Shahla Raei

The bad news for Mac users!
Malware targeting webcam and microphone, now targeting Mac laptops. Mac malware to tap into your live feeds from Mac’s built-in webcam and microphone to locally record you even without detection.
Attackers use a malicious app that monitors the system for any outgoing feed of an existing webcam session, such as Skype…[Read more]

Paul,

Thanks for sharing, I didn’t know about ” Secret Conversation” feature. However I don’t think social media is safe platform for sharing important information

The Physical Security Bridge to IT Security (PHYSBITS) focusing on integration of physical and IT security technologies. It is a vendor-neutral approach for enabling collaboration between physical and IT security to support overall enterprise risk management needs. The technical portion of the document presents a data model for exchanging…[Read more]

I found this subject interesting, because recently I saw my friends posting their boarding passes on Instagram. In this article its explained that this can put you at risk by posting your boarding pass photo on social media.
Many information including full name, flight number, flight account, and frequent flyer number can be extracted from…[Read more]

Firefox browser vulnerable to Man-in-the-Middle Attack

I found an article about Firefox browser, which a critical vulnerability resides in Mozilla’s Firefox browser, allows attackers to launch MITM attack. This can deliver the malicious update on targeted computer.
The main issue exists on in Firefox Certificate Pinning which is an HTTPS…[Read more]

Shahla Raei
MIS 5206
HDFS: Securing Online Banking
What are the challenges faced by Salvi?

As a CIO of HDFS bank, Salvi was working on strenthing bank’s information security framework.

Here is chanllanegs that Salvi was dealing with :

– Keep secure newly established IS framework.
– He was concerned about IS security in five d…[Read more]

The article I read is about malicious apps exists on Google app store. Researches from lookout security identified a piece of spyware hiding in four apps available in Google’s official app store. This spyware is able to steal personal data from users including name, phone number, email, and times contacted; precise location, including latitude, l…[Read more]

An Information risk profile documents types, amounts and priority of information risk that an organization finds acceptable or unacceptable. It is a quantities analysis of the type of threats of an organization.

This profile should include guiding principle aligned with both its strategic directive and supporting activities. This is developed…[Read more]

Jianhui,

I agree with you, Corrective controls restore the system or process back to the state prior to a harmful event. For example, a business may implement a full restoration of a system from backup tapes after evidence is found that someone has improperly altered data.

Deepali,

You explained it very detailed and very well, thank you, I liked the example and the way you categorized the information.

Ming,

Nicely pointed to preventive controls ! Try to not download malicious apps from third-part store is the way that can help mitigating the risk.

Creating a Culture of Data Safety Through Classification

This article explains the importance of data classification in implementing security solutions. As we all know the weakest link in security chain in employees and this article emphasizes on the importance of creating a security-focused work culture. Data classification is one solution…[Read more]

Preventive – These type of controls preventing the loss from occurring. Segregation of duties is an example of this type.
Detective – monitoring activity and detect errors or irregularities that may occurred.
Corrective – Restore the system or process back to the state prior to a harmful event. Anti viruses example, correcting errors that…[Read more]

Ian,

Nicely point out, I think students are more at risks, and all personal or financial information might be stolen. I think these processes are not properly implemented and the network are properly secured!

The news that I wanted to share for this week is related to vulnerability of web-based accounts demonstrated by Romanian hacker.
A former Romanian taxi driver was able to hack emails and social media accounts of celebrities and political late may this year. He gained access through weak password and then accessing their corresponded.
In this…[Read more]

In an organization both technical and business problem of Information security must be solved.
Many businesses believe that by implementing secure infrastructure and utilizing security tools such as firewall, IDS and anti virus program, they can create secure organization. However, the security chain is as strong as the weakest link, and the…[Read more]

In the past 2 weeks, I learned about transaction structure in SAP and how they are defined, also I learend security terminology (role & profile). The most interesting concept in defining roles associated to users is defining effective dates, usually end date is unlimited (1/1/9999) the reason is roles are defined and can be assigned to multiple…[Read more]

Professor,

There is problem with recorded video of week 4, It is not related to our class! slides are correct but, it includes another class presentation!