Social Network For Security Executives: Help Make Right Cyber Security Decisions
A generic definition of a crime would be an act that is in violation of the applicable laws. A crime / criminal offense may essentially hurt an individual or the community (city or a nation) at large. This concept has now been taken to the next level with rising popularity of cybercrimes. In recent years, there are several analyst reports on the increasing trends of cybercrimes. Of late; several interchangeable terms for cyber crimes such as, computer crime, cyber fraud, internet crime,…Continue
Added by Dhananjay Rokde on June 18, 2013 at 10:00am — No Comments
IT Trends and challenges:
World is becoming Instrumental, Interconnected and Intelligent. IT security teams in enterprises are faced with rapidly mutating threats at every possible point of entry. This is fuelled by the fast evolution of threat landscape and sea of changes in network and security architecture.
Added by Sharat AIRANI on June 16, 2013 at 5:00pm — No Comments
Today enterprises live in a world where natural or man made disasters can crumble a business to its knees. It is therefore critically important for these enterprises to recognise the fact that disasters are real and happen and it is essential they have a structured programme to protect the information from external and internal threats and disasters.
We all face difficulties in expressing our thoughts. Here are a few pointers which will help a person to write great articles in just 30 mins.
Step 1: Define the headline
When you write the articles ask yourself 3 questions:
Added by CISO Platform on June 5, 2013 at 5:30pm — No Comments
How important is your personal brand in professional success?
Nobody can deny that personal reputation is critical in the path of professional success. Definitely the most important factor is "who you are?" but it is equally important "how others perceive you?".
In today's world due to online tools it is lot easier to build your personal brand. Here are the top steps:
Added by CISO Platform on June 4, 2013 at 12:00pm — No Comments
At a recent industry event discussing security, a question was rasised as to who needs to take ownership of security issues, the comment was made that it needs to be "someone senior enough to care, but junior enough to know what they are talking about"
This summarises a major issue in the cyber security industry. Security is a deeply complex issue, balancing threat, risk, business objectives, technology, process and people.
Senior business people tend to know about…Continue
It disappoints me to see the huge focus on technology Not a criticism of the site or the people posting but a reflection of the, misguided, view that information is "owned" by technology because they are the people providing the mechanisms to process information. It's a bit like saying BMW are responsible if you have an accident driving a car that you bought from them!
I would like to see a move from technology solutions to information risk solutions which embrace all aspects of…
Added by Mike usher on May 24, 2013 at 3:30pm — No Comments
We use security products to secure our systems and our businesses. However, the very security products we use, can themselves have vulnerabilities which can leave us susceptible to attacks. We conducted a study recently to understand the vulnerability trends in security products.Read further to know more on what we discovered this time around.
How was the research conducted?
We started off with some survey on the internet to find something closely related to…Continue
Added by bikash on May 24, 2013 at 1:00pm — No Comments
This is a fundamental principle of the data privacy jurisprudence that the organization cannot disclose personal information without having prior consent of the data subject unless it is required by law. Global data privacy laws imbibed this principle, and require the organizations, having data subject’s consent, to implement tools and techniques those assist in minimum disclosure of information only on need to know basis. Compliance with such global data privacy laws is significant for both…Continue
Added by Rakshit Dhamija on May 23, 2013 at 7:30pm — No Comments
Social Media has been the buzz word recently. While I am writing this post, there are more than 500 million active users accessing Facebook and 50% of active users log on to Facebook at least once a day from their office, home , coffee-shop , school, or while on the move. Today most of the…Continue
Added by Jaykishan Nirmal on May 17, 2013 at 1:00pm — No Comments
Gone are the days when Open Source software (OSS) was only being used in educational institutions like universities, research organizations etc. Today most organizations use open source for a variety of reasons such as accelerating time-to-Market, reducing cost of development, dynamic integration etc. There are many software development organizations that work closely with their customers to determine open source strategy before making them a part of product / application development. By…Continue
Vision of the CISO…Continue
Added by CISO Platform on May 17, 2013 at 1:00am — No Comments
Writing not only functional but secure applications is not a new concept or idea that has taken the Industry by storm. However, many Government and Commercial Organizations are still not adhering to or requiring their Organizations to adopt, implement, and build in security into the Systems Development Life Cycle process. Instead, Organizations are continuing to focus on the functional aspects of software, only to be surprised when a weakness or vulnerability in the…Continue
Added by Mark Wireman on May 16, 2013 at 7:00pm — No Comments
You must have heard about recent breach at LinkedIn, which led to exposure of 6.5 million hashed passwords available for download at hacker site. Many of such passwords were decoded and published on an un-authorized website. Feds are involved in investigation to find out possible perpetrator(s) behind this criminal activity but I see there are certain takeaways from this incident and probably which would make us better prepared for possible future breaches.…Continue
Added by Jaykishan Nirmal on May 16, 2013 at 1:30pm — No Comments
There is a common misconception that cyber criminals and hacktivists only target large enterprises to reap a bumper. The reality is actually very different, recently published surveys reveal that
What is evident from these reports are that SMEs are spending less time on assessing and understanding their security…Continue
Added by Satish Narayanan on May 16, 2013 at 11:30am — No Comments
Our dependence on E-services has increased tremendously. All such services have the usernames and Passwords. This is main gateway for entry in to systems. Apart from that, transactional passwords. Even the password with secured and digital certified access portal. Portal was accessed by only the browsers. when we log in for the first time, browsers have an option to save passwords.Due to lack of awareness of the security implications users intend to say 'Yes' to save the password. One simple…Continue
Added by TAMILVEL NATARAJAN on May 16, 2013 at 10:30am — No Comments
1. Run Time Application Security Protection (RASP)
Today applications mostly rely on external protection like IPS (Intrusion Prevention Systems), WAF (Web Application Firewall)etc and there is a great scope for a lot of these security features being built into the application so that it can protect itself during run time.
RASP is an integral part of an application run time environment and can be implemented as an extension of the…Continue
Added by bikash on May 14, 2013 at 6:30pm — No Comments
A common question is why should we get a third party penetration testing company? Why not choose a team from your current technical group to handle the network security test? For one, security audits like traditional financial audits are better done by outside companies with no bias and partiality to anyone or anything within your organization. Another reason to hire a security testing company is that one may find it difficult to hire and retain Penetration…Continue
Added by bikash on May 14, 2013 at 6:00pm — No Comments
What is SAST?
SAST or Static Application Security Testing is the process of testing the source code, binary or byte code of an application. In SAST you do not need a running system.
What is DAST?
DAST or Dynamic Application Security Testing is the process of testing an application during its running state. In…Continue
Added by bikash on May 14, 2013 at 4:00pm — No Comments