eCommerce:
PCI-DSS- PCI- Data Security Standards.
PA-DSS- Payment Applications Data Security Standards.
Financial Services:
GLBA- Gramm-Leach-Bliley Act.
Energy:
NERC- North American Electric Reliability Corporation.
FERC- The Federal Energy Regulatory Commission.
Government:
FISMA- Federal Information Security Management Act of 2002.
Others:
HIPAA- Health Insurance Portability and Accountability Act of 1996.
SOX- Sarbanes–Oxley Act of 200.
ISACA- Information Systems Audit and Control Association.
OSSTMM- Open Source Security Testing Methodology Manual.
OWASP- Open Web Application Security Project.
Certifications:
CISSP- Certified Information Systems Security Profession.
CISA- Certified Information Systems Auditor is a professional certification for Information technology audit professionals sponsored by the Information Systems Audit and Control Association (ISACA).
CEH- Certified Ethical Hacker.
Thursday, April 14, 2011
Thursday, April 7, 2011
Change in Face of a Cyber crime
No longer is he very interested in bringing our computer down with a virus. He is far more focused on getting information about us, our passwords, our bank account numbers, our credit card number. He is interested in taking control of our computer remotely, so that he can conduct illegal activities through our computer, and when the cyber police coming looking, we become the suspect, not him. And there are many today who are struggling to prove that they were merely innocent victims of a compromised computer.
Wednesday, April 6, 2011
David Freer | VP FOR CONSUMER SALES IN ASIA-PACIFIC IN SYMANTEC
Cybercrime has exceeded the illegal drug trade in value. Cybercriminals find that it’s very easy money. And they are typically young, university-educated people.
Tuesday, April 5, 2011
IDC Claims
IDC claims that in all the Non Functional testing types “ Security Testing” is the most wanted by the industry these days.
Saturday, April 2, 2011
New addition to: Myths of application security.
It is harad to believe/ amazing/ shocking when I come to know that few of the stake holder's understanding.
In one of my very recent customer interaction, I came to know that even if they feel like there is a need of security/ penetration testing but testing will be done once in a while like once in a 6 months or once in a year.
Other myths I posted before.
Myth 1: We have firewalls in place.
Myth 2: We encrypt our data.
Myth 3: We have a privacy policy.
Myth 4: The IDS (Intrusion Detection System) protects my web server and database.
Myth 5: Our application meant for internal user.
In one of my very recent customer interaction, I came to know that even if they feel like there is a need of security/ penetration testing but testing will be done once in a while like once in a 6 months or once in a year.
Other myths I posted before.
Myth 1: We have firewalls in place.
Myth 2: We encrypt our data.
Myth 3: We have a privacy policy.
Myth 4: The IDS (Intrusion Detection System) protects my web server and database.
Myth 5: Our application meant for internal user.
Subscribe to:
Posts (Atom)