IF you don’t have CyberFrat ID yet, click below to get it for free, Add Reference ID as Quiz. once you receive the ID come back to register for Quiz.
CyberFrat is happy to announce the association with Infosec Foundation for Security Symposium And Award 2019. Apart from passes to our professional members we are giving 3 VIP Passes to Mumbai Students, Which includes All Access to full-day Security Summit, Networking with 30+ Speakers & 150+ Professionals, Award Ceremony, Lunch, Musical Evening with Cocktail & Dinner
Venue: Hilton Mumbai International Airport, Sahar Airport Road, Andheri East, Mumbai
Friday, August 30th, 2019
10:00 AM Onwards
Register here to get a chance to Win the Pass (Students Only)
10:00-10:10 – CyberFrat Updates – Gaurav Batra
10:10 – 10:40 – Why cyber security is one of the priority for an organization – Prashant Gupta
10:45 – 11:15 – Phishing – More than just a spam folder – Naveen Yadav
11:20 – 11:50 – Cyber Risk and Mitigation Controls for NBFC industry – Dominic Vijay Kumar
11:50 – 12:05 – Networking Break
12:10- 12:40 – Fraud Detection using Data Analytics – GK Gupta
12:45 – 01:15 – Data Protection and Privacy – Prashant Gupta
01:20 – 01:35 – Quiz by Gaurav Batra
01:35 – 01:45 – Wrap up & Snacks
If you are not CyberFrat Member yet, Click below to join Cyberfrat for free and get three Month free CFPlus membership as well.
Discussion Date: Sunday, 2nd June 2019
Time: 10:30 AM Onwards
Coffee With CyberFrat is a program initiated with an intent to aid in the local networking of cyber professionals and students aspiring to build a career in the cyber industry.
The basic funda of CWC is, the CF volunteers in different cities decide a venue and timing for the meet. This meet is open for anyone and everyone irrespective of their professional background. Further, a topic is decided to be discussed which is same for the meets in all cities. Everyone brings their thoughts and opinions to the table while sipping coffee which is paid individually.
On 2nd June 2019, Coffee With CyberFrat was held at 5 different locations and was a grand success. The topic decided for this meet was IMPORTANCE OF INFOSEC CERTIFICATIONS.
The outcome of the meets that happened in different cities of India is summarized below.
The discussions started with participants sharing their insights on the importance of information security certifications and how they are helpful in career growth for an individual. The discussion zeroed around basically four aspects which were central to the agenda.
These are as follows:
These points are summarized below.
A credential in effect shows candidate’s significant commitment to the job profile in information security field.
Within a company, this may lead to quicker job promotion or first preference to work on a new environment / technology if a person is certified on that technology.
External factors such as regulatory or industry standard(s) might mandate and insist on sending only certified candidate as a qualifying requirement for a particular job role.
Better client assurance on work quality can be given hence client is comfortable to pay more the company if they send certified professionals.
This may offer a vendor or service provider an edge over the competition.
Knowledge based certifications (CISA, CISSP, etc.):
Skill based certifications (OSCP etc.):
Other key points identified during the discussion, which are important when the focus falls onto information security certifications are as follows.
You need certification when you don’t know Information Security and you don’t need it when you know Information Security
This means, if you possess experience in InfoSec, certification may not be mandatory as you already have practical experience. However, for a fresher to enter into the industry, you need to have a certification to be eligible for the profile.
Top of Security is risk management
However, it gets detached from Security as it focuses more on management of risk Security.
There is no generic certification which satisfies all the criteria required. Thus, an individual ends up being perplexed, which certification needs to be completed in order to be eligible for a job opportunity,
Certain companies prioritize skills and experience over certifications for example if a candidate can demonstrate skills of ethical hacking, it does not matter if he/she possess certification.
As the digital era is expanding enormously, students would be inclined to work in security domain. Thus, to have an eligibility criterion and have a basic segregation of candidates, certification would be required.
Having a certificate is quite important but on the other hand people in the industry with considerable years of experience who possess knowledge as well as skills cannot be neglected over having no certification.
CEH is considered as an entry level certification and expecting a candidate with CEH certification to have skills of higher level would not be fair.
No up to the mark certifications for cyber investigation
Scarcity of Good trainers
CISOs ignore maintaining certifications and lack experience of business management
CEH is a good entry point into the Information Security industry
CISSP can be considered as a relevant and useful certification for team members
CISM and CISM are good from industry perspective if you are leading a team
Udemy, Cybrary, Hack the box, Pluralsight, Project Drona, Corsera are good websites for learning free learning.
CISM is fully defensive
CEH and OSCP can be considered as entry level certifications. CEH is objective exam while OSCP is hands on approach offensive security exam.
COFFEE WITH CYBERFRAT PARTICIPANTS
BANGALORE: Pooja Bagga, Vivek Verma
Starbucks Coffee House, Ground Floor, 115, Road Opposite Raheja Arcade, Koramangala
DELHI: Priyanka Tomar, Prem Gurnani, Nakul, Akshat
Cafe Coffee Day The Square, 46, Janpath Rd, Atul Grove Road, Janpath, Connaught Place
NASHIK: SaiPrasad Kulkarni, Amol Patwardhan, Mohit Bagul, CA Amit Sharma, Saujas Jadhav
Café Coffee Day – Mahatma Nagar, Parijat Nagar, Ramrajya Building
MUMBAI: Gaurav Batra, Pooja Kadam, Ritesh Bhatia, Smith Gonsalves, Anirban Roychowdhury, Nikhil Talwar, Sameer Saxena, Amaresh Rajvedi, Sunil Sharma
Coffee By Di Bella Exclusive Link Road, Ground Floor. Kiran Kunj, 24th Road, Off Linking Rd, Opposite elbo room, Khar West
PUNE: Manasdeep, Yogesh Mishra
Irani Café, World Trade Center, Dholepatil Farms Rd, EON Free Zone, Kharadi.
This case study is a combination of two attacks password and phishing. Password attack is one of commonly happen attack in our society due to lack of awareness about cyber security. In today’s time, technology is growing rapidly but still our society’s major chunk is deprivedfrom the knowledge of how to use technology securely. In this case study the attacker first performs password attack to get an access to an email account and then performs phishing attack further.
The incident happened in one of the well-known academic institution. The incident consisted of emails received from a very senior and high profile person to other users. The suspected emails contained a malicious executable as reported by the other users. After investigation regarding the emails it was found the senior person had not sent any such emails to others which could compromise of the user’s credentials .During investigation, “Last account Activity” details were monitored which showed the particulars of last ten logins of the persons Gmail account such as location, IP, method and time. From the particulars it was identified that last logins details were suspicious. So it was basically the crime against individuals targeting the users from the persons address book to access their data which includes personal details, banking information, login credentials etc. The incident happened with motives to steal user’s credentials and conduct further targeted social engineering attacks against affected people. Here the attacker was from the organization itself who tried to steal the credentials of the users by misusing other persons email address. Here the attacker wanted to satisfy two goals one is defaming the senior employee as he was having some personal grudges with him and second one is misusing user’s credentials.
The incident happened due to common type of vulnerability i.e. weak password. The following Figure 1.1 shows the different stages of attacks in present case study.
The case study suggests there is a necessity of spreading more awareness about end users best practices. Specifically with using strong password protection and authentication which any common person can easily do it at entry level.
This Article is written by Ms. Sampada Margaj, Member Digital Security Program as part of Monthly assignment for Month of May 2019. This Article is selected as best article for the month. Sampada is Asst. Professor, Computer Science at Kitti College, Dadar, Mumbai