Blog Feed

CEH

8 Most Common Types of Hacker Motivations

info savvy

Hacker Motivations

8 Most Common Types of Hacker Motivations “Hacker Motivations” is a loose term and has totally different meanings. Usually the term “Hacker Motivations ” is somebody who breaks into PC networks for the happiness. He gets from challenge of doing it or with another intention like stealing information for cash or with political Hacker motivations. Hacker Motivations are classified to differing kinds. a number of them are list below.This observes will either be ethical or unethical. The activity wherever one breaks into the system however doesn’t violate its security and credentials is call ethical Hacking. Ethical hackers aim to bring into administrator’s notice, vulnerabilities and voids within the system thereby, improvising the robustness and security. They’re strictly tech-geeks with immaculate programming skills and hands-on information on each computer hardware and software system. On the opposite hand, there are people that will though break into systems, get access to secured accounts. However their actions are sometimes unauthoriz whereas they create a backdoor entry into your system. These people are known as ‘crackers’. They try and crack passwords, security codes, etc exploitation various hacking software’s that are already offer. Such software’s are meant to interrupt the code exploitation a lot of trials programmed into it by different hackers. Hackers usually fall into one of the following categories, according to their activities 8 Most Common Types of Hacker Motivations:

Also Read:-Types of attacks on a system

Black Hats:

Black hats are individuals who use their extraordinary computing skills for illegal or malicious functions. This class of hacker is usually involve criminal activities. They’re additionally call crackers. They’re usually refer to as crackers. Black Hat Hackers will gain the unauthorized access of your system and destroy your important information. The strategy of offensive they use common hacking practices they need learned earlier. They ‘rethought-about to be as criminals and may be simply known owing to their malicious actions.

White Hats:

White hats or penetration testers are individuals who use their hacking skills for defensive functions. These days, nearly each organization has security analysts who are experience hacking countermeasures. Which may secure its network and data systems against malicious attacks. they need permission from the system owner. White hat hackers are one who is allow certified hackers who work for the govt. And organizations by activity penetration testing and characteristic loopholes in their cyber security. They additionally make sure the protection from the malicious cyber crimes. They work below the foundations and rules provided by the govt., that’s why they’re known as ethical hackers or Cyber security specialists.

Gray Hats:

Gray hats are the individuals who work each offensively and defensively at numerous times. Grey hats fall between white and black hats. Grey hats may help hackers find numerous vulnerabilities of a system or network at a similar time. Help vendors to enhance product by checking limitations and creating them more secure. Grey hat hacker’s fall somewhere within the class between white hat and black hat hackers. They’re not legally approve hackers. They work with each smart and bad intention; they’ll use their skills for private gain. It all depends upon the hacker. If a grey hat hacker uses his ability for his personal gains, he/she is consider as black hat hackers.

Suicide Hackers:

Suicide hacker’s are people who aim to bring down important infrastructure for a “cause” and aren’t disturb regarding facing jail terms or the other quite penalty.They are kind of like suicide bombers, who sacrifice their life for an attack and are so not involve with the results of their actions.

Script Kiddies:

script kiddies are unskilled hackers who compromise systems by running scripts, tools.. And software developed by real hackers. They sometimes target the number of attacks instead of the standard of the attacks that they initiate. A Script Kiddies is essentially a hacker amateur who doesn’t have a lot of information to program tools to breaks into pc networks. He usually use downloaded hacking tools from net written by alternative hackers/security specialists.

Related Product:-Certified Ethical Hacker | CEH Certification

Cyber Terrorists:

Cyber terrorists are individuals with a large range of skills, intend by religious or political views to make fear of large-scale disruption of PC networks. These hackers, usually motivated by non secular or political views, commit to produce fear and chaos by disrupting essential infrastructures. Cyber terrorists are far and away the foremost dangerous, with a large range of skills and goals. Cyber Terrorists final motivation is to unfold fear, terror and commit murder.

Read More : https://www.info-savvy.com/8-most-common-types-of-hackers-motivations/

————————————————————————————————

This Blog Article is posted by

Infosavvy, 2nd Floor, Sai Niketan, Chandavalkar Road Opp. Gora Gandhi Hotel, Above Jumbo King, beside Speakwell Institute, Borivali West, Mumbai, Maharashtra 400092

Contact us – www.info-savvy.com

https://g.co/kgs/ttqPpZ

Cyber-security

Top 5 Key Elements of an Information Security

info savvy

Top 5 Key Elements of an Information Security and its critical elements, including systems and hardware that use, store, and transmit that information. Necessary tools: policy, awareness, training, education, technology etc. IS is the application of measures to ensure the safety and privacy of data by managing its storage and distribution. Information security has both technical and also social implications. Information security system is the process of protecting and securing the data from unauthorized access, disclosure, destruction or disruption.An organization that attempt to compose a operating ISP must have well-defined objectives regarding security And strategy. On that management have reached an agreement. Any existing dissonances during this context could render the data security policy project dysfunctional. The foremost necessary factor that a security skilled should bear in mind is that his knowing. The protection management practices would allow him to include them into the documents. He’s entrusted to draft, and that could be a guarantee for completeness, quality and work ability.Simplification of policy language is one factor that will smooth away the variations and guarantee accord among management workers. Consequently, ambiguous expressions are to be avoid. Beware also of the proper that means of terms or common words. For example, “musts” categorical negotiability, whereas “should” denote certain level of discretion. Ideally, the policy should be shortly develop to the purpose. Redundancy of the policy’s wording (e.g., pointless repetition in writing) ought to be avoided. Moreover because it would create documents windy and out of correct, with illegibility that encumbers evolution. In the end, a lot of details may impede the entire compliance at the policy level.So however management views IT security looks to be one in every of the primary steps. Once someone intends to enforce new rules during this department. Security skilled ought to certify that the ISP has AN equal institutional gravity as different policies enacted within the corporation. In case corporation has size able structure, policies could take issue and so be segregated. So as to define the dealings within the supposed set of this organization.
IS is defined as “a state of well information and infrastructure in which the possibility of theft, tampering, and disruption of information and services is kept low or tolerable”. It relies on five major elements: confidentiality, integrity, availability, authenticity, and non-repudiation.

Also Read  :What is Ethical Hacking? & Types of Hacking
Related Product : Certified Ethical Hacker | CEH Certification

Following Top 5 Key Elements of an Information Security

1. Confidentiality

Data and information assets should be confine to individuals license to access and not be disclose to others; I Confidentiality assurance that the information is accessible those who are authorize to have access. Confidentiality breaches may occur due to improper data handling or a hacking attempt. It controls include data classification, data encryption, and proper equipment disposal (i.e. of DVDs, CDs, etc.), Confidentiality is roughly adore privacy. Measures undertaken to confirm confidentiality are design to prevent sensitive data from reaching the incorrect people. Whereas ensuring the correct people will really get it: Access should be restricted those licensed look at information in question. It’s common for information to be categorize consistent with quantity and kind of injury might be done. It make up unintended hands. A lot of or less rigorous measures will then be implement according to those classes.

2. Integrity

Keeping the information intact, complete and correct, and IT systems operational; Integrity is the trustworthiness of data or resources in the prevention of improper and unauthoriz changes the assurance that information is sufficiently accurate for its purpose. Measures to maintain data integrity may include a checksum (a number produced by a mathematical function to verify that a given block of data is not changed) and access control (which ensures that only the authorized people can update, add, and delete data to protect its integrity). Integrity involves maintaining the consistency, accuracy, and trustworthiness of information over its entire life cycle.Information should not be modified in transit, and steps should be taken to confirm that information can’t be altered by unauthorized people (for example, in a breach of confidentiality). These measures include file permissions and user access controls. Version management maybe won’t be able to prevent incorrect changes or accidental deletion by licensed users becoming a problem. Additionally, some means that should be in place to discover any changes in information that may occur as a results of non-human-caused events like an electromagnetic pulse (EMP) or server crash. Some information would possibly include checksum, even cryptographic checksum, for verification of integrity. Backups or redundancies should be offer to revive the affected information to its correct state.

3. Availability

An objective indicating that data or system is at disposal of license users once require. Availability is the assurance that the systems responsible for delivering, storing, and processing information are accessible when required by authorized users. Availability means data is accessible by licensed users.If AN attacker isn’t able to compromise the primary components of data security (see above) they’ll try and execute attacks like denial of service that will bring down the server, creating the web site unavailable to legitimate users because of lack of availability. Measures to maintain data availability can include redundant systems’ disk arrays and clustered Machines, anti-virus software to stop malware from destroying networks, and distributed denial-of-service (DDoS) prevention systems.

4. Authenticity

A security policy includes a hierarchical pattern. It means inferior workers is typically certain to not share the small quantity of data they need unless explicitly approved. Conversely, a senior manager might have enough authority to create a choice what information is shared and with whom, which implies that they’re not tied down by an equivalent data security policy terms. That the logic demands that ISP ought to address each basic position within the organization with specifications which will clarify their authoritative standing. Authenticity refers to the characteristic of a communication, document, or any data that ensures the quality of being genuine or corrupted. The major role of authentication is to confirm that a user is genuine, one who he / she claims to be. Controls such as bio metrics, smart cards, and digital certificates ensure the authenticity of data, transactions, communications, or documents.

Read More : https://www.info-savvy.com/top-5-key-elements-of-an-information-security/
————————————————————————————————————————–

This Blog Article is posted by

Infosavvy, 2nd Floor, Sai Niketan, Chandavalkar Road Opp. Gora Gandhi Hotel, Above Jumbo King, beside Speakwell Institute, Borivali West, Mumbai, Maharashtra 400092

Contact us – www.info-savvy.comhttps://g.co/kgs/ttqPpZ

Cyber-security

Concept of Security, Cyber Space & Cyber Crime

info savvy

Concept of Security Cyber Space & Cyber Crime in this Cyber crime refers to the series of social group attacking each cyber space and cyber crime security. Cyber crime refers to criminal activity done exploitation computers and also the net. It conjointly involves criminal access (unauthorized access, transmissions of pc knowledge, to, from or at intervals a computing system .

Understanding Security as a process

Security is a process, not an end state.
Security is the process of maintaining standard level of apparent risk. No organization can be considered “secure” for any time beyond the last verification of adherence to its security policy. If your manager asks, “Are we secure?” you should answer, “Let me check.” If he or she asks, “Will we have a tendency to be secure tomorrow?” you should answer, “I don’t know.” Such honesty will not be popular, but this mind-set will produce greater success for the organization in the long run

Security Features

Confidentiality: It is roughly equivalent to privacy. Measures undertaken to confirm confidentiality are designed to stop sensitive data from reaching the incorrect folks, whereas ensuring that the proper folks will actually get it: Confidentiality is assurance that data is shared solely among approved persons or organizations.

Integrity: Assurance that the information is authentic and complete. Integrity In information security, data integrity means maintaining and assuring the accuracy and consistency of data over its entire life-cycle

.• Availability: Assurance that the systems responsible for delivering, storing and processing information are accessible when needed, by those who need them. Availability of knowledge refers to making sure that approved parties are able to access the data once required.

Concept of Cyberspace:

With the arrival and growth of electronic transmission, the word “cyberspace” has entered into everyday formulation. But what does this word signify? I begin by sketching equivalence between physical area and Internet, showing that they share the ideas of place, distance, size and route in common. With this mutual framework in place, I’m going on to look at numerous theories substantial, relational, physicist and Kantian concerning the character of physical area. We see that, whereas Internet shares a number of the properties of physical area isolated by every of those theories, still it cannot be subsumed under any one theory. We also see that cyberspace exhibits several novel properties, projecting it far beyond the scope of any existing theory and setting it apart as an exciting Cyberspace is “the environment in which communication over computer network happens.“And almost everybody in one way or the other is connected to it.

Also Read this Blog: 10 Steps to Cyber Security

Related Product: Certified Ethical Hacker | CEH Certification

Concept of Cybercrime

Computer crime, or cybercrime, is any offence committed over a computer and a network. Computers are utilized in the commission of a criminal offense, or it may be the target.To better cybercrime understand, you can refer to below example.Commonwealth bank, australia – march 2011:- automatic teller machines (atms) spat outtens of thousands of free dollars in sydney tuesday after a computer glitch turned into a nightmare for the commonwealth bank. It security believe that it is a consequence of hacking.As per University of Maryland, Cyber security, also referred to as information technology security, focuses on protecting computers, networks, programs and data from unintended or unauthorized access, change or destruction.The state of being protected against the criminal or unauthorized use of electronic information, or the measures taken to achieve this.‘Some folks have argued that the threat to cyber security has been somewhat inflated’.

Read More : https://www.info-savvy.com/concept-of-security-cyber-space-cyber-crime/

————————————————————————————————————

This Blog Article is posted by

Infosavvy, 2nd Floor, Sai Niketan, Chandavalkar Road Opp. Gora Gandhi Hotel, Above Jumbo King, beside Speakwell Institute, Borivali West, Mumbai, Maharashtra 400092

Contact us – www.info-savvy.com

https://g.co/kgs/ttqPpZ

Cyber-security

Top cyber security certifications of 2020 in India

info savvy

Top cyber security certifications

Top cyber security certifications of 2020 in India on this topic we’ll discuss in this article  like Cyber Security Certifications, their benefits, prerequisites, cost and average salaries of various Cyber Security roles intimately all things will comes in Top cyber security certifications of 2020 in India. Nowadays in our world, the technology is rising so much that every other person has at least one or two devices such as phones, laptops, computers, etc. and because of that, there are more devices than the actual population.
Nowadays people are not that scared about their accidents but are more scared about someone hacking their devices. And this cyber hacking is not just happening on a small scale but it is also affecting the bigger organizations and businesses because nowadays hackers are getting more innovative and that is where the need for cyber security is rising. Cyber security is about practicing to protect systems, networks, applications, and programs from digital attacks. These cyber attacks are usually aimed at accessing, changing, or destroying sensitive information, not just this but extorting money from people and interrupting normal business functionality. But people are becoming innovative and adopting smart decisions in order to keep their lives and organizations cyber attack free. Their approach has taken place into creating multiple layers of protection spread across the computers, networks, programs or data to keep them safe. Likewise in an organization, the people, the processes, and technology should complement each other to create an effective defense system against cyber attacks.Cyber security attacks can be of anything, it can be identity theft, extortion attempts, loss of important data, theft of money and much more. Everyone relies on crucial infrastructures like business, hospitals, power plants and financial services companies and securing these and other organizations is essential to keep our society functioning. Because of such high demand in cyber security lot of people are looking forward to opting for this path and learn the principals and techniques about cyber security and are looking forward to applying them, practice them and help people and organizations to be cyber attack free. That is why a lot of institutions have come up with cyber security certifications that teach people how to keep ourselves and others safe. But it’s just about learning, it’s about understanding those principals and learning and developing that understanding about where to implement the learning of cyber security and, there is one institution that is Infosavvy which not only offers varied cyber security certification courses but also gives an amazing learning experience and helps to develop understanding about coming up with creative solutions to solve such problems. There are a lot of courses in cyber security certification Infosavvy is offering in Mumbai that are CCISO, CEH, CTIA, ECIH, and ECSA. All these are the Top cyber security certifications of 2020 in India.

Also Read:- The 10 Secrets You Will Never Know About Cyber Security And Its Important?

EC-Council Certified Chief Information Security Officer (CCISO)

EC-Council Certified Chief Information Security Officer (CCISO) is a certification course for professionals who are aiming to build a successful information security program. In this certification, professionals will get a bigger picture for the knowledge and training required in a networking role to build networking strategies that help to interact to form a secure platform. Over here in Infosavvy, they will learn to develop and understand the best practices and techniques required to generate secure IT networking and environment. In this certification, one will learn to define, implement and manage an information security program that includes leadership, organizational structures, and processes. Also one will be able to design and develop a program to monitor firewalls and identify firewall configuration issues. Also, it will help in gaining knowledge about deploying and managing anti-virus systems. This certification will help to understand various system engineering practices. It will help the candidate to develop and manage an organizational digital forensic program. The professionals will be able to identify volatile and persistent system information.They will be able to gain the knowledge to allocate financial resources to projects, processes, and units within the information security program. Infosavvy helps professionals to identify the best practices to acquire, store and process digital evidence. It will help to understand the IA security requirements to be included in statements of work and other documents in the CCISO certification training program. Also in Infosavvy candidates will be able to experience training from the professionals in the IT industry. Infosavvy not only trains but also helps candidates to have the best learning experience,It provide Top cyber security certifications of 2020 in India.

Certified Ethical Hacker certification(CEH)

Certified Ethical Hacker certification is the most desired information security training program any information security professional will ever want to be in. To master these hacking technologies one much become a hacker but an ethical one! This course in Infosavvy provides advanced hacking tools and techniques used by hackers and information security professionals. Usually how they put it is, “to beat a hacker, you need to think like a hacker”. This course will put one into a hacker mindset so that they will be able to defend the future attacks. This ethical hacking course puts you in a driver’s seat of a hands-on environment with a systematic process. The professionals will get a very different experience of achieving information security in any organization, by hacking it! One will be able to learn to hack, scan, test and secure any information on the systems. Infosavvy’s CEH certification also helps to understand and develops skills on how to look for weaknesses and vulnerabilities in the target systems and to use hacking tools as a hacker but in a lawful way to assess the particular target in systems. And not only this but Infosavvy climbed one more step towards giving the best, therefore it is providing training and certification of ethical hacking with all new C|EH v10 which is the best training module for ethical hacking.It creates the purpose of CEH credential that is: To establish minimum standards for professional information security specialists in ethical hacking. To inform the public that credentialed individuals meet or exceed the minimum standards. To reinforce ethical hacking as a unique and self-regulating profession. And because of all this offering, Infosavvy is the best institute in Mumbai to offer this course and help people to develop an interest in it and which helps people use this knowledge and skill effectively to help people and organizations to save them from bad hackers. Not only Infosavvy provides this big platform but it also let candidates experience and learns from the training provided by the professional ethical hackers in the industry because of which the course becomes more knowledgeable and interesting.

Cyber threat incidents(CTIA)

Cyber threat incidents have been drastically increased. Nowadays a lot of organizations are concerned about losing their personally identifiable information which can be targeted by the cyber attack. It is scary that cyber threats can surprise organizations at any moment from any unexpected sources. To overcome this, organizations need to adopt Threat Intelligence (TI). Threat Intelligence is like a shred of evidence based knowledge including contexts, mechanisms, indicators, implications, and actionable advice about an existing or emerging menace or hazard to IT or information assets.An organization must be aware of attack trends in order to know the threats they are likely to face, and this is where threat intelligence comes into play. Therefore Infosavvy’s Certified Threat Intelligence Analyst (C|TIA) allows students to enhance their skills in building effective organizational cyber threat intelligence. Cyber threat intelligence includes reliable data collection from numerous sources, context analysis, production of useful intelligence, and distributing the information to stakeholders. Certified Threat Intelligence Analyst (C|TIA) is a training program designed and developed in collaboration with cyber security and threat intelligence experts across the globe to help organizations identify and mitigate business risks by converting unknown internal and external threats into known threats. Infosavvy has a structured approach which teaches of building effective threat intelligence. In this ever-changing threat landscape C|TIA is a highly professional program for those who deal with cyber security threats on a daily basis. Infosavvy is a method-driven approach that uses a holistic approach covering concepts from planning the threat intelligence to building a report to disseminate threat intelligence. This program provides the solid, professional knowledge that is required for a career in threat intelligence, and enhances your skills as a Threat Intelligence Analyst, increasing your employ ability. If you are interested in Threat Intelligence and keen towards implicating it Info-savvy’s C|TIA Certification is a way to go.

Read More : https://www.info-savvy.com/top-cybersecurity-certifications-of-2020-in-india/

————————————————————————————————————

This Blog Article is posted by

Infosavvy, 2nd Floor, Sai Niketan, Chandavalkar Road Opp. Gora Gandhi Hotel, Above Jumbo King, beside Speakwell Institute, Borivali West, Mumbai, Maharashtra 400092

Contact us – www.info-savvy.com

https://g.co/kgs/ttqPpZ

ISO 27001

ISO 27001 Clause 10.2 Continual Improvement

info savvy

Required Activity

ISO 27001 Clause 10.2 Continual Improvement, The organization continually improves the suitability, adequacy and effectiveness of the ISMS.

Why organization needs to have continual improvement?

Organizations are never static, nor their contexts. In addition, the threats to the information systems, and the ways in which they can be compromised, are rapidly changing. At the end of the day, there’s no ISMS which remains perfect; it always needs to be set on continual improvement; however, the organization and its context are not changing. Here at Infosavvy we are continually talking about how the ISMS is a systematic approach consisting of processes, technology and people that helps us to protect and manage our organisation’s information through effective risk management. It is a topic of discussion in all of our training and we make sure that our trainees also imbibe the same understanding. It has become a second nature. We are constantly looking at making improvements. It’s just not a requirement of an ISMS but need of every organization.

Related Product : ISO 27001 Lead Auditor Training And Certification ISMS

As an example of non-conformity or risk-related improvements, an assessment of an ISMS component (in terms of suitability, adequacy and effectiveness) may show that it exceeds ISMS requirements or is lacking in efficiency. If so, then the ISMS can often be improved by making changes in the management system.

Area of improvements

  • Regular internal audits
  • Regular and proper management review (Clause 9.3 ISO 27001)
  • Regular external audits
  • Understanding the suggestion from the stakeholders and accordingly implementing them in information management system
  • Keeping a check whether organization is following Regulatory policies or not
  • Reviewing security controls
  • Matching the organization activities with requirements of standard ISO 27001

Also, top management can set objectives for continual improvement, e.g. through measurements of effectiveness, cost, or process maturity. ISMS is known as a crucial entity that plays a vital role in business operations. In order to keep pace with the developments, the ISMS is periodically checked for function, efficacy and consistency with the objectives of the organization. This blog addresses clause 10.2 of ISO 27001:2013 Continual improvement, Infosavvy helps you to understand the implementation of the standard and provides in-depth knowledge of IRCA CQI ISO 27001:2013 Lead Auditor (LA) and ISO 27001 Lead Implementer (LI) (training certified by TÜV SÜD)

What all necessary while doing the assessment?

  1. Suitability of the ISMS, considering the external and internal issues, requirements of the interested parties, established information security objectives and identified information security risks are properly addressed through planning and implementation of the ISMS and information security controls.
  2. ISMS adequacy to find the conformity of ISMS processes and information security meets the ultimate goals, practices and processes of the company.
  3. Effectiveness of the ISMS, considering if the intended outcome(s) of the ISMS are achieved, the wants of the interested parties are met, information security risks are managed to satisfy information security objectives, nonconformities are managed, while resources needed for the establishment, implementation, maintenance and continual improvement of the ISMS are commensurate with those results.

The assessment can also include an overview of the efficiency of the ISMS and the components of its resources, evaluating whether their usage of resources is appropriate, if there is a possibility of productivity loss or opportunity to achieve greater effectiveness. Area of improvement can also be identified while managing nonconformities with corrective actions.

Also Read: ISO 27001 Clause 10.1 Non conformity and corrective action

Once area(s) of improvement are identified, the organization should be consistent in maintaining them by:-

  1. Evaluate them to determine whether or not they are worth pursuing;
  2. Plan and implement the actions to deal with the opportunities ensuring that benefits are realized, and nonconformities don’t occur or should plan for corrective actions for non-conformities;
  3. Evaluate the effectiveness of the actions.

Read More : https://www.info-savvy.com/iso-27001-clause-10-2-continual-improvement/

————————————————————————————————————————–
Infosavvy, 2nd Floor, Sai Niketan, Chandavalkar Road Opp. Gora Gandhi Hotel, Above Jumbo King, beside Speakwell Institute, Borivali West, Mumbai, Maharashtra 400092

Contact us – www.info-savvy.com

https://g.co/kgs/ttqPpZ

ISO 27001

ISO 27001 Clause 10.1 Non conformity and corrective action

info savvy

Required activity

ISO 27001 Clause 10.1 Non conformity and corrective action, Clause 10 containing sections 10.1 and 10.2 covers the “Act” part W. Edwards Deming’s Plan-Do-Check-Act (PDCA) cycle. This clause helps an organisation react to nonconformities, evaluate them and take corrective actions with the end goal of continually improving how it runs its daily activities.

Explanation

Nonconformity may be a non-fulfilment of a requirement of the ISMS. Nonconformity cannot always be avoided, because mistakes do happen in an organisation; however, what is important is that the issue is identified and handled accordingly when it presents itself. Requirements are needs or expectations that are stated, implied or obligatory. There are several types of nonconformities such as:

  1. Failure to fulfil a requirement (completely or partially) of ISO/IEC 27001 within the ISMS;
  2. Failure to properly implement or conform to a requirement, rule or control stated by the ISMS;
  3. Partial or total failure to suits legal, contractual or agreed customer requirements.

Nonconformities are often for example:

  1. Persons not behaving needless to say by procedures and policies;
  2. Suppliers not providing agreed products or services;
  3. Projects not delivering expected outcomes; and
  4. controls not operating consistent with design.

Nonconformities are often recognised by:

  1. Deficiencies of activities performed within the scope of the management system;
  2. Ineffective controls that aren’t remediated appropriately;
  3. Analysis of data security incidents, showing the non-fulfilment of a requirement of the ISMS;
  4. Complaints from customers;
  5. Alerts from users or suppliers;
  6. Monitoring and measurement results not meeting acceptance criteria; and
  7. Objectives not achieved.

Related Product: Certified Lead Implementer | ISO 27001

How should organisations deal with non-conformity?

The three basic steps when it comes to controlling nonconformity are identifying the problem or violation, recording it and taking appropriate action to put an end to it.

In general, following steps should be adopted:

  1. Identifying the extent and impact of the nonconformity.
  2. Choosing the corrections so as to limit the impact of the nonconformity. Corrections can include switching to previous, failsafe or other appropriate states. Care should be taken that corrections don’t make things worse.

To identify effective corrective action, it is strongly advised to complete a root cause analysis of the issue that occurred. If you don’t get to the bottom of why or how it happened, then it is likely that whatever fix you implement will not be fully effective.

  1. Communicating with relevant personnel to make sure that corrections are carried out.
  2. Completing corrections as decided;
  3. Monitoring things to make sure that corrections have had the intended effect and haven’t produced unintended side-effects;
  4. Acting further to correct the nonconformity if it’s still not remediated; and
  5. Communicating with other relevant interested parties, as appropriate.

However, corrections alone won’t necessarily prevent recurrence of the nonconformity. Corrective actions can occur after, or in parallel with, corrections. the subsequent process steps should be taken:

  1. The organisation needs to decide if there’s a requirement to hold out a corrective action, in accordance with established criteria (e.g. impact of the nonconformity, repetitiveness);
  2. Review of the nonconformity, considering:
    – If similar nonconformities are recorded;
    – All the results and side-effects caused by the nonconformity;
    – The corrections taken.
  3. Perform an in-depth root cause analysis of the nonconformity.
  4. Patterns and criteria which will help to spot similar situations within the future.
  5. Perform an analysis of potential consequences on the ISMS, considering:
    – whether similar nonconformities exist in other areas, e.g. by using the patterns and criteria found during the cause analysis;
    – whether other areas match the identified patterns or criteria, in order that it’s only a matter of your time before an identical nonconformity occurs.
  6. Determine actions needed to correct the cause, evaluating if they’re proportionate to the results and impact of the nonconformity, and checking for any potential side-effects which can cause other nonconformities or significant new information security risks.
  7. To plan for the corrective actions, giving priority, if possible, to areas where there are higher likelihood of recurrence and more significant consequences of the nonconformity.
  8. Implement the corrective actions consistent with the plan.
  9. Finally, to assess the corrective actions to work out whether or not they have actually handled the explanation for the nonconformity, and whether it has prevented nonconformities from occurring. This assessment should be impartial, evidence-based and documented. It should even be communicated to the acceptable roles and stakeholders.

Also Read: ISO 27001 Clause 10.2 Continual Improvement

As a result of corrections and corrective actions, it is possible that new opportunities for improvement are identified. These should be treated accordingly. Sufficient documented information is required to be retained to demonstrate that the organization has acted appropriately to deal with the nonconformity and has addressed the related consequences.All significant steps of nonconformity management (starting from discovery and corrections) and, if started, corrective action management (cause analysis, review, decision about the implementation of actions, review and alter decisions made for the ISMS itself) should be documented. The documented information is additionally required to incorporate evidence on whether or not actions taken have achieved the intended effects.

Read More : https://www.info-savvy.com/iso-27001-clause-10-1-non-conformity-and-corrective-action/

————————————————————————————————————

Infosavvy, 2nd Floor, Sai Niketan, Chandavalkar Road Opp. Gora Gandhi Hotel, Above Jumbo King, beside Speakwell Institute, Borivali West, Mumbai, Maharashtra 400092

Contact us – www.info-savvy.com

https://g.co/kgs/ttqPpZ

ISO 27001

ISO 27001 Clause 9.3 Management review

info savvy

Activity

ISO 27001 Clause 9.3 Management review, Top Management conducts management review for ISO 27001 at planned intervals.

What is ISO 27001 Clause 9.3?

ISO 27001 Clause 9.3 Management review, clause highlights the significance of management review which helps to ensure continuing suitability, adequacy, and effectiveness of Information Security Management System in the organization, where Suitability refers to the continuous alignment with the objectives of the organization, Adequacy and Effectiveness call for appropriate design and organizational embedding respectively. It is a process which  is administered at various levels of the organization where the activities could range from daily, weekly or monthly organization unit meeting to simple reporting discussions. It is the responsibility of the top management to evaluate this review with contributions from all the levels of the organization.  Management Review generally happens after the ISMS internal audit is completed, and it occurs at planned intervals and in a strategic manner.

Related Product : ISO 27001 Lead Auditor Training And Certification ISMS

What does Management Review incorporate?

The management review should consider the requirements of  Clause 9.3 from ISO 27001:2013, which helps the top management to facilitate effective reviews and strategic decisions which is best suited for the business needs. There are some ways by which management can review the ISMS, like receiving and reviewing measurements and reports, transmission, verbal updates. Top management should include reporting on ISMS efficiency and should frequently review it. The primary components of  the management review include the result of the information security assessment, results of internal audit, risk assessment and the status of risk management plan. While assessing the information security risk assessment, the management should check that the residual risk fulfills risk acceptance criteria that cover all applicable risks and their risk treatment options in the risk treatment plan.All aspects of the ISMS should be reviewed by management at planned intervals, a minimum of yearly, by fixing suitable schedules and agenda items in management meetings. Also, recently implemented ISMS should be reviewed frequently by management to increase overall effectiveness.

What should be the agenda of the management review?

The standard ISO 27001 – 9.3 Management review shall consider the following topics :-

  1. Status of actions from previous management reviews;
  2. Changes in external and internal issues that are relevant to the ISMS;
  3. Feedback on the information security performance, including trends, in;
  4. Non conformities and corrective actions;
  5. Monitoring and measurement results;

Audit results; 

  1. Fulfillment of information security objectives.
  2. Feedback from stakeholders , including suggestions for improvement, requests for change and complaints;
  3. Results of information security risk assessment(s) and status of risk treatment plan; and
  4. Opportunities for continual improvement, including efficiency improvements for both the ISMS and information security controls.

The input for the management review should be at an acceptable level of detail, consistent with the objectives set for the organization. For example, just a description of all things, aligned with information security objectives or high-level objectives, will be reviewed by top management.

Also Read : ISO 27001 Clause 9.2 Internal audit

The end result of this management review process will include continuous improvement of ISMS and will also address any changes if required in ISMS. End results may also include evidence of selections regarding-

  1. Changes in information security policy
  2. Changes in risk acceptance criteria and also the criteria for performing information security risk assessments
  3. Updating information security risk treatment plan or Statement of Applicability
  4. Necessary improvements in monitoring and measuring activities
  5. Change in resources

Read More : https://www.info-savvy.com/iso-27001-clause-9-3-management-review/
———————————————————

Infosavvy, 2nd Floor, Sai Niketan, Chandavalkar Road Opp. Gora Gandhi Hotel, Above Jumbo King, beside Speakwell Institute, Borivali West, Mumbai, Maharashtra 400092

Contact us – www.info-savvy.com

https://g.co/kgs/ttqPpZ

AWS

VPC Network Address Translation

info savvy

VPC Network Address Translation When you associate an ENI with a public IP address, the ENI maintains its private IP address. Associating a public IP with an ENI doesn’t reconfigure the ENI with a new address. Instead, the Internet gateway maps the public IP address to the ENI’s private IP address using a process called network address translation (NAT). When an instance with a public IP connects to a host on the Internet, the host sees the traffic as originating from the instance’s public IP. For example, assume an instance with a private IP address of 172.31.7.10 is associated with the EIP 35.168.241.48. When the instance attempts to send a packet to the Internet host 198.51.100.11, it will send the following packet to the Internet gateway:

The Internet gateway will translate this packet to change the source IP address to the instance’s public IP address. The translated packet, which the Internet gateway forwards to the host, looks like this:

Likewise, when a host on the Internet sends a packet to the instance’s EIP, the Internet gateway will perform network address translation on the incoming packet. The packet that reaches the Internet gateway from the Internet host will look like this:

The Internet gateway will translate this packet, replacing the destination IP address with the instance’s private IP address, as follows:

Network address translation occurs automatically at the Internet gateway when an instance has a public IP address. You can’t change this behaviour. Network address translation as described here is also sometimes called one-to-one NAT because one private IP address gets mapped to one public IP address.

Also Read:- AWS Elastic Block Storage Volumes and It’s Features

Network Address Translation Devices

Although network address translation occurs at the Internet gateway, there are two other resources that can also perform NAT.
 NAT gateway
 NAT instance AWS calls these NAT devices.
The purpose of a NAT device is to allow an instance to access the Internet while preventing hosts on the Internet from reaching the instance directly. This is useful when an instance needs to go out to the Internet to fetch updates or to upload data but does not need to service requests from clients. When you use a VPC Network Address Translation device, the instance needing Internet access does not have a public IP address allocated to it. Incidentally, this makes it impossible for hosts on the Internet to reach it directly. Instead, only the NAT device is configured with a public IP. Additionally, the VPC Network Address Translation device has an interface in a public subnet.
Refer to Table 4.7 for an example.

When db1 sends a packet to a host on the Internet with the address 198.51.100.11, the packet must first go to the NAT device. The NAT device translates the packet as follows:

The NAT device then takes the translated packet and forwards it to the Internet gateway. The Internet gateway performs NAT translation on this packet as follows:

Multiple instances can use the same NAT device, thus sharing the same public IP address for outbound connections. The function that NAT devices perform is also called port address translation (PAT).

Related Products:- AWS Certified Solutions Architect | Associate

Configuring Route Tables to Use NAT Devices

Instances that use the NAT device must send Internet-bound traffic to it, while the NAT device must send Internet-bound traffic to an Internet gateway. Hence, the NAT device and the instances that use it must use different default routes. Furthermore, they must also use different route tables and hence must reside in separate subnets. Refer to Table 4.7 again. Notice that the instances reside in the Private subnet, and the NAT device is in the Public subnet. The default routes for these subnets would follow the pattern in Table 4.8.

Refer to the diagram in Figure 4.2 to see the relationship between both of the route tables. Recall that a route target must be a VPC resource such as instance, Internet gateway, or ENI. The specific target you choose depends on the type of NAT device you use: a NAT gateway or a NAT instance.

Read More :  https://www.info-savvy.com/vpc-network-address-translation/

————————————————————————————————————————–
This Blog Article is posted by

Infosavvy, 2nd Floor, Sai Niketan, Chandavalkar Road Opp. Gora Gandhi Hotel, Above Jumbo King, beside Speakwell Institute, Borivali West, Mumbai, Maharashtra 400092

Contact us – www.info-savvy.com

https://g.co/kgs/ttqPpZ

AWS

VPC Network Access Control Lists

info savvy

VPC Network Access Control Lists (NACL) functions as a firewall in that it contains inbound and outbound rules to allow traffic based on a source or destination CIDR, protocol, and port. Also, each VPC has a default NACL that can’t be deleted.But the similarities end there. A NACL differs from a security group in many respects. Instead of being attached to an ENI, a NACL is attached to a subnet. The NACL associated with a subnet controls what traffic may enter and exit that subnet. This means that NACLs can’t be used to control traffic between instances in the same subnet. If you want to do that, you have to use security groups. A subnet can have only one NACL associated with it. When you create a new subnet in a VPC, the VPC’s default NACL is associated with the subnet by default. You can modify the default NACL, or you can create a new one and associate it with the subnet. You can also associate the same NACL with multiple subnets, provided those subnets are all in the same VPC as the NACL. Unlike a security group, which is stateful, a NACL is stateless, meaning that it doesn’t track the state of connections passing through it. This is much like an access control list (ACL) on a traditional switch or router. The stateless nature of the NACL is why each one is preconfigured with rules to allow all inbound and outbound traffic, as discussed in the following sections,VPC Network Access Control Lists.

Related Products:– AWS Certified Solutions Architect | Associate

Inbound Rules

Inbound rules determine what traffic is allowed to ingress the subnet. Each rule contains the following elements:

  • Rule number
  • Protocol
  • Port range
  • Source
  • Action

VPC Network Access Control Lists, The default NACL for a VPC with no IPv6 CIDR comes prepopulated with the two inbound rules listed in

NACL rules are processed in ascending order of the rule number. Rule 100 is the lowest numbered rule, so it gets processed first. This rule allows all traffic from any source. You can delete or modify this rule or create additional rules before or after it. For example, if you wanted to block only HTTP (TCP port 80), you could add the following rule:before or after it. For example, if you wanted to block only HTTP (TCP port 80), you could add the following rule:

This rule denies all TCP traffic with a destination port of 80. Because it’s the lowest numbered rule in the list, it gets processed first. Any traffic not matching this rule would be processed by rule 100, which allows all traffic. The last rule in Table 4.5 is the default rule. It’s designated by an asterisk (*) instead of a number and is always the last rule in the list. You can’t delete or otherwise change the default rule. The default rule causes the NACL to deny any traffic that isn’t explicitly allowed by any of the preceding rules. Complete Exercise 4.6 to create a custom NACL.

Also Read :-   Overview of the TCP/IP Networking Model

Outbound Rules

As you might expect, the outbound NACL rules follow an almost identical format as the inbound rules. Each rule contains the following elements:

  • Rule number
  • Protocol
  • Port range
  • Destination
  • Action

Each default NACL comes with the outbound rules listed in Table 4.6. Notice that the rules are identical to the default inbound rules except for the Destination element.In most cases you will need these rules whether you use the default NACL or a custom one. Because a NACL is stateless, it won’t automatically allow return traffic. Therefore, if you permit HTTPS traffic with an inbound rule, you must also explicitly permit the return traffic using an outbound rule. In this case, rule 100 permits the return traffic. If you do need to restrict access from the subnet—to block Internet access, for example—you will need to create an outbound rule to allow return traffic over ephemeral ports. Ephemeral ports are reserved TCP or UDP ports that clients listen for reply traffic on. As an example, when a client sends an HTTPS request to your instance over TCP port 80, that client may listen for a reply on TCP port 36034. Your NACL’s outbound rules must allow traffic to egress the subnet on TCP port 36034. The range of ephemeral ports varies by client operating system. Many modern operating systems use ephemeral ports in the range of 49152–65535, but don’t assume that allowing only this range will be sufficient. The range for TCP ports may differ from the range for UDP, and older or customized operating systems may use a different range altogether. To maintain compatibility, do not restrict outbound traffic using a NACL. Use a security group instead. If your VPC includes an IPv6 CIDR, AWS will automatically add inbound and outbound rules to permit IPv6 traffic.

Read More : https://www.info-savvy.com/vpc-network-access-control-lists/

————————————————————————————————————

This Blog Article is posted by

Infosavvy, 2nd Floor, Sai Niketan, Chandavalkar Road Opp. Gora Gandhi Hotel, Above Jumbo King, beside Speakwell Institute, Borivali West, Mumbai, Maharashtra 400092

Contact us – www.info-savvy.com

https://g.co/kgs/ttqPpZ

AWS

Overview of an Amazon Virtual Private Cloud

info savvy

Overview of an Amazon Virtual Private Cloud Virtual service provides the networking layer of EC2. A VPC is a virtual network that can contain EC2 instances as well as network resources for other AWS services. By default, every VPC is isolated from all other networks.You can, however, connect your VPC to other networks, including the Internet and other VPCs. In addition to EC2, VPCs are foundational to many AWS services, so understanding how they work is fundamental to your success on the exam and as an AWS architect. Don’t assume you can ignore VPCs just because you’re not using EC2. A VPC can exist only within an AWS region. When you create a VPC in a region, it won’t show up in any other regions. You can have multiple VPCs in your account and create multiple VPCs in a single region. To keep things simple, I’ll start by assuming only one VPC in one region. Later, I’ll cover considerations for multiple VPCs. If you’re familiar with the components of a traditional network, you’ll find many VPC components to be familiar. But although VPCs function like a traditional TCP/IP network, they are scalable, allowing you to expand and extend your network without having to add physical hardware. To make this scalability possible, some components that you’d find in a traditional network—such as routers, switches, and VLANs—don’t exist in VPCs. Instead, they’re abstracted into software functions and called by different names.

Related Products:– AWS Certified Solutions Architect | Associate

VPC CIDR Blocks

Like a traditional network, a VPC consists of at least one range of contiguous IP addresses. This address range is represented as a Classless inter domain routing (CIDR) block. The CIDR block determines which IP addresses may be assigned to instances and other resources within the VPC. You must assign a primary CIDR block when creating a VPC. There are different ways to represent a range of IP addresses. The shortest way is by CIDR notation, sometimes called slash notation. For example, the CIDR 172.16.0.0/16 includes all addresses from 172.16.0.0 to 172.16.255.255—a total of 65,536 addresses! You may also hear the CIDR block referred to as an IP prefix. The /16 portion of the CIDR is the prefix length. The prefix length of a VPC CIDR can range from /16 to /28. There’s an inverse relationship between the prefix length and the number of IP addresses in the CIDR. The smaller the prefix length, the greater the number of IP addresses in the CIDR. A /28 prefix length gives you only 16 addresses. The acronym IP refers to Internet Protocol version 4 or IPv4. Valid IPv4 prefix lengths range from /0 to /32. Although you can specify any valid IP range for your VPC CIDR, it’s best to use one in the RFC 1918 range to avoid conflicts with public Internet addresses.

  • 10.0.0.0–10.255.255.255 (10.0.0.0/8)
  • 172.16.0.0–172.31.255.255 (172.16.0.0/12)
  • 192.168.0.0–192.168.255.255 (192.168.0.0/16)  

If you plan on connecting your VPC to another network—whether an on-premises network or another VPC—be sure the VPC CIDR you choose doesn’t overlap with addresses already in use on the other network. You can’t change the primary CIDR block, so think carefully about your address requirements before creating a VPC.

Secondary CIDR Blocks

You may optionally specify secondary CIDR blocks for a VPC after you’ve created it. These blocks must come from either the same address range as the primary or a publicly routable range, but they must not overlap with the primary or other secondary blocks. For example, if the VPC’s primary CIDR is 172.16.0.0/16, you may specify a secondary CIDR of 172.17.0.0/16. But you may not specify 192.168.0.0/16. If you think you might ever need a secondary CIDR, be careful about your choice of primary CIDR. If you choose 192.168.0.0/16 as your primary CIDR, you won’t be able to create a secondary CIDR using any of the RFC 1918 ranges.

 IPv6 CIDR Blocks

You may let AWS assign an IPv6 CIDR to your VPC. Unlike the primary CIDR, which is an IP prefix of your choice, you can’t choose your own IPv6 CIDR. Instead, AWS assigns one to your VPC at your request. The IPv6 CIDR will be a publicly routable prefix from the global unicast IPv6 address space. For example, AWS may assign you the CIDR 2600:1f18:2551:8900/56. Note that the prefix length of an IPv6 VPC CIDR is always /56. Complete Exercise 4.1 to create your own VPC.

Subnets

 A subnet is a logical container within a VPC that holds your EC2 instances. A subnet lets you isolate instances from each other, control how traffic flows to and from your instances, and lets you organize them by function. For example, you can create one subnet for public web servers that need to be accessible from the Internet and create another subnet for database servers that only the web instances can access. In concept, subnets are similar to virtual LANs (VLANs) in a traditional network. Every instance must exist within a subnet. You’ll often hear the phrase “launch an instance into a subnet.” Once you create an instance in a subnet, you can’t move it. You can, however, terminate it and create a different instance in another subnet. By extension, this also means you can’t move an instance from one VPC to another.

Also Read:– Introduction to VPC Elastic Network Interfaces

Subnet CIDR Blocks

Each subnet has its own CIDR block that must be a subset of the VPC CIDR that it resides in. For example, if your VPC has a CIDR of 172.16.0.0/16, one of your subnets may have a CIDR of 172.16.100.0/24. This range covers 172.16.100.0–172.16.100.255, which yields a total of 256 addresses. AWS reserves the first four and last IP addresses in every subnet. You can’t assign these addresses to any instances. Assuming a subnet CIDR of 172.16.100.0/24, the following addresses would be reserved:

  •  172.16.100.0–172.16.100.3
  •  172.16.100.255

The restrictions on prefix lengths for a subnet CIDR are the same as VPC CIDRs. Subnet CIDR blocks in a single VPC can’t overlap with each other. Also, once you assign a CIDR to a subnet, you can’t change it. It’s possible for a subnet and VPC to share the same CIDR. This is uncommon and won’t leave you room for additional subnets. More commonly, each subnet’s prefix length will be longer than the VPC’s to allow for multiple subnets to exist in the same VPC. A subnet can’t have multiple CIDRs. Unlike a VPC that can have secondary CIDRs, a subnet can have only one. However, if a VPC has a primary CIDR and a secondary CIDR, your subnet’s CIDR can be derived from either. For example, if your VPC has the primary CIDR of 172.16.0.0/16 and a secondary CIDR of 172.17.0.0/16, a subnet in that VPC could be 172.17.12.0/24, as it’s derived from the secondary VPC CIDR.

Read More : https://www.info-savvy.com/overview-of-an-amazon-virtual-private-cloud/

————————————————————————————————————

This Blog Article is posted byInfosavvy, 2nd Floor, Sai Niketan, Chandavalkar Road Opp. Gora Gandhi Hotel, Above Jumbo King, beside Speakwell Institute, Borivali West, Mumbai, Maharashtra 400092

Contact us – www.info-savvy.com

https://g.co/kgs/ttqPpZ