InfoSec blog

Image via Wikipedia
In the past when senior management (execs) needed to understand the financial implication of cyber threats and their exposures, they turned their questionnaires toward IT for relevant answers. In other words IT risk assessment was the answer in the past to understand the financial implications of cyber threats. The IT risk assessment is [...]

Open networks are heterogeneous environment where users like to use all the applications and systems at any given time. In a heterogeneous environment, each department run different hardware and software, but you can control the protocols which will work on this environment.
Universities are famous for open network. Most Universities network is comprised of a Bank [...]

Have you ever thought of losing something and you cannot live without it? Yes, that something can be your identity. Phishing is a practice of luring unsuspecting Internet users to a fake Web site by using authentic-looking email with the real organization’s logo, in an attempt to steal passwords, financial or personal information. In [...]

The State of California has adopted ISO/IEC 27002 as its standard for information security and recommends other organizations and vendors to use this standard as guidance in their efforts to comply with California law.
To achieve an ongoing compliance, major organizations require tools to comply with standard such as ISO 27002/ISO27001. vsRisk is an easy to [...]

The PCI DSS (Payment Card Industry & Data Security Standard) was established by credit card companies to create a unified security standard for handling credit card information.  The retail service industry now understands the strategic significance of PCI DSS compliance, which was demonstrated when TJX announced that their system was compromised for more than 17 [...]

Security review is performed to identify and analyze risks and weaknesses in the current security posture of an organization. An ISO assessment is performed utilizing international standard ISO 27002 and company security policy, the purpose of the review is to evaluate the information security posture of an organization based on international standard. The level of [...]