No Comments

Concept Note: CISO Platform Index- A Community Based Product Rating Framework

We heavily rely on references while taking a decision on adoption of a new technology or a product. However, there is no dedicated analysis of product leadership purely based on customer recommendation. From CISO Platform technology Analyst team, we are happy to announce the concept note for CISO Index which shall rate products purely based on CISO/User…


Added by CISO Platform on July 11, 2013 at 1:30pm — No Comments

Information Lock-in vs Sharing

On 2nd July 2013, National Cyber Security Poilicy has been released. First point in the preamble is an eye opener. It says " Cyberspace is a complex environment consisting of interactions between people, software and services supported by worldwide distribution of information and communication technology (ICT) devices and networks".

Enterprise information security is more than just protecting against viruses. The collaborative and diverse nature of modern business means that…


Added by Sharat AIRANI on July 5, 2013 at 5:00pm — No Comments

Why AppSec (Application Security) won't always bail you out of application based risks?


It is very typical of organizations to perform Web Application (WebApp) Security Assessments before the go-live of newer applications or periodic assessments of their existing applications. And these assessments are known by all sorts of aliases like Application Penetration Testing (App PenTest), Ethical Application Hacking etc. For those companies lacking the internal core…


Added by Dhananjay Rokde on June 27, 2013 at 11:00am — No Comments

How much Secure is Safe?

Regardless of how safe and secure any organisation may think its IT infrastructure is, they realize that they are still not immune to information security threats. In addition to deploying the right tools and technology, organisations globally needs to develop a robust and competent workforce equipped with the necessary skills to adequately defend its IT infrastructures. These cyber defenders need not just basic trained to sufficiently defend against mounting security threats, more than…


Added by Sharat AIRANI on June 26, 2013 at 8:00pm — No Comments

Fast Changing Dynamics in Enterprise Mobility

As the organizations are growing in size,workforce is also becoming increasingly mobile. Employees are using mobile devices like smart phones, tablets and laptops to connect andaccess work related data. Enterprises are highly shifting to tablets from desktop pc and even encouraging their employees to bring their tablets or smart phones to work.

There are some key trends which have come to fore with the advent of enterprise mobility.The highly mobile workforce is not restricted to one…


Added by Kamal Sharma on June 20, 2013 at 11:30am — No Comments

Monthly Archives










© 2019   Created by CISO Platform.   Powered by

Badges  |  Report an Issue  |  Privacy Policy  |  Terms of Service