InfoSecMinds

For like-minded people

Vulnerability Management Program

Oct 10

Posted by Praveen Reddy in Information Security | 2 Comments

Introduction

It is quite obvious that, every organization want to serve its clients with out any interruptions. If not handled properly, sometimes, presence of a small vulnerability in a system or in the network may lead to interruption of the services offerings to clients. This may result in losing the trust of clients or loss of revenue.

Vulnerability assessment is a simple process of identifying and reporting vulnerabilities.

It provides a way to detect and resolve security problems before someone or something can exploit them. By conducting periodic vulnerability assessments, management could validate the security measures they have deployed.

Read the rest of this entry »

Tags: , , , , , , ,

Risks of Providing Local Admin Privileges to Users

Sep 17

Posted by Praveen Reddy in Information Security | 2 Comments

As an InfoSec consultant I had confronted and I am sure that many of you might have faced the question from your clients or within your organization that “‘to provide’ or ‘not to provide’ Local Admin privileges to users”.

Indeed, it is a tough question to answer and even tougher to convince anyone to take a certain approach in this regard. Reason being, I feel, it is impossible to get away with any one approach. Again in my view, if given a chance, I would prefer to go with the approach of not providing administrative privileges, unless I have been provided with enough personnel, technology and time to handle the mess created by this action.

Read the rest of this entry »

Tags: , , ,

Certification, Its Value and Credibility

Jul 30

Posted by Vinod Puthuseeri in Training & Certification | No Comments

Speaking about industry standard, educational and organizational certifications and understand if it is actually loosing its charm. “Organization’s are gearing up to be certified on various standards; individuals are busy certifying themselves against product and general certifications to enhance their opportunities in getting better pay packs (or could also be to enhance their skill sets).”

Looking at the later, that individuals are busy completing their certifications in looking for better opportunities or enhancing their skill sets. The main trigger for this is organization and/or recruiters do their first level of screening by looking at certifications an individual has completed. Organizations realize the facts when the candidate appears for his/her personnel interview.

Read the rest of this entry »

Tags: , ,

Difference between BC and DR

Jul 16

Posted by Vinod Puthuseeri in Business Continuity & Disaster Recovery | 9 Comments

I have been going through couple of articles and noticing that most of them have defined BC and DR in a different way. My understanding of BC and DR is slightly different and I would like to post this here to get your views of the same.

What I have seen in several blogs is that Business Continuity will look at how to recover the business and Disaster Recovery is about recovering IT Infrastructure. This is mentioned not only in some of the blogs but also some of the institutes preach the same. This is not to comment that they are wrong, but to spread the word and understand what others think of the same.

Read the rest of this entry »

Tags: , ,

ISMS Compliance Checklist

Jul 7

Posted by Vinod Puthuseeri in ISO 27001:2005 | 10 Comments

We all have been in this situation before, been eager and inquisitive to know how far have we reached on our implementation…are we ready to be audited by the auditors…??? Are we comfortable to ask the auditors to take a stroll through our organization…???

Read the rest of this entry »

Tags: ,