Archive for category ISMS

The Faces of Fraud: Fighting Back

Dec 31

Posted by Vinod Puthuseeri in Information Security, Information Security Risk Assessment, ISMS, ISO 27001:2005, Risk Assessment | 1 Comment

See How Financial Institutions Respond to the Latest Threats

From skimming and POS attacks to ACH fraud and payment card hacks, 2010 was “The Year of Fraud,” and the year’s incidents have left banking institutions and their customers anxious for new solutions to prevent fraud in all its forms.

In response to the growing fraud threats – and to the demand for new solutions – Information Security Media Group just concluded its latest survey, “The Faces of Fraud: Fighting Back.”

This is the Executive Summary of the survey results and what they suggest for fighting fraud in 2011.

One of the most telling responses of the survey is to this question:

Read the rest of this entry »

Tags: bank fraud scam, bank information security frauds, breaches of security, cybercrime security, frauds, information security article, internet banking frauds, internet security breaches, network, network security breaches, online security breaches, recent security breaches, security breaches, security breaches 2010, security breaches statistics, security issues, threats of information security

Two factor authentication

Nov 8

Posted by Vinod Puthuseeri in Information Security, Information Security Management System, Information Security Risk Management, ISMS, Technical | No Comments

What it is, what are the solutions

Today, banks providing internet banking facilities are looking for implementing or have already implemented two factor authentications. This has been done by either identifying risks by the banks themselves or has been mandated by the regulatory authorities. Whatever has initiated this, it is more important to understand what a two factor authentication is, what are the business requirements and how is it going to impact the customers. Read the rest of this entry »

Tags: 2 factor authentication, authentication, one time password, online banking, RSA tokens, two factor

Parkerian Hexad

Aug 16

Posted by Vinod Puthuseeri in CIA Triad, Information Security, Information Security Risk Assessment, Information Security Risk Management, ISMS, ISO 27001:2005, Risk Assessment | 3 Comments

The Parkerian hexad is a set of six elements of information security proposed by Donn B. Parker, renowned security consultant and writer. The term was coined by M. E. Kabay. The Parkerian hexad adds three additional attributes to the three classic security attributes of the CIA triad (confidentiality, integrity, availability).

The Parkerian Hexad attributes are the following:

Confidentiality
Possession or Control
Integrity
Authenticity
Availability
Utility

These attributes of information are atomic in that they are not broken down into further constituents; they are non-overlapping in that they refer to unique aspects of information. Any information security breach can be described as affecting one or more of these fundamental attributes of information.

I think I don’t require to provide the explanation of C-I-A here. Let’s look at the other attributes.

Read the rest of this entry »

Tags: CIA, CIA Triad

Service Asset – A Requirement or Duplication

Jul 5

Posted by Vinod Puthuseeri in Information Security Risk Assessment, ISMS, ISO 27001:2005, Risk Assessment | 2 Comments

It just came up recently while discussing with one of my friend, the need for capturing service assets as a part of asset inventory which will be used further for risk assessment exercise.

In a normal scenario, everyone uses a template that captures assests under different cateogories, viz

Information Asset – deals with electronic and paper based data
Hardware Asset – includes all your hardware, cupboards, safe, etc
Software Asset – includes all software’s used or implemented in the organization.
Service Asset – services that a department avails from the organization
People Asset – talks about people / employees

Now the discussion went like this:

Read the rest of this entry »

Tags: Asset Identificaion, Asset Inventory, Information Security Risk Assessment

Depth of Control Implementation

Mar 10

Posted by Vinod Puthuseeri in ISMS | No Comments

Discussing with various personnel it is quite amazing to see each one come up with their own way of interpreting controls and to what depth each control need to be implemented. I would like to illustrate a discussion that I had recently. The standard too does not talk about this and it is left to the person who implements and to the auditor on how they want to look at the implementation effectiveness.

Up until now some of the aspects that we look into while implementing a control is as mentioned below;

Is the control implementation cost less than or equal to loss of the damage a threat could cause to an organization?
Does the control implementation enable process improvements?
Is the control implementation required as a part of legal, regulator or contractual requirements?

Read the rest of this entry »

Tags: Controls Implementation, Information Security, ISO 27001:2005 control implementation, Risk Assessment

M	T	W	T	F	S	S
« Dec
		1	2	3	4	5
6	7	8	9	10	11	12
13	14	15	16	17	18	19
20	21	22	23	24	25	26
27	28	29

InfoSecMinds

For like-minded people

Archive for category ISMS

The Faces of Fraud: Fighting Back

Two factor authentication

Parkerian Hexad

Service Asset – A Requirement or Duplication

Depth of Control Implementation

Recent Posts

Blogroll

Who's Online

Tags

Admin