August 2013 Blog Posts (16)

Action List Before Adopting a Cloud Technology

Firstly the CISO has to work with the CIO and the business to understand the business need to implement this and then clearly articulate associated risk exposure to the firm and its stakeholders.

A detailed due diligence has to be completed following which the risk posture and risk mitigation guidance has to be provided. Subsequently a corporate policy along with the mitigating controls has to be implemented and training imparted to the relevant business users.

( Read more: …

Continue

Added by CISO Platform on August 28, 2013 at 4:00pm — 1 Comment

Technology/Solution Guide for Single Sign-On

Top technologies / solutions available for the Single Sign-On are :

1.Common Standard Solutions:

  • The Generic Security Service Application Program Interface GSS-API.
  • OSF Distributed Computing Environment DCE.
  • Pluggable Authentication Modules PAM

 2.Broker-Based SSO Solutions: having one server for central authentication & user account management.                  

  • Kerberos: Trusted Kerberos…
Continue

Added by CISO Platform on August 28, 2013 at 3:30pm — 1 Comment

Database Security Vendor Evaluation Guide



Requirement for solutions related to Database security

A CISO should define the requirement for solutions related to Database security by first understanding the business and threat environment and decide on the most applicable threats and security parameters while balancing performance of application and security.

( Read more: …

Continue

Added by CISO Platform on August 28, 2013 at 2:00pm — No Comments

My Key Learning While Implementing Database Security



Top steps during the implementation of a project related to Database Security



1.As most of the times, application developers or persons implementing the applications also work as database administrators, it is important that database administration is handled by different persons in the team. For bigger projects, you should have a separate database team. This helps on most of the occasions to have better control on database management and…

Continue

Added by CISO Platform on August 28, 2013 at 1:30pm — No Comments

Anti Spam Security Project Implementation Guide and Top Common Mistakes



Top steps during the implementation of a project related to Anti Spam Security

  • Incorporation of spam detectors to block malicious/ fraudulent e-mails
  • Installation of filters for automatic detection/ deletion of malicious software
  • Deployment of software for blocking outgoing delivery of sensitive information to malicious parties
  • Implementation of standard anti-virus, filtering, and anti-spam software…
Continue

Added by CISO Platform on August 28, 2013 at 12:30am — No Comments

CISO Viewpoint: Choosing the Right Anti-Spam Security Solution

There are many technologies /solutions available to control Spam. There is no one technology which is complete solution by itself. With most anti-spam solutions, the key challenge is trying to balance false negatives (missed spams) vs false positives (rejecting good email). This is critical for a successful anti-spam deployment. Each approach has its own associated costs in time and effort.

Spam filtering can be done at the gateway or the client level.  There are options of using…

Continue

Added by CISO Platform on August 28, 2013 at 12:00am — No Comments

BYOD Security: From Defining the Requirements to Choosing a Vendor

A CISO need to understand the exact requirement before designing the BYOD domain in the organization. Keeping in mind the exact business need and value add which can be or intended to obtain using this technology.

(Read more:  5 easy ways to build your personal brand !)

Build of solution for BYOD is directly related to business requirement without any compromise to security of information…

Continue

Added by CISO Platform on August 27, 2013 at 5:30pm — No Comments

Under the hood of Top 4 BYOD Security Technologies: Pros & Cons

Top technologies / solutions available for BYOD Security:

Task for companies who utilize BYOD is to develop a policy that defines exactly what sensitive company information needs to be protected and which employees should have access to this information, and then to educate all employees on this policy.

Technologies for security of BYOD :

1.     VDI- One popular software-based security method gaining steam in BYOD environments is…

Continue

Added by CISO Platform on August 27, 2013 at 5:30pm — No Comments

CISO Viewpoint: Key advantages of using BYOD Security



Key advantages of using BYOD Security:

■ Extend corporate security policies to mobile devices

  • Device password policy configuration
  • Lock out after failed attempts
  • Disallow previously used passwords

■ Easily disable lost or stolen devices to protect corporate assets

  • Remote Locking
  • Remote Profile remove
  • Remote Wipe out

■ On-device…

Continue

Added by CISO Platform on August 27, 2013 at 5:00pm — No Comments

Top Questions to ask vendor for evaluating Anti-Malware Security offering

There are so many Endpoint Security Products in the market and every solution has atleast one or more unique feature in their product. So, it’s a tough job for a CISO to choose one of them for his organization. However, a Best Fit Analysis would be best practice for each organization as per own business processes and Infrastructure.

Before the evaluation process one should identify and classify the critical and sensitive Data. Next, map them with different Business processes. Once…

Continue

Added by CISO Platform on August 27, 2013 at 5:00pm — No Comments

How Should a CISO choose the right Anti-Malware Technology?

Now this is a very subjective term as “Right” to each is quite different. More so, the subject “Information Security” by itself is quite a dynamic and an evolving term. Here, any measure stick with constant attributes may not provide a true insight for the choice of Technology. However, certain parameters of the selection process can be generalized for operational efficiency.

(Read more: …

Continue

Added by CISO Platform on August 27, 2013 at 4:30pm — No Comments

A CISO AND the cost of a data

The 2012 Cost of Data Breach Study conducted provides some valuable information about the average cost of an enterprise data breach. The study, released in March’13, also recognized that organizations with a chief information security officer (CISO) in place experienced reduced costs for data breaches, which is right on target from my experience.

I am right in suspecting that an organization without a CISO is more prone to a security fault.

The role of a…

Continue

Added by Sharat AIRANI on August 22, 2013 at 4:30pm — No Comments

DDoS Security Checklist

Introduction

Since the early days of the internet, DDoS had been a favorite weapon of cyber-criminals. Recently there was news about the biggest DDoS attack in history targeted towards Spamhaus, an anti-spam group. The attacks reportedly peaked at 300 Gb/s (gigabits per second) which is way over what had been seen earlier. Modern DDoS attacks are getting obscenely large for even big organizations to handle effectively.

(Read more: …

Continue

Added by Nilanjan De on August 20, 2013 at 7:30pm — No Comments

5 Best Practices to secure your Big Data Implementation

Here are the key best practices that organizations need to adopt for securing their Big Data.

 1. Secure your computation code:

  • Proper access control, code signing, auditing should be implemented to secure computation code.
  • Implement a strategy to protect data in presence of an untrusted computation code.

2. Implement comprehensive end-point input validation/filtering:

  • Implement validation and filtering of input…
Continue

Added by Jitendra Chauhan on August 20, 2013 at 7:30pm — No Comments

Top 5 Big Data Vulnerability Classes

Recently, we were pentesting a Data mining and Analytics company. The amount of data that they talked about is phenomenal and they are planning to move to Big Data. They invited me to write a blog on state of the art, Big Data security concerns and challenges and I happily accepted.

( Read more:  Top 5 Application…

Continue

Added by Jitendra Chauhan on August 20, 2013 at 6:30pm — No Comments

CISO and the business

I have seen many blogs, articles and most of them stated as, CISO need the ability to adopt the business. The role of the CISO in any organisation is to protect the business and bring the operations under secured mode, under the policy defined, governance so on and so forth. So obviously he has to aware of the business, competition and more than that the risk to the organisation and compliance matter.

Here I am putting this in other side of the context. Does business also need to…

Continue

Added by Sharat AIRANI on August 1, 2013 at 2:30pm — No Comments

Monthly Archives

2019

2018

2017

2016

2015

2014

2013

2012

1999

© 2019   Created by CISO Platform.   Powered by

Badges  |  Report an Issue  |  Privacy Policy  |  Terms of Service

Related Posts