CSAM ’14 at SCIT

By Administrator 123erty

Published On: October 31, 2014Categories: Student's Blog1 Comment on CSAM ’14 at SCITTags: , , ,

3Thursday, October 2nd, 2014 marked the commencement of Cyber Security Awareness Month at SCIT. It was a proud moment for us as we hosted CSAM event for the 5th consecutive year with the help of Team Matrix and our sponsor ISACA. The day began with the panel discussions where we had dignitaries from industries who shared their valuable inputs regarding security issues faced in the industry. Later on, we had events for students which were fun as well as informative. The events included Treasure Hunt, Role Play Audit and Case Study from Keywords.

 We had  very experienced panelists, which included:

 

  • Mr. Ajit Menon (Guest of Honor) – Chief Security Officer, Tata Consultancy Services
  • Mr. Avinash Kadam (Chief Guest) – (CURRENT) Advisor – India Task Force at ISACA

(FORMERLY) Director, MIEL e-Security Pvt. Ltd. in charge of Information Security Consulting and Training, Chief Operating Officer, Kale Consultants Ltd, General Manager-IT, Raymond Ltd, General Manager-IT, Glaxo India Ltd

  • Mr. Nitin Bhatnagar – Head of Business Development at SISA Information Security (APAC and CEMEA)
  • Ms. Shweta Chawla – Owner, SC Cyber Solutions
  • Mr. Niranjan Reddy – Founder NetConclave Systems

 The panel discussion was the highlight of the entire event. It was a very fruitful discussion and helped us understand many new aspects of information security. The discussion began with the topic: challenges faced by law enforcement authorities while handling social media. This is a very severe issue because most of the law enforcement authorities do not have the proper awareness to handle crimes like this. There is a time lag between when the post is uploaded and when the post is the authorities remove post. During this time lag, the media can cause a lot of damage. Sometimes, we do not realize the consequences of the situation before it was already taken place; therefore, to avoid such catastrophe, we should always think before posting something on social media. There are no boundaries to what can be posted on social media, nor is there any control. E-ambassador is a term given to those individuals who inform the authorities of any mishaps that occur on the social media. With their help, the police is notified sooner and proper measures are taken accordingly.

 BYOD (bring your own device) refers to the policy of permitting employees to bring personally owned mobile devices (laptops, tablets, and smart phones) to their workplace, and to use those devices to access privileged company information and applications. The proliferation of devices such as tablets and smartphones, which are now used by many people in their daily lives, has led to a number of companies allowing employees to bring their own devices to work, due to perceived productivity gains and cost savings. The idea was initially rejected due to security concerns but more and more companies are now looking to incorporate BYOD policies. It brings a lot of convenience to the end users but might not be as optimum for the organization. It is hard for the organization to put controls on devices such as proper security, the right processes, etc. The IT technicians need to be aware about how to fix all types of devices (windows, mac, etc.) rather than just one type. Of course, along with the pros, there are many cons for the end user as well. Loss of privacy is the main concern for the user because all the personal information on the laptop (personal emails and other data) is at risk of exposure.

With the pace the technology is advancing today, the forensics specialists also have to up on their toes in order to tackle security issues. Sometimes, storage capacity is too high in the devices and the data the forensics team is looking for is very little. It is just like looking for a needle in a haystack. However, with the kind of tools available today, it is very easy to identify the “needle”, no matter how big the haystack is. There are specific tools used for specific purposes, for example, email forensics tools, key logging, VAPT, etc. The employees to sometimes make the job of the forensics team harder than it should be. The user might not realize until too late that an attack is taking place on his/her device and in case of a fault may report it to the IT guys rather than the forensics team. Once the forensics team starts tracking a device, they can find out everything about the user, for example, their personal emails, sites visited, even the number of clicks he/she made on a website. This is the reason why BYOD is still not allowed or preferred by some organizations. We need to find a balance between risk seeking and risk avoidance.

The mobile users need to be particularly aware (especially android users), because there are many security issues involved; and once downloading an app, they may ask for information from the user which is irrelevant for that particular app, which the user happily gives away. Lets face it, who would not want to enjoy a “free” app even though it is at a cost of giving up valuable information. In the android playstore there is no authentication required, which is why it is impossible to know the authenticity of the developer. Mobile POS is also being used very widely these days. It was made transactions very easier, but also brings about major security issues.

To conclude, such technology has made our lives very efficient and convenient, but it also comes at a cost, i.e. out privacy. Stay aware and be more cautious.

Vinay Hira

Web and Media Committee (2014-16)

Related Posts
Unveiling Cloud-Native Application Development: Innovations, Benefits, and Hurdles
Unveiling Cloud-Native Application Development: Innovations, Benefits, and Hurdles

Unveiling Cloud-Native Application Development: Innovations, Benefits, and Hurdles

February 4, 2024|0 Comments
Unlocking the Secrets of Cybersecurity: A Journey with Mr. Sankha Chakraborty
Unlocking the Secrets of Cybersecurity: A Journey with Mr. Sankha Chakraborty

Unlocking the Secrets of Cybersecurity: A Journey with Mr. Sankha Chakraborty

January 18, 2024|0 Comments
Navigating the Challenges of Reinforcement Learning
Navigating the Challenges of Reinforcement Learning

Navigating the Challenges of Reinforcement Learning

January 12, 2024|0 Comments
Navigating the Future: Advanced Database Management Systems in the Era of Big Data Analytics
Navigating the Future: Advanced Database Management Systems in the Era of Big Data Analytics

Navigating the Future: Advanced Database Management Systems in the Era of Big Data Analytics

January 10, 2024|0 Comments
The Significance of Explainable Artificial Intelligence (XAI) in Critical Applications
The Significance of Explainable Artificial Intelligence (XAI) in Critical Applications

The Significance of Explainable Artificial Intelligence (XAI) in Critical Applications

December 30, 2023|0 Comments
8TH Edition of Integrity and Ethics Conclave
8TH Edition of Integrity and Ethics Conclave

8TH Edition of Integrity and Ethics Conclave

December 20, 2023|0 Comments
Guest Lecture on Introduction to IT Service Management
Guest Lecture on Introduction to IT Service Management

Guest Lecture on Introduction to IT Service Management

November 22, 2023|0 Comments
Managing Third Party Risks and its Governance
Managing Third Party Risks and its Governance

Managing Third Party Risks and its Governance

November 16, 2023|0 Comments
Scrum vs Kanban: Choosing the Right Agile Methodology for Your Project
Scrum vs Kanban: Choosing the Right Agile Methodology for Your Project

Scrum vs Kanban: Choosing the Right Agile Methodology for Your Project

November 16, 2023|0 Comments

Recent Post