users

ISO-27001-Annex-A.12.6-Technical-Vulnerability-Management

ISO 27001 Annex : A.12.6 Technical Vulnerability Management

ISO 27001 Annex : A.12.6  Technical Vulnerability Management Its objective is to avoid technological vulnerabilities from being exploited. A.12.6.1  Management of Technical Vulnerabilities Control- Information on technological vulnerabilities of information systems used should be obtained in a timely manner, the exposure of the organization to such vulnerabilities should be assessed and appropriate measures taken to address the risk involved Implementation Guidance – An up-to-date and comprehensive asset inventory is necessary for the effective management of …

ISO 27001 Annex : A.12.6 Technical Vulnerability Management Read More »

ISO-27001-Annex : A.11.2.7-Secure-Disposal-or-Re-use-of-Equipment

ISO 27001 Annex : A.11.2.7 Secure Disposal or Re-use of Equipment, A.11.2.8 Unattended User Equipment & A.11.2.9 Clear Desk and Clear Screen Policy

In this article explain ISO 27001 Annex : A.11.2.7  Secure Disposal or Re-use of Equipment, A.11.2.8 Unattended User Equipment & A.11.2.9 Clear Desk and Clear Screen Policy A.11.2.7  Secure Disposal or Re-use of Equipment Control- To avoid the removal or overriding of sensitive data and software by the disposal or reuse of any device containing storage medium, all devices must be reviewed. Implementation Guidance- Equipment should be tested to ensure that the storage media is …

ISO 27001 Annex : A.11.2.7 Secure Disposal or Re-use of Equipment, A.11.2.8 Unattended User Equipment & A.11.2.9 Clear Desk and Clear Screen Policy Read More »

ISO-27001-Annex-A.9.3-User-Responsibilities

ISO 27001 Annex : A.9.3 User Responsibilities

ISO 27001 Annex : A.9.3 User Responsibilities Its objective is the Responsibility of users for safeguarding their authentication information. A.9.3.1 Use of Secret Authentication Information Control- Use of secret authentication information should be allowed for users to follow the organization’s practices. Implementation Guidance- It is recommended that all users: maintain confidential information on secure authentication to ensure that it is not leaked to the other parties, including people of authority; Avoid maintaining a record of …

ISO 27001 Annex : A.9.3 User Responsibilities Read More »

ISO-27001-Annex-A.9.2.3 Management-of-Privileged-Access-Rights

ISO 27001 Annex : A.9.2.3 Management of Privileged Access Rights & A.9.2.4 Management of Secret Authentication Information of Users

ISO 27001 Annex : A.9.2.3 Management of Privileged Access Rights & A.9.2.4 Management of Secret Authentication Information of Users these two topic is explained in this article. A.9.2.3 Management of Privileged Access Rights Control- A.9.2.3 Management of Privileged Access Rights The allocation and usage of exclusive access privileges will be limited and controlled. Implementation guidance- A structured authorizing procedure in accordance with the appropriate access management policies should monitor the allocation and usage of delegated …

ISO 27001 Annex : A.9.2.3 Management of Privileged Access Rights & A.9.2.4 Management of Secret Authentication Information of Users Read More »

ISO-27001-Annex-A.9.2-User-Access-Management

ISO 27001 Annex : A.9.2 User Access Management

ISO 27001 Annex : A.9.2 User Access Management Its objective is to ensure approved user access and avoid unauthorized access to systems and facilities. A.9.2.1 User registration and de-registration Control- In order to allow the assignment of access rights, a systematic process of user registration and de-registration should be enforced. Implementation guidance- The process to manage user IDs should include: Use unique user IDs to encourage users to be connected to and hold accountable for …

ISO 27001 Annex : A.9.2 User Access Management Read More »

Overview of Network Security Objectives

Overview of Network Security Objectives this blog is based on Understanding Network and Information Security with it’s objective Confidentiality, Integrity and Availability etc. Understanding Network and information Security Basics Security is very important, and therefore the lack of it risks financial, legal, political, and PR implications. This section covers a number of the concepts, terms, and methodologies employed in preparing for and dealing with secure networks. Network Security Objectives When considering networks, you’ll view them …

Overview of Network Security Objectives Read More »

introduction to tcpip networking-infosavvy

Introduction to TCP/IP Networking

This blog is on TCP/IP Networking, you can know here more about Networking, it’s model and History Leading to TCP/IP with description. Introduction to TCP/IP Networking So, you’re new networking. Like many of us , your perspective about networks could be that of a user of the network, as against the network engineer who builds networks. For some, your view of networking could be supported how you use the web , from home, using a …

Introduction to TCP/IP Networking Read More »

How-will-Social-Engineering-be-in-the-Future

How will Social Engineering be in the Future

What is social engineering? Social engineers exploit human behavior (manners, enthusiasm toward work, laziness, innocence, etc.) to achieve access to the targeted company’s information resources. Social engineering attacks are difficult to protect against, because the victim won’t remember that he or she has been deceived. They’re greatly almost like other forms of attacks wont to extract the company’s valuable data. To protect against social engineering attacks, an organization must evaluate the danger of various sorts …

How will Social Engineering be in the Future Read More »

Web-Server-Attack-Tools

Web Server Attack Tools

Web Server Attack Tools now familiar with the methodology that an attacker uses to hack an internet server. This section will introduce web server hacking took that an attacker may use within the web server hacking methodology described within the previous section. These tools extract critical information during the hacking process. Web Server Attack Tool: Metasploit The Metasploit Framework may be a penetration-testing toolkit, exploit development platform, and research tool that has hundreds of working …

Web Server Attack Tools Read More »

dos and ddos-infosavvy

Concepts of Denial-of-Service Attack & Distributed Denial of Service Attack

For a better understanding of Denial-of-Service Attack & Distributed Denial of Service (DoS/DDoS) attacks, one must be familiar with their concepts beforehand. This module discusses what a DoS attack is, what a DDoS attack is, and how the DDoS attacks work. What is a Denial-of-Service Attack? DoS is an attack on a computer or network that reduces, restricts, or prevents accessibility of system resources to its legitimate users. In a DOS attack, attackers flood a …

Concepts of Denial-of-Service Attack & Distributed Denial of Service Attack Read More »