Category Archive Information Security



Social media and privacy concerns go hand in hand. On the one hand, we love the reach of sharing our day to day moments, our happiness, our sadness with the whole world with the click of a mouse – on the other hand, we are(and we should be) worried about the invisible eyes that are seeing the very same posts too! How do we strike a balance and ensure the security of our information will form the basis of this post. Some of the initial points are general pointers related to overall security.

Read More


Object oriented programming

‘Object oriented programming’ is a type of programming which involves object oriented principles like encapsulation, polymorphism and inheritance. These principles are implemented by means of classes, methods, variables and other constructs in Java. We saw a sneak peek into object oriented programming in the Java 101 post. 

Read More


NIST publications

NIST stands for ‘National Institute of Standards and Technology’ and the NIST special (SP) publications act as a reference for organizations, academic institutions and government agencies that seek to form an information security plan and secure their perimeter. They are available free of charge. We will discuss some of the NIST special publications in this post:

  1. NIST SP 800-30: Guide for conducting Risk assessments:

Before we discuss NIST SP 800-30, we refresh the basic concepts related to risk. The security terms “threat”, “vulnerability” and “risk” play a key role in risk assessments.

Recall from an earlier post that “vulnerability” is a hole in the security posture that is waiting to be exploited (examples of vulnerability can be open port, unpatched software)

“Threat” is the tool that causes the damage to the organization (examples of threats can be floods, power failure, fire etc) 

And “risk” is the “threat agent” making use of the “vulnerability” and exploiting it and causing physical and monetary damages. Putting these concepts together, “Risk assessment is the process of identifying, estimating, and prioritizing information security risks” (Guide for Conducting Risk Assessments, 2012)

The NIST SP 800-30 publication guides users on how to conduct risk assessments. This publication first deals with the fundamentals of risk assessment followed by the different processes in risk assessment (preparing for risk assessment, conducting risk assessment and communicating risk assessment information) The NIST SP 800-30 publication is an extension to the NIST SP 800-39 publication which is a publication for managing ‘Information Security Risk’.

  1. NIST SP 800-45 version 2: Guidelines on Electronic Mail Security

E-mail or electronic mail is one of most prevalent forms of communication in today’s digitized world.  Considering this, electronic mail will be targeted for a host of attacks on the mail server, mail client or the entire infrastructure. Some of the different types of attacks may be DoS attacks, social engineering, or gaining access to unencrypted information in the email.

 The NIST SP 800-45 on electronic mail security guides users on configuring mail servers, mail clients on public and private networks and prevent it from being subjected to attacks. Encrypting email messages (using OpenPGP,S/MIME) ways to harden the mail server, ways to harden the mail client are some of issues discussed in this publication. The other key guidelines included in this publication are the different types of protocols (such as the SMTP, POP) along with planning and management of a mail server. (Guidelines on Electronic Mail Security, 2007)

We discussed a few of the NIST publications in this post today. The NIST publications seek to give guidance on many other security topics for organizations.  These are an effective means for different organizations who seek to improve their security posture.


Guide for Conducting Risk Assessments. (2012, September). Retrieved from

Guidelines on Electronic Mail Security. (2007, Feb). Retrieved from

This post is for the alphabet ‘N’ for the Blogchatter challenge… read the previous post here




List of Information security certifications

‘Information security’ briefly is that branch of study that deals with securing data and identifying weaknesses in systems and sealing them. Anti-virus software, firewalls are simple aspects of ‘Information security’ that we use unknowingly. There are a number of Information security certifications and we will review some of them here:

Read More


Java 101

‘Java’ the object oriented programming language was developed by James Gosling of Sun Microsystems(now a part of Oracle) in 1995. It is a platform independent programming language meaning that once a Java program is written and compiled – the compiled program can run on any architecture(Apple, Windows etc)It is this feature that makes it flexible. It is also much easier to work with Java than other programming languages like C++.

Read More


Hyperledger Composer

Even as the Block chain technology is in its nascent stages and everybody is trying to understand it – there are organizations which have started collaborative efforts to harness the power of blockchain.  One such endeavor is the IBM Hyperledger open source project which is hosted by the Linux foundation to build blockchain applications efficiently and quickly. It is a “global collaboration” with entities from different sectors such as finance, retail, IoT, manufacturing included in it. 

IBM Hyperledger Composer playground:

The IBM Hyperledger Composer is a fast and efficient way of building block chain applications. While it normally takes a few months to build a blockchain for a business network, by means of the IBM Hyperledger Composer, the same can be achieved in a few weeks time.  It consists of a IBM Hyperledger Composer Playground to learn,build and test blockchains networks. 

The IBM Hyperledger Composer playground is available  from this link. This post will give a high level view of the Hyperledger Composer playground. The Hyperledger composer playground runs inside a Docker container and can be installed and worked with in any of the two modes:

a. a browser mode

b. Hyperledger Fabric peer network

There are three main actors in the Composer playground – Assets, Transactions and Participants.

Assets – As we already seen, asset is anything that has value. It is the main part of the trade. Examples of assets can be car, house, patent 

Transactions – Transactions are those events that we achieve with the ‘Assets’. For example, if ‘Car’ is an asset, ‘transferring’ car ownership might be a transaction.

Participants – are the major actors who take part in the block chain business network. For example, the buyer and seller are participants.

The Model(.cto file), script file(written in Javascript and holds the business logic) and access control(.acl file) files are appropriately configured. The business network is deployed. The network is tested by adding participants, assets and performing transactions. All transactions are recorded in the Block chain that we have created and can be viewed. 

This post involved the basics of working with Hyperledger Composer playground and is for the alphabet ‘H’ for the Blogchatter challenge… the previous post is here



Go Green!!

Even as we grumble about the different types of pollution, is is quite ironic to note that “we” are the cause of the pollution! We are the cause of the different types of pollution – air pollution, water pollution, noise pollution. The ocean is our greatest dumping ground. Everything from garbage, cartons, plastic, to untreated sewage water lands in the ocean. Pollution has taken epic proportions and the different types of pollution like air pollution, water pollution, soil pollution are set to control(or already controlling) our life.  Pollution has led to global warming which in turn again affects us directly. Let us see a few ways to reduce pollution and keep our planet green!

Read More


Four concepts of Blockchain

Blockchain, the technology disrupter and the decentralized shared ledger has four important points that essentially define it. They are: Consensus, Immutability, Finality, Provenance. This blog post will define these four important concepts.


Blockchain will be a game changer for the supply chain management system. The IBM business blog describes provenance as an “immutable audit trail of ownership & location as it changes over time” (Source: This audit trail promotes transparency that can never be achieved with traditional database systems.

Read More


Caesar Cipher

After having done a couple of posts on the Blockchain technology for the A2Z Blogchatter challenge, I have resumed my writing in the Information security field and a fun cipher called the ‘Caesar cipher’. But before we see what is Caesar cipher, let us have a brief understanding of Cryptography.

From time immemorial, we are trying to make sure that important and crucial information is readable only by the right people once it has reached its destination. What if a crucial message falls into wrong hands and is read by them? This is prevented by making use of Cryptography and its various strategies.There are a number of ways(or technically called ‘ciphers’) to hide a message and the Caesar cipher is just one of them. This is done by encoding(converting to a special form) the information to be sent at the sender’s end and decoding(re-converting to original form) the information on the receiver’s end.

Read More


What is ‘Blockchain’?

Blockchain is the distributed, shared ledger system with no central authority. We have all encountered ledgers in our lives. We have our own personal ledgers for keeping track of transactions. But in the case of a large business scenario, the number of transactions is huge. The number of people keeping track of those very transactions is huge too. Each person involved in the business might have their own version of transactions. Blockchain solves this problem by each ‘node’ having their own copy of the ledger.

Read More