Almost 2 years from the time we all witnessed the Experian Data Breach, we are at the stage where we all are informed about the Equifax Data Breach. Now, with almost half of the US Consumers are probably hit by this breach, Equifax made a statement that not all information was compromised. Well, if Name, …
Cyber Security Program the way I have often observed in various organization over the years, is lead with piecemeal approach. There is no holistic view or review of the same and the Cyber Security team, often to be counted on fingers, is left to fend the entire organization’s Information and Information Technology establishments. The other …
Fifteen (15) years after the .com bubble burst, the market is once again booming with the startups with some niche some traditional business ideas. Its’ not that the Startup market had dried up in between, but the intensity with which the Startups were being worked on has picked up good time once again. There were …
It has been almost a month that Experian reported a breach in which 15 million T-mobile customer accounts were said to be compromised. The information included names, addresses, email ids, social security numbers and few more details of the T-mobile customers in USA. Though Experian was quick to react before the information could have been misused …
Many a times we encounter situations where we find that certain Information Security Policy requirements and considerations are not in line with the Global Security Best Practices and they actually are not in-line with the Global Standards to that effect. But, the major mistake that we make at such a point is to take into …
Finally the fact has been said. Safe Harbor is an instrument for US companies to use at comfort and will to state compliance to EU DPD. I said instrument because it was tilted for the benefit of US companies with “Self signing to assert compliance” with absolutely no country level Privacy Law. Interesting point to …
It is interesting to note that the Government of India’s Department of Engineering and Information Technology has issued National Encryption Policy for public comment. And today the first addendum for the same has been issued for the people to refer to. However, when it comes to the overall policy, it has been left out pretty …
Information Security and IT operations generally do not go hand in hand or I rather make a not so controversial statement that IT Operations Folks generally don’t like Information Security Folks for they see the Information security folks to be the Show Stoppers. The way I have witnessed it in my career, I have had …
With the advent of Mobile Platforms, the biggest challenge that parents face is to restrict the kids from accessing vulnerable sites or say malware that may be hosted on the “Malicious Sites.” Though more or less the Kids face same kind of threats as the adults where they can be susceptible to malware, viruses, trojans …
PCI-DSS and requirement of Risk Assessment have a very close relationship. In effect PCI-DSS has specified the requirement for an annual risk assessment as per the control 12.2 and has mentioned the requirement under guidance for requirement 10.6.2 and Testing Procedures for requirement 11.5. PCI-DSS requirement 12.2 establishes the requirement for implementing a risk assessment …
