InfoSecMinds

For like-minded people

Archive for category Risk Assessment

The Faces of Fraud: Fighting Back

Dec 31

Posted by Vinod Puthuseeri in Information Security, Information Security Risk Assessment, ISMS, ISO 27001:2005, Risk Assessment | 1 Comment

See How Financial Institutions Respond to the Latest Threats

From skimming and POS attacks to ACH fraud and payment card hacks, 2010 was “The Year of Fraud,” and the year’s incidents have left banking institutions and their customers anxious for new solutions to prevent fraud in all its forms.

In response to the growing fraud threats – and to the demand for new solutions – Information Security Media Group just concluded its latest survey, “The Faces of Fraud: Fighting Back.”

This is the Executive Summary of the survey results and what they suggest for fighting fraud in 2011.

One of the most telling responses of the survey is to this question:

Read the rest of this entry »

Tags: , , , , , , , , , , , , , , , ,

Top 10 Security SNAFU’s of 2010

Dec 29

Posted by Vinod Puthuseeri in Information Security, Risk Assessment | No Comments

That old phrase SNAFU (“Situation Normal, All F—ked Up!”) certainly describes our choices for 2010′s top 10 security screw-ups.

Not surprisingly some of the biggest names in technology – Google, Cisco, McAfee, AT&T – are prominent on the list, either because they’re obvious hacker targets or because whenever they make a security mistake, it’s big news. Without further ado, the list:

Aurora attacks on Google: In what’s come to be called the “Aurora attacks,” Google in January acknowledges valuable intellectual property was stolen via a network break-in during that past December, intimating China to be the origin of the cyberattack. About a dozen other high-tech and industrial companies appear to have been struck in similar fashion. The Chinese government says it doesn’t know what they’re talking about. Outraged over the cyber-intrusion, Google, which had been adhering to Chinese dictates regarding search-engine censorship, says it will defy them, putting its search-engine license in China in jeopardy. But by year-end, under Chinese pressure, Google abandons its tactic of re-directing Chinese user traffic to its more liberal Hong Kong site and its renewed China license requires censorship.

Read the rest of this entry »

Tags: , , , , , , , , ,

Assessing C-I-A values.

Dec 23

Posted by Vinod Puthuseeri in CIA Triad, Information Security Risk Assessment, Information Security Risk Management, Risk Assessment | 2 Comments

It is a common discussion during an information security risk assessment exercise at most of the organizations. As a general practice the asset value is derived by weighing the confidentiality ©, Integrity (I) and availability (A) value of an asset. While the assets are categorized into Information, Hardware, Software, Service and People, my argument always has been to say that C-I-A values can be assessed for Information Assets only and for all other it should just be the availability value.

Read the rest of this entry »

Tags: , , ,

Parkerian Hexad

Aug 16

Posted by Vinod Puthuseeri in CIA Triad, Information Security, Information Security Risk Assessment, Information Security Risk Management, ISMS, ISO 27001:2005, Risk Assessment | 3 Comments

The Parkerian hexad is a set of six elements of information security proposed by Donn B. Parker, renowned security consultant and writer. The term was coined by M. E. Kabay. The Parkerian hexad adds three additional attributes to the three classic security attributes of the CIA triad (confidentiality, integrity, availability).

The Parkerian Hexad attributes are the following:

  • Confidentiality
  • Possession or Control
  • Integrity
  • Authenticity
  • Availability
  • Utility

These attributes of information are atomic in that they are not broken down into further constituents; they are non-overlapping in that they refer to unique aspects of information. Any information security breach can be described as affecting one or more of these fundamental attributes of information.

I think I don’t require to provide the explanation of C-I-A here. Let’s look at the other attributes.

Read the rest of this entry »

Tags: ,

CISF Security at Infosys

Jul 31

Posted by Vinod Puthuseeri in Information Security, Information Security Management System, Information Security Risk Assessment, Information Security Risk Management, Physical Security, Risk Assessment | 2 Comments

In the recent news Infosys becomes the first private company to get CISF security. I have also been reading in yet another blog about a organization conducting mocks drills for terrorist’s attacks. It is quite interesting to see that organizations are now taking security as a prime concern. As mentioned in my previous blog about frisking of VIP’s at airports, the exception mentioned there is an age old rule that was implemented when terrorism was a not major concern.

Read the rest of this entry »

Tags: , , , ,