Skip to main content

Posts

Showing posts from July, 2018

Bash Reverse Shell explained.

 

Non-Sense or Over-Confidence? TRAI chairman's personal data leaked after he threw the Challenge

So finally some proof has been shown on personal data leakage to the Indian Bureaucrats . As per Government of India, "There is nothing called absolute right to privacy" and the privacy “should be subject to reasonable restrictions.” Read my previous post on Why India needs a Stringent Data Privacy Law? Here. Citizen's personal data has been shared with various organizations those are in sectors like Telecom, Service, retailers, E-commerce etc. In my opinion, before implementing the data sharing, the government must implement some data privacy laws and standards like the European GDPR in India. Once it is implemented and audited properly for the compliance, then the government can consider about data sharing. Currently there is no stringent laws and policies on data leak. The penalty is there for a few clauses but considering the value of the data, the penalty is negligibly small.   The Reply came within hours , Sweet Sour !!! The TRAI chairman challenged A

Part 2-InfoSec Scribbling : ISO/IEC 27001:2013

:: InfoSec Study Notes : Scribbling on ISO/IEC 27001:2013 Standard Part-2::   For Part-1 of this series , Go here. Context of the Organization The organization needs to identify the Internal and external issues that can affect the expected outcome. Hence context becomes an important consideration and helps to ensure that the ISMS is designed and adapted for your organization. -External Issues-external to the organization     External issues may include:     government regulations and changes in the law, Political conditions     economic shifts in your market     Partner,Vendors and competitor.     events that may affect your corporate image     Trends and changes in technology -Internal issues-within the organization and under direct control of the organization.     Internal issues can include :     regulatory requirements for the organization     strategies to conform to your policies and achieve your objectives     relationship with your staff and stakeholders,

Part 1-InfoSec Scribbling : ISO/IEC 27001:2013

:: InfoSec Study Notes : Scribbling on ISO/IEC 27001:2013 Standard Part-1::   ISO/IEC 27001:2013 is an information security management standard. Organizations use it to manage and control the information security risks, to protect and preserve the confidentiality,integrity, and availability of information, and to establish your information security management system (ISMS). -Is a systematic framework to manage information security related risks and protect important information. -Also consists of requirements for an ISMS Annex A- a list of control objectives and controls for information security. -Annex A provides an essential tool for managing security. A list of security controls (or safeguards) that are to be used to improve security of information. -In brief, the Annex A lists the following control objective. This is a very large list which have more sub-topics/controls.     -Security Policy Management     -Corporate Security Management     -Personnel Security Managemen