Editor's note
Editor's note
Editor's note
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
SOCIAL FRAUD<br />
24<br />
Social Engineering<br />
by Dinesh Sheety<br />
The idea of this article is simple and nice, though there are<br />
plenty of good resources and books on social engineering<br />
(Mitnick’s Art of Deception!) it’s an „informative” kind<br />
of article, it lacks real examples, for instance a real<br />
example of an attack, for example describe how a pt<br />
on an organization has been done (without disclosing<br />
sensitive Information). Author has provided a good solid<br />
base for someone who doesnt have any clue about social<br />
engineering and by the end of the article they will have a<br />
decent amount of knowledge to go out and build upon.<br />
30<br />
When Computer Attacks<br />
by Gabriel Marcos<br />
There is a new type of cyber threat that is catching<br />
more victims every day; many people know it is called<br />
Advanced Persistent Threats, and there is a trace of high<br />
profile victims out there to give us enough. But before<br />
taking any action we have to bring awareness to what this<br />
new kind of threat means: the only way to be protected<br />
is understanding what this means for the organizations<br />
and how it could impact their business. Undoubtedly<br />
exceptional circumstances call for exceptional actions.<br />
So, maybe it is time to acknowledge that computer<br />
attacks do not always happen to others; we need to<br />
become aware and to be prepared in advance to minimize<br />
risk exposure at this kind of attacks, protecting both our<br />
organizations and their leaders.<br />
SOLUTIONS<br />
36<br />
An Introduction to the NIST Risk<br />
Management Framework<br />
by Bart Hopper<br />
This article will introduce the NIST Risk Management<br />
Framework. It will cover the steps of system<br />
categorization, the selection of security controls, the<br />
implementation of the selected controls, the assessment<br />
of control implementation, and the system authorization<br />
process. Creating an effective information security<br />
program can be a daunting task. If you are lucky, you<br />
work for a company with an existing security program,<br />
clearly defined security mandates, and support from<br />
senior management. But, what do you do if you are<br />
given the task of creating a security program for your<br />
organization? This article will guide you through the<br />
process of creating an effective security program using<br />
the NIST risk management framework. Even if you are not<br />
directly responsible for creating a security program, you<br />
starterkit 02/2011(2)<br />
CONTENTS<br />
may find it helpful to understand how security programs<br />
are created and why certain items are prioritized by<br />
auditors.<br />
40<br />
Why is Cyber Security Important?<br />
by Thejendra<br />
Until a decade ago if you had to rob a bank it was<br />
necessary to indulge in an armed invasion, take hostages,<br />
spill blood, use getaway cars, etc., along with all the<br />
associated risks of botching up the operation. Or you had<br />
to indulge in excellent forgery and duplicate paperwork to<br />
siphon off funds. But today it is not necessary for you to<br />
even visit a bank to loot it without raising any alarms for<br />
weeks. So how is it now easy for criminals to loot a bank?<br />
The simple answer is the Internet. Today, many aspects<br />
of our life like banking, purchases, communications,<br />
etc., and even the militaries depend on the internet and<br />
worldwide connectivity. While the internet offers several<br />
conveniences, it can also ruin your life in an instant<br />
with threats like identity thefts, online scams and other<br />
threats.<br />
Page 5 http://pentestmag.com