What Google is to most internet users, Shodan (http://www.shodan.io) is to hackers. It is a search engine for hackers to look for open or vulnerable digital assets. Shodan scans the entire internet and stores the open ports along with services running on all accessible ip addresses. It also provides a lot of information about such exposed ip addresses, devices and ports. Such devices can be computers, laptops, webcams, traffic signals, and various IOT… Continue
Added by Allan Gray on January 14, 2020 at 2:00pm —
- 1. #RSAC SESSION ID: Zero Trust Security Gowdhaman…
Added by Gowdhaman Jothilingam on January 7, 2020 at 3:30pm —
Call for Comments
1. Need for NCSS 2020 India was one of the first few countries to propound a futuristic …
Added by CISO Platform on December 30, 2019 at 12:00pm —
Cybersecurity will be hard pressed to take on the new challenges of bank managed digital currencies.
Banks are developing their own digital currencies. The introduction of Central Bank Digital Currencies (CBDC) is the beginning of an interesting trend that will change the cybersecurity dynamic for banking as it opens up an entirely new threat… Continue
Added by Matthew Rosenquist on December 31, 2019 at 1:00pm —
Digital Risk Protection ( DRP ) is a term possibly popularized or coined by Forrester to describe the market of tools and technologies to protect from the risks posed by externally facing digital assets. As per Forrester: “Most buyers (77%) are purchasing DRP tools as net-new solutions for their organizations (as opposed to replacing an existing capability). They’re adding DRP to their existing security technology stacks to better tackle digital risk activities — namely, to improve… Continue
Added by CISO Platform on October 24, 2019 at 12:41pm —
As our world embraces a digital transformation, innovative technologies bring greater opportunities, cost efficiencies, abilities to scale globally, and entirely new service capabilities to enrich the lives of people globally. But there is a catch. For every opportunity, there is a risk. The more dependent and entrenched we become with technology… Continue
Added by Matthew Rosenquist on December 27, 2019 at 4:58am —
How do you prepare for CEH ?
The first question that you should ask yourself is why CEH over other certs ?
Apart from CEH being a highly recognized Cert, CEH gets you strong with you basics in the security domain,
this branches out into different paths such as:
# Penetration testing (VAPT)
# Management Level roles
# Audit level roles / Forensics
Added by Prasanna V Balaji on December 13, 2019 at 4:21pm —
Issue tracking can often be a tedious and annoying task. With several bugs happening at the same time, it becomes important to use bug tracking tools for your teams. This has become even more important in today’s era when there is fierce competition for high-quality products. While developers are well-equipped to deal with bugs, there is no easy way to keep track of them. This is where bug tracking tools come in. The primary purpose of these tools is to manage… Continue
Added by Ray Parker on December 10, 2019 at 4:19pm —
Compliance Vs Security:
Compliance does not always mean you are secure, totally agree. But does not mean Compliance, Standards and Processes are useless, it is not as glamorous, but it works silently in the background. Compliance covers all the areas equally while performing risk assessments and improves overall security baseline. E.g. periodic checks for access control and least privileges go a long way not only in…
Added by Santosh C on December 9, 2019 at 11:29am —
A couple of weeks ago I was asked by my colleague to give him some clues and tips on how to become a Cloud Security Architect, as that's the venture he wants to follow and he knows I've been in architect-alike roles for a while.
Knowing how much fulfillment one can get from a good career and work-life, I've had decided to sit down and write down some tips right-away. I did share it with him, but then I've had looked at it myself and I've come to realize that instead of a few tips, I… Continue
Added by Dawid Bałut on December 23, 2019 at 8:06pm —
Step 1: Collect all IP addresses that are used to send email
The Sender Policy Framework (SPF) gives the ability to authenticate your email and to specify which IP addresses are allowed to send email on behalf of the specific domain.
In order to successfully implement SPF you first need to identify which mail servers are used to send email for your domain. These mail servers can be any sending organization, you should think of your Email Service Provider,… Continue
Added by Priyank Sheth on December 17, 2019 at 4:00pm —
Children are amongst the most vulnerable in the Cyber world and we believe It is time for us to do something for our next generation.
At CISO Platform community, we have taken on a mission to help the kids. We are creating "Kid's Cyber Safety Week" on June 4 -10 to help train kids and their parents. Continue
We need you to help to realize our vision. It would be…
Added by pritha on November 26, 2019 at 8:30pm —
Generally, security team size would always lean for any type, kind or size of the organization :-), however, we are seeing a change in the trend, thanks to high-profile and increasingly sophisticated data breaches every other day and new privacy regulations being enforced across the world. I will try to summarize the key roles and responsibilities of the security team specifically for a cloud-based product organization.
Added by Santosh C on November 26, 2019 at 10:02am —
Business applications are vital for the successful functioning of any organization. Therefore, managing their information security risks are just as important as the business itself. If I ask about different measures you take to ensure security of your applications, you might reply with few initiatives such as periodic secure code reviews, external scans, vulnerability assessments & penetration testings and perhaps audits etc. But what If I asked how… Continue
Added by Pushkal Mishra on August 30, 2019 at 7:00pm —
Advanced Threat Protection (ATP) is used to protect against sophisticated, highly skilled, well funded and motivated threat actor . The solution uncovers advance threats across Endpoints, Network, Email and Cloud. These solutions are used to detect advanced persistent threats that existing controls are not able to detect or are simply not capable of doing it. Continue
Advance threat protection is not about a single security solution, It is about a combination of security…
Added by CISO Platform on September 4, 2019 at 12:37pm —
A common question is why should we get a third party penetration testing company? Why not choose a team from your current technical group to handle the network security test? For one, security audits like traditional financial audits are better done by outside companies with no bias and partiality to anyone or anything within your organization. Another reason to hire a security testing company is that one may find it difficult to hire and retain Penetration Testers.… Continue
Added by CISO Platform on September 3, 2019 at 9:30am —
Added by Dr. Anton Chuvakin on August 27, 2019 at 4:00am —
Hi CISO This is the Chapter 2 Information Security Incident Response.
Identifying and responding to data security incidents is at the center of security activities. The group appointed to security operations is relied upon to monitor the organization's advantages inside extension and respond to security events and incidents, including the identification and examination of what might be considered… Continue
Added by Mohamed marrouchi on August 23, 2019 at 6:30pm —
It has been suggested that any new development will include less than 1% original code. If this isn’t presently true, it will likely be as time progresses.
With any security program, the goal is to identify the vulnerabilities, the related risks, mitigations or compensating controls that can be implemented. With the volume of development including libraries and binaries from third-party/open source repositories like: Git-Hub,…
Added by Drew Brown on August 15, 2019 at 7:30pm —
Capital One data breach affected over 106 million people, 140,000 Social Security numbers, 80,000 bank account numbers,1,000,000 Social Insurance Numbers ... The breach had taken place about 4 months back however it took some time before the breach was realised, in-fact it took an external tip for Capital One to realise something had happened.
The legal case built was quite interesting. Before I share the legal case link heres a short summary just in-case you dont know… Continue
Added by CISO Platform on August 6, 2019 at 12:30pm —