What is a DDoS based attack? A Distributed Denial-of-Service attack (DDoS attack) is an attempt to make a machine or network resource unavailable to its intended users by using multiple hosts attempting to connect simultaneously to the victim machine. It generally consists of the efforts of one or more people to temporarily or indefinitely interrupt […]

Introduction Protecting the confidentiality, integrity and availability of patient information by healthcare organizations became a legal requirement via the Health Insurance Portability and Accountability Act, (HIPAA), which came into enactment in 1996. HIPAA is a federal law, designed to protect the privacy of individually identifiable patient information, both physically and electronically. It provides continuity and […]

What is a Spear Phishing? Spear phishing is a deceptive communication technique in which a victim is lured via e-mail, text or tweet by an attacker to click or download a malicious link or file. The common objective of this technique is to compromise the victim machine by stealthily inserting a backdoor which seeks to […]

Bring your own device (BYOD) is the business policy of letting employees bring their own devices at workplace for doing work. The concept has gained popularity in recent years mainly due to the following reasons: Employees are more willing to spend on their devices as they have the ownership of the device. Maintenance and protection […]

What is Mobile Device Management? Mobile Device Management (MDM) software secures monitors, manages and supports mobile devices deployed across mobile operators, service providers and enterprises. MDM functionality typically includes over-the-air distribution of applications, data and configuration settings for all types of mobile devices, including mobile phones, smartphones, tablets, mobile printers, mobile POS devices, etc. This […]

On the 2nd of July 2013, the Indian Government formally approved and published the National Cyber Security Policy (NCSP). The policy had been lying as a draft document and awaiting its formal release for some years now. Whether it is the USA’s PRISM program or some other factor that pushed the Government to officially release it, […]

Introduction Advanced Persistent Threats (APTs) are growing as a serious concern as they represent a threat to an organization’s intellectual property, financial assets and reputation. In some cases, these threats target critical infrastructure and government institutions, thereby threatening the country’s national security itself. The defensive tools and other controls are frequently rendered ineffective because the […]

The new draft of ISO 27001 standard has been made more objective, logical in flow and precise, eliminating the elaborated and/or indirect contextual statements. As expected, the new ISO 27001 will be compliant with Annex SL of ISO/IEC Directives, in order to be aligned with all the other management standards. So, here are the main […]

In an earlier blog post I had published the summary of our findings of a malware analysis done, which had a number of common points with the Norman “Hangover” Report. At that stage the full report was not published, as I had initially wanted to share it with law enforcement agencies in India, which I […]

Introduction Compliance to the ISO 27001 standard and associated controls helps an organization to understand information security risks and develop an information security management system (ISMS) in order to address the risks identified. The ISO 27001 implementation process aims to provide management an intuitive understanding of information security. However, management also requires answers to the […]