Posts

SSCP Video Course - Access Control Part 3

Image

SSCP Video Course - Access Control Part 2

Image

SSCP Video Course - Access Control Part 1

Image

Identification, Authentication, Authorization, and Accountability

Image
The 4 steps to complete access management are identification, authentication, authorization, and accountability. Many confuse or consider that identification and authentication are the same, while some forget or give the least importance to auditing. These are four distinct concepts and must be understood as such. Identification Whenever you log in to most of the websites, you submit a username. In case you create an account, you are asked to choose a username which identifies you. This username which you provide during login is “Identification”. It is simply a way of claiming your identity. From an information security point of view, identification describes a method where you claim whom you are. If you notice, you share your username with anyone. Your email id is a form of identification and you share this identification with everyone to receive emails. This means that identification is a public form of information. Authentication So now you have entered you

Security Risk Assessment in The Internet of Things

Image
Internet of Things henceforth referred to as IoT in the article refers to all the devices connected to the internet which “talk” to each other. This means if your washing machine is connected to the Internet and it talks to a cloud server giving its health information to the company’s server, it would qualify as IoT device.So, Simply, the Internet of Things is made up of devices – from simple sensors to smartphones and wearables – connected together. . The IoT is one of the most talked about technologies nowadays. Every company is working on its implementation and introduction into our daily lives. Given the increasing number of cyber-attacks, it makes sense to identify the risks faced by the deployment of this technology. The traditional method of doing a risk assessment involves identifying assets, their weaknesses, threats which they may face and potential danger in case of exploitation. On identification of these risk, they are prioritized and countermeasures are adopte

Risk Analysis Approaches

Image
Which color do you like? Choose one – Red, Amber or Green. Let’s try another one – How much would you like your company’s risk to cost – 10,000 $, 20,000 $ or 50,000? Choose one again. Confused? Don’t be. After all, risk analysis is about analyzing risk either in terms of color or a heat map or numbers. The two approaches to risk analysis are Quantitative & Qualitative. Let’s understand them. Quanti – tative Approach This break will help you remember that this approach is related to numbers . Quanti refers to numbers here. We assign monetary and numeric values to all aspects of risk analysis. If you revisit the topic of Risk Assessment , we identified that there are multiple parameters to be taken care of while calculating risk. Hence, in this approach, we assign monetary values to each aspect so that at the end we can quantify or measure what is the value of the risk in dollar terms.  Let’s understand this through a simple example –  There is a buildi

Risk Assessment Methodology

Image
Having understood Risk Management & Risk Assessment in earlier blog posts, it is time for us to understand the various methodologies of risk assessment. The industry has different standardized methodologies when it comes to carrying out risk assessments. Each of the individual methodologies has the same basic core components (identify vulnerabilities, associate threats, calculate risk values), but each has a specific focus. As a security professional, it is important for us to know the best approach for our organization and its needs. The first one is a considered a U.S. federal government standard called as the NIST, SP 800-30.   It lays out the following steps: • System characterization • Threat identification • Vulnerability identification     • Control analysis • Likelihood determination • Impact analysis • Risk determination • Control recommendations • Results documentation The NIST risk management methodology is mainly focused on:  a)

SSCP Video Course Domain : Risk Identification, Monitoring, and Analysis (Part 4)

Image

SSCP Video Course Domain : Risk Identification, Monitoring, and Analysis (Part 3)

Image

SSCP Video Course Domain : Risk Identification, Monitoring, and Analysis (Part 2)

Image