Category Archive Beginner

ByJayanthi

Security policies

‘Security policies’ are yet another aspect of Information security that is all around us – but we are hardly aware of it. We will see the meaning of security policy, the reasons for having security policies and some examples of security policies in this post.

A security policy in a nut shell is a document that lays out in detail how an organization is planning to safeguard its business and technological assets.

Read More

Jayanthi Manikandan has an undergraduate degree in Computer Science from India and a Master’s degree in Information systems with a specialization in Information security from Detroit, MI, USA.

She has been passionate about Information security and has several years of experience writing on various technical topics. Additionally, she loves to pen a few personal thoughts here as well! 🙂

ByJayanthi

Biometrics

‘Biometrics’ is gaining more recognition in today’s world – thanks be to popular organizations embracing it. What is ‘Biometrics’ and what are the different types of biometrics? Read on to find out:

Biometrics – Definition:

Biometrics is uniquely used to identify a person by making use of the distinct characteristics of a person. According to the Michigan State University Biometrics research group, “The field of biometrics examines the unique physical or behavioral traits that can be used to determine a person’s identity”.  These unique traits can be fingerprints, palm scan, hand geometry, retina scan, iris scan, keyboard scan to name a few of them.

Read More

Jayanthi Manikandan has an undergraduate degree in Computer Science from India and a Master’s degree in Information systems with a specialization in Information security from Detroit, MI, USA.

She has been passionate about Information security and has several years of experience writing on various technical topics. Additionally, she loves to pen a few personal thoughts here as well! 🙂

ByJayanthi

Security trends for 2018!

With the New Year upon us, it is but natural to write about my thoughts on the security trends that might shape 2018! 🙂 So, here goes:

  1. Overall, security trends will closely follow technical trends for a particular year. If AI(Artificial intelligence) , ‘Data analytics’ and IoT(Internet of things) are said to be game changers in the technical industry for 2018 – Infosec trends will definitely exploit the security issues with the mentioned concepts. 
  2. ‘Expect the unexpected’

This might be life’s greatest quote but it holds good for the Infosec industry as well. Equifax, eBay, Uber, University of  Oklahoma, Washington State University were all victims of data breaches of 2017.

These data breaches compromised personal data and 2018 will be yet another year, which steals more personal data. More organizations will lose their precious data or the data will be at the mercy of yet another ingenious way to grab it!

3. ‘Bitcoin’ and other cryptocurrencies:

Will ‘Bitcoin’ hold its sway and continue its meteoric rise? From a humble value of 1000$(for 1 Bitcoin) in the beginning of 2017 to a massive rise of 15,000$(for 1 Bitcoin) by the end of 2017, Bitcoin sure did raise a few eyebrows.  It is quite a possibility that the rise will continue and ‘Bitcoin’ and other cryptocurrencies will be a game changer in the Infosec industry in 2018.

4. Ransomware, fileless malware… what next?

Viruses,phishing emails,Trojan horse were already on the prowl than, that new attacks came to the fore in 2017. We heard new security jargon like ‘ransomware’ and ‘fileless malware’ in 2017 and were scrambling to read all about it , understand it and see if were affected by it in any way. 

2018 will continue to see newer types of attacks and newer security lingo thrown around as hackers get smarter. The more a technology or product is used – the higher the possibility it will be exploited in a novel manner for personal gains. 

5. Data privacy 

Data privacy continues to be a lost issue with every new device monitoring our conversation, location, likes, dislikes. There is a huge electronic virtual  dictionary being built on us with the digital footprint that we are constantly leaving. This will continue into 2018 and beyond!

These are the five points that I think might shake the InfoSec world in 2018!

 

Jayanthi Manikandan has an undergraduate degree in Computer Science from India and a Master’s degree in Information systems with a specialization in Information security from Detroit, MI, USA.

She has been passionate about Information security and has several years of experience writing on various technical topics. Additionally, she loves to pen a few personal thoughts here as well! 🙂

ByJayanthi

Best technical posts of 2017!

As the year draws to a close, here are my best technical posts of 2017:

  1. Bitcoin and Blockchain: What next?

2. Cyber diplomacy:

3. What is ‘Deep web’?

4. Conflict Resolution at the Work place:

5. Java 8:

 

Warm wishes for a great New Year!

Jayanthi Manikandan has an undergraduate degree in Computer Science from India and a Master’s degree in Information systems with a specialization in Information security from Detroit, MI, USA.

She has been passionate about Information security and has several years of experience writing on various technical topics. Additionally, she loves to pen a few personal thoughts here as well! 🙂

ByJayanthi

Bitcoin and Blockchain: What next?

It seems every other day has a new headline regarding ‘Bitcoins’. I am sure most of us give a casual glance at this word and wonder where it will go next. From a humble value of $1019 on January 1,2017 the value of Bitcoin has soared to $16,860 till date. This type of meteoric rise will obviously roll a few eyes! 🙂

TicketNew – Get 50 Rs off tickets!

I had already written about Bitcoins in my earlier post “Introduction to Bitcoins“. Let’s refresh briefly:

  1. ‘Bitcoin’ is a cryptocurrency
  2. It was created by a highly doubtful ‘Satoshi Nakamoto’ in January 2009
  3. It does not have any physical form
  4. It is largely based on ‘decentralised’ way of transacting business or the ‘blockchain'(no common authority to enforce regulation)
  5. It is accepted in a few countries and some goods can be bought with them
  6. Acceptance by different governments and countries is still an ongoing process
  7. In addition to its legal use,it is also used for illegal activities

What is Blockchain?

‘Blockchain’ is the underlying technology that supports Bitcoin. In simple terms, blockchain is a global ledger. Sending and receiving bitcoins are some example of transactions. A group of transactions will be considered as a ‘block’ which when approved is added to the ‘chain’. This chain cannot be deleted or changed. It is continously added and maintained by all nodes in the network.

Without a regulating authority like a bank, ‘blockchain’ has kept the Bitcoin journey alive for the past 8 years!

 

Future of Bitcoin:

I am no Bitcoin analyst and I do not have the crystal ball, but I can certainly state a few things! 🙂

  1. ‘Bitcoin’ and other cryptocurrencies will continue to hold people’s imagination and urge to invest for at least a certain period of time
  2. Since it is a completely volatile currency, it is not for the faint hearted
  3. Since it is not regulated, people with disposable income are the best individuals to invest in Bitcoin
  4. Even if one would like to invest in Bitcoin, good to start with a small amount
  5. Since the technology itself is evolving and nobody understands its implications fully, better to wait and watch and understand the nitty gritty details of ‘Bitcoin’.

Whether the cryptocurrencies will stand the test of time, the underlying blockchain technology will definitely shake things up in the technology world and will most likely outlive ‘Bitcoin’!

Most of the world’s top universities including Stanford university, Princeton university and e-learning portals like udemy, Coursera have taken notice and started courses in Blockchain. 

 

 

 

Jayanthi Manikandan has an undergraduate degree in Computer Science from India and a Master’s degree in Information systems with a specialization in Information security from Detroit, MI, USA.

She has been passionate about Information security and has several years of experience writing on various technical topics. Additionally, she loves to pen a few personal thoughts here as well! 🙂

ByJayanthi

Definition of the day: What is malware?

‘Malware’ is  short form for ‘malicious software’. ‘Malware’ encompasses viruses, worms, Trojan horse, ransomware etc

Examples of malware include: Wannacry ransomware

Destruction produced by malware: computers will freeze, the computer can be used to launch attacks, the computer will crash, your data will be maliciously deleted etc.

Jayanthi Manikandan has an undergraduate degree in Computer Science from India and a Master’s degree in Information systems with a specialization in Information security from Detroit, MI, USA.

She has been passionate about Information security and has several years of experience writing on various technical topics. Additionally, she loves to pen a few personal thoughts here as well! 🙂

ByJayanthi

What is the CISSP certification?

No sooner do we start looking for jobs in the InfoSec industry, we encounter the question “Do you have any certifications?” This post will delve into the most popular certification – the CISSP.

Introduction:

As social media rages ahead so do other forms of sophisticated attacks. Information Security was a term that was barely used about 20 years ago. Yet, it has begun to play a major role today and will continue to do so in the future. The demand for Security professionals has also exponentially increased and the way to step into the most sought after career is to be certified.

Employers will look for a proper mix of certification and experience to short list prospective candidates. Employees will climb up the information security ladder faster if they are certified.  What is the CISSP certification? Let’s find out:

 

Upto 500 Rs off on Wonderla!

The CISSP certification

CISSP’ is ‘Certified Information Systems Security Professional. 

 (ISC)2 is the ‘International Information Systems Security Certification Consortium’ and is one of the most prevalent and widely accepted standards for Information Security certification. (ISC)2 delivers the CISSP certification.

Achieving the CISSP certification is the gold standard for all security professionals. It is the first credential accredited by the ANSI/ISO/IEC Standard 17024:2003. A person who has the achieved the CISSP certification will command international respect.

      The requirements for appearing for the exam are as follows:

  1. Have five years of demonstrated Information Security experience in two or more of the ten domains of the CISSP exam(However, if one does not have the required experience to take the exam, one can become an Associate of (ISC)2 and clear the exam after gaining enough experience to take the exam within 6 years)
  2. Subscribe to the (ISC)2 code of ethics
  3. Pass the CISSP exam and complete the endorsement process

     The different domains of the CISSP exam and their weightage are listed below:

Security and Risk Management16%
Asset Security10%
Security Engineering12%
Communications and Network Security12%
Identity and Access Management13%
Security Assessment and Testing11%
Security Operations16%
Software Development Security10%

 

The Exam:

Duration: 6 hrs

No. of questions: 250

Pattern: Multiple choice and “advanced innovative questions”

Passing grade: 700 out of 1000 points

Benefits of the CISSP certification:

Since the CISSP certification is what most employers look for in prospective employees of information security, it is “THE” certification to achieve. It is the most sought certification in an employee.

Since the field is a dynamically changing one unlike most other professions CISSPs must recertify every three years and maintain their certification too.

 For professionals, who have achieved the CISSP gold standard and are wondering “What next?”  there are  other CISSP concentrations like CISSP-ISSAP, CISSP-ISSEP, CISSP-ISSMP.

Latest Update:

(ISC)2 is all set to introduce the CAT(Computerized Adaptive Testing ) for all CISSP English tests worldwide from December 18, 2017.  This is expected to reduce the exam duration from 6 hrs to 3 hrs. The total number of questions to be answered will also drop from 250 to 100.

References:

https://www.isc2.org/Certifications/CISSP

Jayanthi Manikandan has an undergraduate degree in Computer Science from India and a Master’s degree in Information systems with a specialization in Information security from Detroit, MI, USA.

She has been passionate about Information security and has several years of experience writing on various technical topics. Additionally, she loves to pen a few personal thoughts here as well! 🙂

ByJayanthi

Did you know?

‘Whatsapp’  is India’s largest and most convenient chat app. The anonymity to send messages without the whole world to view it and the instantaneous way to communicate made the chat app a total winner. 

But the chat app had  one uncomfortable feature – for the multitude of messages sent across different groups and individuals, there was always that one message that was sometimes sent by mistake. It would always land in a group with 10-50 participants who would all be equally puzzled! 

 

 

Whatsapp has solved the unintended message dilemma by enabling a new feature:

  1. You can delete an unintended message from all group members (or individuals)
  2. The unintended message should be deleted within 7 minutes of sending it
  3. In order to make it work , the message to be deleted has to be “tapped, held and deleted” from groups or individuals
  4. Once the messages are deleted, a message “This message was deleted” will appear in the appropriate group. 
  5. In order for the ‘Delete’ feature to work, all users should have the latest version of Whatsapp installed for their phones or desktops. 
  6. If the deletion is not successful for all members of the group, there will not be a separate notification informing of the same.

Note: There is a possibility that a message will be viewed by the recipient before the sender deletes it.

What do you think of this new feature? 

 

Jayanthi Manikandan has an undergraduate degree in Computer Science from India and a Master’s degree in Information systems with a specialization in Information security from Detroit, MI, USA.

She has been passionate about Information security and has several years of experience writing on various technical topics. Additionally, she loves to pen a few personal thoughts here as well! 🙂

ByJayanthi

What is Zero day vulnerability?

Jayanthi Manikandan has an undergraduate degree in Computer Science from India and a Master’s degree in Information systems with a specialization in Information security from Detroit, MI, USA.

She has been passionate about Information security and has several years of experience writing on various technical topics. Additionally, she loves to pen a few personal thoughts here as well! 🙂

ByJayanthi

Definition of the day: Trojan virus

The more connected we are with our tablets, mobiles, desktops, laptops, the more we are susceptible to an attack. The connected world boasts of different types of attacks. Some of them are viruses, worms, phishing emails, Trojans and so on. Malicious writers are constantly seeking new ways to exploit new vulnerabilities on new devices. We will explain the term Trojans in this post:

 

 

Similar to the fabled horse in the Trojan war (wherein the Trojan horse was used to stealthily get soldiers inside the enemy camp) –  in computer security,  a Trojan virus is a malware that disguises itself in everyday files. When an innocent user clicks on the file, the disguised Trojan virus with extraordinary capability is unleashed. Most common Trojan viruses are used to create back doors on systems, steal data from personal and business systems and remotely control a computer. 

They do not replicate themselves but propagate by common social engineering techniques thereby duping the innocent user. 

 

Jayanthi Manikandan has an undergraduate degree in Computer Science from India and a Master’s degree in Information systems with a specialization in Information security from Detroit, MI, USA.

She has been passionate about Information security and has several years of experience writing on various technical topics. Additionally, she loves to pen a few personal thoughts here as well! 🙂