InfoSecMinds

For like-minded people

Archive for category ISO 27001:2005

The Faces of Fraud: Fighting Back

Dec 31

Posted by Vinod Puthuseeri in Information Security, Information Security Risk Assessment, ISMS, ISO 27001:2005, Risk Assessment | 1 Comment

See How Financial Institutions Respond to the Latest Threats

From skimming and POS attacks to ACH fraud and payment card hacks, 2010 was “The Year of Fraud,” and the year’s incidents have left banking institutions and their customers anxious for new solutions to prevent fraud in all its forms.

In response to the growing fraud threats – and to the demand for new solutions – Information Security Media Group just concluded its latest survey, “The Faces of Fraud: Fighting Back.”

This is the Executive Summary of the survey results and what they suggest for fighting fraud in 2011.

One of the most telling responses of the survey is to this question:

Read the rest of this entry »

Tags: , , , , , , , , , , , , , , , ,

Parkerian Hexad

Aug 16

Posted by Vinod Puthuseeri in CIA Triad, Information Security, Information Security Risk Assessment, Information Security Risk Management, ISMS, ISO 27001:2005, Risk Assessment | 3 Comments

The Parkerian hexad is a set of six elements of information security proposed by Donn B. Parker, renowned security consultant and writer. The term was coined by M. E. Kabay. The Parkerian hexad adds three additional attributes to the three classic security attributes of the CIA triad (confidentiality, integrity, availability).

The Parkerian Hexad attributes are the following:

  • Confidentiality
  • Possession or Control
  • Integrity
  • Authenticity
  • Availability
  • Utility

These attributes of information are atomic in that they are not broken down into further constituents; they are non-overlapping in that they refer to unique aspects of information. Any information security breach can be described as affecting one or more of these fundamental attributes of information.

I think I don’t require to provide the explanation of C-I-A here. Let’s look at the other attributes.

Read the rest of this entry »

Tags: ,

Service Asset – A Requirement or Duplication

Jul 5

Posted by Vinod Puthuseeri in Information Security Risk Assessment, ISMS, ISO 27001:2005, Risk Assessment | 2 Comments

It just came up recently while discussing with one of my friend, the need for capturing service assets as a part of asset inventory which will be used further for risk assessment exercise.

In a normal scenario, everyone uses a template that captures assests under different cateogories, viz

  • Information Asset – deals with electronic and paper based data
  • Hardware Asset – includes all your hardware, cupboards, safe, etc
  • Software Asset – includes all software’s used or implemented in the organization.
  • Service Asset – services that a department avails from the organization
  • People Asset – talks about people / employees

 Now the discussion went like this:

Read the rest of this entry »

Tags: , ,

Security Breach – Who's responsible?

Jan 27

Posted by Vinod Puthuseeri in Information Security, Information Security Risk Assessment, ISMS, ISO 27001:2005, Risk Assessment | 4 Comments

The very first lesson taught to me in my computer classes where “A computer is as smart as you are” and this statement holds good even today. For the computer would do only that a person would want it to do. The only advantage a computer has over human is that of speed and storage capacity.

While looking at various aspects of data loss, the end reason always point to “PEOPLE”. The above statement holds good not only because there are data loss (which is now the high rated security risks), even if you look at any frauds that has happened in the recent past, everything has been manipulated by “HUMAN”. No matters what standards are adopted, what stringent rules are set in an organization, frauds still happen.

Read the rest of this entry »

Tags: , ,

ISMS Implementation – The bottom-Up approach

Oct 23

Posted by Vinod Puthuseeri in Information Security, ISO 27001:2005 | 1 Comment

All the while we have been hearing and believing that ISMS implementation in any organization requires management approval without which it would be a failure. True!!!

For any project in an organization for that matter, management approvals are a must cause for a project to kick-start and complete with desired results, requires resources, budget, tools etc. These can be achieved only if the project manager shows the management that there is value created by doing this project which could favor the organization. The value could be of many ways which ultimately boils down to making profits or avoiding monetary/image loss.

Read the rest of this entry »

Tags: , ,