--Originally published at Seguridad informática

La política de seguridad es una definición de lo que significa ser seguro para un sistema, organización u otra entidad. Para una organización, aborda las limitaciones en el comportamiento de sus miembros, así como las restricciones impuestas a los adversarios por mecanismos tales como puertas, cerraduras, llaves y paredes. Para los sistemas, la política de seguridad aborda las restricciones sobre las funciones y el flujo entre ellos, las restricciones sobre el acceso de los sistemas externos y los adversarios, incluidos los programas y el acceso a los datos por parte de las personas.

Si es importante estar seguro, entonces es importante asegurarse de que toda la política de seguridad es aplicada por mecanismos que son lo suficientemente fuertes. Existen muchas metodologías organizadas y estrategias de evaluación de riesgos para asegurar la integridad de las políticas de seguridad y asegurar que se cumplan completamente. En sistemas complejos, como los sistemas de información, las políticas pueden descomponerse en sub-políticas para facilitar la asignación de mecanismos de seguridad para hacer cumplir las sub-políticas. Es demasiado fácil ir directamente a las sub-políticas, que son esencialmente las reglas de operación y prescindir de la política de nivel superior.

En resumen las políticas de seguridad son una series de reglas que declaramos para un sistema para que pueda ser lo más seguro posible.

--Originally published at lazynesstothemax

There are many risks in our imperfect Cyber Security world. The fact that technology only moves forwards and hackers innovate in the ways that they operate is good enough for us to know that our systems, our networks will never be absolutely safe. We need to innovate in our ways of protecting our systems too, but that will obviously take sometime. For the meantime we need to also prepare in case of an attack or a security leak. We need to be on a watch 24/7 for the integrity of our systems to be safe. That’s why we will talk about risk assessment and how can we prepare for the worst.

Risk assessment is the determination of quantitative or qualitative estimate of risk that is found in a well-defined situation recognized as a threat. In order to assess quantitatively a risk we are required to do calculations of two main components of said risk: the magnitude of the potential loss and the probability that the loss will occur. An acceptable risk is the risk that is well understood and tolerated. This risk may be allowed to exist because the cost or difficulty of implementing an effective countermeasure for that vulnerability exceeds the expectation of loss.

There are different ways to approach risk assessments and to prepare for these risk to happen. This is a list of steps that one usually takes to confront a risk:

1. Understand what information you need to protect: The first step in assessing an organization’s cyber risk is to understand which of the company assets you are trying to protect and why. Which are the most important assets in the company that need your most attention?
2. Identify the threats that you need to be aware of: When talking about threats, you have to ask yourself some
   
   
   Continue reading "How to detect those risky risks in this risky world!" →

--Originally published at lazynesstothemax

Hey Guys! I worked with Rodolfo Padró for our Information Security course on Ethical Hacking. Check out his blog on that subject on https://rodolfopadro.wordpress.com/2016/11/24/now-lets-talk-about-the-other-kind-of-hackers/

--Originally published at Seguridad informática

En la actualidad el tema de la seguridad informática es un tema muy critico para las empresas y organizaciones. Cada día se crean nuevas herramientas y técnicas utilizadas para entrar a sistemas privados sin su debido permiso. Cada día se se efectúan miles de ataques con fines no éticos. Es por eso que las personas que tienen especialidad en seguridad informática tienen una gran demanda de trabajo.

Una empresa para poder contratar a un profesional en seguridad primero tiene que ver las certificaciones que tengan los candidatos. Las certificaciones son las que avalan la preparación de cada candidato.

Si alguien quiere ser contratado por una buena empresa tiene que tener las certificaciones que la empresa busca. Las certificaciones más populares son:

1. CompTIA Security+ :  CompTIA es una organizacion creada con el objetivo de desarrollar y promover certificaciones IT independientes de los fabricantes.La certificación Security+ está reconocida por el U.S Department of Defend como requisito válido para la certificación Information Assurance (IA). El profesional que obtiene la certificación CompTIA Security+ posee habilidades y conocimientos en las siguientes áreas:
   • Cryptography
   • Identity Management
   • Security Systems
   • Organizational Systems
   • Security Risk Identification and Mitigation
   • Network Access Control
   • Security Infrastructure
2. CEH: Certified Ethical Hacking: La certificación CEH Ethical Hacking prepara al profesional de IT para que piense y actúe como un Hacker, utilizando las mismas herramientas de hacking, mid-set y técnicas que utilizaría un Hacker al momento de violar la seguridad de una red. Esta certificación cumple con la filosofía de “para vencer a tu enemigo debes primero conocerlo”. El profesional que obtiene la certificación CEH Ethical Hacking posee habilidades y conocimientos en las siguientes áreas:
   • Footprinting and Reconnaissance
   • Scanning Networks
   • Enumeration
   • System Hacking
   • Trojans
   • Worms
   • Virus
   • Sniffers
   • Denial of Service Attacks
   • Social Engineering
   • Session Hijacking
   • Hacking Web Servers
   • Wireless Networks
   • Web Spplications
   • SQL Injection
   • 
     
     Continue reading "Seguridad informática 2016-11-24 10:57:27" →

--Originally published at lazynesstothemax

In the world of Information Security, the ways the people with malicious intent operate constantly change as they come with new ways to attack and try to steal information from others. This requires IT experts to update their knowledge and methods to new ones that are able to keep up with the criminals out there lurking and seeking an opportunity to attack.

When it comes for a company to evaluate possible candidates to a Computational Security positions, certificates are an easy way to see if someone is capable of doing the job right. Companies need to protect their information and their system as best as possible and only the best candidate with the best certificates on his/her belt will be offered the position in order to get the job.

There are many certificates out there available and they are provided by universities, organizations like Cisco or Microsoft or by the government. In this post we are going to look at the best five security certifications in 2016 according to tom’sIT PRO website:

1. CompTIA Security +: There are more than 250000 holders of this certification and it is a well-respected credential. This credential is vendor-neutral and those who have it are recognized as “possessing superior technical skill, broad knowledge and expertise in multiple security-related disciplines” (tom’sIT PRO).
2. CEH, Certified Ethical Hacker: This is an intermediate level credential that is given by the International Council of Electronic Commerce Consultants. This credential is all about ethical hacking. Hackers in general are innovators and they’re always looking for new ways to attack networks and systems. Sometimes what a company needs is to use this ability in their advantage. To get a “White hat hacker” that will use the same tools of those of a normal hacker and identify system vulnerabilities and ways of
   
   
   Continue reading "Our Books Cover is very Important too! (Security Certificates)" →

--Originally published at Mr. Robot's Imaginary Friend

Anyone can become a hacker, you may just be someone who spends too much time with computers and suddenly you find yourself submerged in the world of cyber-security. There are three types of hackers that I will be talking about, the first one is the black hat that.

Black hat hackers have become the most known image of all hackers around the world. The world hacker for most of the computer users has become a synonym for social misfits and criminals. This is just an injustice created by our own interpretation of the mass media, so it is important for us to learn what a hacker is and what a black hat does.

Black hat is a term used to describe a hacker who breaks into a computer system or network with malicious intentions and uses his skills with criminal intent, for example cracking bank accounts, stealing information to be sold in the black market or attacking computer networks of an organization for money.

Some famous cases of black hat hacking include Kevin Mitnick who used his skills to enter the computer of organizations such as Nokia, Fujitsu, Motorola and Sun Microsystems, Kevin Poulsen, who took control of all the phone lines in Los Angeles in order to win a radio contest for a Porsche.

There are professionals that have knowledge about security and vulnerabilities in many platforms and applications, and their goal is to identify and fix their potential threats on their system, those are the ethical hackers or white hat hackers. An ethical hacker attempts to bypass system security and search for weak points that could be exploited by black hat hackers, then this information is used by the organization to improve their system security trying to minimize or eliminate any potential attacks.

For hacking to be

--Originally published at Allow Yourself to fail and learn… and hack

--Originally published at Allow Yourself to fail and learn… and hack