2023-01-30 14:25
Technologies and buzzwords come and go, but, in technology terms, some often make the cut and go into the big league. Think of cloud computing 20 years ago, or zero trust around 5 years ago… Read More
Blog Directory > Blogging Blogs > Learning Security with Mayur blogging Blog >
Learning Security With Mayur Blog
mayurpahwa.com
Tags:
flash cards
vulnerability risk threat
flash
risk threat agent
cybersecurity
nerd
calling
cloud
uploaded
security
This blog explains you information security concepts in a very simple manner. It also focuses on CISSP and SSCP certification and helps you prepare for this examinations.
2023-01-21 07:11
This episode talks about the basic concepts of information security - Threat, Vulnerability, Risk, Threat Agent & Countermeasures. Read More
2023-01-19 04:47
What does a typical workday in the life of a CISO look like? Most CISOs would agree that there are myriad things that are constantly begging for attention in their work, and yet have 20 extr… Read More
2023-01-14 11:42
This episode talks about the 3 pillars of information security - Confidentiality, Integrity, and Availability. Read More
2023-01-05 04:32
How many customers are migrating to the cloud today? Well, mostly all of them. The reasons are multifold - cost-cutting, digital transformation, online presence, backups, etc. Companies are… Read More
2023-01-01 04:39
Well, we all love predictions, don’t we? The new year rings in and there is a flood of predictions from all ends - financial trends, fashion trends, puppy trends, climate trends, and w… Read More
![Improve Your Knowledge Of Cybersecurity With Free Flash Cards !! [Launch In January 2023]](https://cdn.blogarama.com/images/posts_thumbs_site_id/12914/1291376-387463693.w320.jpg "Improve Your Knowledge Of Cybersecurity With Free Flash Cards !! [Launch In January 2023]")
2022-12-05 14:21
I remember the time when I was preparing for my certification exams ( SSCP & CISSP) and more recently for CCSP, I used a technique that is quite common amongst those who are preparing fo… Read More
2022-10-23 08:00
Dear Readers,Wishing you and your family, a very Happy Diwali and a prosperous New Year. May all your wishes come true and May God bless you !!!Keep reading, Keep Learning and Keep yourself… Read More
2022-09-29 02:45
It has been a journey with multiple ups and downs for me. I started this blog 5 years ago, (time flies! you know) and around some time in 2018, I decided on a YouTube Channel. I uploaded som… Read More
2022-07-23 15:24
What comes to your mind when you think of information security? If you watch a lot of movies, especially the ones involving the CIA, you would imagine a nerd in a basement trying to hack int… Read More
2022-07-16 15:14
Consider you are a security expert employed by:1) A big entertainment company, OR2) Product Company, OR3) Manufacturing company. And you have been asked to create the security pol… Read More
2021-06-27 12:12
Intriguing attack name isn’t it? Pronounced as TOCKTOO, this is a time-of-check/time-of-use (TOC/TOU) attack. This deals with the sequence of steps a system uses to complete a task. Th… Read More
2021-06-20 09:28
“Horizon scanning is a technique for detecting early signs of potentially important developments through a systematic examination of potential threats and opportunities, with emphasis… Read More
2021-06-13 10:15
The Cloud Security Alliance Guidance explains the Data Security Lifecycle which mentions the various phases data undergoes in the cloud. This lifecycle was adopted from a blog article on Sec… Read More
2021-06-06 12:31
A recent survey by Trend Micro revealed alarming results. When asked for feedback on companies’ approaches to cloud data destruction, 25% of the population responded with “What&r&hell…Read More
2021-05-30 07:28
What if it is possible to analyze or manipulate encrypted data without revealing the data to anyone? Make an encrypted search query to a search engine and the results come back in an encrypt… Read More
2021-01-31 08:26
Governance and Risk management are some of the most important aspects of any business, irrespective of the fact whether you are running your applications (business) in the cloud / on-prem or… Read More
2020-07-25 12:46
When I was preparing for CISSP 3 years back, a line from the book AIO guide - Shon Harris really made an impact on me. It goes like this “ There are only two people in the world I trus… Read More
2020-07-05 10:32
At a high level, both cloud and traditional computing adhere to a logical model that helps identify different layers based on functionality. The four layers are :Infrastructure: The cor… Read More
2020-07-05 07:56
Well, time flies and that is absolutely correct. One more year has gone by and the blog has turned 3 now. This year has been full of ups and downs, even from the blog perspective. I hav… Read More
2020-06-14 10:14
In the previous blog post, we dissected the definition of cloud computing as per NIST and ISO/IEC. Before you proceed further, I urge you to read it before continuing. In this blog post, we… Read More
2020-06-01 04:41
When you download an image, where does it get stored? You select the path in your system and say then store in a folder in the D:. But if you upload a video on YOUTUBE, where does it get sto… Read More
2020-05-31 15:27
If you ask any of the companies where do they store the user’s data, most of the companies answer - It’s all in the cloud. It may be your digital identities or your food eating h… Read More
2020-05-31 14:34
While the future is unknown to everyone, there are a few key aspects that will become inevitable in the post COVID world. The world is changing and governments around the world are making de… Read More
2020-04-25 08:33
“Trust” is what was the starting point of discussion on PKI. The public key infrastructure is based on the premise to enable trust between unknown parties to ensure the secure tr… Read More
2020-04-19 07:26
In the previous blog post, we learnt about the various pieces of the puzzle called the public key infrastructure. It’s time to learn how these pieces work after fitting together.
The… Read More
2020-04-18 16:28
Quite often in the world of cryptography will you hear the term, PKI or Public Key Infrastructure. While people often use this term loosely without understanding ( and even appreciating) the… Read More
2020-01-26 17:21
The foundation of information security is controlling how resources are accessed so they can be protected from unauthorized modification or disclosure. The controls that enforce access contr… Read More
2020-01-19 17:28
In the previous blog post, we learnt about the Electronic Code Book (ECB), Cipher Block Chaining (CBC) and Cipher Feedback (CFB) modes of operation. While the ECB mode has been made for very… Read More
2020-01-12 13:33
While every individual has his/her own way of learning various concepts, certain learning tools such as mind maps do help the individual remember the concepts in stressful situations in a be… Read More
2020-01-12 10:24
Block ciphers have several modes of operation and each mode works in a specific way. Each mode of operation has its own utility and performs well under specific circumstances. Sometimes you… Read More
2020-01-11 05:40
We learnt about the one way hash function in the previous blog post. We understood that a strong hashing algorithm does not produce the same hash value for two different messages. If the alg… Read More
2020-01-05 16:36
Your fingerprints help identify you uniquely. Your fingerprints are made of multiple lines that run in a fashion that is unique for every individual on this planet. A slight change in the fi… Read More
2020-01-05 14:51
Dear Reader,
Wishing you a very happy and a prosperous new year. While the beginning always calls for new resolutions, I firmly believe that any day is a good day for making a resolution or… Read More
2019-10-29 11:41
“****, my system has been attacked by ransomware…” has been one of the most commonly said statements in this year alone… The last 12-18 months have seen ransomware… Read More
2019-10-28 10:42
While multiple modes of communication have mushroomed in the past few years, the good old fashioned email remains the top means of communication for the businesses. It also remains the top p… Read More
![[ CyberSecurity Awareness Series] The VEC Scam](https://cdn.blogarama.com/images/posts_thumbs_site_id/12914/1291376-3488684269.w320.jpg "[ CyberSecurity Awareness Series] The VEC Scam")
2019-10-08 09:14
Bob heaved a sigh of relief after he saw the mail. The payment had been processed and he had immediately received the payment confirmation from the vendor. It was the end of the month and he… Read More
![[ Cybersecurity Awareness Series ] The Three Little Pigs](https://cdn.blogarama.com/images/posts_thumbs_site_id/12914/1291376-2879298480.w320.jpg "[ Cybersecurity Awareness Series ] The Three Little Pigs")
2019-10-08 06:15
Once upon a time, there were three little pigs. Over time, the little pigs educated themselves. They came back to meet their mother before they went ahead and opened their new companies. Mot… Read More
2019-10-05 05:26
October is here and that means it’s time to celebrate the cybersecurity awareness month. While the celebrations may last a month, it's important for us to follow basic cyber hygiene pr… Read More
2019-09-15 09:53
There's nothing more comforting than indulging in a slice of homemade cake paired with a piping hot cup of coffee or tea. Sounds rejuvenating, right? Take the flour, eggs to beat, powdered s… Read More
2019-09-02 17:12
Well , most people started talking about privacy only after GDPR came into existence. However , Samuel Warren and Louis Brandeis published “The Right to Privacy” in 1890 in the H… Read More
2019-07-11 14:35
Dear Readers,
Your love and support are what drives me to move forward and find new ways to make this blog more engaging for you. As a constant endeavor to help you with the preparation of… Read More
2019-07-07 14:02
The Recipe is simple. Setup a network. Add a bit of internet to the mix. To improve the taste, add firewalls, IDS, IPS, and some monitoring programs. It's time to divide the network so that… Read More
2019-06-30 09:51
Paul is flying on an airplane from Bangkok to Hawaii. While the air hostess serves him a glass of champagne, Paul enjoys the calmness of the clouds around him. His flight is about to land in… Read More
2019-06-23 13:04
A credit card sized computer remains hidden in a laboratory connected to its network for a period of 10 months. During these 10 months, the attacker was able to enter into the systems and ap… Read More
2019-06-21 16:40
Time passes so quickly that it's hard to believe for me that another year has gone by and this blog is now celebrating its 2nd birthday. This journey started two years ago after the completi… Read More
2019-06-14 14:02
Heartiest congratulations to you, if you have provisionally passed the CISSP, SSCP or any other (ISC)2 certification. After spending weeks or even months preparing for one of the most diffic… Read More
2019-06-08 13:04
If you are even remotely associated with the security or the software development world, you would have heard the term - DevSecOps or just DevOps. If not, you are surely living under a… Read More
2019-06-01 13:55
Having learned about the various kinds of the firewall, we must understand the various do's and don’ts of a firewall. This is not an exhaustive checklist. However, this is more from a… Read More
2019-04-07 09:20
How many of you have applied proxy for one of your friends during the attendance call in the class? If I assume, it’s a yes from everyone, you will have no difficulty in understanding… Read More
2019-04-04 14:10
In continuation with our series on understanding the firewalls, the next type is the stateful firewall. This one remembers and keeps track of what packets went where until each particular co… Read More
2019-04-01 06:05
In the earlier blog post on the basics of the firewall, we learned what exactly is a firewall and what does it do? It’s time to learn about the various types of firewalls and how do th… Read More
2019-03-30 15:14
If you are hearing about the term firewall for the first time, and consider it as a wall on fire, you are at the right place. Because that is the overall idea behind this!!!Firewall is one o… Read More
2019-03-16 15:20
Security design and access control are more than bars on windows, a security guard booth, a camera, or a wall. Crime prevention involves the systematic integration of design, technology, and… Read More
2019-01-13 14:44
I strongly suggest that you read the first part before reading this part as I can assure you that the old man still has a long story to tell.Blockchain involves a lot of technical terms whic… Read More
2019-01-07 05:12
In the first part, instead of bombarding you with technical jargons, I will tell you a story. This story will form the basis of understanding the technical jargons which will get introduced… Read More
2019-01-05 11:44
We learned about the basics of cryptography in the first post. We then learned about the types of cryptography – symmetric and asymmetric (private and public key cryptography). Then we… Read More
2018-12-22 06:32
We just love to mix things up. Well, yeah and why not? When we get the best of both the worlds, we can mix anything up. Even when it is so complex in itself like cryptography. In the last ar… Read More
2018-12-15 08:09
Having learned about cryptography in the previous article, it is now time to learn about the types of cryptography. You are right, nothing is complete till we understand its types and subtyp… Read More
2018-12-03 01:26
“ $%^*^* Nh%&gfg K97@#”. Well, I’m 100% sure that you did not understand what I meant to say through these words. This is what cryptography is all about. Nah, don… Read More
2018-11-19 15:24
If you would like to send a letter to me, what would be the most important aspect for you to send it across? My address. If you would have observed, we usually write the address in a certain… Read More
2018-10-27 10:04
Try to read the sentence written after this statement - “youwillpasscisspexamifyoustudyhard”. Clearly, you need to focus on the letters and your mind will try to discern the diff… Read More
2018-10-24 15:43
We learned about the TCP protocol in the article “Understanding TCP and UDP.” A brief mention was made in that article on the 3-way handshake process. Before we delve into that f… Read More
2018-10-22 16:38
Have you ever wondered what happens behind the scenes when you click a video on your favorite website? Or when you are trying to log onto a secure website? There are multiple protocols that… Read More
2018-10-20 13:09
The button clicked. An exact amount of 9,99,000 $ was transferred immediately to an offshore untraceable account. This triggered an alert on the bank’s server. The response team quickl… Read More
2018-10-05 19:01
Imagine a system that processes information. This information is classified in nature. When we say, its classified, it means that the information has been labeled according to the data class… Read More
2018-09-15 06:08
With effect from 1st November 2018, (ISC)2 would be doing a domain refresh in the course content of SSCP certification. This is in line with a refresh cycle of 3 years for every certificatio… Read More
2018-09-04 17:26
Imagine Susie wants to log on to a company database, her own system, a web server, her webmail and other multitudes of applications. Since she needs to access so many resources, it is extrem… Read More
2018-08-20 13:38
Copyrights, trademarks, patents, and licenses are each a different form of intellectual property (IP) rights protection recognized by U.S. law. The distinctions among them can be subtle and… Read More
2018-08-05 09:11
Identity and Access Management is an extremely vital part of information security. An access control model is a framework which helps to manage the identity and the access management in the… Read More
2018-07-19 14:28
The GDPR–or General Data Protection Regulation–is a regulation passed by the European Union on April 27, 2016, with an effective start date of May 25, 2018. Officially classified… Read More
2018-07-18 14:55
Dear Readers,I'm happy to announce that my first course is live now on Udemy. There are 200+ practice questions for the Systems Security Certified Practitioner certification offered by (ISC)… Read More
2018-07-08 11:24
Just like humans use language to talk to each other, we use languages to talk to computers as well. From an identity management and access control purposes, we are going to learn about some… Read More
2018-07-08 05:54
Investing in a robust CRM like Salesforce is one of the best decisions a business can make. These days where customer experience drives business success, leverage technology like Salesforce… Read More
2018-06-30 06:19
2018-06-30 06:10
2018-06-30 06:02
2018-06-11 14:18
The 4 steps to complete access management are identification, authentication, authorization, and accountability. Many confuse or consider that identification and authentication are the same… Read More
2018-05-26 09:44
Internet of Things henceforth referred to as IoT in the article refers to all the devices connected to the internet which “talk” to each other. This means if your washing machine… Read More
2018-05-24 14:12
Which color do you like? Choose one – Red, Amber or Green. Let’s try another one – How much would you like your company’s risk to cost – 10,000 $, 20,000 $ or 5… Read More
2018-05-24 13:23
Having understood Risk Management & Risk Assessment in earlier blog posts, it is time for us to understand the various methodologies of risk assessment. The industry has different standa… Read More
2018-05-22 16:09
2018-05-22 16:08
2018-05-22 16:05
2018-05-22 16:03
2018-05-19 06:48
Risk Assessment is a part of the Risk Management process. It is a method of identifying the vulnerabilities and threats and the impact in case the threat agent exploits the vulnerability to… Read More
2018-05-16 02:06
When you speak to security professionals or the management in many organizations, most of them are of the opinion that security risk management is all about deploying the latest security too… Read More
2018-05-14 12:20
A safeguard or a control or a countermeasure is implemented to reduce risk an organization faces. Let’s understand it through some examples.1. A company puts in antivirus solution… Read More
2018-05-12 09:10
Consider the following two examples:There is an office building where there are no physical security controls. There is no perimeter wall to surround the building. On entry, you do not find… Read More
2018-05-07 17:15
1. Security isn’t just one person’s responsibility - To be truly effective, we need to develop a culture of security that transforms it into a company-wide effort. In most organi… Read More
2018-05-07 13:41
Thank you for being a part of this journey with me. Your love and affection have helped me to continuously improve myself and write about information security both in general and related to… Read More
2018-05-04 15:08
Domain 8 also sees very little change in terms of course content.2015 Exam Outline 2018 Exam Outline Understand and apply security in the Software Development Life Cycle (SDLC)Development m… Read More
2018-04-30 14:19
As you will see below, there is almost no change in content for this domain. Subjects such as Industry Standards, Asset management, and Duress have been added.2015 Exam Outline 2018 Ex… Read More
2018-04-25 13:45
Overall Result: Extremely Minor Changes2015 Exam Outline 2018 Exam Outline Design and validate assessment and test strategies Design and validate assessment, test, and audit strategiesInte… Read More
2018-04-24 15:11
Domain 5 also sees a very limited change in terms of the new exam outline.2015 Exam Outline 2018 Exam Outline Control physical and logical access to assets InformationSystemsDevi… Read More
2018-04-23 15:06
Here too, the changes are extremely limited. The only major change is the removal of the topic "Prevent and Mitigate network attacks" from the new outline.Overall Change: Limited Change… Read More
2018-04-23 05:03
When a comparison is done between the two exam outlines the overall result, in this case, would also be Extremely Limited.The topics have just been moved here and there which hardly si… Read More
2018-04-22 10:24
There are hardly any changes which have been done in this domain. Cryptography has been explicitly removed and will be added to Data Protection Methods.Overall Result - No Change.2015 Exam O… Read More
2018-04-21 12:33
The new exam outline has been released by (ISC)2 for the CISSP exam. I will be evaluating each domain of the 2015 & 2018 exam outline and would present you a point by point change in the… Read More
2018-04-21 07:57
The year 2018 started with Meltdown & Spectre as the most talked about vulnerabilities. Recently Facebook announced the data misuse of around 87 million+ users whose data had been compro… Read More
Subscribe to Learning Security With Mayur
Get updates delivered right to your inbox!