Cyber Security

Necessity of cyber security and risk management in today's digital era

The present era can be referred as a digital era as well which has created various opportunities for organizations to conduct business and deliver different services over internet. Organizations are very rapidly embracing social media, cloud computing, mobility and persuasive computing. This provides new opportunities and helps organization improve their efficiency level. However, increasing cyber-attacks in this digital era is putting organizations valuable and prized assets, their data, at risk. The risk and challenges in the area of data security, privacy has become a matter of concern and act as one of the major barrier of organizational growth. Each and every business organization must be always concerned about such attacks and simultaneously need to manage security across an array of applications and infrastructure, in spite of remaining always open and connected at the same time to their customers and outside world. 

Infosec 2016 technical roadmap - Make a choice ÔÇô Based on your business constraints and technological realities !!!

Infosec 2016 technical roadmap - Make a choice ÔÇô Based on your business constraints and technological realities

When we go for security solution design, it is important that we understand the business problem, need or opportunity. Our approach and methodologies should be based on that. Also we need to optimize architecture across customer needs, business constraints, and technological realities. For that we need to follow the industry trends and standards, both from a business and technical standpoint.

As a Security team, we need to closely watch the technology developments to ensure that our organization is effectively positioned to respond to any of the security threats. We need to develop technical roadmaps for future implementations across the enterprise to ensure the soundness of the solution. We also need to maintain a forward looking perspective on emerging technology developments and their relevance to both business and technology strategies.

Vendor Risk Management - time up for a paradigm shift

Vendor Risk Management - time up for a paradigm shift

“If not managed effectively, the use of service providers may expose financial institutions to regulatory action, financial loss, litigation, and loss of reputation”, I recall one of the statement that struck me some time ago. Recent cyber attacks reinforce the urgency to implement stronger third party risk management programs. Data might be stored on vendor cloud or on premise, it doesn’t matter, if the data is not properly secured, it increases the chances of data breaches.

Multiple vendors – More complexity

Crowdsourcing Cyber Security - The Next Generation Penetration Testing

Crowdsourcing Cyber Security - The Next Generation Penetration Testing

It was few years ago I was associated with one e-commerce company as a security consultant for an implementation program. At that time, I came to know about how important security is for them. All our big bosses, Confidentiality, Integrity and Availability are equally important for their business. At any point of time, if a data breach happens for example if the hackers get access to the saved credit card data, it will have a huge impact to the customers and thereby their reputation. If the website is down for few minutes, that will also result in huge loss.

Asset Management Challenges- What, Where, Who and How

Asset Management Challenges- What, Where, Who and How

Few years back, I was asked to build an asset management solution which should include all computers, servers, laptops, software, mobile devices etc. It was to meet a regulatory compliance requirement. I was very happy to take up that project, because for me compliance requirement was secondary. If we have a list of assets, then the solution would help me with the analysis of threats and vulnerabilities associated with each of those. I can configure the solution to give notifications and also it will advise me when vulnerability related to the Operating system or software is released. It seems to be simple, but was very challenging.

How to deal with the annoying virus hoaxes?

How to deal with the annoying virus hoaxes?

Few years back, I got an email from my colleague warning me about a virus. I went through the distribution lists in that email and it seems this has been forwarded by multiple people requesting everyone to forward this as it has the information about a virus that seems to be dangerous in nature. My colleague had forwarded this with good intention, to educate or alert me and his friends. I went through different reputed antivirus websites to check the details of this virus and was not able to find any information related to this.

Cyber Security Capacity Building - Address the Gap

Cyber Security Capacity Building - Address the Gap
India needs a Cyber-workforce as an enabling national asset to meet domestic as well as global cyber security demands estimated at $120.1 billion by 2017. We need to formulate a framework for creation of cyber security workforce. Meet the Demand and create the Supply. Take Cyber security to the Boardrooms and provide the necessary impetus this issue deserves. Mandate training of 500,000 People in cyber security skills by 2020 and capture the opportunity of exporting security services of over $ 20 billion.
 

Third Hyderabad Security Conference ÔÇô Key Insights

The DSCI conducted its third Hyderabad Security conference on 11 Sept 2015. The theme of the conference this year being – Futuristic Scope – Making Sense of the Threat Landscape: Securitizing the Future. There were seven interactive sessions encompassing topics in the likes of Brand value protection in Cyber Age, Cyber Warfare, Big Data Analytics, Next Generation Security Architecture, Securing the technology convergence in terms of our readiness & acceptance of IoT, Securing Mobile applications and Software Defined Networks. There was an exclusive talk on evolution of threat landscape as well. With interactive sessions on current themes addressing fast changing threat landscape, the agenda reflected deep community interest with thought provoking discussions from eminent speakers and attendees across technology and business sectors in Security world.

Need of Cyber Security Intelligence feeds in your enterprise

Need of Cyber Security Intelligence feeds in your enterprise

We have heard and read a lot about National Intelligence agencies, Research and Analysis wing (R&AW or RAW), Intelligence bureau etc. The main function is to garner intelligence from within the country or from other countries and also execute counter-intelligence and counter-terrorism tasks.They gathers threat intelligence so it can understand which threats are most credible or imminent and allocate resources accordingly to guard against those attacks.We read in news papers that, as per intelligence reports there are chances of so and so terrorist attacks etc.

Few years back when I was working in SOC, I got a call from one of my colleague updating about a Microsoft windows vulnerability that will be made public in 2 days. Before vulnerability gets public, is there any way, where we could get these information? I was confused...!! How he came to know about it? Do we have Intelligence bureau here in our domain also?

Pages

Subscribe to RSS - Cyber Security