requirements

contact

Johnson, an attacker, performed online research for the contact details of reputed cybersecurity firms. He found the contact number of sibertech.org and dialed the number, claiming himself to represent a technical support team from a vendor. He warned that a specific server is about to be compromised and requested sibertech.org to follow the provided instructions. Consequently, he prompted the victim to execute unusual commands and install malicious files, which were then used to collect and pass critical information to Johnson’s machine. What is the social engineering technique Steve employed in the above scenario?

1 Comment / CEHv11 / By

Johnson, an attacker, performed online research for the contact details of reputed cybersecurity firms. He found the contact number of sibertech.org and dialed the number, claiming himself to represent a technical support team from a vendor. He warned that a specific server is about to be compromised and requested sibertech.org to follow the provided instructions. Consequently, he prompted the victim to execute unusual commands and install malicious files, which were then used to collect and …

Johnson, an attacker, performed online research for the contact details of reputed cybersecurity firms. He found the contact number of sibertech.org and dialed the number, claiming himself to represent a technical support team from a vendor. He warned that a specific server is about to be compromised and requested sibertech.org to follow the provided instructions. Consequently, he prompted the victim to execute unusual commands and install malicious files, which were then used to collect and pass critical information to Johnson’s machine. What is the social engineering technique Steve employed in the above scenario? Read More »

ISO-27001-Annex-A.18-Compliance

ISO 27001 Annex : A.18 Compliance

Leave a Comment / ISO 27001 La, Knowledge Base / By

ISO 27001 Annex : A.18 Compliance in this article explain Compliance with Legal and Contractual Requirements, Identification of Applicable Legislation and Contractual Requirements and Intellectual Property Rights this controls. A.18.1 Compliance with Legal and Contractual Requirements It’s objective is to protect against violation of legal, statutory, regulatory, or contractual obligations relating to information security and any other security requirements. A.18.1.1 Identification of Applicable Legislation and Contractual Requirements Control- Each of these information systems and organizations …

ISO 27001 Annex : A.18 Compliance Read More »

ISO-27001-Annex-A.15.1.2-Addressing-Security-Within-Supplier-Agreements

ISO 27001 Annex : A.15.1.2 Addressing Security Within Supplier Agreements & A.15.1.3 Information and Communication Technology Supply Chain

Leave a Comment / ISO 27001 La, Knowledge Base / By

In this article explain ISO 27001 Annex : A.15.1.2 Addressing Security Within Supplier Agreements & A.15.1.3 Information and Communication Technology Supply Chain this controls. A.15.1.2  Addressing Security Within Supplier Agreements Control- Any suppliers that view, process, store, communicate or provide IT infrastructure component information for the organization should be defined and agreed with all applicable information security requirements. Implementation Guidance- Supplier agreements should be defined and recorded so that the organization and the supplier do …

ISO 27001 Annex : A.15.1.2 Addressing Security Within Supplier Agreements & A.15.1.3 Information and Communication Technology Supply Chain Read More »

ISO-27001-Annex-A.14.1.2-Securing-Application-Services-on-Public-Networks

ISO 27001 Annex : A.14.1.2 Securing Application Services on Public Networks

Leave a Comment / ISO 27001 La, Knowledge Base / By

Control- ISO 27001 Annex : A.14.1.2 Securing Application Services on Public Networks Information about application services which pass through public networks should be protected against fraudulent activities, contract disputes, unauthorized disclosure, and modification. Implementation Guidance – Information security requirements will include the following for application services that cross public networks: Each party requires a level of trust in the identity claimed by each other, for example, through authentication; Authorizations for those who may authorize the …

ISO 27001 Annex : A.14.1.2 Securing Application Services on Public Networks Read More »

ISO-27001-Annex-14-System-Acquisition-Development-and-Maintenance

ISO 27001 : Annex 14 System Acquisition, Development and Maintenance

Leave a Comment / ISO 27001 La, Knowledge Base / By

ISO 27001 : Annex 14 System Acquisition , Development and Maintenance in this article is explain  A.14.1  Security Requirements of Information Systems & A.14.1.1  Information Security Requirements Analysis and Specification. A.14.1  Security Requirements of Information Systems Its objective is ensuring the information management for the entire lifecycle is an important part of information systems. This also includes the information systems requirements that provide services over a public network. A.14.1.1  Information Security Requirements Analysis and Specification …

ISO 27001 : Annex 14 System Acquisition, Development and Maintenance Read More »

ISO-27001-Annex-A.12.3-Backup

ISO 27001 Annex : A.12.3 Backup

Leave a Comment / ISO 27001 La, Knowledge Base / By

ISO 27001 Annex : A.12.3 Backup Its objective is to safeguard against data loss. A.12.3.1  Information backup Control- In accordance with the agreed backup policy copies of records, program and device images shall be collected and regularly tested Implementation Guidance – The organization’s information, software, and systems backup requirements should be established with a backup policy. The policy of backup should define the requirements for retention and protection. There should be sufficient backup facilities to …

ISO 27001 Annex : A.12.3 Backup Read More »

ISO-27001-Annex-12-Operations-Security

ISO 27001 Annex : 12 Operations Security

14 Comments / ISO 27001 La, Knowledge Base / By

ISO 27001 Annex : 12 Operations Security in this article explain Operational procedures and responsibilities, Documented Operating Procedures, Change Management & Separation of Development, Testing and Operational Environments. A.12.1  Operational procedures and responsibilities Its objective is to ensure that information processing facilities operate correctly and securely. A.12.1.1  Documented Operating Procedures Control-Operating procedures should be documented and accessed by all users in need. Implementation Guidance- Documented procedures for operating information processing and communications facility activities should …

ISO 27001 Annex : 12 Operations Security Read More »

ISO-27001-Annex : A.6.2-Mobile-Devices-and-Teleworking

ISO 27001 Annex : A.6.2 Mobile Devices and Teleworking

Leave a Comment / ISO 27001 La, Knowledge Base / By

ISO 27001 Annex : A.6.2 Mobile Devices and Teleworking its objective is to ensure the security of teleworking and the use of mobile devices. A.6.2.1  Mobile Device Policy  Control- To manage the risks introduced by the use of mobile devices, a policy and supporting safety measures should be adopted.  Implementation Guidance- Special care should be taken when using mobile devices to ensure that business information is not compromised. The policy on mobile devices should take …

ISO 27001 Annex : A.6.2 Mobile Devices and Teleworking Read More »

Threat-Intelligence-Lifecycle

Threat Intelligence Lifecycle

Leave a Comment / CTIA / By

The threat intelligence lifecycle forms a basis for the threat intelligence teams to plan and execute tips more efficiently and effectively. Organizations maintain threat intelligence team to build tips to uncover the emerging threats that increase business risk.This section discusses the threat intelligence lifecycle, maturity model, and frameworks that assist and guide the intelligence teams in building an efficient TIP. It also discusses factors to be considered while buying a threat intelligence solution. Threat Intelligence …

Threat Intelligence Lifecycle Read More »

business-needs-and-requirements

Business Needs and Requirements

Leave a Comment / ISO 27001 La / By

Organizations need to consider various business needs and requirements before developing a threat intelligence program. They need to generate a true risk strategy looking beyond traditional data gathering. Considering these factors enables organizations to focus mainly on the most likely threats that affect them and their business practices. Organizations must ensure that all the requirements and needs of the threat intelligence program are satisfied. Business Unit Needs The following business unit needs and requirements are …

Business Needs and Requirements Read More »