August 2019 Blog Posts (9)

How mature is your Application Security Program?

Business applications are vital for the successful functioning of any organization. Therefore, managing their information security risks are just as important as the business itself. If I ask about different measures you take to ensure security of your applications, you might reply with few initiatives such as periodic secure code reviews, external scans, vulnerability assessments & penetration testings and perhaps audits etc. But what If I asked how…


Added by Pushkal Mishra on August 30, 2019 at 7:00pm — No Comments

Top 10 SIEM Log Sources in Real Life?

[cross-post from Anton on Security blog]…


Added by Dr. Anton Chuvakin on August 27, 2019 at 4:00am — No Comments

[Security Operations Analysis] Chapter 2: Information Security Incident Response

Hi CISO This is the Chapter 2 Information Security Incident Response.


Identifying and responding to data security incidents is at the center of security activities. The group appointed to security operations is relied upon to monitor the organization's advantages inside extension and respond to security events and incidents, including the identification and examination of what might be considered…


Added by Mohamed marrouchi on August 23, 2019 at 6:30pm — No Comments

Don’t boil the ocean. Start with that.

Don’t boil the ocean. Start with that.

Before I dipped my toes into security I did a stint as an application administrator. I was responsible for managing system and application monitoring. More performance and capacity monitoring than anything but there is a clear overlap in tools that capture logs and generate alerts based on thresholds, e.g. an IBM Tivoli monitoring, HP EMS, or Microsoft SCOM and a SIEM.

My employer had just one of those tools at the time I started…


Added by Drew Brown on August 22, 2019 at 7:30am — No Comments

Impact of business email compromises and risk mitigation plans

According to an alert published by FBI on January 2019, Business Email Compromise (BEC) and Email Account Compromise (EAC) have10 Billion losses since October 2013. Traditionally, social engineering and Phishing techniques have been the most common ways to gain access to business…


Added by vasanth Kumar on August 21, 2019 at 12:46pm — No Comments

How to Manage Security & Third Party/Open Source Code in the SDLC


It has been suggested that any new development will include less than 1% original code. If this isn’t presently true, it will likely be as time progresses.

With any security program, the goal is to identify the vulnerabilities, the related risks, mitigations or compensating controls that can be implemented. With the volume of development including libraries and binaries from third-party/open source repositories like: Git-Hub,…


Added by Drew Brown on August 15, 2019 at 7:30pm — No Comments

The Legal Case for Capital One AWS Security Breach + A Short Synopsys

Capital One data breach affected over 106 million people, 140,000 Social Security numbers, 80,000 bank account numbers,1,000,000 Social Insurance Numbers ... The breach had taken place about 4 months back however it took some time before the breach was realised, in-fact it took an external tip for Capital One to realise something had happened.

The legal case built was quite interesting. Before I share the legal case link heres a short summary just in-case you dont know…


Added by CISO Platform on August 6, 2019 at 12:30pm — No Comments

(Panel Discussion) Shadow IT: You Cannot Protect What You Can’t See

This is a summary of the panel discussion at Security Symposium & Cyber Sentinel Award by Infocon global. The panel discussion was moderated by Jitendra Chauhan (Head of Engineering at FireCompass) along with Balaram (CISO, Manthan), Ananth Kumar Ms (Head-IT Assurance & Security, Janalaxmi Financial Services), Sumanth Naropanth and Ramakrishna Roy.…


Added by CISO Platform on August 4, 2019 at 9:00am — No Comments

MDM Installation for Mobile Phones in Organization

Topic - MDM Installation for mobile phones in organization

  • User phone monitoring through MDM may have resistance. MAM can be better than MDM but getting Management support will be a big task
  • BYOD policy approval by management is critical for non-company provided phones to be covered under MDM. Policy should incorporate complete deletion of email data and access once the employee moves out of the organization or lost his phone.
  • MDM should be…

Added by Sridharan on August 1, 2019 at 10:00am — No Comments

Monthly Archives













CISO as an enabler

Started by Maheshkumar Vagadiya Jul 30. 0 Replies

Share the instances where you were able to convince the Executive management /board that CISO function is enabler rather then a hindrance.Thanks youMaheshContinue

Has Anyone Evaluated Digital Signature (like Docusign)?

Started by CISO Platform. Last reply by Yogesh Nov 19. 2 Replies

(question posted on behalf of a CISO member)Has anyone evaluated digital signature (like Docusign), any specific risk/ security areas to be looked into while finalising a vendor? Any and all inputs will be very much appreciated.Continue

What are your strategies for using Zoom in your organization after recent vulnerabilities in news about Zoom platform?

Started by CISO Platform. Last reply by ANAND SHRIMALI May 20. 4 Replies

(question posted on behalf of a CISO member)What are your strategies for using Zoom in your organization after recent vulnerabilities in news about Zoom platform?Related Question: …Continue

[Please Suggest] Corona Virus: Security advisory for work from home

Started by CISO Platform. Last reply by Bhushan Deo Mar 20. 12 Replies

(question posted on behalf of a CISO member)Due to CORONA virus most of the organizations are allowing their employees to work form home.Has any one issued security advisory for work from home ?Continue

Tags: #COVID19

Follow us

Contact Us


Mobile: +91 99002 62585

InfoSec Media Private Limited,First Floor,# 48,Dr DV Gundappa Road, Basavanagudi,Bangalore,Karnataka - 560004

© 2020   Created by CISO Platform.   Powered by

Badges  |  Report an Issue  |  Privacy Policy  |  Terms of Service

/* */