Posts

Showing posts from 2019

Bypassing Security Control for VIPs !

-
Image
Risk Vs Threat Vs Vulnerability  Its connected to previous posts and thoughts... On many Organizations to satisfy the personalities seems bypassing Security controls for VIPs where i refer those VIP are high value assets and crown jewel of organizations.  Controls we are deploying should be process oriented not personal oriented. Agree IT is to support Business, Of-course. But in this new era many business undoubtedly connected to NET and its should protected.  Referring to RISK equation as below;  Risk = Threat * Vulnerability * Asset Value  In Simple language : forgot the Car key in side the Car is an Vulnerability, threat here is where we put the car & key, in City or Village, ie how potential on vulnerability. Asset value is what kind car we using Maruti or Ferrari :) . The term “vulnerability” refers to the security flaws (Weakness ) in a system that allow an attack to be successful. Threat is the frequency of potentially a...
Post a Comment
Read more

Security Incident Hand-off

-
Image
"Organization QWERTY Data loss for 10,000 record and its share value may drop " Rumor inside. I personally prefer to do  "Security  Hand-Off process"  while identifying the security incident based on the nature and directly impact the reputation or share values should be handled by experts from cyber security incident management ( like IBM CERT and ERS) and organization's CISO to lead the situation. Its mandate to have participation from customer side to validate the impact and its take necessary actions. Of course, among IT and Incident management peoples should have proper education on Cyber security and how to handle such substations and avoid rumor's. Which help organization to contain the situation to controlled manner to take right action. Then general incident team make such issues as noise and spread unhealthy news across and lead to dis agreed messages to outsides. and even some best practices in general Incident management practice need ...
Post a Comment
Read more

Slideshare link for my public presentations

-
Image
Please refer the  slideshare Channel for slide documentation for below topics; 1. network basics and security components brief on functionality 2. vulnerability management  overview 3. virtualization and virtual security integration with IPS services 4. Intrusion detection and prevention system brief 5. Datalake and information security review
Post a Comment
Read more