Friday, October 29, 2010

Abuse of Access Privileges and Guessable Credentials - Top Cause for Payment Card Breaches

PCI and RISK Intelligence teams of Verizon have recently published a report titled "Verizon 2010 Payment Card Industry Compliance Report'. The report is the result of detailed analysis of nearly 200 PCI assessments done by Verizon Qualified Security Assessors (QSAs) during 2008 and 2009. The sample for the analysis included a mix of organizations of various types.

The report lists out top threat actions based on 2008-2009 payment card breaches investigated by Verizon IR team. Of the ten threat actions, exploitation of default or guessable credentials and abuse of system access/privileges are found to be the cause for 38 % of the breaches.

Time and again, we have been highlighting in this column two very important facts:
  1. the security threats caused by the insiders of the enterprises - either disgruntled staff or greedy techies or sacked employees
  2. stolen identities, default credentials, guessable passwords could be serving as the ‘hacking channel’ for many cyber-crimes 
The Verizon study once again lends credence to the belief that Improper management of the administrative passwords and lack of effective internal controls often remain at the root of a good number of security threats.

What is the way out?

One of the effective ways to achieve internal controls is to deploy a Privileged Password Management Solution that could replace manual processes and help achieve highest level of security for the data.

Though the reality is that it is not possible to prevent/avoid all security incidents, the ones hat happen due to lack of effective internal controls are indeed preventable.

Password Manager Pro, a trusted solution precisely helps achieve this. A secure vault for storing and managing shared administrative passwords and digital identities, Password Manager Pro helps eliminate password fatigue and security lapses, achieve preventive and detective security controls, meet security audits and improve IT productivity.

With insider threats looming large, taking preventive action is the need of the hour. Use Password Manager Pro and Stay Secure!

Complete details of the Verizon 2010 Payment Card Industry Compliance Report:

http://www.verizonbusiness.com/resources/reports/rp_2010-payment-card-industry-compliance-report_en_xg.pdf

Bala

Tuesday, October 19, 2010

UPSC Prelims 2011: The New Syllabus & CSAT


Media reports today are abuzz about the new syllabus for Civil Services Aptitude Test (CSAT), 2011.

The proposed changes sound very good in both ensuring fair competition and selecting the best candidates.

According to the reports, CSAT will have two compulsory papers each of 200 marks and two hours time duration.
 
Paper I is much like the present day General Studies except the General Science portion: It will include:

  • history of India and Indian National Movement, 
  • Current Events of National and International importance, 
  • Indian and World geography-physical, social, economic geography of India and the world. 
  • Indian Polity and governance, Political System, Constitution, Panchayati Raj, 
  • Rights Issues, Public Policy, Economic & Social Development, 
  • Poverty, Sustainable Development, Demographics, Inclusion, 
  • Bio-diversity & Climate change, Social Sector Initiatives etc 
  • and general issues on Environmental Ecology, which do not require subject specialization

Paper II will include subjects like: 
  • General Science, 
  • General Mental Ability, 
  • Logical Reasoning & Analytical Ability, 
  • Interpersonal Skills including Communication Skills, 
  • Decision Making & Problem Solving, Basic Numeracy (numbers & their relations, orders of magnitude etc, class X standard). 
  • English Language Comprehension Skills (class X level), 
  • Data Interpretation (charts, tables, graphs, data sufficiency etc, class X level) 

So, the preliminary examination is all set to be replaced by CSAT. This new change seeks to ensure fairness in competition as all the candidates will have to take two compulsory papers - optionals have been done away with.

I know thousands of students whose prospects at the prelims were marred due to the inherent subjectivity of the optional subjects. On the other hand, just by choosing a popular optional, many have hit the jackpot. And no one could predict the trend,  as it differed year after year.

Clearing the civil services exam, particularly the prelims, depended a lot on luck. CSAT is a welcome change in this direction.

And, CSAT now seeks to test the numerical aptitude, English language skills, knowledge on social issues etc. These new areas will help select the best out of the lot.

CSAT might encounter opposition from politicians, but if it gets implemented, that will be good for the Nation!

Bala