Monday, June 23, 2014

IT Security Maturity Assessment | Control Self Assessment

IT – Security Maturity Assessment – Control Self-Assessment
IT Security maturity assessment: it is a Self-Evaluation assessment carried out by organization that informs where it stands in terms of IT Security and shows its Strength, weakness and areas where  IT security improvement is needed in an organization.
Organizations analyze IT Security on the bases of ISO 27002 standards. This tool was intended for use by an institution as a whole, although a unit within an institution may also use it to help determine the maturity of its information security program. Unless otherwise noted, it should be completed by chief information officer, chief information security officer or equivalent, or a designee and hardly takes few hours to analyze the overall IT maturity. The rating scale consist on 5 levels from 1 to 5 and every IT security related point carefully analyze by the analyze maturity team or individual and then they decided where that point put down.

Level 1
Level 2
Level 3
Level 4
Level 5
Performed Informally = Adhoc
Planned = Proscribed
Well Defined = Standardized
Quantitatively Controlled = Quantitative
Continuously Improving = Optimized
Level 5 is the highest level of maturity.

The Key advantages to implementing this program includes earlier detection of risk and the development of action plans that will safeguard organizational data against significant business risk and indicates the organizational IT security maturity level.

Also figure below shows the IT Security Maturity Graph.

The areas covered in assessment tool:

1.      Risk Management (ISO 4)
2.      Security Policy (ISO 5)
3.      Organization of Information Security (ISO 6)
4.      Asset Management (ISO 7)
5.      Human Resource Security (ISO 8)
6.      Physical and Environmental Security (ISO 9)
7.      Communications and Operations Management (ISO 10)
8.      Access Control (ISO 11)
9.      Information Systems Acquisition, Development, and Maintenance (ISO 12)
10.  Information Security Incident Management (ISO 13)
11.  Business Continuity Management (ISO 14)
12.  Compliance (ISO 15)

Documenting Conclusions & Reporting:
1. Include both negative and positive findings.
2. Prioritize findings related to IT security risks.
3. Stay consistent with the methodology and scope.
4. Provide practical remediation path, accounting for the organization’s strengths and weaknesses.

Friday, May 23, 2014

Could Your Computer Be Infected by Blackshades?

Could Your Computer Be Infected by Blackshades?
Here’s a list of possible indicators that your computer may be infected with Blackshades or similar remote access tool malware:
  • Mouse cursor moves erratically with no input from user;
  • Web camera light (if equipped) unexpectedly turns on when web camera is not in use;
  • Monitor turns off while in use;
  • Usernames and passwords for online accounts have been compromised;
  • Unauthorized logins to bank accounts or unauthorized money transfers;
  • Text-based chat window appears on your computer’s desktop unexpectedly;
  • Computer files become encrypted and ransom demand is made to unlock files.
Blackshades malware affects Microsoft Windows-based operating systems. If you believe you or someone you know may have a computer that is infected with this malware, search the computer’s hard drive for the following files that are known to be present on Blackshade-infected computers:
  • dos_sock.bss
  • nir_cmd.bss
  • pws_cdk.bss
  • pws_chro.bss
  • pws_ff.bss
  • pws_mail.bss
  • pws_mess.bss
To perform the above check, click the Start menu and type each file name in the search field. If the search yields positive matches for one or more of these files, the computer may be infected with Blackshades.
In addition to the above files being added to the computer’s hard drive, Blackshades also makes modifications to the Windows registry. The exact location may vary depending on the version of the Microsoft Windows you're using, but the following registry subkey is added:
  • Computer\HKEY_CURRENT_USER\Software\VBandVBA Program Settings\SrvID\ID\[string of letters and numbers]
To perform a check for this registry modification, take the following steps:
  1. Click the Start menu.
  2. Type “regedit” in the search field.
  3. Execute the Registry Editor (regedit.exe). If prompted, select “Yes” to allow the program to make changes to the computer.
  4. Select “Edit” from the window toolbar.
  5. Select “Find” from the Edit menu.
  6. Type “SrvID” in the Find field.

Anyone who performs the above checks and gets positive results is encouraged to submit a complaint to the local or International Internet Crime Complaint Center. Please include the term “Blackshades” in the incident description section of the complaint.
And for assistance on removing Blackshades, please contact your Internet service provider, your antivirus software company, or another computer security professional.

Tuesday, March 11, 2014

MAP: This Is What The Internet Looks Like

Here's a map from telecom data company TeleGeography that shows how the Internet works around the world. 
The map charts out all the undersea fiber optic cables that send Internet communication from country to country. There are more fiber optic cables that are land based, but they're not charted here. 
Paul Brodsky, an analyst at Telegeography explained the map to us, saying, "The vast majority of Internet traffic travels on fiber optic cables." Many people think Internet connections go through satellites, says Brodsky, but that's not the case. They run through these undersea cables. 
The companies that lay these cables have fiber optic cables on a giant spool on their ships.
"The ship goes from country A to country B," says Brodsky, "They literally just lay it on the bottom of the ocean. Close to the shore, they trench it out, but at a certain distance from the coast it just lays on the bottom of the ocean."
A fiber optic cable is about the size of a human hair and it sends laser light pulses that deliver messages in milliseconds from New York to London. 
The biggest risk to the cables are fishing boats (trawlers), and ships dragging anchor. Sometimes there are natural disasters like earthquakes. But if one cable is broken, Internet traffic can be redirected to another cable. 
Brodsky says the companies that lay the cables can track problems. If they spot something, they can go out to the middle of the ocean, pull up the cable and cut out the damaged section and splice in a new segment of cable.
As you can see in the map, most of the countries that are near water are connected to these high-speed Internet cables. In the future, expect more cables, says Brodsky. Now that the world is connected, the next step is to add more connections. Any country with just one cable will want two or three. 
Here are some enlarged pictures of the map:

Friday, March 7, 2014

7 simple habits that will help you become a happier entrepreneur: start today!

Of all of you reading probably many have decided at some point of your life to abandon your “comfort zone” where you found an “uncomfortable comfort”.
Deep down, despite being “fine” you knew you weren’t happy. This is what makes so many people decide to become entrepreneurs, even knowing the road isn’t at all easy, you are convinced it’s the best way to feel more fulfilled with your life, doing what you like, what you are passionate about.

Although happiness has a thousand faces and is a very subjective state, there are things (actions-truths) that when set in motion in our head and habits can provide us with happiness.
Learn what has been scientifically proven to make you happier!

1- CHANGE THE PARADIGM: success doesn’t bring happiness.

Many people believe success brings happiness but on the contrary: happiness brings success. Whoever does things in order to be at peace, to have a sense of fulfillment and live moments of happiness every day can overcome life’s challenges: in relationships, at work, family, etc. According to a research carried out by Sonja Lyubomirsky, Ph.D. of the University of California, when people feel happy they tend to be optimistic, energetic and self-confident, which leads other people to find them more pleasant, sociable and reliable. These aspects broaden opportunities to: do business, achieve objectives successfully, create or develop new things, or why not, meet a partner.


Happiness then isn’t about being successful and having lots of money, on the contrary: it’sthe starting point. You might tell me: “Sure, that’s why I’m reading this, I want to know how”. :) Well, I’ve decided to start the post with this aspect because before anything else, before getting to the HOW it’s necessary to have the INTENTION, the willingness to make those changes that will help us be happier. We have to stop seeking happiness and start living it. In fact, a research carried out by June Gruber (a psychologist from Yale) suggests that constantly seeking happiness can bring about anguish. This happens when those seeking happiness do so believing that everything that’s recommended in order to make us happy MUST actually make them happy and they cannot deal with the frustration and with the process. Happiness isn’t the result of doing one thing but of a change in lifestyle and we don’t always achieve it as if by magic.
You can start right now making small changes such as: forgiving those who hurt you, putting peace of mind first and not always reason, redefining values, being faithful to them, etc. (etc = the rest of the 6 points of the article)


This aspect is paramount for social life and specially for our entrepreneurial lifestyle. Happiness is like a beautiful sickness or virus that spreads itself all around us. Being around positive, grateful, enthusiastic people provides us with well-being which is perfect so that the day-to-day becomes more pleasant and productive.
A research carried out by BMJ Group concludes someone’s happiness depends on the happiness of those around him/her; it can be said that happiness can be a collective phenomena.
That’s why it’s necessary to choose the people we have around us, specially if they will be working side by side with us. Two heads are always better than one since it’seasier to solve problems, identify points that the other may overlook and help in the decision making process in order to assess pros and cons.
We leave you with a quote from Professor of Psychology at Harvard University, Dan Gilbert , where he stresses the importance of relating to people that have a positive impact on us:
“We are happy when we have family, we are happy when we have friends and almost all the other things we think make us happy are actually just ways of getting more family and friends.”


One of the most relevant factors for happiness is to keep focused. This allows us tolive in the present, in this very moment, without the burdens of the past or the future.
research published in Sciencemag indicates that people spend 47% of their time wandering which means they’re constantly absent from the present, the decisions they make, memorable moments and then we wonder how is it that it’s already Christmas, we ask ourselves How can it be that all of this happened this year?
(A bit of humor)
Focus your energy on one thing at a time, whatever’s necessary at the moment you are in right now, this allows you to channel all your potential be it analyzing a report, writing a blog, in the creative process of developing an application or solving a problem, etc. Being focused allows you to be the protagonist of your life and take care of each thing in the best and fastest way.
Being focused in living in the present means leaving aside the guilt, worries or regrets about the past and the fears or uncertainties of the future, aspects which constantly remove us from the life we have today which may be the life that can make us happy but with so many distractions we fail to realize that.


Getting some type of exercise during the day changes your day. If you were tired you’ll have more energy, if you were worried you’ll be less tense, if you couldn’t focus you’ll be more focused; if you didn’t like your body you’ll like it more, I could go on and on about the benefits of exercising.
Regarding the last point a research was done through which it was proven that even without losing weight, people who were given an exercise routine of 6×40 minutes had a better perception of their body after doing it in comparison with the group that had readings assigned to them.
Either way, the benefits of exercise go beyond its effect on the body. Aresearch has shown that people with depressive disorders, that were taken off drugs and instead started getting different exercise routines showed high rates of recovery and, most importantly, low relapse rates.
Meaning that getting exercise is one of the biggest sources of productivity, health and happiness we ALL have at our disposal.


This is where I feel most comfortable because I have never failed to be grateful. Not only to other people but to life, to whichever God it is you believe in. The more grateful you are the more life rewards you with more of what makes you grateful.
Expressing gratitude is also a way of being focused, it is an act of the present, of living life today, because your conscience is there in each of the things happening to you and in what you have. It may seem silly but to me it’s essential to be grateful for having all my limbs: two legs, two arms, two ears, this isn’t a limb but you catch my drift, and when I do it I automatically feel relieved and happy, everything falls into place and if I want to I can go for a run and be free for an hour. I can see, I can smell, I can hear, I can taste the world’s flavours, I can feel the texture of things. And that is truly priceless; hasn’t it happened to you to bump a leg or burn a finger and that whole day becomes “hell”?
Leaving aside my humble experience, there are researches that confirm the great impact gratitude has in our emotional well-being. The Journal of Happiness Studies examined the effects of writing letters of gratitude, 219 people were part of the research which consisted in having the participants write a letter of gratitude a week for three weeks. The results suggest that consciously focusing on what we have to be grateful for has a favourable impact at an emotional and interpersonal level therefore increasing satisfaction levels and decreasing depressive symptoms.
Which is why, never stop being grateful. Stop for a moment and write down on a piece of paper at least 4 nice things that happened that day, what went well inspite of everything: work, health, your son got an A, you lost 2 kg, a business deal was successfully closed even though it was very hard, etc. etc… And let’s not forget: our limbs. :)
All of this will lead you to be more conscious of how lucky you are and it will help you start the next day with more energy and a better willingness to face daily obligations of life.


In this point I discovered something which I hadn’t really thought about: many times we’re so focused on our tasks, companies, businesses it seems we haven’t got time for anything, but apparently when we devote a couple of hours to other people our perception of time seems greater. Cassie Mogilner, who studies happiness, focusing on time management, at Wharton School, came to the conclusion through a research she carried out that: “ giving your time to others can make you feel more “time affluent” and less time-constrained than wasting your time, spending it on yourself or even getting a windfall of free time”
Be it doing volunteering work, being someone’s mentor, helping a colleague or being the confidant of a friend, any of this, increases your sense of time and results in great satisfaction.
The same thing happens with moneyanother piece of research carried out by Harvard Business School, indicates that after analyzing the response of several participants that had spent their money buying things for themselves and others that spent their money helping or buying something for another person the last group felt more satisfied and happier, “Pro social spending” makes you happier and it encourages other people to want to do it as well.

Below we leave you a very interesting (and motivational) video, about the new Y Generation, it reviews the Millennials’ (our) characteristics that impose this trend that work should be what makes us happy and fulfilled. Don’t miss it:



  • Start changing the paradigm that’s been installed in society: success brings about happiness. Start by doing things that make you feel fulfilled and happy, your success will be a consequence of this attitude.
  • It’s of no use being on the eternal quest for happiness, choose to be happy now. Make it a daily decision and intention. Not everything will work out and you won’t be happy all the time but if you are willing to change your lifestyle, things around you will also change.
  • Surround yourself with positive happy people. Well-being is contagious and if you work with people that share this state you can be more productive and successful.
  • Keep focused on what you do, what you have, at this very moment. Enjoy and put all your energy on what’s important for you. Don’t let time pass by thinking of what was or what will be. Living the moment is perhaps the great key to happiness.
  • Get exercise, even if for 20 minutes a day. You will be more productive, have more energy, think more clearly. Emotionally you’ll be healthier and more positive.
  • Be grateful. In order to do so you’ll need to be focused on today, on what you have, what you’ve accomplished throughout the day. Write down what has gone well during the day and the reasons why you can be happy. Life will return what you are grateful for, what you appreciate and more.
  • Give your time to other people and you’ll have the feeling your day was more productive. Try out “Pro Social Spending” and help other people with your money. You will feel better than if you spend it all on yourself.
The list of things “to be happy” is never-ending but these small tips can be applied right now and make the difference between a frustrating day and a productive one, full of progress and things worth being thankful for.
What do you do in order to be happy? Tell us all about it, we want to learn from our entrepreneur friends!

Tuesday, February 25, 2014

The Rise Of The Security Analyst

The most sought-after quality in security hiring today is strategic knowledge versus technical know-how, a global workforce study says.
In recent years, CISOs have succeeded in getting more boardroom buy-in for security tools and staff. According to (ISC)2's most recent Global Information Security Workforce Study, two-thirds of C-level managers believe their security departments are too small. Employers are interested in expanding their security staff, but they can't find people to fill the positions. 
According to the study, the most sought-after quality is a broad knowledge of security -- more of a strategic understanding than technical know-how -- followed by certifications. This is a tricky combination. Individual technical certifications don't provide a broad understanding of security strategy, and CISSP certifications are only given to people who already have five years of experience working as a security professional.
"There really aren't many entry-level positions in security in the same way there are in other industries," says Julie Peeler, head of the (ISC)2 Foundation. "What we really need is people who have experience beyond the one piece of technology. More than just a Cisco server, they need to know how servers work, and how servers link to each other. They need to understand the strategy and engineering behind a server. They don't make those in college."
Peeler says that the entire security industry is moving away from the super-techie with the IT degree.
"Because of the rise of the security analyst -- someone who can take a lot of disparate information and cull the truth out of it -- companies are looking at people with liberal arts backgrounds -- necessarily non-technical backgrounds," says Peeler. "A lot of these analytical skills are hard to teach." 
The trouble then is, if the people we want in IT jobs do not have IT backgrounds, how can we coax them to apply?

Thursday, February 6, 2014

Satya Nadella's First Email To Employees As New Microsoft CEO: 'Who Am I?'

Here's new Microsoft CEO Satya Nadella's first official email to employees:

From: Satya Nadella
To: All Employees
Date: Feb. 4, 2014
Subject: RE: Satya Nadella - Microsoft's New CEO
Today is a very humbling day for me. It reminds me of my very first day at Microsoft, 22 years ago. Like you, I had a choice about where to come to work. I came here because I believed Microsoft was the best company in the world. I saw then how clearly we empower people to do magical things with our creations and ultimately make the world a better place. I knew there was no better company to join if I wanted to make a difference. This is the very same inspiration that continues to drive me today.
It is an incredible honor for me to lead and serve this great company of ours. Steve and Bill have taken it from an idea to one of the greatest and most universally admired companies in the world. I've been fortunate to work closely with both Bill and Steve in my different roles at Microsoft, and as I step in as CEO, I've asked Bill to devote additional time to the company, focused on technology and products. I'm also looking forward to working with John Thompson as our new Chairman of the Board.
While we have seen great success, we are hungry to do more. Our industry does not respect tradition - it only respects innovation. This is a critical time for the industry and for Microsoft. Make no mistake, we are headed for greater places - as technology evolves and we evolve with and ahead of it. Our job is to ensure that Microsoft thrives in a mobile and cloud-first world.
As we start a new phase of our journey together, I wanted to share some background on myself and what inspires and motivates me.
Who am I?
I am 46. I've been married for 22 years and we have 3 kids. And like anyone else, a lot of what I do and how I think has been shaped by my family and my overall life experiences. Many who know me say I am also defined by my curiosity and thirst for learning. I buy more books than I can finish. I sign up for more online courses than I can complete. I fundamentally believe that if you are not learning new things, you stop doing great and useful things. So family, curiosity and hunger for knowledge all define me.

Why am I here?

I am here for the same reason I think most people join Microsoft - to change the world through technology that empowers people to do amazing things. I know it can sound hyperbolic - and yet it's true. We have done it, we're doing it today, and we are the team that will do it again.

I believe over the next decade computing will become even more ubiquitous and intelligence will become ambient. The coevolution of software and new hardware form factors will intermediate and digitize - many of the things we do and experience in business, life and our world. This will be made possible by an ever-growing network of connected devices, incredible computing capacity from the cloud, insights from big data, and intelligence from machine learning.

This is a software-powered world.

It will better connect us to our friends and families and help us see, express, and share our world in ways never before possible. It will enable businesses to engage customers in more meaningful ways.

I am here because we have unparalleled capability to make an impact.

Why are we here?

In our early history, our mission was about the PC on every desk and home, a goal we have mostly achieved in the developed world. Today we're focused on a broader range of devices. While the deal is not yet complete, we will welcome to our family Nokia devices and services and the new mobile capabilities they bring us.

As we look forward, we must zero in on what Microsoft can uniquely contribute to the world. The opportunity ahead will require us to reimagine a lot of what we have done in the past for a mobile and cloud-first world, and do new things.

We are the only ones who can harness the power of software and deliver it through devices and services that truly empower every individual and every organization. We are the only company with history and continued focus in building platforms and ecosystems that create broad opportunity.

Qi Lu captured it well in a recent meeting when he said that Microsoft uniquely empowers people to "do more." This doesn't mean that we need to do more things, but that the work we do empowers the world to do more of what they care about - get stuff done, have fun, communicate and accomplish great things. This is the core of who we are, and driving this core value in all that we do - be it the cloud or device experiences - is why we are here.

What do we do next?

To paraphrase a quote from Oscar Wilde - we need to believe in the impossible and remove the improbable.

This starts with clarity of purpose and sense of mission that will lead us to imagine the impossible and deliver it. We need to prioritize innovation that is centered on our core value of empowering users and organizations to "do more." We have picked a set of high-value activities as part of our One Microsoft strategy. And with every service and device launch going forward we need to bring more innovation to bear around these scenarios.

Next, every one of us needs to do our best work, lead and help drive cultural change. We sometimes underestimate what we each can do to make things happen and overestimate what others need to do to move us forward. We must change this.

Finally, I truly believe that each of us must find meaning in our work. The best work happens when you know that it's not just work, but something that will improve other people's lives. This is the opportunity that drives each of us at this company.

Many companies aspire to change the world. But very few have all the elements required: talent, resources, and perseverance. Microsoft has proven that it has all three in abundance. And as the new CEO, I can't ask for a better foundation.

Let's build on this foundation together.