The Security Risk Assessment Handbook: A Complete Guide for Performing Security Risk Assessments
The following are the common steps that should be taken to perform a security risk assessment. These are just basic common steps which should not be followed as is but modified based on organization assessment scope and business requirements.
• Identify the business needs [...]
Image by Adam Melancon via Flickr
The Security Risk Assessment Handbook: A Complete Guide for Performing Security Risk Assessments
Definition – A risk assessment framework (RAF) is a strategy for prioritizing and sharing information about the security risks to an information technology (IT) infrastructure.
A good RAF organizes and presents information in a way that both technical [...]
Principles of Information Security
For security controls to be effective apply the pillars of information security
–Principle of least privilege
–Separation of duties
–Economy of mechanism
–Complete mediation
–Open design
Least Privilege
• “Need to Know”
• Default deny – essentially , don’t permit any more to occur than is required to meet business or functional objectives
• Anything extra introduces risk
Separation of Duties
• The [...]
Image via Wikipedia
Fighting Computer Crime: A New Framework for Protecting Information
Risk assessment demands due diligence, which makes business sense and derives organization mission. Due care care is also about applying the specific control that counts. In information security, due diligence means a complete and comprehensive effort is made to avoid a security breach which could [...]
Open networks are heterogeneous environment where users like to use all the applications and systems at any given time. In a heterogeneous environment, each department run different hardware and software, but you can control the protocols which will work on this environment.
Universities are famous for open network. Most Universities network is comprised of a Bank [...]
Best practice emphasize the fact to backup the data if you can’t live without it, in the same way a traveler must avoid taking sensitive data on the road unless it’s absolutely necessary to do so. If you do plan to take sensitive data with you on the laptop, the necessary security controls must be [...]
Mobile spyware is malicious software which is used to spy and control mobile devices (BlackBerry, PDAs, Windows Mobile and Cell Phones). Mobile spyware will not only intercept the message between two devices but also determine the location of the device. Basically, mobile spyware software is installed on a mobile device to spy on them.
Small businesses [...]
