Information Security, SSAE 16, ISO 27001, CISA, Cert-IN
Anything under the umbrella of IT Security, Computer Security, IT Controls
Introduction
LMI is a governance enabler. Log data is no longer just the domain of technical personnel (traditionally used for trouble shooting). Log data is no longer just an IT asset and it is a corporate and business asset. It is used extensively by both management and external parties (auditor, forensic investigators) and hence has gained executive level visibility. In this post we look at the new approach to log management.
As we begin a new year, I thought it would be a good time to reflect upon some major information security breaches of 2009. The list of the organizations involved makes this list very interesting. What makes this list even more interesting is the analysis of the breach- which indicates that the incidents could have been averted by adopting some fundamental security best practices.
Continue reading “A list of major security breaches of 2009”
While Windows 7 is getting a rave review (unlike Vista) and more and more users are migrating to Windows 7, Windows XP continues to be prevalent. So as 2010 rings in, here are some tips and tweaks to make your Windows XP secure and faster.
What the Information Security manager should aim for
Traditional authentication mechanisms for online banking have been password and/or a one time password from a dedicated token. Variants or a combination of these two authentication types have been deployed by most banks across the globe. Increasingly these traditional customer authentication methods are being challenged and defeated. Continue reading “Responding to Authentication challenges in Online Banking”
Network Printers are so commonly used that they are no longer considered computing accessories but more as office appliances. At first thought, applying security to network printers may seem superfluous and unnecessary. But Printers today are complex network devices that require careful consideration regarding security. Continue reading “Securing the Network Printer”
As per a recent statistic, about a million mobile handsets are getting lost every year. While mobile phones carry valuable data such as business contacts, emails, documents, pictures, videos, etc. and senior management executives are increasingly using their smart phones compared to laptops, securing mobile phones is not given top priority in the IT security agenda of many business organizations. It is highly recommended that every organization includes a ‘Mobile Phone Security Policy’ in their IT Security Policy and Procedures. The policy may include a security checklist similar to the one given below. Continue reading “Checklist to secure data in mobile phones”