Vikas on Security

Certified Information Systems Security Professional ( CISSP ) is an information security certification developed by the International Information Systems Security Certification Consortium, also known as (ISC)². CISSP exam is supposed to be the gold standard in InfoSec certifications. On the job experience is crucial for both the exam and the certification process. To pass the CISSP Exam  you need to get a a minimum score of 700 out of 1,000. The exam is 6 hours long and includes a mix of 250 multiple-choice, drag-and-drop and hotspot questions. It currently costs $599.   To qualify for this cybersecurity certification, you must have: At least least five years of cumulative, paid, full-time work experience in two or more of the eight domains of the (ISC)2 CISSP Common Body of Knowledge (CBK) From 2015, the CISSP curriculum is divided into eight domains: Security and Risk Management. Asset Security. Security Engineering. Communications and Network Securit...

                           In order to stay updated and aware of the latest happening in InfoSec space it is essential to continuously update your knowledge  through learning. Attending conferences physically has its distinct advantages of learning and networking both. However  it is not always possible for busy professionals to attend the same.Most of this knowledge is acquired through various sources. In this blog I will jot down the various online sources of which I have used to update my knowledge in this field. Virtual conferences , On demand courses and webinars are the various ways which I have used to enhance my knowledge and skills. I will now list  down the specific resources I have used over the last two years to upgrade my knowledge of various areas of Cyber Security. Cybrary -   It is an online repository of ...

Equifax  breach  - What happened , poor response and what can we learn from it Equifax is one of the biggest credit rating agencies in the world and stores data of large number of Americans while rating their credit worthiness. It is recently came into news that a large amount of their data had been compromised and been stolen by hackers. They had become aware of the breach in July but officially declared it a month later. The immediate outcome of the breach has been that both the CISO and the CIO have “ retired ” from the company. Hackers stole personal information for as many as 143 million individuals from Equifax’s credit files, leaving them vulnerable to identity theft. The information includes names, birth dates, addresses and Social Security numbers. Reason for the breach Technically, the fault lay in an unpatched Apache Struts server application which was exploited by hackers to steal data from the server. This again points to the fact that most br...

Enhancing your Cloud Security Knowledge through Cloud Security Alliance(CSA)’s  CCSK  certification CCSK Certificate of Cloud Security Knowledge Introduction Cloud computing is the latest disruptive technology affecting the IT landscape with number of businesses transitioning to the cloud to save capital expenses as well as take advantages of rapid scalability of cloud computing. However security is the biggest hindrance to high adoption as most businesses worry about losing control over data and do not intend to migrate completely to the cloud. To address this concern,  Cloud Security Alliance a non-profit organisation has launched various initiatives to improve and enhance Cloud Security knowledge. Preparation material They have also published a guidance document on Cloud Security, “Security Guidance for Critical Areas of Focus in Cloud Computing,” which is it in its third version. CSA has launched the  Certificate of Cloud Security Knowled...