Security policy is a broad statement produced by the senior management that dictates the role of security within the organization. Characteristics of Security Policy It must be generic, non technical, and easily understood It must integrate security into all business processes and functions It must be reviewed and modified periodically or as the company environmentContinue reading “Security Policies”
Tag Archives: ethicalhacking
Some Generic Terms
Goals, Mission and Objectives Goals: Define what the organization desires to achieve Goals provide the overall context of what the organization wants to accomplish. Mission: Indicate how will you proceed to them Mission is a statement of the organization’s purpose and reason for existence. Objectives: Help in creation of long term and short term strategiesContinue reading “Some Generic Terms”
Governance, Risk and Compliance
GRC is an acronym of Governance, Risk management and Compliance. GRC of every organization is different and varies based on the type of organization. It depends on organization mission, size, industry, culture and legal regulations. Ultimate responsibility of GRC program is to protect their assets and operations, including their IT infrastructure and information. Governance ItContinue reading “Governance, Risk and Compliance”
Information Security Management and Governance
ISO 27001:2013 ISO/IEC 27001 It is an internationally recognized structured methodology dedicated to information security. It is a management process to evaluate, implement and maintain an Information Security Management Systems(ISMS). It is a comprehensive set of controls compromised of best practices information security. It is applicable to all industry sectors. It emphasizes prevention. ISO 27001Continue reading “Information Security Management and Governance”
Security Controls
Security controls are the measures taken to safeguard an information system from attacks against the CIA of the information system. Security controls are selected and applied based on a risk assessment of the information system. The risk assessment process identifies systems threats and vulnerabilities, and then security controls are selected to reduce or mitigate risk.Continue reading “Security Controls”
CISSP
Certified Information Systems Security Professional The following certification is structured in 8 different domains: Security and Risk Management Asset Security Security Engineering Communication and Network Security Identity and Access Management Security Assessment and Testing Security Operations Software Development Security Certification Path Minimum of 5 years of work experience in any 2 domain mentioned above. IfContinue reading “CISSP”
Security and Risk Management
Information Security Management Information security is the process of protecting information and information systems from the following: Unauthorized disclosure, access and use Destruction Deletion Modification Disruption Factors that impact information security Technology Platforms and tool used Network Connectivity Level of IT complexity New or emerging security tools Operational support for security Business Plan and EnvironmentContinue reading “Security and Risk Management”
Basic Pentesting
Task 1 – Web App Testing and Privilege Escalation In these set of tasks you’ll learn the following: Brute forcing Hash cracking Service enumeration Linux Enumeration The main goal here is to learn as much as possible. Find the services exposed by the machine: Use “nmap” to find out what services are running on theContinue reading “Basic Pentesting”
OWASP TOP 10
OWASP stands for Open Web Application Security Project is a non profit organization that works on the improvement of security of software. They publishes report outlining security concerns for web application security focusing on top 10 most critical risks at free of cost. OWASP TOP 10 2017 report as follows: Injection Broken Authentication Sensitive DataContinue reading “OWASP TOP 10”
API Testing
Introduction to API API stands for Application Programming Interface that acts as middle man whose job is deliver the data with the client and server for data exchange. Basically it acts as a medium of communication between two entities. Types of API REST API SOAP API Properties of secure API An API should provide expectedContinue reading “API Testing”
