Learning Security with Mayur

There are hardly any changes which have been done in this domain. Cryptography has been explicitly removed and will be added to Data Protection Methods. Overall Result - No Change. 2015 Exam Outline 2018 Exam Outline Classify Information and Supporting assets ( e.g. sensitivity, criticality ) Identify and classify information and assets Data classification Asset Classification #No Change Determine and maintain ownership ( e.g. data owners, system owners, business/mission owners) Determine and maintain information and asset ownership #No Change Protect privacy Data owners Data processors Data remanence Collection limitation Protect privacy Data owners Data processors Data remanence Collection limitation #No Change Ensure appropriate retention ( e.g. media, hardware, personnel) Ensure appropriate asset retention #No Change Determine data security controls

The new exam outline has been released by (ISC)2 for the CISSP exam. I will be evaluating each domain of the 2015 & 2018 exam outline and would present you a point by point change in the course content.  New Course Content which has added in the 2018 edition will be added in the form of posts on the blog. Here is the overall result in Domain 1: Extremely Limited Change 2015 Exam Outline 2018 Exam Outline Understand and apply concepts of confidentiality, integrity and availability Understand and apply concepts of   confidentiality, integrity and availability # No Change Apply security governance principles through Alignment of security function to business strategy, goals, mission, and objectives Organizational processes (e.g., acquisitions, divestitures, governance committees) Security roles and responsibilities Control frameworks Evaluate and apply security governance principles Alignment of security f

The year 2018 started with Meltdown & Spectre as the most talked about vulnerabilities. Recently Facebook announced the data misuse of around 87 million+ users whose data had been compromised in some manner. What does this mean for in time to come: more breaches, bigger losses, more coverage and more jobs and opportunities for IT and programming professionals. By the end of 2018, the bubbles in the website informationisbeautiful ( http://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/ ) would have grown bigger.  Such breaches and vulnerabilities would require more and more security professionals to work in the industry. “Cybersecurity labor crunch to hit 3.5 million unfilled jobs by 2021”is what has been predicted by CSO ( https://www.csoonline.com/article/3200024/security/cybersecurity-labor-crunch-to-hit-35-million-unfilled-jobs-by-2021.html )  When evaluating prospective InfoSec candidates, employers frequently look to certification as an

It’s not just Google as covered in Part 1 or Facebook in Part 2 who is collecting user data. Even when we browse or download an application from either the play store or iOS store, data is collected and aggregated about us. Our emails are analyzed to target us with relevant advertisements. Another case is those websites (fake) or even the real ones which collect our data to provide us with a service. Most of these websites do not detail as to how are they handling, storing or retaining the data. Let us understand by two such examples before identifying the ultimate tips to take control of your data.  Example 1: The Curious Case of Discounts & Offers Recently, I received a message about Reliance Jio Fiber offering services in New Delhi, India. I decided to visit this website. When I logged on to this website, it congratulated me on taking the first step towards ultra-low cost Gigabit broadband service. It then expressed disappointment that the service is however not

The second part of this series deals with handling information on the most populated social media channel of the world – FACEBOOK. In the wake of the data leakage at Facebook via Cambridge Analytica, #deletefacebook started trending on Twitter. The data of around 87 million+ people were misused in some manner or the other to influence them or their voting patterns. Does that include your data? If you want to check, read on.  Since the scandal, Facebook has banned the third party brokers, so that means your data is safe. Absolutely not!!! They’ve banned third-party brokers, not collecting your data. That will continue. Thus, it will be sold – maybe at better rates now as Facebook will do it directly. Ironically, Facebook may profit from a problem of their own making! Also, Zuckerberg himself has said that it could take another two years to fully safeguard users’ data. Don’t you think that you need take control of your data? If yes, let’s begin. Let’s Create Confusion

This 3 part series is focused on helping you identify the data which the commonly used services capture and how can we either delete or minimize the data which they capture. This article focusses on Google Maps. Through this article, I would explain you about the data which Google Maps collects about you, the time lines, the settings and other options which will help you minimize your exposure.  Do you know Google Maps has records of your travel since 2009? Do you know that the location history can be turned off? If you would like to take control of your data, read on.  To check what Google Maps stores about you, go to the following link - https://www.google.com/maps/timeline?pb 1. You’ll be able to see your timeline at the top left. If you click on today, you be able to check your today’s history. You can also check your travel records by changing the date and time. The red portions show where you have visited frequently over time. 2. A good decision would be t

The body did not move when touched. The police carefully placed the body on the floor after it was found hanging from the fan. There was a suicide note which gave detailed reasons as to why Siddharth (popularly known as Sid) had to take this extreme step. Sid’s mother was in a mental shock after reading the letter. She gave the letter to her husband who read it afterward. He could not believe what was written in that letter. The police officials asked the parents if they had noticed any change in Sid’s behavior over the last month. Well, they could have answered it only if they spent time with him. Sid’s parents were working as senior managers in MNCs. They tried to spend time with him sometimes, but work pressures and delivery timelines always kept them busy. Well, at least they did not disappoint Sid with the gifts he wanted. This time too, Sid got what he had demanded. The police officials confirmed that they would investigate what was written in the letter, but everyone k