Between November 27 and December 18, 2013, the Target Corporation’s network was breached. 40 million credit and debit card numbers and 70 million records of personal information were stolen. The ordeal cost credit card unions over two hundred million dollars for just reissuing cards. Six months prior to the breach, Target deployed a well-known and…
Quantum Cryptography
The first time I stumbled upon the concept of Quantum Cryptography was in the Computer Networks book in my third year of engineering. I immediately found it fascinating and wondered if we would ever come to a point where it wouldn’t just be theoretical – Applied Quantum Cryptography, imagine the possibilities! So, what is Quantum…
Security Assessment: 7 questions to ask
With everything going on in the cybersecurity space, and a general push towards cloud adoption, security is on top of everyone’s mind. Here are some questions to ask your organization to identify security gaps – Incident Management – How well do we detect, accurately identify, handle, and recover from security incidents? Vulnerability Management – How well do…
BCDR Assessment: 10 questions to ask
Here’s a quick & dirty assessment for your organization’s Business Continuity & Disaster Recovery maturity – When it comes to Business Continuity & Disaster Recovery, what is your organization’s mission, goals, and objectives? What are the outputs of your value chain? (These are typically the products and services you produce) Do you have an established business continuity management system (BCMS)? What…
QuickGuide: Connecting to a Private EC2 Instance from your laptop/desktop
Step 1 – Create Bastion Host a) Navigate to EC2 Dashboard, click on Launch instance b) Select Amazon Linux 2, click Next c) Choose t2.micro as Instance Type, click Next d) Select default VPC, select subnet if you have a preference e) Leave everything else as is, click Next f) Leave Storage as is, click…
Cloud Encryption Challenges
There are myriad factors influencing encryption considerations and associated implementations in the enterprise. The usage of encryption should always be directly related to business considerations, regulatory requirements, and any additional constraints that the organization may have to address. Different techniques will be used based on the location of data, whether at rest, in transit, or…
Cloud Data Storage: Key Threats
Are you using cloud storage services? If yes, then you need to be aware of these key threats. In the cloud, data storage can be manipulated into unauthorized usage, for example, by account hijacking or uploading illegal content. The multitenancy of cloud storage makes tracking unauthorized usage more challenging. Unauthorized access: Unauthorized access can happen due to…
How Cloud impacts Application Security
This article is intended for software development and IT teams who want to securely build and deploy applications in cloud computing environments, specifically PaaS and IaaS. Cloud computing mostly brings security benefits to applications, but as with most areas of cloud technology, it does require significant changes to existing practices, processes, and technologies that were…
How Cloud impacts Incident Response
The Incident Response (IR) Lifecycle Preparation: “Establishing an incident response capability so that the organization is ready to respond to incidents.” Process to handle the incidents. Handler communications and facilities. Incident analysis hardware and software. Internal documentation (port lists, asset lists, network diagrams, current baselines of network traffic). Identifying training. Evaluating infrastructure by proactive scanning…
QuickGuide: Cloud Incident Response Recommendations
SLAs and setting expectations around what the customer does versus what the provider does are the most important aspects of incident response for cloud-based resources. Clear communication of roles/responsibilities and practicing the response and hand-offs are critical. Cloud customers must set up proper communication paths with the provider that can be utilized in the event of an incident….