Marriott Hacked : Why It Happened & What Can You Learn?

Marriott Hacked : Why It Happened & What Can You Learn?

Why It Happened ? Marriott faces a fine of $124 million proposed by UK regulators under the EU’s new privacy rules. Before being discovered, the breach persisted for 4 years, dated back to 2014 but was not discovered until November 2018. Marriott said the long-running breach exposed such information as names, email addresses, phone numbers,Read more about Marriott Hacked : Why It Happened & What Can You Learn?[…]

Shocking Results From Hidden Internet – Exposed Database,Leaked Passwords, Code Leaks & more

Shocking Results From Hidden Internet – Exposed Database,Leaked Passwords, Code Leaks & more

In recent past there have been some major breaches and some key reasons responsible for the breach were Shadow IT, Leaked Credentials, 3rd Party/Vendor Risks. Major breaches like American Express, Uber, Dropbox, Dunkin Donuts, British Airways & many more. This research was in line with this to continuosly monitor the web (surface,deep,dark) to understand the leaked credentials,Read more about Shocking Results From Hidden Internet – Exposed Database,Leaked Passwords, Code Leaks & more[…]

Free 3rd Party Information Security Assessment Guideline

Free 3rd Party Information Security Assessment Guideline

This free document is on Free 3rd Party Information Security Assessment Guideline (Courtesy Cybersecurity Malaysia). Cybersecurity Malaysia has made this great document with authors Nor’azuwa Muhamad Pahri and Noor Aida Idris Third Party Information Assessment Guideline Includes –  Pre-Assessment Roles & Responsibilities for Organisations Develop Assessment Requirements Plan and Allocate Resources Evaluate 3rd Party AssessorRead more about Free 3rd Party Information Security Assessment Guideline[…]

Free Supplier Security Assessment Questionnaire

Free Supplier Security Assessment Questionnaire

This document is on Supplier Security Assessment Questionnaire (SSAQ) (Security self-Assessment and Reporting) (Courtesy Halkyn Consulting).  This includes the following sections –  Document Control Supplier Name & Address Assessment Completed by Date of assessment Additional Documents ProvidedRelevant Network Diagram Relevant Security Diagram Relevant System Architecture Technical Interface Design Relevant 3rd Party Security Assessment(s) (e.g. SASRead more about Free Supplier Security Assessment Questionnaire[…]

Free Third Party Data Security Assurance Questionnaire

Free Third Party Data Security Assurance Questionnaire

This free document is on 3rd party data security assurance (Courtesy UCF,  Information Security Office, VR Program).  The document is made in a way such that vendors must answer the questions in a yes/no. Third Party/ Vendor Data Security Assurance Questionnaire (SAQ)Document covers questions from various sections –  Policies & Procedures  Disaster Recovery & Business Continuity  PhysicalRead more about Free Third Party Data Security Assurance Questionnaire[…]

Free 3rd Party Outsourcing Information Security Assessment Questionnaire

Free 3rd Party Outsourcing Information Security Assessment Questionnaire

This free document is on 3rd party Outsourcing Information Security Assessment Questionnaire (Courtesy UBC IT). This questionnaire document has various information section on :  Company Information Policies, Standards and Procedures Architecture Configurations Product Design Compliance Access Controls Monitoring Physical Security Contingency Vendor’s Business Associates Download Document The document can be viewed below and downloaded fromRead more about Free 3rd Party Outsourcing Information Security Assessment Questionnaire[…]

RDP:Remote, ‘Wormable’ Pre-Authentication Windows Vulnerability”

RDP:Remote, ‘Wormable’ Pre-Authentication Windows Vulnerability”

Microsoft has issued an warning that another ransomware outbreak similar to Wannacry can shut down the internet. There is a critical vulnerability (CVE-2019-0708) in its RDP/Remote Desktop Services that can be exploited remotely, via RDP, without authentication and can be used to run arbitrary code. An attacker could then install programs, view, change, or delete data; or createRead more about RDP:Remote, ‘Wormable’ Pre-Authentication Windows Vulnerability”[…]

Security Breach Impacts and Top 10 Mitigation Techniques

Security Breach Impacts and Top 10 Mitigation Techniques

News stories about Security breaches are increasing day by day. Security breach instances are growing at an alarming rate; while becoming faster and larger in scope.  Approximately 1500 companies are breached annually and the total records compromised nearly double each year. An organization must work quickly and accurately to navigate the terrain. The impact forRead more about Security Breach Impacts and Top 10 Mitigation Techniques[…]

Top 3 insights To The Impacts Of Shadow IT

Top 3 insights To The Impacts Of Shadow IT

Digital Security is a challenging practice of protecting your organization’s information and to understand the Impact of Shadow IT. In most organizations, it would be hard just to make sure that they are not compromised through your networks, communication systems, and storage systems. Having to worry about information that is outside your control, and thatRead more about Top 3 insights To The Impacts Of Shadow IT[…]

Shadow IT in Healthcare Organizations

Shadow IT in Healthcare Organizations

Healthcare organizations and pharmaceutical companies rest on a foundation of sensitive patient data and intellectual property. Healthcare entities in the private sector – especially those affiliated with academic medical centers and university research facilities – also commonly face challenges of identifying and reining in shadow IT and mitigating the security risks posed by technology deployments that aren’tRead more about Shadow IT in Healthcare Organizations[…]