FAQ

Information Security or InfoSec is protecting the IAC Integrity, Availability and Confidentiality

IT Security or Information Technology Security is only in the IT infrastructure whereas Information Security focuses on the entire organisation.
IT Security is only a small part of the organisational or information security.

Application Security is enabling the secure coding principles to ensure the apps are secure before it gets released to the public.

Vulnerabilities or lack of counter-measures in the intact organisational security with the intent to alleviate them.

Ensuring the overall layers of security of the organisation is protected by simulating like that of a malicious hacker without any intent to cause havoc. PT or Pen Test is imperative to ensure the business is secure and analyse the vulnerabilities and threats much earlier the real attack.

Information Security Management Systems (ISMS). However, organisations foresee to go beyond IAC to shield fame or trustworthiness, preserve customers’ data, and ensure the steady operations by adhering to the enterprise continuity.

• It helps build a credibility with your customers.
• It helps for the business continuity and systems for disaster recovery.
• It helps you to build an excellent system that works like a charm.

ISO/IEC 27001:2013 is a framework which you can build upon the system you want for any organisations.

Whenever any criminal gets unauthorised access to the data centre and executes malicious software on the server, it is called the direct-access attack.

Spoofing is a cyber-attack where a person or a program imitate another by creating false data to gain illegal access to a system. Such threats are commonly found in IP where the IP address is spoofed.

Tampering is a web-based outbreak where explicit parameters in the URL are replaced without the customer’s awareness. Moreover, when the customer keys in that URL, it looks and appears the same. It is produced by hackers to rob the identity and capture unauthorised access.

A repudiation attack transpires when the user denies the fact that they performed an appropriate action. A user can just refuse consciousness of the communication.

Information-disclosure-breach implies that the information which is thought to be secured is discharged to corrupt elements that are not trustworthy.

A privilege-escalation-attack is a type of network invasion that permits the user to have the root access to the system which was principally not permitted. The attacker understands the benefit of the programming errors and commands the admin privileges to the network.

An exploit could be a software sketched to take advantage of a vulnerability in the system. The critic plans to augment smooth access to a cyber system and gain control, allows privilege escalation or creates a DDOS attack.

The art of deception either by persuading or influencing people. The hacker gets the information of all the credentials. However, the victim will not be aware of it.

It is an attack launched from a third party computer as it becomes harder to track the origin of the attack.

Malware attributes to malicious software that is being designed to damage or perform unwanted actions on the system. It is of many types like viruses, worms, Trojan horses so on & so forth that cause havoc on a computer’s hard drive. They can either delete some files or a directory or simply gather data without the actual knowledge of the user.

Adware is a software that sponsors advertisements that render ads to its creator. It has commercials embedded in the application. So when the program is running, it shows the ad. Adware is similar to malware as it uses ads to inflict computers with deadly viruses.

It is a software application that commands automated jobs that are simplistic and repetitious in nature. It may or may not be malicious, despite the fact that they are usually exposed to initiate a DDoS attack or a click fraud while using the internet.

Ransomware is a class of cyber security threat which will restrain admittance to the computer system in the beginning and will ask for a ransom for the restriction to be removed. This ransom is to be paid through online payment methods only which the user can be granted access to their system.

It is malicious software designed in such a way that hides individual processes or programs from normal anti-virus scan detection and continues to enjoy privileged access to your system. It is that software that runs and gets initiated every time you boot your system and are difficult to detect and can install several files and processes in the system.

Spyware is a software which typically spies and gathers information from the system through a user’s Internet connection without the user’s knowledge. A spyware software could be majorly a hidden component of a freeware program which can be downloaded from the web.

Scareware is a type of threat that operates as an absolute system message and guides you to download and purchase the useless and potentially dangerous software. Such scareware pop-ups seem to be similar to any system messages but aren’t. The primary purpose of the scareware is to create anxiety among the users and use that tension to coax them to download irrelevant software.

Trojan Horses are a sort of threat that are malicious or harmful programming codes hidden behind legitimate programs or data which can allow complete access to the system and can cause damage to the system or data corruption or loss/theft of data. It acts as a backdoor, and hence it is not readily detectable.

VIRUS – Vital Information Resources Under Seize. A system virus is a self-replicating program that, if executed, replicates or even modifies by inserting copies of itself into the different computer file and infects the affected areas once the virus succeeds in reproducing. It can be dangerous as it spreads. It can infect the preponderance of the system in no time.

The worm is a self-replicating program which relies on the network of equipment and performs malicious actions and spreads itself onto other computer systems. Worms primarily rely on security failures to access the infected system.

Phishing is a cyber-threat which makes an attempt to gain sensitive information like passwords, usernames and other details for malicious reasons. It is an email fraud where the perpetrator sends a legitimate looking email and attempts to gain personal information.

Intellectual Property robbery is a theft of copyrighted material where it violates the copyrights and the patents. It is a cyber-crime to get hands on some trade secrets and patented documents and research. It is a theft of an idea, plan and the methodology being used.

It is a kind of a threat to your system or network security where enemies customarily try ways to augment access to your system credential hashes. They either simply presume the password or use a computerised program to find the correct password and gain entry into the system.

Blue-snarfing is an explosion of information through illegal medians. The hackers can gain access to the information and data on a Bluetooth-enabled phone utilising the wireless technology of the Bluetooth without warning the user of the phone.

Blue-jacking is just sending of texts, images or sounds, to another Bluetooth, enabled device and is an inoffensive style of marketing. However, there is a thin line among bluejacking and bluesnarfing, and if crossed, results in the act of threat.

A keylogger is a spy-ware that has the capability to spy on the events on the computer system. It can record every stroke on the keyboard, websites visited and every data accessible on the system. These recorded logs are then sent to a specified receiver.

Through imitating the endpoints in an online information transfer (i.e. the connection from your smartphone to a website), the MITM can gather information from the end user and the object he or she is interacting.

A method to jeopardise the computer with malicious code that is downloaded to the system when someone clicks on an affected ad.

It is a network attack strategy, in which a victim is a particular combination (organisation, enterprise, or region). In this attack, the attacker guesses or perceives which websites the group often uses and infects one or more of them with malware. Ultimately, some member of the targeted group gets infected.

It is the application of inaccurate information to undermine the credibility of target devices or to cause direct or indirect infliction. It is also the modification and promulgation of information to set someone into the illegal direction or to cover trails.

Spam Over Instant Messaging such as getting offensive messages on your Instant Messengers such as Skype, Messenger, Fb Messenger, Whatsapp, Google Hangouts so on & so forth.

Security Information & Event Management – Collection of logs from all servers, networking devices including, SAN (Storage Area Networks) & Network Attached Storage (NAS) as well as Unified Storage.

User Behaviour Analytics – is the tracking, collecting and analysing of user data and activities by utilising monitoring systems. It gives security teams with actionable insights.