Social engineering is the act of manipulating people into performing actions or divulging confidential information, rather than by breaking in or using technical hacking techniques. This session looks at how you can safeguard your business from social engineering.

This webinar was presented on 8th May by Amita Moghe
Webinar URL – https://my.dimdim.com/IndicThreadsEducation/

So to clarify, the course is designed for students and professionals who aspire to pursue a career in the field of information security and IT risk management. As an information security professional, you need to understand the risk areas and suitable controls to mitigate IS related risks, which is the highlight of the course. No other similar course offered elsewhere covers these practical aspects of IS risk management and compliance.

Freshers with a BBA/ MBA in IT or an MCM or computer engineers will learn concepts related to information security. They will also get to understand nature of IT audits such as a SAS70 or SOX compliance for general computer controls in depth. This course stands out in that the students of this course will also understand audit aspects related to objectives, scope, planning and fieldwork in depth. They will also learn network and operating system risks, security features and controls.

CISA aspirants will find that this course will assist them to prepare for the certification. Sound theoretical knowledge coupled with IT audit experience is the key. Our course will enable students to start a career as an IT auditor or an information security professional. The course is especially important for Chartered Accountants who seek to shift to Information Systems Security and Audit.

Existing IT audit professionals can enhance their skill sets by undertaking this course.

Among the many important points that you need to remember and take care of, the one that I am going to tackle here is password security. Let me start with explaining some basic concepts related to security like identification and authentication.

User identification and authentication is the basic security mechanism a person uses to protect company or personal data from unauthorized access. A user identifies himself through a User/Login ID. Authentication can be provided through one or more of the following means –

• What you know; e.g. Password
• What you have; e.g. Token or Smart card
• What you are; e.g. Biometric

A good password policy suggests some password features such as –

• Minimum length of 6 characters
• Alphanumeric
• Password should include a mix of uppercase or lowercase letters
• Password expiry policy of 30-90 days

Further, characteristics of secure passwords include –

• Password should not be a dictionary word
• Password should be easy for the user to remember but difficult for an intruder to guess

Security practices for password protection strongly discourage users to write down their passwords. However, with so many criteria to satisfy to achieve the required password complexity, it becomes difficult for a user to remember his password. To add to the problem, a person has multiple passwords to remember.

A person may require a password to logon to his Office desktop/laptop, office mail/applications/ERP etc, online banking accounts, online trading accounts, personal email account. Also, a person uses a PIN (Personal Identification Number) to access his bank account at an ATM (Automated Teller Machine). Several bank accounts would mean those many PIN’s.

It becomes a challenging task to remember so many passwords and PIN’s. Companies conduct trainings on security awareness and make policies against writing down passwords. In most cases, users still write down their passwords, however may not do it openly.

To make online bill payments, you need to first log on to the bank website. There you are asked to fill in your user id and your password. Your bill is presented to you and you then direct the bank website to pay it through your account. To shop online, you log on to the shopping website with the user id and password that you have created for that website. Then, when you wish to pay your bill using your credit card, you are taken to the payment gateway of bank whose credit card you wish to use. There after filling in all the details, you are required to fill in another password, which has been put in place by the credit card companies for extra security.

When you take into account all the other passwords like ATM PIN and TPIN that you are expected to keep secret and remember correctly, you are bound to want to write them all down in a secret diary.

So, how does one tackle the security issue and also not forget the password? The answer lies in encryption. You can use a manual method or automated tools to achieve this. One can securely store/write passwords by using simple encryption techniques such as adding a digit to your ATM pin – for example, if your ATM PIN is 2527 then you can encrypt it by adding a 2 to every digit, so your encrypted PIN would be 4749. Similarly, you can subtract or multiply a digit to the PIN. You can keep a common encryption technique for all the PIN’s. You can also write the PIN in a foreign language you know such as Japanese, French or German.

To encrypt alphanumeric password you can use a technique of inserting additional alphabets at the beginning or end – for example, if your password is srbVma1, then you can encrypt it by inserting alphabet a at the beginning and c at the end, so your encrypted password would be asrbVma1c. Alternatively, you may insert a digit or change the order of the password.

A more sophisticated way to do this would be by using free software like Keypass or Passpack which stores and encrypts all your passwords and PIN’s. You need a master user id and password to logon to the software. Also, web browsers allow you to store your ID and password for email accounts. However, it would be unwise to use this option on a public or shared computer.

The need for better security arises because if the user is smart, intruders will be smarter. Intruders use password cracking tools and can brute force your password. Even if companies and banks effectively secure their systems against such attacks, it would all be in vain if the password was compromised because the user wrote it down unwisely.

Why Internet For Business Development?

IndicThreads.com has been online since 2004 and we have been hosting India’s top technology conferences since 2006. To promote IndicThreads and the IndicThreads Conferences, we have used and continue to use the Internet in every way possible. With our modest ad & marketing budgets, we do not have the luxury of putting hoardings on street corners or frontpage ads in newspapers.

So we have been in a way forced to wring every paisa we possibly could from online forms of marketing & promoting a business. We have used online ads, web marketing, social media, search enginess, web reviews, web PR… you name it, to promote IndicThreads. So over the years we have generated quite a resource pool of notes, dos & dont’s, tips & tricks on how to go about business development & marketing online.

Most modern Internet oriented businesses initially struggle to promote themselves online & have a tough time using the Internet for Business Development. They in the process lose valuable time & resources, often threatening their very existence. To add to that, most old world businesses have no clue about how they could leverage the Internet for business growth.

We felt this was a great segment where not only could we contribute our learning but also truly help businesses not just survive but propel forward in a short time & at minimal cost. So we created the course “Internet For Business Development”

It is targeted at all to whom business development & growth matters. So it could be a student of business, a business owner, a CEO or a marketing & BD executive. The learning from the course is certain to open new horizons for the participants.

Most were driven by ‘academics’ who have been teaching pretty much the same stuff for ages. With due respects to these courses & people, we have ventured to create courses for 2010. We teach topics that are relevant today and the teaching comes from people from the industry who have been there & done that and not just read about it.

While traditional courses are designed to last for decades, our courses are designed to become outdated in a year. Honestly, in today’s rapidly changing social & business space, even 1 year seems like a long time to be teaching the same thing.

Read the entire article at Slideshare, the world’s largest community for sharing presentations.

Google Inc delighted free-speech advocates as it threatened to pull out of China over censorship and cyber attacks. Analysts said Google’s decision is tantamount to exiting the world’s largest Internet market, with more than 360 million users, since it is highly unlikely the Chinese government would allow Google to operate an unfiltered search engine.

src- economic times

Almost each day, an average corporate employee spends an hour, glued to various social networking sites such as Orkut, Facebook, MySpace, LinkedIn etc. for romancing or otherwise drive some satisfaction out of it. With this average, a corporate employee’s work  day is reduced by an hour from 8 hours to 7 hours, further reveals the ASDF survey.

The above findings are arrived at through a random survey, carried out by the ASSOCHAM Social Development Foundation (ASDF) in which nearly 4000 corporate employees were interviewed between age group ranging from  21-30, 31-45 and 46 -60 years in metros and towns across India.

The most sought after sites for the purpose have been found to be Orkut and Facebook especially for corporate personnel of age group of 21-30 followed by MySpace and LinkedIn. These two sites entertain and cater to corporate employees that fall in the age bracket of 31-45 and even beyond, say the findings.

The survey showed that 77% of workers who have an Orkut account use it during work hours. Interestingly, 83% see nothing wrong in surfing at work during the office hours.

Considering that most Indian companies already provide very limited access to the Internet, such reports might lead to a further clamp down on net access among Indian corporates. Should companies further restrict access or is it best left to the employees’ discretion & understanding?

src- assocham