Posts

Understanding the GDPR: General Data Protection Regulation

Image
The GDPR–or General Data Protection Regulation–is a regulation passed by the European Union on April 27, 2016, with an effective start date of May 25, 2018. Officially classified as regulation 2016/679, the GDPR expands upon and replaces the Data Protection Directive 95/46/EC of 1995. It serves as the EU’s effort to synchronize and harmonize laws on citizen and resident data privacy throughout its member states. GDPR is based on Privacy by Design/Default, a set of user-centric principles that bequeath a sacred status to user privacy from the get-go rather than as an afterthought. Piggybacking on that is the ability of users to sue organizations under the GDPR who might mishandle personal data. To accomplish this, the GDPR mandates new user-oriented information-handling processes to which EU companies will soon find themselves beholden, not to mention subject to significant penalties in the event of a violation. The complete text of the GDPR legislation clocks in at 88 page

Launch of Systems Security Certified Practitioner Practice Questions

Image
Dear Readers, I'm happy to announce that my first course is live now on Udemy. There are 200+ practice questions for the Systems Security Certified Practitioner certification offered by (ISC)2 which are now available for you to practice. These questions have been created to capture the actual difficulty of the real exam. All the domains of the SSCP certification have been covered. The course is divided into 6 practice tests. The first 4 tests are focussed on domain-specific questions while the 5th test is focussed on mixed questions. Part 6 is a bonus bonanza for the exam takers where again certain specific questions have been asked. Here is the link to the exam:  https://www.udemy.com/systems-security-certified-practitioner-practice-questions More questions will be added soon in the exam. Check out this blog (sidebar) for discounted coupon codes for the exam. CISSP practice tests are also on their way on Udemy. Happy Learning.

Access Control and Mark Up Languages

Image
Just like humans use language to talk to each other, we use languages to talk to computers as well. From an identity management and access control purposes, we are going to learn about some specific languages, but before that, it is important to understand the basics. Today, if you visit a website, you see different kinds of animations, text floating around, advertisements which are interactive, customs views etc. How does this happen? This happens through markup languages and of course some background coding. What is a markup language then?  A markup language is a way to structure text and data sets, and it dictates how these will be viewed and used. When you adjust margins and other formatting capabilities in a word processor, you are marking up the text in the word processor’s markup language. If you develop a web page, you are using some type of markup language. One such language which you would have heard about is the HTML (Hypertext Markup language). HTML came fro

[Sponsored ]Key Features to Look for in a Salesforce Cisco Integration

Investing in a robust CRM like Salesforce is one of the best decisions a business can make. These days where customer experience drives business success, leverage technology like Salesforce indicates a commitment to delivering great service and contributing meaningfully to the success of your customers. Salesforce has allowed companies to build tech stacks that truly work for their teams. For client-facing teams, a reliable CTI like Salesforce-Cisco integration is indispensable. Computer Telephony Integration or CTI allows teams to connect CRMs like Salesforce to their phone systems. Today, millions of users rely on Salesforce and Cisco, as these solutions are both reliable and time-tested. Integrating the two allows teams to get the most out of each one. Contact centers, helpdesks, sales floors, and customer service reps benefit from CTI solutions directly through features that they use in their daily workflows. When searching for a Salesforce Cisco integration provider, mak

SSCP Video Course - Access Control Part 3

Image

SSCP Video Course - Access Control Part 2

Image

SSCP Video Course - Access Control Part 1

Image

Identification, Authentication, Authorization, and Accountability

Image
The 4 steps to complete access management are identification, authentication, authorization, and accountability. Many confuse or consider that identification and authentication are the same, while some forget or give the least importance to auditing. These are four distinct concepts and must be understood as such. Identification Whenever you log in to most of the websites, you submit a username. In case you create an account, you are asked to choose a username which identifies you. This username which you provide during login is “Identification”. It is simply a way of claiming your identity. From an information security point of view, identification describes a method where you claim whom you are. If you notice, you share your username with anyone. Your email id is a form of identification and you share this identification with everyone to receive emails. This means that identification is a public form of information. Authentication So now you have entered you

Security Risk Assessment in The Internet of Things

Image
Internet of Things henceforth referred to as IoT in the article refers to all the devices connected to the internet which “talk” to each other. This means if your washing machine is connected to the Internet and it talks to a cloud server giving its health information to the company’s server, it would qualify as IoT device.So, Simply, the Internet of Things is made up of devices – from simple sensors to smartphones and wearables – connected together. . The IoT is one of the most talked about technologies nowadays. Every company is working on its implementation and introduction into our daily lives. Given the increasing number of cyber-attacks, it makes sense to identify the risks faced by the deployment of this technology. The traditional method of doing a risk assessment involves identifying assets, their weaknesses, threats which they may face and potential danger in case of exploitation. On identification of these risk, they are prioritized and countermeasures are adopte

Risk Analysis Approaches

Image
Which color do you like? Choose one – Red, Amber or Green. Let’s try another one – How much would you like your company’s risk to cost – 10,000 $, 20,000 $ or 50,000? Choose one again. Confused? Don’t be. After all, risk analysis is about analyzing risk either in terms of color or a heat map or numbers. The two approaches to risk analysis are Quantitative & Qualitative. Let’s understand them. Quanti – tative Approach This break will help you remember that this approach is related to numbers . Quanti refers to numbers here. We assign monetary and numeric values to all aspects of risk analysis. If you revisit the topic of Risk Assessment , we identified that there are multiple parameters to be taken care of while calculating risk. Hence, in this approach, we assign monetary values to each aspect so that at the end we can quantify or measure what is the value of the risk in dollar terms.  Let’s understand this through a simple example –  There is a buildi