Infomation Security and Assurance

Cloud security      Shifting data and sytems into cloud  is popular among organizations nowadays because cloud helps to improve efficiency and operational capacities with low cost and less resource requirements.  As the cloud platforms are used to host important business applications as well as store organizational data it is impotant to ensure that what we place in cloud are secure from any cyber attacks.   Cloud security is the area of computer or information security that focuses on implementing various controls,techniques,processes and policies to secure the cloud  systems, data and infrasturcture.   Cloud security is not just a responsibility of the cloud service provider but is a shared responsibility between both  providers and users/customers of cloud. Cloud providers manage many  aspects of applications,infrastructure and physical security while users also have responsibilities on some security controls. Shared responsibility in cloud security(source:  kinsta.com ) Importance

  What is multi-factor authentication(MFA)? Authentication is the process of identifying users those who request to access a system, network or a device and confirm that users are who they say they are. Multi-factor authentication(MFA) is the type of authentication that involves 2 or more verification factors to manage access. MFA is used used in diffrent applications, account logins, network access, VPNs etc. to authenticate user requests. Why MFA is important? In multi-factor authentication users are authenticated not simply based on usernames and passwords but based on several other factors. "According to  2020 Verizon data breach investigation report(DBIR)  67% of data breaches were due to credential theft, errors, social attacks and 37% of credential theft breaches used stolen or weak credentials" MFA reduces the risk of weak passwords and minimizes the likelihood of any cyber attack by increasing the difficulty of passing the login process and exploiting the user login

What is 'Ethical Hacking'? Ethical hacking is an authorized attempt to get unauthorized access to computer systems or data. In other words ethical hacking tries to identify security flaws in computer systems or networks by attempting to exploit vulnerabilities and breaking the security measures implemented. Why Ethical Hacking? Information is more valuable in the world today and organizations has to deal with large amounts of sensitive data everyday. Cyber criminals tend to focus more on organizational sensitive data so that stronger and updated security needs to be maintained to prevent attacks from malicious hackers. Organizations need to take proactive actions to ensure that no chances are given for attackers to expoit any security vulnerability in their systems or networks that cause trouble to the organization. Ethical hacking helps with proactively identifing and eliminating cyber security vulnerabilites of organizations so that attackers cannot harm the systems or the se

          COVID-19 has created the need of maintaining social distancing among people so that many organizations have shifted to work from home practice and to operate largely online. This is supported by many technologies including internet, cloud computing, online team colloborative tools, mobile computing etc. Work from home and operating online helps organizations to continue their business operations in a safer manner with the COVID pandemic situation, but it also has many cyber security risks attached with it. Major reasons like employees using new ways than before to access organizations systems or data, using unfamiliar software, using less secure hardware devices or software  to access organizational services, unsafe network access ultimately creates vulnerabilities and cyber risks for organizations.  Cyber criminals will have opportunities to get advantage of vulnerabilities to gain access to organizations confidential information. Therefore it is important for organizations