Business applications are vital for the successful functioning of any organization. Therefore, managing their information security risks are just as important as the business itself. If I ask about different measures you take to ensure security of your applications, you might reply with few initiatives such as periodic secure code reviews, external scans, vulnerability assessments & penetration testings and perhaps audits etc. But what If I asked how…

[cross-post from Anton on Security blog]…

Hi CISO This is the Chapter 2 Information Security Incident Response.

Abstract

Identifying and responding to data security incidents is at the center of security activities. The group appointed to security operations is relied upon to monitor the organization's advantages inside extension and respond to security events and incidents, including the identification and examination of what might be considered…

Don’t boil the ocean. Start with that.

Before I dipped my toes into security I did a stint as an application administrator. I was responsible for managing system and application monitoring. More performance and capacity monitoring than anything but there is a clear overlap in tools that capture logs and generate alerts based on thresholds, e.g. an IBM Tivoli monitoring, HP EMS, or Microsoft SCOM and a SIEM.

My employer had just one of those tools at the time I started…

According to an alert published by FBI on January 2019, Business Email Compromise (BEC) and Email Account Compromise (EAC) have10 Billion losses since October 2013. Traditionally, social engineering and Phishing techniques have been the most common ways to gain access to business…

Background:

It has been suggested that any new development will include less than 1% original code. If this isn’t presently true, it will likely be as time progresses.



With any security program, the goal is to identify the vulnerabilities, the related risks, mitigations or compensating controls that can be implemented. With the volume of development including libraries and binaries from third-party/open source repositories like: Git-Hub,…

Capital One data breach affected over 106 million people, 140,000 Social Security numbers, 80,000 bank account numbers,1,000,000 Social Insurance Numbers ... The breach had taken place about 4 months back however it took some time before the breach was realised, in-fact it took an external tip for Capital One to realise something had happened.

The legal case built was quite interesting. Before I share the legal case link heres a short summary just in-case you dont know…

This is a summary of the panel discussion at Security Symposium & Cyber Sentinel Award by Infocon global. The panel discussion was moderated by Jitendra Chauhan (Head of Engineering at FireCompass) along with Balaram (CISO, Manthan), Ananth Kumar Ms (Head-IT Assurance & Security, Janalaxmi Financial Services), Sumanth Naropanth and Ramakrishna Roy.…

Phishing attack allows attackers to steal user’s credentials

By now I am sure we have all seen the commercials of people walking up to their ATMs and taking cash out without physically touching the ATM machine. It is a feature known as “Cardless ATM banking” and has been adopted and used by several banking and financial institutions who boast about the faster transaction times (about 15 seconds from start to finish). Cardless ATM allows banking…

Topic - MDM Installation for mobile phones in organization

• User phone monitoring through MDM may have resistance. MAM can be better than MDM but getting Management support will be a big task
• BYOD policy approval by management is critical for non-company provided phones to be covered under MDM. Policy should incorporate complete deletion of email data and access once the employee moves out of the organization or lost his phone.
• MDM should be…