Author: DKALYA

InfoSecWOTD#10 PII 🧍

Today’s #infosec Word of the Day #10 is

#PII 🧍

PII stands for Personally identifiable information. Any data that can identify an individual directly or indirectly. Some of the examples are name, address, social security number, telephone number, email address, etc.,

The loss of PII can result in substantial harm to individuals, including identity theft or other fraudulent use of the information. Recent leak of 700 million users of LinkedIn is an example. LinkedIn users should use caution when clicking on emails and be aware of social engineering attacks as this leak greatly increases the risks to especially LinkedIn users.

That is it for today, follow me for more tidbits, and hit that like button on this post to automatically engage in a conversation and keep #Learning!

A new word* will be posted tomorrow. Are you looking for previous word of the day? Just do a search for #INFOSECWOTD and you will be able to find them.

#learning!#cybersecurityawareness #cybersecurity #smurfattack #ddosattacks #DDos #PII #privacy

InfoSecWOTD#9 Smurfattack 😈

Today’s #infosec Word of the Day #9 is

#Smurfattack 😈

Smurf attack is a type of Distributed Denial of Service attack (DDoS). The name Smurf comes from the exploit / tool that was used which is called Smurf and it exploits vulnerabilities of the Internet Protocol (IP) and Internet Control Message Protocols (ICMP).

That is it for today, follow me for more tidbits, and hit that like button on this post to automatically engage in a conversation and keep #Learning!

A new word* will be posted tomorrow. Are you looking for previous word of the day? Just do a search for #INFOSECWOTD and you will be able to find them.

#learning!#cybersecurityawareness #cybersecurity #smurfattack #ddosattacks #DDos

InfoSecWOTD#8 RansomCloud 💀☁️

Today’s #infosec Word of the Day #8 is

#RansomCloud 💀☁️

RansomCloud is Ransomware that targets your cloud data. Basically. it works similar to a ransomware attack but will get system level access to your cloud environment through various means, one of them is #phishing. Once it has access to the cloud infrastructure, it runs its process of scanning and encryption of data (emails, Databases etc.) over the cloud.

That is it for today, follow me for more tidbits, and hit that like button on this post to automatically engage in a conversation and keep #Learning!. A new word* will be posted tomorrow. Are you looking for previous word of the day? Just do a search for #INFOSECWOTD and you will be able to find them.

#learning!#ransomcloud #cybersecurityawareness #cybersecurity #phising #ransomware #INFOSECWOTD

InfoSecWOTD#7 OT Cybersecurity 🧿

Today’s #infosec Word of the Day #7 is

#otcybersecurity 🧿

OT security / OT cybersecurity is the protection of the OT systems and assets from cybersecurity incidents due to the increased connectivity between cyber and physical realms.

Operational Technology (OT) is the use of hardware and software to achieve industrial process automation. Essentially, OT helps in detecting or causing a change in the process through the direct monitoring and/or control of physical devices.

That is it for today, follow me for more tidbits, and hit that like button on this post to automatically engage in a conversation and keep #Learning!. A new word* will be posted tomorrow. Are you looking for previous word of the day? Just do a search for #INFOSECWOTD and you will be able to find them.

#threatassessment #cybersecurityawareness #cybersecurity #blueteam #penetrationtesting #INFOSECWOTD

InfoSecWOTD#6 Blue Team 🛡

Today’s #infosec Word of the Day #6 is

#Blueteam 🛡

You may have heard the term, Blue Team, sometimes also used in a discussion on security assessments. Also used is Pen Testing* & Red Team. The concept of the blue team & red team has their humble beginnings in the military. The idea behind this is that one group attacks another team & the second team tries to defend themselves. 

So a blue team is a group of individuals who work tirelessly to ensure security, identify security flaws, verify the effectiveness of each security measure, and make certain all security measures will continue to be effective after implementation. Essentially they work for the company from the inside.

That was it for today, follow me for more tidbits, and hit that like button on this post to automatically engage in a conversation and keep. A new word* will be posted tomorrow.

#learning!#threatassessment #cybersecurityawareness #cybersecurity #blueteam #penetrationtesting #INFOSECWOTD

InfoSecWOTD#5 Due Diligence 😇

Weekend is here. How about 2 min of #infosec learning?

Today’s #infosec Word of the Day #5 is

#duediligence 😇

In #infosec due diligence means doing one’s homework, taking precautions, doing the right thing and making sure that appropriate controls and countermeasures in place to avoid harm to other persons or their property.

I found this PwC publication which describes cyber due diligence.

https://lnkd.in/eCYGi6Z

Quote from the article:

“successful cyber due diligence should yield not only a road map of critical remediation items but also the responsibility for, cost of and timeline for resolving each item.”

That was it for today, follow me for more tidbits and hit that like button on this post to automatically engage in a conversation and keep #learning!

#digitalcertificates #threatassessment #cybersecurityawareness #cybersecurity #duedilligence #INFOSECWOTD

InfoSecWOTD#4 PKI 📃

Thank you for your feedback and comments. Let us get down a little deeper in #Infosec today.

Today’s #infosec Word of the Day #4 is

#PKI 📃 – Public Key Infrastructure

If you work for any organization today, most likely in the role of asset owners, risk managers, principal engineers and various positions who are responsible for your organizations systems, products and solutions, you will come across this term #PKI. It stands for Public Key Infrastructure.

Simply put, a PKI is a system of software, hardware, creation, storage, and distribution of digital certificates.

The core of most security systems is authentication and access control and the digital certificates give us the ability to identify people and machines behind the information that is presented either on the screen or to other systems for further processing.

They also provide the ability to secure sensitive electronic information as it is passed back and forth between two parties, and provides each party with a key to encrypt and decrypt the digital data

#sslcertificates are one prime example of these. As an exercise of your cyber-hygiene, go ahead and click on the 🔓 icon on any website, and see which PKI Organization issued the SSL Certificate.

That was it for today, follow me on LinkedIn and hit that like button on this post to automatically engage in a conversation and keep #learning!

#digitalcertificates #threatassessment #cybersecurityawareness #cybersecurity #cyberhygiene #INFOSECWOTD

InfoSecWOTD#3 Cyberhygiene 🧹

Today’s #infosec Word of the Day #3 is

#Cyberhygiene 🧹

One of the buzz word thrown around in many discussions around best practices in #Infosec with respect to the security culture in a company.

Cyber hygiene is the cybersecurity equivalent to the concept of personal hygiene in public health. 

The European Union’s Agency for Network and Information Security (ENISA) states that “cyber hygiene should be viewed in the same manner as personal hygiene and, once properly integrated into an organization will be simple daily routines, good behaviors, and occasional checkups to make sure the organization’s online health is in optimum condition”.

ENISA even published a report in 2016 -https://lnkd.in/e5kkdbd

That was it for today, follow me on LinkedIn and hit that like button on this post to automatically engage in a conversation and keep #learning!

#riskmanagement #threatassessment #cybersecurityawareness #cybersecurity #cyberhygiene #INFOSECWOTD

InfoSecWOTD#2

Today’s #infosec Word of the Day #2 :
#PASTA 🍝 (-threat modelling methodology)

This PASTA is for a different kind of appetite, the one associated with threats aka #Riskappetite.

PASTA is a threat modelling methodology to identify threats in a very systematic way. It stands for Process for Attack Simulation and Threat Analysis , a 7 step risk centric method to identify threats.

That was it for today, follow me on LinkedIn and hit that like button on this post to automatically engage in a conversation and keep #learning!
#riskmanagement #threatassessment #cybersecurityawareness  #cybersecurity
#INFOSECWOTD