Skip to main content

Posts

Showing posts from October, 2014

Threats & vulnerabilities considered for risk assessment

Hello Friends, Today I want to share the Threats & vulnerabilities we considered for implementing risk assessment. The list comprehends also threats & vulnerabilities from ISO 22301 in order to have the larger effect possible on improving confidentiality, integrity and availability of the assets. THREATS Access to the network by unauthorized persons Breach of contractual relations Breach of legislation Compromising confidential information Concealing user identity Damage caused by a third party Damages resulting from penetration testing Destruction of records Disaster (human caused) Disaster (natural) Disclosure of information Disclosure of passwords Eavesdropping Embezzlement Errors in maintenance Failure of communication links Falsification of records Fire Flood Fraud Industrial espionage Information leakage Interruption of business processes Loss of electricity Loss of support services Malfunction of equipment Malicious code Misuse of informa...

CIA Triad for- Base of Information security

The essential security principles of confidentiality, integrity, and availability are often  referred to as the  CIA Triad. All security controls must address these principles. These three  security principles serve as common threads throughout the CISSP CBK. Each domain  addresses these principles in unique ways, so it is important to understand them both in  general terms and within each specific domain: Confidentiality is the principle that objects are not disclosed to unauthorized subjects. Integrity is the principle that objects retain their veracity and are intentionally modified by  authorized subjects only. Availability is the principle that authorized subjects are granted timely access to objects  with sufficient bandwidth to perform the desired interaction. Different security mechanisms address these three principles in different ways and offer varying  degrees of support or application of these principl...

Hackers develop ATM -malware : No Card.. !! No PIN...!!

Security issues associated with Windows XP-driven ATMs - following the operating system going end-of-life earlier in the year - it appears that criminals have moved in for the kill, developing malware specifically designed to exploit cash machines that still run the embedded operating system. According to Kaspersky Lab, which has been working with Interpol on the issue, the malware - Tyupkin - allows criminals to gain cardless access to ATM funds using six digit access codes.Vicente Diaz, Kaspersky's principal security researcher said that the fraud shows that criminals are improving their tactics and appear to be able to gain enough access to ATMs to install program code.Kaspersky claims that the Tyupkin malware does not infect ATMs, but must be installed via physical access to the device. The criminals are then are able to check the amount of notes in each of the ATM's cartridges and select from which cartridge to draw up to 40 notes at a time.Diaz says that, based on ...