Day in and out we are reading and listening to news about how lost and stolen data, Virus attacks crippling organizations, unauthorized software that may contain malwares and so on. While it is impossible to eliminate IT risks altogether, certain steps can aid in placing less reliance on the persons and processes and more on technology. At the end of the day it is better to Push Security to End Users than to expect compliance. Continue reading “It doesn’t matter where the weakest link is as long as it exists.”
Essential IT Governance Concepts
To build a successful GRC solution it is absolutely critical to get Management support for GRC project. However to achieve this you must be able to demonstrate the value that GRC projects can add to the business. In this post we look at some essential governance concepts
Continue reading “Essential IT Governance Concepts”
Direct Entry Upload – the Satyam Fraud Modus Operandi
The perils of direct entry uploading into a database are well known … and the recent revelation by CBI on the modus operandi used in Satyam to book invoices is a grim reminder of this.
CBI has claimed to have unravelled through cyber forensic technique the modus operandi of Satyam in generating false invoices to show inflated sales. Continue reading “Direct Entry Upload – the Satyam Fraud Modus Operandi”
James Bond Meets The 7 Layer OSI Model-Technology Demystified
The OSI model describes the flow of data in a network, from the lowest layer (the physical connections) up to the layer containing the user’s applications. Data going to and from the network is passed layer to layer. Each layer is able to communicate with the layer immediately above it and the layer immediately below it. This way, each layer is written as an efficient, streamlined software component. When a layer receives a packet of information, it checks the destination address, and if its own address is not there, it passes the packet to the next layer. Continue reading “James Bond Meets The 7 Layer OSI Model-Technology Demystified”
Conficker Virus – A simple check
Conficker, also known as Downup, Downadup and Kido, is a computer worm targeting the Microsoft Windows operating system that was first detected in October 2008. The worm uses a combination of advanced malware techniques which has made it difficult to counter.
Experts say it is the worst infection since the SQL Slammer. Estimates of the number of computers infected range from almost 9 million PCs to 15 million computers, however a conservative minimum estimate is more like 3 million which is more than enough to cause great harm.
Basics of a proxy server and means to secure it
A proxy server is a server that acts as a gateway between a client computer and a larger network like the internet. This can be better understood through an illustration of daily life usage of proxy server. We are familiar with configuring proxy settings in the ‘Network Settings’ tab of our web browsers. We use a proxy in this case. A proxy server receives a web page request from the local internal user. The proxy server then acts as a client on behalf of the user, uses its own IP address to request the page from the server out on the internet. When the page is returned by the internet server, the proxy server relates it to the original request and forwards it on to the local internal user. Continue reading “Basics of a proxy server and means to secure it”
Increasing threats from Malwares – Controls
Malwares are malicious softwares that are created with a intention to damage information processing facilities. It is different from error in software which may cause the same end result but is not intentional. Malwares are written with a specific purpose to cause damage. What are the controls you can use for protection
Continue reading “Increasing threats from Malwares – Controls”
Qadit Systems empanelled by CERT-In as a qualified IT Security Auditing organisation
Qadit Systems & Solutions Pvt Ltd has been empanelled by CERT-In as one of the few qualified IT Security Auditing organisations in the country.
Qadit System’s expertise and experience in the areas of Vulnerability Assessment and Information Security audit has ensured its inclusion in this very select list of firms that are empanelled currently. This re-empanelment is an acknowledgment of Qadit System’s technical expertise in areas of Information Security. Continue reading “Qadit Systems empanelled by CERT-In as a qualified IT Security Auditing organisation”
Tech Terminology Demystified – Cross-site Scripting
Cross-site scripting (XSS) is a type of security vulnerability typically found in web applications where attackers cause a web server to send a page that contains malicious HTML or other client side scripts to a victim’s browser.
Continue reading “Tech Terminology Demystified – Cross-site Scripting”
India’s ambitious National e-Governance Plan
Tamil Nilam is the Tamil Nadu government’s land administration and management system. Tamil Nilam has been implemented in all rural Taluks of Tamil Nadu. Touch screen kiosks to disseminate information related to land records have been implemented in 127 Taluks. This G2C initiative has been a phenomenal success both in terms of revenue and reach.
Continue reading “India’s ambitious National e-Governance Plan”