Monday, May 06, 2013

One Day Conference "Evolving Role of IT for Risk and Assurance Professionals " by ISACA Sri Lanka Chapter was a success..

ISACA Sri Lanka Chapter successfully conducted One Day conference under the theme of "Evolving Role of IT for Risk and Assurance Professional" today (06/05/2013) at Hilton Colombo Residences. This event was well attended by Risk, Security, Compliance, Governance and Audit professionals in many financial, manufacturing, and consultancy sectors. There were 5 different speakers covering different aspects of evolving role of IT for risk and assurance professionals. Topics included,

  1. Mobile banking risks & challenges by Mr. Sujith Christy
  2. Case study on financial sector fraud and forensic by Mr. M. Asokan
  3. Project management for IT projects by Dr. Madhu Fernando
  4. New media & digital culture by Mr. Conrad Dias 
  5. Emerging card based threats in financial sector by Mr. Asanka Fernando








Thursday, May 02, 2013

Micro Actyon

Micro Actyon XDi 200

2009 brand new. Agent maintained. Only 18500 km done. Genuine mileage and only Actyon in town with low mileage. All parts are in original condition. Grand white, Full option, Triptronic, 4WD, Diesel, R/Key, CD, Multifunctional steering wheel, Reverse sensor, Black and teak interior, retractable mirrors. Vehicle in mint condition.







Evolving Role of IT for Risk and Assurance Professionals

This is a full day conference scheduled to be held at 6th May, 2013 at Hilton Colombo Residence.


Google Glass Hacked...!

Google glass made very interesting headlines during last couple of months. There was lot of expectations and anticipation regarding this new piece of device from Google. But, disappointing to note, that this testing device been jailbroken by infamous Android and iOS hacker named Jay Freeman (aka Saurik)

http://www.kitguru.net/channel/joseph-mcdonnell/google-glass-jailbroken-hacker-says-security-is-ineffective/#.UYDeGcIoFLc.facebook

Tuesday, March 13, 2012

Kia Picanto 2012







Kia Picanto is very stylish compact car which can easily accommodate 4 average size adults. This new design with the latest features capture the current market quickly. Very rarely we see a latest Picanto in Sri Lankan roads, but there are more than 180 car orders placed at the moment and will populate our roads with Kia Picanto 2012 model in few months time.

Kia Picanto comes in 4 speed auto and 5 speed manual. There are three engine types.

KAPPA 1.2 MPI Engine - manual
max 87 ps at 6,000 rpm

KAPPA 1.0 MPI Engine - manual
max 69 ps at 6,200 rpm

KAPPA 1.0 FFV Engine
max 80 ps at 6,200 rpm



Sunday, November 20, 2011

Micro Panda Cross


This is the newest car of Micro. Named as "Micro Panda Cross".












Tuesday, October 25, 2011

Why penetration testing information should be destroyed?

Penetration testing is a sensitive testing mechanism against organizational assets. Penetration testing focuses on the current infrastructure of an organization network and its weaknesses. This test is able of identified most sensitive information security weaknesses of organizations’ network infrastructure. This sensitive information is very critical to organizations and protecting this from unwanted hands is utmost priority. When a penetration testing assignment is underway, it is important to reveal most of the business critical operations, information, critical assets, resource persons, etc to penetration testing team. On the other hand, during their penetration testing process, penetration-testing team can learn many hidden vulnerabilities, security weaknesses, and business process weaknesses and many more. These hidden weaknesses can create catastrophe event to organization without any notification, if goes to intruders or malicious users hands. Although the criticality of this information is very high, organization cannot do penetration testing with their internal teams. This is due to lack of experience, exposure, qualifications, equipments, knowledge of internal teams or lack of personal resource availability within the organization. Hence, organizations have to go for external resources by taking a slight risk. However, many of these risks can be covered via appropriate legal bindings, and selecting reputed, qualified, and professional team of penetration testers. Organizations must draft appropriate legal terms and bindings and get third parties abide by them to protect the organization that they may face in case of breach of confidentiality. In the normal practice and depending on the sensitivity of the information client organizations and third party penetration testing team can agree to destroy the information gathered during the penetration testing process. Furthermore, it should be noted, that client organization must specifically mention the information that they wanted the service provider (penetration testing team) to destroy and the period of time that the penetration testing team can retain confidential data before destroying. On the other hand, it should be clearly define the process to destroy, and confirmation of destroy, etc.

In case, if the external penetration testing team does not destroy the information, it is an unprofessional behavior of that origination or the team, and they might face legal charges or imprisonment depending on the case. Penetration testing team can be victims of, negligence of duties, breach of confidence, reputational damages, and legal actions. Since, the criticality of the information it is advised to destroy the collected information. For instance, if an attacker infiltrate penetration testing team member’s laptop where critical data is stored, attacker can extract very valuable first hand information from without much difficulty. This information can be used against the client organization to blackmail, threaten, attack, steal more information, and selling extracted information to third parties (hackers, competitors), etc.

It is imperative to select very reputed and professional team of penetration testers for your penetration testing projects. Below given are few ways to gauge the penetration testing vendor.

· Check whether the penetration testing is their core competencies. Some organizations provide this as a value added service and not master in the area.

· Check for the real world implementation and experience, rather than paper qualifications of testing team

· Evaluate vendors trustworthiness and competence

· Consider the cost versus frequency of penetration testing needed to conduct

· Find real penetration tester who are expert in the field and have practical experience in real environment, this is difficult to find but it will be worth the test

· Ask for references from vendor and verify their status

· Perform a thorough background check to identify the real nature of the vendor