Information Security Program Life Cycle

While the cores of various security standards and frameworks are similar, it is important to understand that a security program has a life cycle that is always continuing, because it should be constantly evaluated and improved upon. The life cycle of any process can be described in different ways. We will use the following steps:

  1. Plan and organize
  2. Implement
  3. Operate and maintain
  4. Monitor and evaluate

Without setting up a life-cycle approach to a security program and the security management that maintains the program, an organization is doomed to treat security as merely another project. Anything treated as a project has a start and stop date, and at the stop date everyone disperses to other projects. Many organizations have had good intentions in their security program kickoffs, but do not implement the proper structure to ensure that security management is an ongoing and continually improving process. The result is a lot of starts and stops over the years and repetitive work that costs more than it should, with diminishing results.

Continue reading Information Security Program Life Cycle

Security Controls Types and Functionalities

Controls are put into place to reduce the risk an organization faces, and they come in three main flavors: administrative, technical, and physical.

Administrative controls are commonly referred to as “soft controls” because they are more management oriented. Examples of administrative controls are security documentation, risk management, personnel security, and training.

Technical controls (also called logical controls) are software or hardware components, as in firewalls, IDS, encryption, and identification
and authentication mechanisms.

Physical controls are items put into place to protect facility, personnel, and resources. Examples of physical controls are security guards, locks, fencing, and lighting.

Continue reading Security Controls Types and Functionalities

How a Vulnerability that Allows DoS Attack Should be Prioritized

A Developer Attitudes to Vulnerabilities

Why companies don’t always fix vulnerabilities? Of course some critical vulnerabilities which really seem critical are fixed right away, but there are some types of vulnerabilities which seem to be not critical for developers but in fact, they are.

Continue reading How a Vulnerability that Allows DoS Attack Should be Prioritized

What is Linux System Call Under the Hood?

The operating system must fulfill many objectives but one of most important is:

  • Provide an execution environment to the applications that run on the computer system (the so-called user programs).

Linux system call or syscall is the transition between the User Space and the Kernel Space. Whenever a process makes a system call (i.e., a request to the kernel), the hardware changes the privilege mode from User Mode to Kernel Mode, and the process starts the execution of a kernel procedure with a strictly limited purpose. Whenever the request is fully satisfied, the kernel procedure forces the hardware to return to User Mode and the process continues its execution from the instruction following the system call. It’s crucially important from the security side to restrict User Space applications from functionality allowed only for the Kernel. Therefore, Linux Kernel developers created such API or syscalls mechanism.

Linux system call
Continue reading What is Linux System Call Under the Hood?

Hopfield neural network example with implementation in Matlab and C

Modern neural networks is just playing with matrices. So in a few words, Hopfield recurrent artificial neural network shown in Fig 1 is not an exception and is a customizable matrix of weights which is used to find the local minimum (recognize a pattern). The Hopfield model accounts for associative memory through the incorporation of memory vectors and is commonly used for pattern classification.

hopfield-network

Continue reading Hopfield neural network example with implementation in Matlab and C

How for a Corporation to be Compliant with Sarbanes-Oxley Act (SOX)

There have been laws in place since the 1970s that basically state that it is illegal for a corporation to “cook its books” (manipulate its revenue and earnings reports), but it took the Sarbanes–Oxley Act (SOX) of 2002 to really put teeth into those existing laws.

SOX is a U.S. federal law that, among other things, could send executives to jail if it was discovered that their company was submitting fraudulent accounting findings to the U.S. Securities and Exchange Commission (SEC).

SOX is based upon the COSO model, so for a corporation to be compliant with SOX, it has to follow the COSO model. Companies commonly implement ISO/IEC 27000 standards and COBIT to help construct and maintain their internal COSO structure.

How to block ads. I mean completely block all the advertisement on the Internet or a web browser

Each of us would like to block all the annoying advertisement on the Internet. I will prompt how to do it qualitatively.

The most I love internet is because it was created on the basis of freedom, everybody could choose what website to visit, what data is received and will be sent to the target host and everything is open.

Continue reading How to block ads. I mean completely block all the advertisement on the Internet or a web browser

Admin url checking shell script

Simple admin url checking shell script which helps you to check what is the admin url of any website through brute-forcing. The script outputs the http status code for every url in the url_list.txt for the domain name in site.txt, so if the result code is not 404 then we found something interesting. I added the home / url to see everything is working well and the /robots.txt url for cases when a webmaster restricts the crawlers access for something interesting ;).

Continue reading Admin url checking shell script

Hadoop, Thrift, and C++ Hbase client example with installation and compilation tutorial

When I started to work with Hbase, I realized that there are no good examples and tutorials for C or C++ client. So I decided to show how to create and compile a working Hbase client which may become a wheelhorse for any project needed processing of very large data sets.

Continue reading Hadoop, Thrift, and C++ Hbase client example with installation and compilation tutorial