Security Articles

Tue
13
Jun

What is PCI DSS and What are 12 Requirements for it?

What is PCI DSS and What are 12 Requirements for it?
Have you ever wondered that we have so many Compliance standards for almost everything in this World? For Food, for electronics, for IT firms heck I guess there would be some standard for Clothes too which I don’t know.
So today we are going to talk about something which I am guessing is a very important banking Standard that is PCI DSS.
 

Now, what does PCI DSS Stands for? 

Mon
12
Jun

Ransomware: How Much You Knew and What You Need to Know!

Ransomware: How Much You Knew and What You Need to Know!
Ransomware is a type of malware that infects by locking or by encrypting users hard drives unless ransom fee is paid. It holds victim information by asymmetric encryption. Asymmetric encryption (public-private key) is cryptography that use a pair of key to encrypt and decrypt a file.
 
These both keys is uniquely generated by the attacker for the victim. Private Key is used to decrypt the locks or file but that key is stored in attacker server. This private key available to the victim only after the ransom amount paid to the attacker. Without private key, it becomes a big challenge to decrypt the files that are being held to ransom.
 

Types of  Ransomware

There are two main forms of Ransomware in circulation today:
 
Mon
12
Jun

Intricacies Involved with Cyber-Insurance

Intricacies Involved with Cyber-Insurance
Today, no business is full proof against cyber-attacks and data privacy breaches. At the same time cyber criminals are growing more sophisticated day-by-day. The demand for cyber-insurance has grown as a result. Globally around 33% of big/mid/small size organizations have started opting for some type of cyber-insurance policy to reduce the impact of cyber-attacks. At present approximately #25 insurers offer this type of insurance and all these carriers offer coverage for first-party and/or third-party losses. The target coverage varies from insurer to insurer and at places the policy itself may not be tagged as a “cyber policy’ or a “cyber-insurance”.
 
Insurers offer both first-party and third-party insurances covering cyber losses. 
 
Mon
12
Jun

Last Line of Defense: Cyber-Insurance

Last Line of Defense: Cyber-Insurance
The booming phrase in Information Security/Cyber Security around which is becoming the backbone of every organization and the businesses-corporates revolve around is Risk Management. As a part of risk treatment, identified risks could be mitigated in 4 ways: Accept, Avoid, Reduce and Transfer.
 
Accept: With this mitigation approach, the technical and business impact of identified risk is measured against the organization’s risk appetite and accepted if found negligible.
 
Avoid: This approach direct the closure of business area leading to high risk due to the hefty effort involved in mitigation of the same. 
 
Wed
07
Jun

Techniques used by Social Engineers and Countermeasures

Techniques used by Social Engineers and Countermeasures
Instead of penetrating the network, Breaching the people who run it.
 
The previous article " The Art of Social Engineering!! ", what is the social engineering attack and how attackers exploit human elements to traps victims into believing the authenticity of attacker was discussed. Also the popular social engineering attacking techniques were listed, continuing more from the topic, below are some more approaches that attackers uses.
 

Popular Social Engineering Attacking Techniques

Mon
05
Jun

Writing Effective Application Security Requirements

Writing Effective Application Security Requirements
When an enterprise is planning to deploy a new software product into their operational environment, the foremost thing is to be performed is to identify the security requirements followed by a degree of the risk level of each risk and mitigation steps by the risk assessor. When the security requirements are prepared, the risk professional generally captures volume of standard requirements without looking into its applicability of the requirements for the true business function. This document would provide some important considerations to keep in mind when defining the security requirements.
 

It’s all starts with enterprise security policies and standards

Mon
05
Jun

How Big Data Comes Handy in Security Analytics?

How Big Data Comes Handy in Security Analytics?
You have a tremendous amount of information all around you - structured data, unstructured data, sensitive data, compliant data, and more. From enterprise databases to social media posts, imagine a scenario where you could take your data in all its various forms, transform it to understandable data, apply the right analytics to it, and afterwards use it to better secure your business, become more security intelligent, and even drive more revenue as a result of that knowledge?
 
This is Big Data analytics is all about. Big data technologies are seen as increasingly valuable by organizations seeking to maximize their security intelligence. According to a recent study conducted by ESG based on interviewing 257 IT/Information security professionals at enterprise-class organizations based in North America, currently, 44% of companies are collecting and analyzing “Big Data” for security purposes.
Thu
01
Jun

All you know about STRIDE - Elevation of Privilege Threat (EOP)

All you know about STRIDE - Elevation of Privilege Threat (EOP)
STRIDE is a security threat model, developed by Microsoft that categorize the security threat associated with the computer. It consists of six different threat categories which are:
Spoofing
Tampering
Repudiation
Information Disclosure
Denial of Service
Elevation of Privilege
 
This article is all about the Elevation of Privilege Threat only. Subsequent articles will cover details on remaining techniques. However, Please refer the below link for already published article on the topic All you know about STRIDE – Repudiation Threat. 
 
Wed
31
May

What Lessons Can Be Learned From WannaCry?

What Lessons Can Be Learned From WannaCry?
With a spread across 150 countries, WannaCry has made itself the most widespread ransomware till date. Its spread and impact has been significant which is evident from the fact that it has been an alarming news across the globe. There is a rough estimation that nearly 200,000 computers have been affected by this program.
 
If we look minutely at this attack, there are certain unique aspects to observe. Firstly, this has been the largest ransomware attack globally. Countries across continents have been affected. There had been instances of ransom demanding hackers in the past, however, they had been endemic to certain entities only. The Cyber world got alarmed with the way this ransomware burgeoned across computers, encrypted and locked the resources. Such global attack had not been thought to be practical until the news break in.
 
Wed
31
May

IT DR PLAN – An integrated Approach For Distrbuted Plans

IT DR PLAN – An integrated Approach For Distrbuted Plans
The IT Disaster Recovery Plan is an important element of IT disaster recovery program that ensures critical IT services can continue to be delivered in the case of disaster.  This document provides Approach to create such recovery plans and other related information regarding a holistic approach to planning the documentation for IT disaster recovery.
 

Align the IT Disaster Recovery Plan With Business Requirement 

Pages

Subscribe to RSS - Security Articles