Nissan data breach exposed Social Security numbers of thousands of employees Nissan suffered a data breach last November in a ransomware attack that exposed the Social Security numbers of thousands of former and current employees, the Japanese automaker said 15th May. Nissan’s U.S.-based subsidiary, Nissan North America, detailed the cyberattack in a May 15 letter toContinue reading “Monthly Round Up for the month of May 2024”
Tag Archives: requirements
A.8 Technological Controls (34 Controls)
A.8.1 User end point devices Information stored on, processed by or accessible via user end point devices shall be protected. A.8.2 Privileged access rights The allocation and use of privileged access rights shall be restricted and managed. A.8.3 Information access restriction Access to information and other associated assets shall be restricted in accordance with theContinue reading “A.8 Technological Controls (34 Controls)”
PDCA and Clauses
Plan(P) Do(D) Check(C) Act(A) ISO/IEC 27001:2022: Clause 4 of 10 Clause 4: Context of Organization ISO/IEC 27001:2022: Clause 5 of 10 Clause 5: Leadership ISO/IEC 27001:2022: Clause 6 of 10 Clause 6: Planning ISO/IEC 27001:2022: Clause 7 of 10 Clause 7: Support ISO/IEC 27001:2022: Clause 8 of 10 Clause 8: Operation ISO/IEC 27001:2022: Clause 9Continue reading “PDCA and Clauses”
Threat, Risk and Vulnerability
Threat: A potential cause of an unwanted Incident, which may result in harm to a System or OrganizationVulnerability: A vulnerability is a weakness of an asset or control that could potentially be exploited by one or more threats.Risk: A combination of the probability of an Event and its Consequence Risk Assessment is the total sumContinue reading “Threat, Risk and Vulnerability”
What is ISMS,CIA Triad
Information Security Management System (ISMS) Information Security Management System (ISMS) is a management system made of multiple interacting components. What is information? As per ISO/IEC 27000:“Information (knowledge or data) is an asset which, like other important business assets is of value to an organization and consequently needs to be suitably protected”. Information can be: InformationContinue reading “What is ISMS,CIA Triad”
AWS Infrastructure as Code (IaC)
IaC allows you to write a script to provision AWS resources. The benefit is that you provision resources in a reproducible manner that saves time. CloudFormation CloudFormation allows you to provision AWS resources using IaC. Features: Provides a repeatable process for provisioning resources. Works with most AWS services. Create templates for the resources you wantContinue reading “AWS Infrastructure as Code (IaC)”
AWS Developer Service
Software developers use tools to accelerate the software development and release cycle. Services: Cloud9 Cloud9 allows you to write code within an integrated development environment (IDE) from within your web browser. Features: Integrated development environment (IDE). Write and debug code. Supports popular programming languages. Cloud9 preconfigures the development environment with the needed SDKs and libraries.Continue reading “AWS Developer Service”
AWS Migration Services
A lot of companies are migrating to the cloud, and they need inexpensive, fast, and secure ways to move their on-premises data to AWS. Data Migration Service (DMS) DMS helps you migrate databases to or within AWS. Features: Migrate on-premise databases to AWS. Supports homogeneous and heterogeneous migrations. Continuous data replication. Virtually no downtime. UseContinue reading “AWS Migration Services”
Securing Linux
Linux enjoys various benefits with regards to security, yet no operating system is absolutely secure. One issue at present confronting Linux is its fame. For quite a long time, Linux was fundamentally utilized by a more modest, more tech-driven segment. Presently, its expanding use frees it up to the well-established issue of more clients promptingContinue reading “Securing Linux”
OWASP Juice Shop
Day 1 Task – Injection Question #1: Log into the administrator account! Capture the request and change the parameters Click on send button See response in browser The token used is a jwt token which can be easily decoded from jwt.io After decoding you get the password Login with the credentials Here is your flag.Continue reading “OWASP Juice Shop”
