Currently, market has a wide range of systems, products and services focused on computer security services: Antivirus, Antispyware, Firewalls, IPS, WAF, SIEM systems, etc. All these measures are indispensable and have become a priority for any company or organization towards ensuring its assets, but social engineering plays with the advantage that you can use techniques that violate own vulnerabilities inherent in human beings and, as is well known, for this there is no patch or upgrade that provides effective protection against such attacks. People is normally “the weak link in the chain”. I created a presentation where I explain in details this topic, you canRead More →

The ISO 22301 Societal security – Business continuity management systems – Requirements is the standard created by leading experts on this area to provide the best framework for business continuity management in an organization. ISO 22301 is not that different from BS 25999-2 in most business continuity areas like business impact analysis, strategy or planning; the biggest changes are in the management part of the standard. Object: ISO 22301:2012 specifies requirements to plan, establish, implement, operate, monitor, review, maintain and continually improve a documented management system to protect against, reduce the likelihood of occurrence, prepare for, respond to, and recover from disruptive incidents when theyRead More →

There are some important changes introduced on version ISO/IEC 27001:2013 Regarding the structure of this new version: More Domains: 14 domains in version 2013 instead of 11 in version 2005. The 3 new domains are: A.10: Cryptographic technology A.12: Operational security A.15: Security for suppliers and third parties Less Controls: 114 controls in version 2013 instead 133 in version 2005 The new controls are: A.6.1.5 Information security in project management A.12.6.2 Restrictions on software installation A.14.2.1 Secure development policy A.14.2.5 Secure system engineering principles A.14.2.6 Secure development environment A.14.2.8 System security testing A.15.1.1 Information security policy for supplier relationships A.15.1.3 Information and communication technology supply chainRead More →

The ISO 31000:2009 is a standard published on the 13th of November 2009, and provides a standard on the implementation of risk management which provides principles, framework and a process for managing risk. It can be used by any organization regardless of its size, activity or sector. Using ISO 31000 can help organizations increase the likelihood of achieving objectives, improve the identification of opportunities and threats and effectively allocate and use resources for risk treatment. ISO 31000 family is expected to include: * ISO 31000:2009 – Principles and Guidelines on Implementation * ISO/IEC 31010:2009 – Risk Management – Risk  Assessment Techniques * ISO Guide 73:2009 – Risk ManagementRead More →

In this post I will briefly introduce aspects of conducting a BIA (Business Impact Analysis), first a definition of what we mean by BIA: A BIA is a process of analyzing business functions and the effect that a break in the business could in such functions. The organization shall determine and document the impact of a break in activities that support key products and services. In a BIA criticism for achieving organizational areas and the potential magnitude of the operational and financial impacts are identified. Each activity that supports a key product or service, the organization must: a) Evaluate the impacts that would occur withRead More →

Whatsapp Sniffer: An example application that exploits security vulnerabilities Whatsapp Yes, WhatsApp, the famous messaging program that the vast majority of us use. The same program that lets you send free messages, photos, video and even our GPS location also has its dark side. Already been reported at different times and by different means WhatsApp is one of the most secure applications as it has many security holes and does not encrypt your data. This has led to different applications. I will mention one. WhatsApp Sniffer: As mentioned before, WhatsApp sends all our messages in plaintext, unencrypted. As anyone in the same WiFi can easily get theRead More →