Tuesday, December 10, 2013

Android, is it Secure?

Author: Nitin Gulia

Today our small devices like phone, tablets and note books works on open source operating systems and these devices are capable of doing most of the work that we used to do on Desktops and laptops. The Next generation of open operating system won’t be on desktops or mainframes but on our small devices that we carry every time with us.

Monday, November 11, 2013

New milestone in Payment Industry

Author: Swati Sharma

Those were old days when you have to take out your wallet and pay by cash. Plastic money has brought a revolution in payment Industry, now it is time to wave your mobile phone to make payments. NFC is establishing a new milestone in Payment Industry. Near field communication (NFC) is a set of standards for smartphones and similar devices to establish radio communication with each other by touching them together or bringing them into close proximity, usually no more than a few centimeters.

Friday, October 18, 2013

Select PCI DSS compliant service providers in India with these tips

Author: Nitin Bhatnagar

With global companies outsourcing payment card industry (PCI) processes to India, the country’s information security paradigms may be shifting to meet international standards. However, since PCI Data Security Standard (DSS)compliance is a relatively new development in India, it would be prudent to evaluate how it is actually addressed. This tip highlights important considerations to be kept in mind while forging an outsourcing relationship with a PCI DSS compliant Indian service provider.

Wednesday, September 11, 2013

Comparison between ISO 27005, OCTAVE & NIST SP 800-30

Author: Anuj Tewari

Unfortunately, hope is not a plan, so organizations look to standards bodies for guidance on security best practices. But choosing a best practices standard or framework to follow is its challenge. There are many of them and many factors to evaluate, including the standards’ similarities to existing organizational practices, costs, complexity, supporting documentation.

Thursday, August 1, 2013

Detecting card numbers

Author: Anuj Tewari

The Payment Card Industry Data Security Standard (PCI DSS for short) requires that card numbers are not transmitted insecurely and are not displayed to  most users unmasked. Naturally a network monitoring system such as an IDS or an IPS seems like a natural enforcement system to ensure that such information is not sent against the regulation over a network but a closer examination shows that a correct implementation is far from trivial. And Network Vulnerability Tests are also helpful in detecting that any sensitive information is present in the environment or not.

Friday, July 5, 2013

Combat social engineering attacks with these mantras

Author: Nitin Bhatnagar

Social engineering refers to the infringement of organizational security by influencing employees into exposing confidential information. Its main tool is the use of psychological tricks to attain an employee’s trust, instead of technical practices. Social engineering comprises frauds such as obtaining a password by acting as an employee or leveraging social media platforms to identify new employees and trap them into providing customer critical information. It also includes many other efforts that breach security by achieving trust. Such breaches can prove deadly in Indian organizations.

Thursday, June 20, 2013

Identifying Web Application Firewall in a Network

Authors: Shishir Kumar & Anuj Tewari

Web Application Firewall (WAF) plays an integral role in securing the Web applications as WAF can mitigate risks and offers protection against a wide-range of vulnerabilities. This is why many organizations have implemented WAF solutions in their infrastructure. Implementation of WAF is just not the solution for resolving the security problems that a Web based applications might have, proper configuration is required in order to make the WAF capable of identifying and blocking many of the web-app attacks.