Vikas on Security

During my MTech in Computer Science from IIT Kharagpur I got a chance to take class on project management in Vinod Gupta School of Management( VGSOM). As I had executed number of projects in my career I felt this was relevant area to specialize. Towards this goal, I planned to acquire the PMI's Project Management Professional (PMP) ® certification. PMI's Project Management Professional (PMP)® credential is the most important industry-recognized certification for project managers.  The exam is based on the PMI Project Management Body of Knowledge (PMBOK) , and requirements to sit for the exam include, a bachelor's degree, at least 4,500 hours of experience leading and directing projects, and 35 hours of formal project management education. A candidate who passes the exam and meets the professional requirements is awarded the PMP certification. As I aspired to gain and certify my knowledge of project management I studied for three months and gave the PMP exam at the Promet...

To counter the ever increasing threats and attacks organisations are facing in this digitally connected world, it is essential to implement and run an effective Information Security Management System (ISMS) .   ISO 27001 is the most widely adopted and respected standard for implementing an ISMS in any organisation.  As the standard is proprietary very little concrete and useful information is available online and especially not free. Here Advisera ’s   Dejan Kosutic and the ISO 27001 Academy are filling in the gap by providing an excellent course on ISO 27001 standard. The free “ ISO 27001 2013 Foundations Course ” at Advisera is an excellent introduction to the standard and gives simple yet concrete steps to implement an ISMS in any organisation.  This free course is structured into six modules as given below Module 1 - Introduction to ISO 27001 Module 2 - The planning phase Module 3 -  Risk Management Module 4 - The DO  phase ...

Web Security Fundamentals Course by Troy Hunt Most organisations spend a lot of money and time securing their information systems by installing latest and costly network controls such as firewalls, intrusion detection and prevention systems. However the fact is that majority of the attacks in recent times have been on web applications. Be attacks on big corporations like SONY 2011 attack or the most recent Qatar National Bank data leak through SQL injection web applications are most vulnerable to attacks. Knowledge of Web application security is limited as most security professionals have a background in networks. For someone desiring to get a basic understanding of Web application security, the free online course, Web Security Fundamentals by Troy Hunt is a good start.         Troy Hunt’s short introductory course is a good overview to the top risks on the web. In a little over an hour, Troy nicely covers SQL injection, insufficient TLS...

Increasing my Cyber Security Knowledge I wrote this post as a diary entry in Jan 2016 towards my goal of acquiring expertise in Cyber Security. Since then I have been following this as guide and have added resources and material for it to become a reference for me to keep my learning aligned to my goals.          Cyber or Internet is such a vast field that learning about it and its security is huge exercise. Cyber Security issues spread over the realm of technical, managerial, policy, law and warfare. In 2016, I have set myself to learn about this field by covering the entire gamut. As the growth of technology of cyber realm moves very fast, it is essential to remain updated and well read. All this learning can be acquired through online courses, blogs, magazines and books. In the next few paragraphs I will cover the resources I am using to update, enhance, upskill and educate myself on Cyber Security. I would love to receive feedback on...

Understanding ISO 27001 - An Information Security Standard Over the last few month I have been reading about various IT and InfoSec frameworks such as COBIT , NIST CyberSecurity framework and ISO 27001 as well as CIS Critical Security Controls to find a suitable framework to implement in my organisation. ISO 27001 is one of the most important Information Security frameworks. ISO 27000 is a family of standards which if implemented properly helps an organisation secure its information assets. In this family, ISO 27000 consists of an overview and vocabulary, ISO 27001 defines the requirements for the program while ISO 27002, defines the operational steps necessary in an information security program. ISO 27001 is the standard which define requirements for an organisation to implement an Information Security Management System (ISMS) and is the main standard in ISO 27000 series. In simple words it describe how to manage information security in a company. It can be implemented in...