Cyber Security

Some APT talks ÔÇô Part 2 ÔÇô Detect the Undetected

Some APT talks ÔÇô Part 2 ÔÇô Detect the Undetected

We have discussed about APT and its attack vectors in Part 1. Now it is important how we plan the mitigation strategies? There are multiple solutions in the market that offers different tools to effectively mitigate APT’s.  It would be boring and repetitive if I go through the best practices and the technologies I have already discussed in this forum such as User Awareness, Password policies, Patching etc. We will have a look at something new- Deception, a proactive way of dealing with these sorts of cyber attacks.

Necessity of cyber security and risk management in today's digital era

The present era can be referred as a digital era as well which has created various opportunities for organizations to conduct business and deliver different services over internet. Organizations are very rapidly embracing social media, cloud computing, mobility and persuasive computing. This provides new opportunities and helps organization improve their efficiency level. However, increasing cyber-attacks in this digital era is putting organizations valuable and prized assets, their data, at risk. The risk and challenges in the area of data security, privacy has become a matter of concern and act as one of the major barrier of organizational growth. Each and every business organization must be always concerned about such attacks and simultaneously need to manage security across an array of applications and infrastructure, in spite of remaining always open and connected at the same time to their customers and outside world. 

Infosec 2016 technical roadmap - Make a choice ÔÇô Based on your business constraints and technological realities !!!

Infosec 2016 technical roadmap - Make a choice ÔÇô Based on your business constraints and technological realities

When we go for security solution design, it is important that we understand the business problem, need or opportunity. Our approach and methodologies should be based on that. Also we need to optimize architecture across customer needs, business constraints, and technological realities. For that we need to follow the industry trends and standards, both from a business and technical standpoint.

As a Security team, we need to closely watch the technology developments to ensure that our organization is effectively positioned to respond to any of the security threats. We need to develop technical roadmaps for future implementations across the enterprise to ensure the soundness of the solution. We also need to maintain a forward looking perspective on emerging technology developments and their relevance to both business and technology strategies.

Vendor Risk Management - time up for a paradigm shift

Vendor Risk Management - time up for a paradigm shift

“If not managed effectively, the use of service providers may expose financial institutions to regulatory action, financial loss, litigation, and loss of reputation”, I recall one of the statement that struck me some time ago. Recent cyber attacks reinforce the urgency to implement stronger third party risk management programs. Data might be stored on vendor cloud or on premise, it doesn’t matter, if the data is not properly secured, it increases the chances of data breaches.

Multiple vendors – More complexity

Crowdsourcing Cyber Security - The Next Generation Penetration Testing

Crowdsourcing Cyber Security - The Next Generation Penetration Testing

It was few years ago I was associated with one e-commerce company as a security consultant for an implementation program. At that time, I came to know about how important security is for them. All our big bosses, Confidentiality, Integrity and Availability are equally important for their business. At any point of time, if a data breach happens for example if the hackers get access to the saved credit card data, it will have a huge impact to the customers and thereby their reputation. If the website is down for few minutes, that will also result in huge loss.

Asset Management Challenges- What, Where, Who and How

Asset Management Challenges- What, Where, Who and How

Few years back, I was asked to build an asset management solution which should include all computers, servers, laptops, software, mobile devices etc. It was to meet a regulatory compliance requirement. I was very happy to take up that project, because for me compliance requirement was secondary. If we have a list of assets, then the solution would help me with the analysis of threats and vulnerabilities associated with each of those. I can configure the solution to give notifications and also it will advise me when vulnerability related to the Operating system or software is released. It seems to be simple, but was very challenging.

How to deal with the annoying virus hoaxes?

How to deal with the annoying virus hoaxes?

Few years back, I got an email from my colleague warning me about a virus. I went through the distribution lists in that email and it seems this has been forwarded by multiple people requesting everyone to forward this as it has the information about a virus that seems to be dangerous in nature. My colleague had forwarded this with good intention, to educate or alert me and his friends. I went through different reputed antivirus websites to check the details of this virus and was not able to find any information related to this.

Cyber Security Capacity Building - Address the Gap

Cyber Security Capacity Building - Address the Gap
India needs a Cyber-workforce as an enabling national asset to meet domestic as well as global cyber security demands estimated at $120.1 billion by 2017. We need to formulate a framework for creation of cyber security workforce. Meet the Demand and create the Supply. Take Cyber security to the Boardrooms and provide the necessary impetus this issue deserves. Mandate training of 500,000 People in cyber security skills by 2020 and capture the opportunity of exporting security services of over $ 20 billion.
 

Third Hyderabad Security Conference ÔÇô Key Insights

The DSCI conducted its third Hyderabad Security conference on 11 Sept 2015. The theme of the conference this year being – Futuristic Scope – Making Sense of the Threat Landscape: Securitizing the Future. There were seven interactive sessions encompassing topics in the likes of Brand value protection in Cyber Age, Cyber Warfare, Big Data Analytics, Next Generation Security Architecture, Securing the technology convergence in terms of our readiness & acceptance of IoT, Securing Mobile applications and Software Defined Networks. There was an exclusive talk on evolution of threat landscape as well. With interactive sessions on current themes addressing fast changing threat landscape, the agenda reflected deep community interest with thought provoking discussions from eminent speakers and attendees across technology and business sectors in Security world.

Pages

Subscribe to RSS - Cyber Security