A safeguard or a control or a countermeasure is implemented to reduce the risk an organization faces. Let’s understand it through some examples.1. A company puts in antivirus solutions to reduce the potential danger from malware.2. Citizens put ...

When you speak to security professionals or the management in many organizations, most of them are of the opinion that security risk management is all about deploying the latest security tools available in the market with a focus on applications, hac...

Risk Assessment is a part of the Risk Management process. It is a method of identifying the vulnerabilities and threats and their impact in case the threat agent exploits the vulnerability to suggest security controls. There are a lot of Ri...

Having understood Risk Management & Risk Assessment in earlier blog posts, it is time for us to understand the various methodologies of risk assessment. The industry has different standardized methodologies when it comes to ca...

Which color do you like? Choose one – Red, Amber, or Green. Let’s try another one – How much would you like your company’s risk to cost – 10,000 $, 20,000 $ or 50,000? Choose one again. Confused? Don’t be. After all, risk analysis is about analyzing ...

Internet of Things henceforth referred to as IoT in the article refers to all the devices connected to the internet which “talk” to each other. This means if your washing machine is connected to the Internet and it talks to a cloud server giving its ...

The 4 steps to complete access management are identification, authentication, authorization, and accountability. Many get confused or consider that identification and authentication are the same, while some forget or give the least importance to audi...

Just like humans use language to talk to each other, we use language to talk to computers as well. For identity management and access control purposes, we are going to learn about some specific languages, but before that, it is important to understan...

Identity and Access Management is an extremely vital part of information security. An access control model is a framework that helps to manage identity and access management in the organization. There are 5 main types of access control models: discre...

Imagine Susie wants to log on to a company database, her own system, a web server, her webmail, and other multitudes of applications. Since she needs to access so many resources, it is extremely important to have a set of credentials for accessing ea...

Imagine a system that processes information. This information is classified in nature. When we say, it's classified, it means that the information has been labeled according to the data classification scheme finalized by the organization. This scheme...

The button clicked. An exact amount of 9,99,000 $ was transferred immediately to an offshore untraceable account. This triggered an alert on the bank’s server. The response team quickly swung into action. Suddenly multiple alerts came rushing in like...

Have you ever wondered what happens behind the scenes when you click a video on your favorite website? Or when you are trying to log onto a secure website? There are multiple protocols that run behind the scenes to help you out and allow you to watch...

We learned about the TCP protocol in the article “Understanding TCP and UDP.” A brief mention was made in that article on the 3-way handshake process. Before we delve into that further, we must recapitulate about the TCP (Transmission Control Protoco...

Try to read the sentence written after this statement - “youwillpasscisspexamifyoustudyhard”. Clearly, you need to focus on the letters and your mind will try to discern the different words for you. Similarly, if I speak to you without pausing, it wo...