All the while we have been hearing and believing that ISMS implementation in any organization requires management approval without which it would be a failure. True!!!
For any project in an organization for that matter, management approvals are a must cause for a project to kick-start and complete with desired results, requires resources, budget, tools etc. These can be achieved only if the project manager shows the management that there is value created by doing this project which could favor the organization. The value could be of many ways which ultimately boils down to making profits or avoiding monetary/image loss.
Read the rest of this entry »
Tags: Information Security, ISMS Implementation, ISO 27001
Introduction
It is quite obvious that, every organization want to serve its clients with out any interruptions. If not handled properly, sometimes, presence of a small vulnerability in a system or in the network may lead to interruption of the services offerings to clients. This may result in losing the trust of clients or loss of revenue.
Vulnerability assessment is a simple process of identifying and reporting vulnerabilities.
It provides a way to detect and resolve security problems before someone or something can exploit them. By conducting periodic vulnerability assessments, management could validate the security measures they have deployed.
Read the rest of this entry »
Tags: Patch Management, Penetration Testing, Security Assessment, Systems Security, VA/PT, Vulnerability Assessment, Vulnerability Management, Vulnerability Scanning
As an InfoSec consultant I had confronted and I am sure that many of you might have faced the question from your clients or within your organization that “‘to provide’ or ‘not to provide’ Local Admin privileges to users”.
Indeed, it is a tough question to answer and even tougher to convince anyone to take a certain approach in this regard. Reason being, I feel, it is impossible to get away with any one approach. Again in my view, if given a chance, I would prefer to go with the approach of not providing administrative privileges, unless I have been provided with enough personnel, technology and time to handle the mess created by this action.
Read the rest of this entry »
Tags: Access Control, Admin Access, Elevated Privileged Access, Local Admin
Speaking about industry standard, educational and organizational certifications and understand if it is actually loosing its charm. “Organization’s are gearing up to be certified on various standards; individuals are busy certifying themselves against product and general certifications to enhance their opportunities in getting better pay packs (or could also be to enhance their skill sets).”
Looking at the later, that individuals are busy completing their certifications in looking for better opportunities or enhancing their skill sets. The main trigger for this is organization and/or recruiters do their first level of screening by looking at certifications an individual has completed. Organizations realize the facts when the candidate appears for his/her personnel interview.
Read the rest of this entry »
Tags: Certifications, Standards, Training
I have been going through couple of articles and noticing that most of them have defined BC and DR in a different way. My understanding of BC and DR is slightly different and I would like to post this here to get your views of the same.
What I have seen in several blogs is that Business Continuity will look at how to recover the business and Disaster Recovery is about recovering IT Infrastructure. This is mentioned not only in some of the blogs but also some of the institutes preach the same. This is not to comment that they are wrong, but to spread the word and understand what others think of the same.
Read the rest of this entry »
Tags: BS 25999, Business Continuity, Disaster Recovery