risk assessment

CISSP Security of Application Programming Interfaces – Bk1D8T5St2

An Application Programming Interfaces (API) defines how to interact with software. Software components interact and work together through the use of an API. An API is a software program’s contract that describes how other programs should communicate with it. APIs define the publicly accessible functionality of the program. An API defines how that functionality is invoked, limitations on its use, and expectations when calling it. An API can act as the front gate for its …

CISSP Security of Application Programming Interfaces – Bk1D8T5St2 Read More »

CISSP Utilities and Heating, Ventilation, and Air Conditioning – Bk1D3T11St7

Power and Heating, Ventilation, and Air Conditioning (HVAC) are equally important to the reliable operation of your data center. It matters little if you can maintain power to your server racks if your cooling system fails and the room temperature passes 105 degrees F (40° C). As with all aspects of data center design, you start with a risk assessment and then consider the relevant controls that  can be used to reduce the risk to …

CISSP Utilities and Heating, Ventilation, and Air Conditioning – Bk1D3T11St7 Read More »

Laboratory-Accreditation-Programs

Laboratory Accreditation Programs

Leave a Comment / CHFI / By

Laboratory Accreditation Programs in this article explain which of the accreditation using for forensic laboratory and what are there standards and also explain risk assesment, computer investigation methodology. ISO IEC 17025 Accreditation: ISO (the International Organization for Standardization) and IEC (the International Electro­technical Commission) are part of the specialized system for worldwide standardization. They develop International Standards in association with technical committees established by the respective organization for particular fields of technical activity. In 1999, …

Laboratory Accreditation Programs Read More »

ISO-27001-Annex-A.12.6-Technical-Vulnerability-Management

ISO 27001 Annex : A.12.6 Technical Vulnerability Management

Leave a Comment / ISO 27001 La, Knowledge Base / By

ISO 27001 Annex : A.12.6  Technical Vulnerability Management Its objective is to avoid technological vulnerabilities from being exploited. A.12.6.1  Management of Technical Vulnerabilities Control- Information on technological vulnerabilities of information systems used should be obtained in a timely manner, the exposure of the organization to such vulnerabilities should be assessed and appropriate measures taken to address the risk involved Implementation Guidance – An up-to-date and comprehensive asset inventory is necessary for the effective management of …

ISO 27001 Annex : A.12.6 Technical Vulnerability Management Read More »

ISO-27001-Annex : A.11.2.7-Secure-Disposal-or-Re-use-of-Equipment

ISO 27001 Annex : A.11.2.7 Secure Disposal or Re-use of Equipment, A.11.2.8 Unattended User Equipment & A.11.2.9 Clear Desk and Clear Screen Policy

Leave a Comment / ISO 27001 La, Knowledge Base / By

In this article explain ISO 27001 Annex : A.11.2.7  Secure Disposal or Re-use of Equipment, A.11.2.8 Unattended User Equipment & A.11.2.9 Clear Desk and Clear Screen Policy A.11.2.7  Secure Disposal or Re-use of Equipment Control- To avoid the removal or overriding of sensitive data and software by the disposal or reuse of any device containing storage medium, all devices must be reviewed. Implementation Guidance- Equipment should be tested to ensure that the storage media is …

ISO 27001 Annex : A.11.2.7 Secure Disposal or Re-use of Equipment, A.11.2.8 Unattended User Equipment & A.11.2.9 Clear Desk and Clear Screen Policy Read More »

ISO-27001-Annex-A.10-Cryptography

ISO 27001 Annex : A.10 Cryptography

Leave a Comment / ISO 27001 La, Knowledge Base / By

ISO 27001 Annex : A.10 Cryptography in this article explaining Cryptographic controls, Policy on the Utilization of Cryptographic Controls & Key Management. A.10.1 Cryptographic controls Its objective is to ensure the proper and efficient use of cryptography to protect the confidentiality, authenticity and/or integrity of the information. A.10.1.1 Policy on the Utilization of Cryptographic Controls Control- A policy on the use of cryptographic controls to secure information should be developed and enforced. Implementation Guidance- The …

ISO 27001 Annex : A.10 Cryptography Read More »

ISO 27001 Clause 9.3 Management review

ISO 27001 Clause 9.3 Management review

Leave a Comment / ISO 27001 La, Knowledge Base / By

Activity ISO 27001 Clause 9.3 Management review, Top Management conducts management review for ISO 27001 at planned intervals. What is ISO 27001 Clause 9.3? ISO 27001 Clause 9.3 Management review, clause highlights the significance of management review which helps to ensure continuing suitability, adequacy, and effectiveness of Information Security Management System in the organization, where Suitability refers to the continuous alignment with the objectives of the organization, Adequacy and Effectiveness call for appropriate design and …

ISO 27001 Clause 9.3 Management review Read More »

forensics-investigation-method-of-computer

Forensics Investigation method of Computer

14 Comments / ECIH / By

Forensic Investigation of computer Discussed below, totally different phases of the computer forensics investigation process: Pre-investigation phase: This phase involves all the tasks performed before the commencement of the actual investigation. It involves setting up a computer forensics laboratory, building a forensics workstation, investigation toolkit, the investigation team, obtaining approval from the relevant authority, and so on. Investigation phase: Considered as the main phase of the computer forensics investigation, it involves acquisition, preservation, and analysis …

Forensics Investigation method of Computer Read More »

Enterprise-Information-Security-Architecture

Enterprise Information Security Architecture

Leave a Comment / ECSA / By

Information Security Architecture Enterprise Information Security Architecture is a set of requirements, processes, principles, and models that determine the current And/or future structure and behaviour of an organization’s security processes, information security systems, personnel, and organizational sub-units. It ensures that the security architecture and controls are in alignment with the organization’s core goals and strategic direction. Though Enterprise Information Security Architecture deals with information security, it relates more broadly to the security practice of business. …

Enterprise Information Security Architecture Read More »