All Blog Posts Tagged 'Checklists' (22)

How to create an SPF TXT record?

Step 1: Collect all IP addresses that are used to send email

The Sender Policy Framework (SPF) gives the ability to authenticate your email and to specify which IP addresses are allowed to send email on behalf of the specific domain.

In order to successfully implement SPF you first need to identify which mail servers are used to send email for your domain. These mail servers can be any sending organization, you should think of your Email Service Provider,…


Added by Priyank Sheth on December 17, 2019 at 4:00pm — No Comments

Incident Response: How To Respond To A Security Breach During First 24 Hours (Checklist)

Incident Response is pretty much the same, however the first few hours can be vital and only high priority actions can save the situation. Since this is a Security Breach, it is of highest priority and must be treated at highest escalation level.

Checklist To Respond To A Security…


Added by pritha on July 2, 2015 at 12:30am — No Comments

Vendor Selection Framework For Integration Of Threat Intelligence With SIEM

Here is a comprehensive checklist to Evaluate SIEM Vendors. We highly appreciate this community contribution.

by Sunil Soni, CISO, Punjab National Bank

Vendor Selection Framework For Integration Of Threat Intelligence With SIEM…


Added by pritha on June 29, 2015 at 12:00pm — No Comments

Checklist to Evaluate A Cloud Based WAF Vendor

These days’ web applications are under siege. Commercially motivated Hackers, bots, and fraudsters are attacking around the clock, attempting to steal data, disrupt access, and commit fraud which today’s next generation firewall, IPS and other network security product are unable to safeguard. So in order to prevent…


Added by pritha on July 4, 2014 at 1:00am — No Comments

Checklist to Evaluate a DLP Provider

The Data Leak Prevention Project was rolled out in Lanco Infratech Ltd

  • To protect its proprietary assets and business data against any loss or leakage
  • To meet regulatory requirements as per the segment of industry.
  • To increase awareness amongst the employees by publishing the incidents and policy violation cases across the group
  • To help in establishing evidences of intentional breaches to initiate disciplinary cases.



Added by pritha on June 24, 2014 at 8:00pm — No Comments

Checklist for PCI DSS Implementation & Certification

PCI DSS – Stringent but Exhilarating to Implement (Project PCI DSS Implementation & Certification)

PCI DSS stand for Payment Card Industry Data Security Standard is a robust, comprehensive, technology driven, transparent, explicit standard to enhanced security controls around payment card and related account data by ensuring the safe…


Added by pritha on June 24, 2014 at 8:00pm — No Comments

How effective is your SIEM Implementation? - CISO Platform<

During the last few penetration testing conducted for certain organizations, we have discovered a surprising fact that almost all the SIEM implementation had gaps on the implementation levels. For example, in certain cases, SIEM did not even detect at all when…


Added by bikash on May 2, 2014 at 12:30am — No Comments

CISO Guide for Denial-of-Service (DoS) Security

Denial-of-Service (DoS) attacks have existed since the early days of computing and have evolved into complex and overwhelming security challenges. Organizations have had to worry not just about DoS attacks, but Distributed DoS attacks (DDoS), and more recently, Distributed Reflector DoS (DRDoS) attacks. Additionally the size, complexity, and sophistication of DDoS attacks are increasing at alarming rates.

In general distributed denial-of-service (DDoS) attacks target network…


Added by CISO Platform on September 12, 2013 at 12:30pm — No Comments

Action List Before Adopting a Cloud Technology

Firstly the CISO has to work with the CIO and the business to understand the business need to implement this and then clearly articulate associated risk exposure to the firm and its stakeholders.

A detailed due diligence has to be completed following which the risk posture and risk mitigation guidance has to be provided. Subsequently a corporate policy along with the mitigating controls has to be implemented and training imparted to the relevant business users.

(


Added by CISO Platform on August 28, 2013 at 4:00pm — 1 Comment

Technology/Solution Guide for Single Sign-On

Top technologies / solutions available for the Single Sign-On are :

1.Common Standard Solutions:

  • The Generic Security Service Application Program Interface GSS-API.
  • OSF Distributed Computing Environment DCE.
  • Pluggable Authentication Modules PAM

 2.Broker-Based SSO Solutions: having one server for central authentication & user account management.                  

  • Kerberos: Trusted Kerberos…

Added by CISO Platform on August 28, 2013 at 3:30pm — 1 Comment

Database Security Vendor Evaluation Guide

Requirement for solutions related to Database security

A CISO should define the requirement for solutions related to Database security by first understanding the business and threat environment and decide on the most applicable threats and security parameters while balancing performance of application and security.

(


Added by CISO Platform on August 28, 2013 at 2:00pm — No Comments

My Key Learning While Implementing Database Security

Top steps during the implementation of a project related to Database Security

1.As most of the times, application developers or persons implementing the applications also work as database administrators, it is important that database administration is handled by different persons in the team. For bigger projects, you should have a separate database team. This helps on most of the occasions to have better control on database management and…


Added by CISO Platform on August 28, 2013 at 1:30pm — No Comments

BYOD Security: From Defining the Requirements to Choosing a Vendor

A CISO need to understand the exact requirement before designing the BYOD domain in the organization. Keeping in mind the exact business need and value add which can be or intended to obtain using this technology.

(Read more:  5 easy ways to build your personal brand !)

Build of solution for BYOD is directly related to business requirement without any compromise to security of information…


Added by CISO Platform on August 27, 2013 at 5:30pm — No Comments

Under the hood of Top 4 BYOD Security Technologies: Pros & Cons

Top technologies / solutions available for BYOD Security:

Task for companies who utilize BYOD is to develop a policy that defines exactly what sensitive company information needs to be protected and which employees should have access to this information, and then to educate all employees on this policy.

Technologies for security of BYOD :

1.     VDI- One popular software-based security method gaining steam in BYOD environments is…


Added by CISO Platform on August 27, 2013 at 5:30pm — No Comments

How Should a CISO choose the right Anti-Malware Technology?

Now this is a very subjective term as “Right” to each is quite different. More so, the subject “Information Security” by itself is quite a dynamic and an evolving term. Here, any measure stick with constant attributes may not provide a true insight for the choice of Technology. However, certain parameters of the selection process can be generalized for operational efficiency.

(


Added by CISO Platform on August 27, 2013 at 4:30pm — No Comments

5 Best Practices to secure your Big Data Implementation

Here are the key best practices that organizations need to adopt for securing their Big Data.

 1. Secure your computation code:

  • Proper access control, code signing, auditing should be implemented to secure computation code.
  • Implement a strategy to protect data in presence of an untrusted computation code.

2. Implement comprehensive end-point input validation/filtering:

  • Implement validation and filtering of input…

Added by Jitendra Chauhan on August 20, 2013 at 7:30pm — No Comments

Top 5 Big Data Vulnerability Classes

Recently, we were pentesting a Data mining and Analytics company. The amount of data that they talked about is phenomenal and they are planning to move to Big Data. They invited me to write a blog on state of the art, Big Data security concerns and challenges and I happily accepted.

( Read more:  Top 5 Application…


Added by Jitendra Chauhan on August 20, 2013 at 6:30pm — No Comments

How to choose your Security / Penetration Testing Vendor?


A common question is why should we get a third party penetration testing company? Why not choose a team from your current technical group to handle the network security test? For one, security audits like traditional financial audits are better done by outside companies with no bias and partiality to anyone or anything within your organization. Another reason to hire a security testing company is that one may find it difficult to hire and retain Penetration…


Added by bikash on May 14, 2013 at 6:00pm — No Comments

SAST vs DAST: How should you choose ?

What is SAST?

SAST or Static Application Security Testing is the process of testing the source code, binary or byte code of an application. In SAST you do not need a running system.


What is DAST?

DAST or Dynamic Application Security Testing is the process of testing an application during its running state.  In…


Added by bikash on May 14, 2013 at 4:00pm — No Comments

CISO Viewpoint: Safe Penetration Testing



Safe Penetration Testing – 3 Myths and the Facts behind them

Penetration testing vendors will often make promises and assurances that they can test your Web Applications safely and comprehensively in your production environment. So when performing Penetration Testing of a Web Application that is hosted in a Production Environment you need to consider the following myths and facts which can directly or indirectly end up causing you…


Added by bikash on May 14, 2013 at 3:30pm — No Comments

Monthly Archives











© 2020   Created by CISO Platform.   Powered by

Badges  |  Report an Issue  |  Privacy Policy  |  Terms of Service