Thursday, 25 February 2016
With the increasing trend of surveillance from governments agencies, Especially journalists must have to be very attentive about their communication mediums. Their sources always require the confidentiality of the identity and non-disclosure of the message content. Federal agencies always keep an eye on journalists who have sources among anti-state and sometimes government houses as well.
Encryption is the solution for this technique. Encryption can be simply defined as the scrambling of data using a sophisticated algorithm and the only way to understand this message is via password used to encrypt the message.
But the functional specialty of journalists don't make them to understand the sophistication the Encryption. But Yes! there are some good possibilities available which journalists can use. But before going to know about them. Let's nail some of the big so-called encrypted email service providers.
Most of the journalists and other privacy-concerned people use Hushmail - self-claimed encrypted email provider. But unfortunately it is not true. A story published in Weird, when Hushmail provided email copies to the fed agencies.
Ghostmail claims to offer the encrypted emails but their solutions partially works. Because when you are sending email to non-ghostmail user, it goes unencrypted. Ghostmail encryption only works when you both are on same email server.
SafeGmail is a chrome extension which enables you to encrypt your message inside Gmail. As you can see here that several times a year Google Chrome get compromised and sometimes its extensions also loads Malware in your browser which can influence other extensions as well. So don't really want to rely on a single browser extension.
In coming articles, I will discuss some of the ways which you can use to send encrypted texts. Keep connected with me.
Sunday, 7 February 2016
With the increase rate of Data Breaches in recent years, clients are worried to become customer of any big company. The Data breach have affected every big industry Including IoTs manufacturers, Health Industry and Banks. Last year, most of the money spent was on the breach in health industry and ransomware or trojan in Banking systems.
Companies are bit more concerned to Information Security now and looking for solutions to convince their clients especially those which are recently affected by data breaches.
What is ISMS?
ISMS refers to the Information Security Management System. This is the strategic system which can be used by a company to establish and maintain and Information Security System.
What is ISO/IEC 27001:2013?
ISO 27001:2013 is best-known standard for Information Security Management System Developed by International Organization for Standardization also known as ISO. ISO is a non-government International Organization with 162 national standards body members.
The ISO 27001:2013 have all the legal, technical and physical procedures for the risk management of Information Systems. According to its documentation:
provide a model for establishing, implementing, operating, monitoring, reviewing, maintaining and improving an information security management system.
This specification is based on the following 6 points:
- Define the Security Policy
- Define the Scope of ISMS
- Conduct a Risk Assessment
- Manage Identified Risks
- Select control objectives and controls to be implemented.
- Prepare a statement of applicability.
|According to the survey Conducted by ISO in 2014|
What does ISO 27001 Provides?
You can use this specification for two purposes:
- To use it for the risk assessment and management of your Information Systems.
- Certification is not obligatory but you can have it to reassure your clients that you are following the guidelines which are mentioned in this standard.
Scope of This Standard?
This international standard is intended for any organization irrespective of their size, type or nature. This will help in the establishment, maintenance and response to the Information security risks to your systems.
Friday, 5 February 2016
Data breaches of 2015 wasn't lacking any surprises. We need to get ready ourselves for Information Security challenges in 2016. InfoSec conferences are the best way to get the valuable updates in the developments of this field. Following are the 10 must-attend information security conferences in 2016. Dates are not announced by some of these organizers so make sure to check their websites listed below.
1. Defcon Hacking Conference
Defcon Information security conference is equally liked by the security professionals and hackers as well. It was started in 1993 and Now they arrange their events all around the globe. Defcon attendees involves security researchers, hackers, journalists and lawyers who have taste to learn and update themselves about the developments in the field of information security. In 2013, Defcon founder Jeff Moss, aka The Dark Tangent Said about the Federal agents attending this event,
When it comes to sharing and socializing with feds, recent revelations have made many in the community uncomfortable about this relationship. Therefore, I think it would be best for everyone involved if the feds call a "time-out" and not attend DEF CON this year.
2. RSA Conference USA 2016
RSA Conference 2016 is going to be organized in last week of February and the venue will be San Francisco. This conference is famous for their learning labs and crowdsourced sessions. This year's speakers includes Candy Alexander, Parham Eftekhari, Mathew Green and Bahador Ghahramani.
3. InfoSec World Conference and Expo 2016
This conference is going to be held in April 2016, Florida. This conference is organized by MIS Training Institute and sponsored by HP, Dell, MalwareBytes and others. This year's speakers includes Simon Singh, Lance James, Jeffery Ritter and Marcus Sachs. George Dolicker, CISO, INC Research said,
I've been attending InfoSec World since 1997 and always find good value and content that I can immediately put to use when I get home.In 2015, Event had 1200 attendees and over 75 speakers. Topics ranged from IoT, cloud, threat intelligence, mobile, insider threats, and software development, just to name a few.
4. Infosecurity Europe 2016
This is the Europe's main show for Information Security. This is going to take place in London this June. Their speaker count exceeds the 260 according to the audit done by ABC.
5. Black Hat Asia 2016
Black Hat Asia is going to be held in Singapore in the last week of March. This event will also spread its magic in Las Vegas and London as well. The topics of discussion ranges from Increasing Market of Commercial Android Spywares to Hacking in Professionally-built drones.
6. SANS Information Security Training
Among the other 100+ Information security related events going to be organized near you, SANS Orlando 2016 is best of them. This includes the total 43 one-day and two-day courses. Courses ranges from Cyber Threat Intelligence to Cyber Security in Health Care.
|Early Year Events by SANS - Screenshot grabbed from here|
7. Bsides Security Conferences
Bsides is a community-driven organization arranging free-to-attend Security Conferences around the globe. Cost is tolerated by the sponsors. Their events are organized all around the globe including Mexico, Japan, China, Iceland and India.
8. IBM InterConnect 2016
Organized by the IBM, InterConnect 2016 is going to be held in Las Vegas, last week of February. This is best for Chief Information Security Officers. This conference features the following topics:
- Security Intelligence & Analytics
- Advanced Threat Protection & Research
- Fraud & Cybercrime Protection
- Identity Management & Governance
- Application & Data Protection
- Endpoint Security & Management
9. Global Privacy Conference Washington, DC
Organized by IAPP a non-profit organization founded in 2000. This privacy conference is best attended by the Lawyers and Policy makers. Their sponsors includes the AT&T and Microsoft as well.
10. Cyber Secure Pakistan, 2016
How Can I forget about this one, CSP annual conference is the pioneer Information Security Conference organized by the PISA and UltraSpectra. From trainings, hacking games like Capture the flag to discussion on Cyber Law of the Country in the perspective of Changing horizon of the Information Security World. I found everything there. If you are from Pakistan than you must attend it either you are blogger, hacker, CISO or lawyer.