All Articles

Myth: - DLP is for IT and it is an IT Project |Truth: - DLP is for Business and it is a Business Project

DLP Solution is implemented by IT for the business with the close association of various business departments; DLP implementation requires strong

This article will be about different guidelines, which can help to secure your SAP system. But nothing to worry about - this post will nevertheless remain useful and interesting, even if it does not contain information about 0-days or have no words l

Static Code Analysis: Binary vs. Source

Static Code Analysis is the technique of automatically analyzing the application’s source and binary code to find security vulnerabilities. According to Gartner’s 2011 Magic Quadrant for Static Application Secu

The AppSec How -To:Visualizing and Effectively Remediating Your Vulnerabilities: The biggest challenge when working with Source Code Analysis (SCA) tools is how to effectively prioritize and fix the numerous results. Developers are quickly overwhelme

In Agile’s fast-paced environment and frequent releases,security reviews and testing sound like an impediment to success. How can you keep up with Agile demands of continuous integration and continuous deployment without abandoning security best prac

Why Read This Report

The data center perimeter is dead. But its memory lives on in the way many IT departments continue to secure their infrastructure. The meteoric rise of the Internet brought with it an ever-changing landscape of new attacks and co

Organization scramble to achieve high business growth often overlooked the underlying processes which are the core of any business operation. A manual process to handle employee separation process lead devastating circumstances. Most organization tak

We are conducting again the new OWASP CISO Survey 2014 and as a respected information security leader in the industry, OWASP (Open Web Application Security Project, www.owasp.org) would like to hear your opinion and invite you to share this survey in

To protect sensitive/critical data available on users’ laptops we implemented a remote backup solution that can back up the important files and folders on the users’ laptop to a remote server. The main purpose was to safeguard the sensitive/critical

Kotak Mahindra Bank has initiated the DLP implementation across all business units in a phased manner and the implementation was started 6 months ago with critical business units. The solution monitors all channels, viz. Internet, Email and End point

This project mainly aims to have an enterprise wide ITAM (IT Asset Management) Systems and endpoint protection and also to maintain the hardware and software inventory. It also brought in centralized IT management and control mechanisms for polices e

What is Shellshock Bug?

Shellshock is a security vulnerability(CVE-2014-6271) in the widely used Unix Bash Shell which was discovered by Stéphane Chazelas on 12 September 2014 and disclosed on 24 September 2014. Subsequently, various researchers have

If not all, we can point out the various major policies that can help you kick-off. For easy reading we've cut the details, here's the checklist:

AUP - Acceptable Use Policy or Fair Use Policy defines the ways/restrictions of using the Organisation's

We heavily rely on references while taking a decision on adoption of a new technology or a product. However, there is no dedicated analysis of product leadership purely based on customer recommendation. From CISO Platform technology Analyst team, w

We heavily rely on references while taking a decision on adoption of a new technology or a product. However, there is no dedicated analysis of product leadership purely based on customer recommendation. From CISO Platform technology Analyst team, we

Based on OS

Windows tools:

Specific Tools:

1. Log Parser - 
2. EnCase -
3. ILook(LEO Only) -
4. Paraben -
5. ProDiscover -
6. TCPView -
7. AccessData -
8. COFEE(LEO Only) -
9. WinHex
10. X-Way Forensics/WinHex Pro
11. FileControl-DD etc.
12. Wireshark-Ethereal(packet sniffer)
13. Dsniff-Dug

Stages of Incident Response-

1. method 1

2. method 2

Method1(7-steps)

1. Preparation
2. Identification
   categories based on incident type
3. Containment
4. Investigation
5. Iradication
6. Recovery
7. Follow up

Method2(4-steps)

1. Preparation
2. Detection and Analysis
3. Conta

Technical Skills:

Fundamental Concepts and Internet

1. Knowledge of Fundamental Security Concepts(eg. authentication,integrity,access control,privacy)
2. Identifying Risks,Threats(data,information,computers and networks)
3. Knows how the Internet Works(histo

Current Project Synopsis:

• Responsible for Information Security of next generation mobile and fixed broadband networks (LTE/WiFi/FTTx) with All-IP networks over a cloud based framework for B2C/B2B markets connecting 200 Million 4G LTE, 50 Million W

About Project

The scope of the project encompassing Business Units, Support Functions, 200+ Processes and 8500+ employees. The project was an outcome of the data pilferage risk envisaged in terms of sensitive customer information and financial data.