Information Security, SSAE 16, ISO 27001, CISA, Cert-IN
Anything under the umbrella of IT Security, Computer Security, IT Controls
SOA Security Model has been doing rounds in recent past in many forums. This prompted me to write on SOA security aspects through a 3 part article. Through this ‘Part 1’, let me introduce you to SOA. A Service Oriented Architecture (SOA) is a framework for integrating business process and supporting IT infrastructure as secure, standardized components services that can be reused and combined to address changing business priorities.
As soon as the word ‘MPLS’ (Multi Layered Protocol Switching) is mentioned the term ‘MPLS VPN’ comes to everybody’s mind. This is soon followed by the thought of corporate offices spread across different cities being connected through an ‘MPLS VPN’. Your subconscious mind has also associated ‘confidentiality of my data probably using encryption’ to this whole concept as it is a VPN and VPNs are supposed to provide confidentiality and integrity of my data. Why else should they say ‘private’ in Virtual Private Networks?
Information rights management is a technology which aims to protect sensitive and critical documents and information while at the same time ensuring that it is made available for genuine needs. For example, two companies may negotiate to trade a patent during which the patent details would be made available to the buying company. Despite signing an NDA, if the deal doesn’t happen, the company which was supposed to buy the patent can come out with a new product based on that patent (whose details were made available to it during negotiation stage) with some modifications. Continue reading “Information Rights Management – An Introduction”
Concept of thin-client, which has been around for a decade and half, is back in the limelight with cloud computing gaining considerable popularity and acceptance. It is, therefore, relevant to know how thin-clients aid information security. Continue reading “Thin-Client and Information Security”
Recent Phishing Scams
Over the last few months, financial institutions have seen a varying profile of phishing attacks. Two interesting instances are reproduced below Continue reading “Recent Phishing Scams”
Javelin’s 2010 Identity Fraud Survey Report: Consumer Version provides tips and recommendations for consumers to help prevent, detect and resolve identity fraud. This study is designed to help consumers lower their risk of identity fraud by equipping them with the tools and resources necessary to detect and resolve this crime.
Continue reading “2010 Identity Fraud Survey Report – A snapshot”
The Information Technology Act gives legal validity to internet based communications / transactions like email and EDI etc, i.e. e-commerce in short.In these internet based transactions, a digital signature serves the purpose of identifying the originator of the transaction and ensuring that the communication has happened without any intermediary disturbance like data tampering or modification. Continue reading “Working of a digital signature”
We are always under the impression that formatting of a HDD or USB removes the data permanently. But this is not the truth. Data on these media can be retrieved by special disk / file recovery utilities and laboratory attacks even after formatting. Let us see what the best method of sanitizing data is. Continue reading “How to sanitize data on hard disk drives, USBs , CDs and DVDs?”
The use of smart phones to access sensitive corporate information away from the office is creating huge security gaps for enterprises. Smart phones are being used to access company mails and applications. Atleast one major breach involving theft of application code has been attributed to malware from smart phones. So how do we benefit from the technology while addressing the risks Continue reading “Smart Phones – Convenience or Threat?”