Information Security

Cyber Security Landscape for 2019

Will 2019 be better or worse than 2018? Traditional business structures will continue to get disrupted over the next two to five years. The digital age has created unprecedented opportunities to do business and deliver services using new technologies. Organizations are rapidly embracing social media, mobility and cloud computing technology and transforming their ICT operations. The fast advancement in above technologies is being driven by the economics of value and advantage created by this competitive change. While this opens up exciting new opportunities, improves efficiency, it also exposes businesses to larger attack surface and associated multiplicative risks of cyber-attacks of adopting such emerging technologies, increased network bandwidth, and interconnected devices.

Stuart shows a small picture of information security to Grin

Stuart and Grin are childhood friends and met after a long time, both talking about their professional life. 
Stuart : In which company you are working and on which domain ?
Grin : Working in ABC company and currently working as an Java developer. What about you ?
Stuart : I am working in XYZ company in Application/Network Security.
Grin : Security !!! What exactly is that and which things are covered into that ?
Now, Stuart answers...

Information Security: The CIA Triad

An immensely broad field, Information Security involves the design and testing of data which may be personal, internal or confidential, communicate via networks and the internet, should be secured and protected.

In this post, the main objective is to narrate one of the fundamental concepts of security that should be familiar with most security professionals: The CIA (Confidentiality, Integrity, and Availability) triad.

A simple but widely-accepted security model is the CIA triad; standing for Confidentiality, Integrity and Availability; three key principles which can be implemented in any kind of organization. This principle is applicable across the whole subject of Security Analysis, from access to a user's internet history to security of encrypted data across the internet. If any one of the three is non-compliant, it may have serious consequences.

Let’s understand the importance of these three components (CIA).

5W-2H Approach for Information Security

5W-2H is a classical management tool usually used for process improvement, which helps in analyzing the problem/process in a holistic manner to suggest possible solutions. This approach brings in a 360 degree perspective, which doesn’t stop with implementation of a single or pointed solution but more of a continuous improvement concept to be used for improvisation. Let’s use this concept for information security, which when process improvised will lead to enhanced governance in place with technological aspects inevitably falling in line.  

Consider the situation of Enterprise Vulnerability Management (EVM) to be implemented in an organization, and let’s see how this 5W-2H tool enables us to connect the dots and formulate a plan of action.

Chevening - TCS Cyber Security Fellowship

Chevening - TCS Cyber Security Fellowship

Tata Consultancy Services (BSE: 532540, NSE: TCS), the leading IT services, consulting and business solutions organization, is a partner with the Foreign & Commonwealth Office (FCO) of the UK Government and created the Chevening-TCS Scholarship on Cyber Policy for professionals in diverse fields from India. This is the world’s first cyber security and public policy fellowship programme.
This programme builds on considerable bilateral interaction at various levels between India and the UK on the subject of cyber security and is intended to develop expertise and skills in the areas of cyber security, information assurance and online governance challenges. The Chevening TCS Cyber Security Fellowship is a 12 week fully funded residential programme delivered at Cranfield University at the Defence Academy of the United Kingdom, Shrivenham.

Vulnerability Management - Step 0

Vulnerability Management - Step 0

Compliance is critical, necessary and not evil. Every organization wants to meet the compliance requirements and doing risk assessments, vulnerability management are key to achieve critical requirements.

Most of the times the organizations just see Vulnerability Management as another checkbox in pursue of compliance and forget or ignore many different aspects or they don’t have concrete foundations to carry out a well drilled and oiled Vulnerability Management process and the process complicates or fails mid-way.  Our job is to make the process as smooth as possible and sometimes it is better to start at step 0.

Information Security and Risk Management

Gone are the days when security was less important area for organizations. But with immense growth in various attacking and fraud techniques, organizational security has become the major concern. Now days companies are spending millions of dollars each year to keep their environment secure. Still no environment can be 100% secure, as intruders too are trying the latest hacking and attack methods. This is the reason why information security area is booming up and companies are ready to pay huge money to enterprise security services providers.

Subscribe to RSS - Information Security