Social Network For Security Executives: Network, Learn & Collaborate
A recently disclosed data leak impacts around 700,000 AmEx India customers, exposing Personally Identifiable Information (PII) like Names, Emails & Telephone numbers. This leak highlights the perils of Shadow IT, and why organizations should look into building a continuous digital risk monitoring program. Here’s a brief on what you need to know:
An unprotected MongoDB instance, containing nearly 3 Million…
ContinueAdded by pritha on December 19, 2019 at 12:00pm — No Comments
RSA conference is one of the leading security conference worldwide. It creates tremendous opportunity for firewall vendors, users and practitioners to innovate, educate and discuss around the current security landscape.
A Next-Generation Firewall (NGFW) is an integrated network platform that combines a traditional firewall with application specific granular controls to help them detect application specific attacks. They help detect attacks through…
Added by pritha on December 19, 2019 at 11:00am — No Comments
This article delves into the risk Shadow IT poses. In a recent report Gartner predicted 30% of breaches due to Shadow IT, this further brings the focus to this topic. Let’s take a look at the report and a few mitigation strategies
1.What Gartner Predicted About Shadow IT
Gartner’s Top Security Predictions in 2016 predicted ‘By 2020, a third of successful attacks experienced by enterprises will be on their shadow IT…
ContinueAdded by pritha on December 19, 2019 at 11:00am — No Comments
We were happy to participate in a community round table organized by CISO Platform
Added by pritha on December 19, 2019 at 11:00am — No Comments
Credential stuffing is a method that hackers use to infiltrate a company’s system by automated injection of breached username & password pairs. Attackers use credentials to bypass anti-spam and firewall devices and access users accounts. Once they were inside the company network, they can send phishing emails or compromise company systems/data. Note that attackers just need to gain access to only a few accounts, or just one admin account to compromise the system. According…
ContinueAdded by pritha on December 18, 2019 at 2:00pm — No Comments
Subdomain Takeover is a type of vulnerability which appears when a DNS entry (subdomain) of an organization points to an External Service (ex. Heroku, Github, Bitbucket, Desk, Squarespace, Shopify, etc) but the service is no longer utilized or has been migrated/deleted. In this blog, we will be dissecting Uber Subdomain takeover vulnerability which was further escalated to authentication bypass of all ube subdomains.
For example,…
ContinueAdded by pritha on December 18, 2019 at 12:30pm — No Comments
Gartner predicted that shadow IT is 30 to 40 percent of IT spending in large enterprises, and Everest Group predicted that it can be 50 percent or more of IT Spending. This indicates that a lot of IT spendings are being bypassed to IT department. How to manage enterprise Shadow IT has become a big concern for a lot of organisations.
Because of rapid growth in SaaS and cloud products/services used by enterprises, shadow IT now can operate securely at scale.…
ContinueAdded by pritha on December 18, 2019 at 12:30pm — No Comments
Here is a small list of the major policies and best practices to manage Shadow IT
Policies To Have
1.Have A Shadow IT Policy
Create a policy document that takes care of the major areas of Shadow IT Management. This will make sure all company assets and services get registered on a single repository from and all major data sharing gets accounted for including an organization’s…
ContinueAdded by pritha on December 18, 2019 at 12:30pm — No Comments
Added by pritha on December 18, 2019 at 12:00pm — No Comments
Organizations across all Financial Services firms are dealing with the effects of shadow IT, whether they realize it or not. Shadow IT is technology that is adopted and deployed by business units without the knowledge or consent of corporate IT teams.
The motivations behind the adoption of shadow IT are typically well-intentioned. For financial services firms, the risks of shadow IT are amplified due to the value of the data their organizations possess, and the strict…
ContinueAdded by pritha on December 18, 2019 at 12:00pm — No Comments
As the name suggest “Digital Footprint”, it’s the unique traces of your digital presence. As per wikipedia, “ Digital Footprint refers to one’s unique set of traceable digital activities, actions, contributions and communications that are manifested on the Internet or on digital devices.” Here in this blog we will emphasise on how to manage enterprise digital footprint.
An Enterprise Digital Footprint, is an inventory of all the digital assets over internet…
ContinueAdded by pritha on December 18, 2019 at 11:04am — No Comments
As the name suggest “Digital Footprint”, it’s the unique traces of your digital presence. As per wikipedia, “ Digital Footprint refers to one’s unique set of traceable digital activities, actions, contributions and communications that are manifested on the Internet or on digital devices.” Here in this blog we will emphasise on how to manage enterprise digital footprint.
An Enterprise Digital Footprint, is an inventory of all the digital assets over internet…
ContinueAdded by pritha on December 18, 2019 at 11:00am — No Comments
Many organizations have hundreds of vendors and the Third-Party risk exposure is one of the biggest threats. Most of the organizations depend upon partners, vendors, suppliers, contractors and other third-parties for day-to-day operations. Each of them presents some potential risk to the organization.
Third-Party Risk Management programs helps in assessing the cybersecurity of vendors/3rd parties that handle an organization’s sensitive data or…
ContinueAdded by pritha on December 18, 2019 at 10:30am — No Comments
Third-Party risks are more as the Third-Party breaches continue to dominate and these breaches are expensive to organizations. Third-parties are those companies that you directly work with such as data management companies, law firms, e-mail providers, web hosting companies, subsidiaries, vendors, sub-contractors. Third-Parties are basically any organization, whose employees or systems have access to your systems/ data. However,…
ContinueAdded by pritha on December 18, 2019 at 10:00am — No Comments
Here we will explore the Shadow IT Risks for OT Departments. Operations Technology groups can be an integral part of important business functions like production, maintenance and more. This means there are a lot of IT related functions which can be handled by the OT department members in terms of functionality. However, not involving the IT department could mean these IT functions could cause potential security concerns. The OT department member might not be aware of the exact…
ContinueAdded by pritha on December 18, 2019 at 9:30am — No Comments
Digital Footprint is the information about the organization that exists on the Internet as a result of their online activity. Organizations’…
ContinueAdded by pritha on December 17, 2019 at 5:30pm — No Comments
Added by pritha on December 17, 2019 at 5:00pm — No Comments
Shadow IT threats involves pushing back on any initiatives that try to bypass IT and fighting the line of business managers for ownership of these projects. Shadow IT opportunity involves transforming shadow IT into official line-of-business shortcuts and becoming the corporate champion of innovative initiatives. Below are a few ways one could looks at Shadow IT as an opportunity.
CISO’s Choice:
There was a time when…
ContinueAdded by pritha on December 17, 2019 at 5:00pm — No Comments
Domain hijacking is the act of changing the domain name registration without the original Registrant’s permission, or by abuse of privileges on domain hosting and registrar software systems. It is a form of theft that takes place online, where the thief/attacker takes access of a domain without the consent of the domain registrant. It is up to you and your domain/ hosting company to prevent your domain falling prey to these kinds of attacks because they happen due to security…
ContinueAdded by pritha on December 17, 2019 at 4:53pm — No Comments
The Deep Web contains nearly 550 billion individual documents. Search engines can only access 16% of the available information, this gives you an idea of the huge size of dark web. There is about 5+ Billion Leaked Credentials, Credit Card Breaches information available on dark web. In this blog, we will talk about Top 8 ways to handle leaked credentials incidents.…
ContinueAdded by pritha on December 17, 2019 at 4:30pm — No Comments
2021
2020
2019
2018
2017
2016
2015
2014
2013
2012
1999
Started by Priyanka Aash on Wednesday. 0 Replies 0 Likes
What are the challenges you as a CISO have been facing since the last year and share some security trends that are catching up? Help the community by sharing your knowledge and personal views on this subject. Or if you have any specific questions…Continue
Started by Maheshkumar Vagadiya Jul 30, 2020. 0 Replies 0 Likes
Share the instances where you were able to convince the Executive management /board that CISO function is enabler rather then a hindrance.Thanks youMaheshContinue
Started by CISO Platform. Last reply by Yogesh Nov 19, 2020. 2 Replies 0 Likes
(question posted on behalf of a CISO member)Has anyone evaluated digital signature (like Docusign), any specific risk/ security areas to be looked into while finalising a vendor? Any and all inputs will be very much appreciated.Continue
Started by CISO Platform. Last reply by ANAND SHRIMALI May 20, 2020. 4 Replies 1 Like
(question posted on behalf of a CISO member)What are your strategies for using Zoom in your organization after recent vulnerabilities in news about Zoom platform?Related Question: …Continue
# Manageengine Adaudit Plus -vs- Netwrix Auditor
# Rapid7 Nexpose -vs- Tenable Network Security Nessus
# Algosec Firewall Analyzer -vs- Tufin Orchestration Suite
# Hp Arcsight Siem Solutionarcsight Express -vs- Splunk Enterprise Splunk Cloud Splunk Light
# Cisco Meraki Mx Appliances -vs- Fortinet Fortigate
# Cloud Access Security Broker
# Distributed Denial of Service
# Network Advanced Threat Protection
Follow us
© 2021 Created by CISO Platform.
Powered by
Badges | Report an Issue | Privacy Policy | Terms of Service