User talk:Raghavendra Rao PV - Revision history

Raghavendra Rao PV: /* Information Security */ new section

2016-06-30T11:34:14Z

‎Information Security: new section

Raghavendra Rao PV at 11:33, 30 June 2016

2016-06-30T11:33:36Z

Raghavendra Rao PV at 03:29, 29 June 2016

2016-06-29T03:29:57Z

Raghavendra Rao PV at 03:09, 29 June 2016

2016-06-29T03:09:43Z

Raghavendra Rao PV at 03:02, 29 June 2016

2016-06-29T03:02:51Z

Raghavendra Rao PV: /* 6. Security Terminologies */

2016-06-29T02:49:10Z

‎6. Security Terminologies

Raghavendra Rao PV: /* Vulnerability Identification */

2016-06-29T02:48:29Z

‎Vulnerability Identification

Raghavendra Rao PV: /* 5. Current Trend */

2016-06-29T02:46:07Z

‎5. Current Trend

Raghavendra Rao PV: /* Security Terminologies */

2016-06-29T02:45:11Z

‎Security Terminologies

Raghavendra Rao PV at 02:44, 29 June 2016

2016-06-29T02:44:24Z

← Older revision		Revision as of 11:34, 30 June 2016
Line 81:		Line 81:

	With the recent trend, seems like Organizations are willing to invest on Security Advisors who have a quality development experience and who can develop a security framework which identifies vulnerabilities based on custom-defined Perl Scripts. The strategy could be ''to eliminate the use of Commercial tools'' (thus saving huge amount on the tool license cost) or ''other open source tools'' and to attract Customers with custom-built security testing frameworks.		With the recent trend, seems like Organizations are willing to invest on Security Advisors who have a quality development experience and who can develop a security framework which identifies vulnerabilities based on custom-defined Perl Scripts. The strategy could be ''to eliminate the use of Commercial tools'' (thus saving huge amount on the tool license cost) or ''other open source tools'' and to attract Customers with custom-built security testing frameworks.
		+
		+	== Information Security ==
		+
		+	== '''1. Security Terminologies ''' ==
		+	1. '''Vulnerability:''' A weakness or a loophole that can be exploited by one or more threats
		+	2. '''Threat:''' Potential cause of an incident due to a weakness or loophole that may result in harm to a system or Organization
		+	3. '''Risk:''' Potential result an threat exploiting a vulnerability
		+	4. '''Attack:''' A successful exploit of an vulnerability leading to loss of Confidentiality, Integrity and Availability
		+
		+	a. '''Data:''' Is a collection of characters and numbers. Also termed as Raw data. For example: 4528-6547-6547
		+
		+	b. '''Information:''' Meaningful data, processed data. For example: 4528-6547-6547 is your Credit card number
		+
		+	c. '''Information Security:''' The art of securing your data such that no sensitive information is disclosed to unintended users
		+
		+	== '''2. Vulnerability Identification ''' ==
		+	There exists various Products, Vendors, Service Providers who identify security vulnerabilities in our Softwares/applications/products. Automated tools undoubtedly simulates the attack pattern to identify multiple occurrences of security issues and help reduce the manual effort. Manual security reviews compliment the automated tool findings by understanding the Business needs, Organization policies and identifying only the relevant security issues.
		+
		+	== '''3. Vulnerability Reporting ''' ==
		+	Automated tools play a very crucial role in reporting the identified vulnerabilities. They provide an insight about the vulnerability, the exact line number or field name or parameter where the vulnerability was reported and relevant Industry Standard fix recommendations. These tools are a enormous repository of vulnerability and fix recommendations which assists the Management and the Developer community to understand about the vulnerability and the steps to be considered while fixing them.
		+
		+	A Security experts intervention is again required to provide relevant fix recommendations that will help the Development Teams to secure the reported vulnerability in-line with the Organizations security policy and keeping in mind the Business requirements outlined by their respective Clients/Customers.
		+
		+	== '''4. Vulnerability Management ''' ==
		+	Identifying and reporting vulnerabilities is one part of the job, however the main intention of Vulnerability Identification and Reporting is to fix the vulnerabilities. Each identified vulnerability must be tracked to closure. Various Industry Standards and Compliance recommend Organizations to implement a vulnerability management process. Most of the Organizations even abide by such Compliance by maintaining their own process, however as per my personal experience in the Industry, I am yet to find One common Vulnerability Management tool used world-wide across Organizations, until [http://www.securefirst.in SecureFirst Solutions Private Limited] came up with an Enterprise Security Cloud based Vulnerability Management System (VMS).

← Older revision		Revision as of 11:33, 30 June 2016
Line 81:		Line 81:

	With the recent trend, seems like Organizations are willing to invest on Security Advisors who have a quality development experience and who can develop a security framework which identifies vulnerabilities based on custom-defined Perl Scripts. The strategy could be ''to eliminate the use of Commercial tools'' (thus saving huge amount on the tool license cost) or ''other open source tools'' and to attract Customers with custom-built security testing frameworks.		With the recent trend, seems like Organizations are willing to invest on Security Advisors who have a quality development experience and who can develop a security framework which identifies vulnerabilities based on custom-defined Perl Scripts. The strategy could be ''to eliminate the use of Commercial tools'' (thus saving huge amount on the tool license cost) or ''other open source tools'' and to attract Customers with custom-built security testing frameworks.
−
−	~~== '''6. Security Terminologies ''' ==~~
−	~~1. '''Vulnerability:''' A weakness or a loophole that can be exploited by one or more threats~~
−	~~2. '''Threat:''' Potential cause of an incident due to a weakness or loophole that may result in harm to a system or Organization~~
−	~~3. '''Risk:''' Potential result an threat exploiting a vulnerability~~
−	~~4. '''Attack:''' A successful exploit of an vulnerability leading to loss of Confidentiality, Integrity and Availability~~
−
−	~~a. '''Data:''' Is a collection of characters and numbers. Also termed as Raw data. For example: 4528-6547-6547~~
−
−	~~b. '''Information:''' Meaningful data, processed data. For example: 4528-6547-6547 is your Credit card number~~
−
−	~~c. '''Information Security:''' The art of securing your data such that no sensitive information is disclosed to unintended users~~
−
−	~~== '''7. Vulnerability Identification ''' ==~~
−	There exists various Products, Vendors, Service Providers who identify security vulnerabilities in our Softwares/applications/products. Automated tools undoubtedly simulates the attack pattern to identify multiple occurrences of security issues and help reduce the manual effort. Manual security reviews compliment the automated tool findings by understanding the Business needs, Organization policies and identifying only the relevant security issues.
−
−	~~== '''8. Vulnerability Reporting ''' ==~~
−	Automated tools play a very crucial role in reporting the identified vulnerabilities. They provide an insight about the vulnerability, the exact line number or field name or parameter where the vulnerability was reported and relevant Industry Standard fix recommendations. These tools are a enormous repository of vulnerability and fix recommendations which assists the Management and the Developer community to understand about the vulnerability and the steps to be considered while fixing them.
−
−	A Security experts intervention is again required to provide relevant fix recommendations that will help the Development Teams to secure the reported vulnerability in-line with the Organizations security policy and keeping in mind the Business requirements outlined by their respective Clients/Customers.
−
−	~~== '''9. Vulnerability Management ''' ==~~
−	Identifying and reporting vulnerabilities is one part of the job, however the main intention of Vulnerability Identification and Reporting is to fix the vulnerabilities. Each identified vulnerability must be tracked to closure. Various Industry Standards and Compliance recommend Organizations to implement a vulnerability management process. Most of the Organizations even abide by such Compliance by maintaining their own process, however as per my personal experience in the Industry, I am yet to find One common Vulnerability Management tool used world-wide across Organizations, until [http://www.securefirst.in SecureFirst Solutions Private Limited] came up with an Enterprise Security Cloud based Vulnerability Management System (VMS).

← Older revision		Revision as of 03:29, 29 June 2016
Line 103:		Line 103:

	== '''9. Vulnerability Management ''' ==		== '''9. Vulnerability Management ''' ==
−	Identifying and reporting vulnerabilities is one part of the job, however the main intention of Vulnerability Identification and Reporting is to fix the vulnerabilities. Each identified vulnerability must be tracked to closure. Various Industry Standards and Compliance recommend Organizations to implement a vulnerability management process. Most of the Organizations even abide by such Compliance by maintaining their own process, however as per my personal experience in the Industry, I am yet to find One common Vulnerability Management tool used world-wide across Organizations, until ~~SecureFirst Solutions Private Limited~~ [http://www.securefirst.in ~~link title~~]	+	Identifying and reporting vulnerabilities is one part of the job, however the main intention of Vulnerability Identification and Reporting is to fix the vulnerabilities. Each identified vulnerability must be tracked to closure. Various Industry Standards and Compliance recommend Organizations to implement a vulnerability management process. Most of the Organizations even abide by such Compliance by maintaining their own process, however as per my personal experience in the Industry, I am yet to find One common Vulnerability Management tool used world-wide across Organizations, until [http://www.securefirst.in SecureFirst Solutions Private Limited] came up with an Enterprise Security Cloud based Vulnerability Management System (VMS).

← Older revision		Revision as of 03:09, 29 June 2016
Line 103:		Line 103:

	== '''9. Vulnerability Management ''' ==		== '''9. Vulnerability Management ''' ==
		+	Identifying and reporting vulnerabilities is one part of the job, however the main intention of Vulnerability Identification and Reporting is to fix the vulnerabilities. Each identified vulnerability must be tracked to closure. Various Industry Standards and Compliance recommend Organizations to implement a vulnerability management process. Most of the Organizations even abide by such Compliance by maintaining their own process, however as per my personal experience in the Industry, I am yet to find One common Vulnerability Management tool used world-wide across Organizations, until SecureFirst Solutions Private Limited [http://www.securefirst.in link title]

@@ Line 94: / Line 94: @@
 c. '''Information Security:''' The art of securing your data such that no sensitive information is disclosed to unintended users
-== '''7. Vulnerability Identification''' ==
+== '''7. Vulnerability Identification ''' ==
-There exists various Products, Vendors, Service Providers who identify security vulnerabilities in our Softwares/applications/products. Automated tools undoubtedly simulates the attack pattern to identify multiple occurrences of security issues and help reduce the manual effort
+There exists various Products, Vendors, Service Providers who identify security vulnerabilities in our Softwares/applications/products. Automated tools undoubtedly simulates the attack pattern to identify multiple occurrences of security issues and help reduce the manual effort. Manual security reviews compliment the automated tool findings by understanding the Business needs, Organization policies and identifying only the relevant security issues.

@@ Line 82: / Line 82: @@
 With the recent trend, seems like Organizations are willing to invest on Security Advisors who have a quality development experience and who can develop a security framework which identifies vulnerabilities based on custom-defined Perl Scripts. The strategy could be ''to eliminate the use of Commercial tools'' (thus saving huge amount on the tool license cost) or ''other open source tools'' and to attract Customers with custom-built security testing frameworks.
-'''== 6. Security Terminologies =='''
+== '''6. Security Terminologies ''' ==
 . '''Vulnerability:''' A weakness or a loophole that can be exploited by one or more threats
 . '''Threat:''' Potential cause of an incident due to a weakness or loophole that may result in harm to a system or Organization

@@ Line 82: / Line 82: @@
 With the recent trend, seems like Organizations are willing to invest on Security Advisors who have a quality development experience and who can develop a security framework which identifies vulnerabilities based on custom-defined Perl Scripts. The strategy could be ''to eliminate the use of Commercial tools'' (thus saving huge amount on the tool license cost) or ''other open source tools'' and to attract Customers with custom-built security testing frameworks.
-== Security as a Service ==
+== Security Terminologies ==
-== SecureFirst Solutions ==
+b. '''Information:''' Meaningful data, processed data. For example: 4528-6547-6547 is your Credit card number
-We operate from Bengaluru, Karnataka, INDIA and reachable at: info@SecureFirst.in
+'''Information Security:''' The art of securing your data such that no sensitive information is disclosed to unintended users
-Conducting security assessments across ALL phases of SDLC for a particular Project and a Client is a tedeous activity. Managing and tracking each identified security vulnerability to closure is hectic and there are possibilities of loosing track due to various unavoidable reasons.
+== Vulnerability Identification ==
+There exists various Products, Vendors, Service Providers who identify security vulnerabilities in our Softwares/applications/products. Automated tools undoubtedly simulates the attack pattern to identify multiple occurrences of security issues and help reduce the manual effort