Category Archive Information Security

ByJayanthi

Cryptography

After having done numerous posts on Information security, here is another basic and elementary concept in Information security – ‘Cryptography’. The concept of Cryptography also encloses encryption and decryption. 

Like any other subject, the field of Cryptography is another massive ocean of information. It is the technique of hiding information to bolster secure communication. Cryptographic techniques are an absolute necessity in this digital age where any information can be snooped on. These are a few basic concepts related to Cryptography:

Read More

Jayanthi Manikandan has an undergraduate degree in Computer Science from India and a Master’s degree in Information systems with a specialization in Information security from Detroit, MI, USA.

She has been passionate about Information security and has several years of experience writing on various technical topics. Additionally, she loves to pen a few personal thoughts here as well! 🙂

ByJayanthi

What are Zombie systems?

In the Information security realm, there are different types of attacks occurring all over the world. There are virus attacks, phishing, worm attacks, DOS  and DDoS attacks and others. In order to understand “Zombie systems”, we have to talk about DDoS(Distributed Denial of Service) attacks. Read More

Jayanthi Manikandan has an undergraduate degree in Computer Science from India and a Master’s degree in Information systems with a specialization in Information security from Detroit, MI, USA.

She has been passionate about Information security and has several years of experience writing on various technical topics. Additionally, she loves to pen a few personal thoughts here as well! 🙂

ByJayanthi

XOR operator in Java

In the Java programming language, a ‘variable’ is used to store a value. Different kinds of operations can be performed on the variables by means of ‘operators’.  The Java programming language has a number of operators and these are listed below:

Read More

Jayanthi Manikandan has an undergraduate degree in Computer Science from India and a Master’s degree in Information systems with a specialization in Information security from Detroit, MI, USA.

She has been passionate about Information security and has several years of experience writing on various technical topics. Additionally, she loves to pen a few personal thoughts here as well! 🙂

ByJayanthi

VPN(Virtual private network)

VPN or ‘Virtual Private network’ is exactly what it states – it is a private and virtual connection to your corporate network. While it is easy and comfortable to make use of free and open Wi-Fi in open spaces to access corporate resources, it is highly susceptible to different types of attacks(stealing your password might be the simplest one) VPNs enable professionals to access corporate resources in a safe and secure manner.

Read More

Jayanthi Manikandan has an undergraduate degree in Computer Science from India and a Master’s degree in Information systems with a specialization in Information security from Detroit, MI, USA.

She has been passionate about Information security and has several years of experience writing on various technical topics. Additionally, she loves to pen a few personal thoughts here as well! 🙂

ByJayanthi

Usage of Information security

‘Information security’ in the broadest sense is the protection of information and assets from malicious elements. Individuals and organizations are both subjected to virus, ransomware, data breach attacks and hence this concept of ‘information security’ applies to all. Let us see a few of the ‘Information security’ concepts being applied to organizations as well as individuals.

Read More

Jayanthi Manikandan has an undergraduate degree in Computer Science from India and a Master’s degree in Information systems with a specialization in Information security from Detroit, MI, USA.

She has been passionate about Information security and has several years of experience writing on various technical topics. Additionally, she loves to pen a few personal thoughts here as well! 🙂

ByJayanthi

Security

Social media and privacy concerns go hand in hand. On the one hand, we love the reach of sharing our day to day moments, our happiness, our sadness with the whole world with the click of a mouse – on the other hand, we are(and we should be) worried about the invisible eyes that are seeing the very same posts too! How do we strike a balance and ensure the security of our information will form the basis of this post. Some of the initial points are general pointers related to overall security.

Read More

Jayanthi Manikandan has an undergraduate degree in Computer Science from India and a Master’s degree in Information systems with a specialization in Information security from Detroit, MI, USA.

She has been passionate about Information security and has several years of experience writing on various technical topics. Additionally, she loves to pen a few personal thoughts here as well! 🙂

ByJayanthi

Object oriented programming

‘Object oriented programming’ is a type of programming which involves object oriented principles like encapsulation, polymorphism and inheritance. These principles are implemented by means of classes, methods, variables and other constructs in Java. We saw a sneak peek into object oriented programming in the Java 101 post. 

Read More

Jayanthi Manikandan has an undergraduate degree in Computer Science from India and a Master’s degree in Information systems with a specialization in Information security from Detroit, MI, USA.

She has been passionate about Information security and has several years of experience writing on various technical topics. Additionally, she loves to pen a few personal thoughts here as well! 🙂

ByJayanthi

NIST publications

NIST stands for ‘National Institute of Standards and Technology’ and the NIST special (SP) publications act as a reference for organizations, academic institutions and government agencies that seek to form an information security plan and secure their perimeter. They are available free of charge. We will discuss some of the NIST special publications in this post:

  1. NIST SP 800-30: Guide for conducting Risk assessments:

Before we discuss NIST SP 800-30, we refresh the basic concepts related to risk. The security terms “threat”, “vulnerability” and “risk” play a key role in risk assessments.

Recall from an earlier post that “vulnerability” is a hole in the security posture that is waiting to be exploited (examples of vulnerability can be open port, unpatched software)

“Threat” is the tool that causes the damage to the organization (examples of threats can be floods, power failure, fire etc) 

And “risk” is the “threat agent” making use of the “vulnerability” and exploiting it and causing physical and monetary damages. Putting these concepts together, “Risk assessment is the process of identifying, estimating, and prioritizing information security risks” (Guide for Conducting Risk Assessments, 2012)

The NIST SP 800-30 publication guides users on how to conduct risk assessments. This publication first deals with the fundamentals of risk assessment followed by the different processes in risk assessment (preparing for risk assessment, conducting risk assessment and communicating risk assessment information) The NIST SP 800-30 publication is an extension to the NIST SP 800-39 publication which is a publication for managing ‘Information Security Risk’.

  1. NIST SP 800-45 version 2: Guidelines on Electronic Mail Security

E-mail or electronic mail is one of most prevalent forms of communication in today’s digitized world.  Considering this, electronic mail will be targeted for a host of attacks on the mail server, mail client or the entire infrastructure. Some of the different types of attacks may be DoS attacks, social engineering, or gaining access to unencrypted information in the email.

 The NIST SP 800-45 on electronic mail security guides users on configuring mail servers, mail clients on public and private networks and prevent it from being subjected to attacks. Encrypting email messages (using OpenPGP,S/MIME) ways to harden the mail server, ways to harden the mail client are some of issues discussed in this publication. The other key guidelines included in this publication are the different types of protocols (such as the SMTP, POP) along with planning and management of a mail server. (Guidelines on Electronic Mail Security, 2007)

We discussed a few of the NIST publications in this post today. The NIST publications seek to give guidance on many other security topics for organizations.  These are an effective means for different organizations who seek to improve their security posture.

Bibliography:

Guide for Conducting Risk Assessments. (2012, September). Retrieved from NIST.gov: http://www.nist.gov/customcf/get_pdf.cfm?pub_id=912091

Guidelines on Electronic Mail Security. (2007, Feb). Retrieved from NIST.gov: http://csrc.nist.gov/publications/nistpubs/800-45-version2/SP800-45v2.pdf

This post is for the alphabet ‘N’ for the Blogchatter challenge… read the previous post here

 

 

Jayanthi Manikandan has an undergraduate degree in Computer Science from India and a Master’s degree in Information systems with a specialization in Information security from Detroit, MI, USA.

She has been passionate about Information security and has several years of experience writing on various technical topics. Additionally, she loves to pen a few personal thoughts here as well! 🙂

ByJayanthi

List of Information security certifications

‘Information security’ briefly is that branch of study that deals with securing data and identifying weaknesses in systems and sealing them. Anti-virus software, firewalls are simple aspects of ‘Information security’ that we use unknowingly. There are a number of Information security certifications and we will review some of them here:

Read More

Jayanthi Manikandan has an undergraduate degree in Computer Science from India and a Master’s degree in Information systems with a specialization in Information security from Detroit, MI, USA.

She has been passionate about Information security and has several years of experience writing on various technical topics. Additionally, she loves to pen a few personal thoughts here as well! 🙂

ByJayanthi

Java 101

‘Java’ the object oriented programming language was developed by James Gosling of Sun Microsystems(now a part of Oracle) in 1995. It is a platform independent programming language meaning that once a Java program is written and compiled – the compiled program can run on any architecture(Apple, Windows etc)It is this feature that makes it flexible. It is also much easier to work with Java than other programming languages like C++.

Read More

Jayanthi Manikandan has an undergraduate degree in Computer Science from India and a Master’s degree in Information systems with a specialization in Information security from Detroit, MI, USA.

She has been passionate about Information security and has several years of experience writing on various technical topics. Additionally, she loves to pen a few personal thoughts here as well! 🙂