Informazioni personali

Cerca nel blog

Translate

Visualizzazione post con etichetta Information security. Mostra tutti i post
Visualizzazione post con etichetta Information security. Mostra tutti i post

martedì 7 febbraio 2023

Information security o Cyber security?

Istigato dal buon Alessandro Bottonelli, mio correo in #quellidelfascicolop mi è venuta voglia di puntualizzare un problema di nomenclatura che mi sta a cuore.

I termini Cyber ​​Security e Information Security sono spesso usati in modo intercambiabile. Entrambi sono responsabili della sicurezza e della protezione del sistema informatico da minacce e violazioni delle informazioni e spesso la sicurezza informatica e la sicurezza delle informazioni sono così strettamente collegate che possono sembrare sinonimi e, sfortunatamente, vengono utilizzate come sinonimi.

Se parliamo di sicurezza dei dati, si tratta di proteggere i dati da utenti malintenzionati e minacce. Ora qual è la differenza tra dati e informazioni?

Un punto importante è che “non tutti i dati possono essere informazioni” i dati possono essere informati se vengono interpretati in un contesto e gli viene dato un significato. Ad esempio “250865” è un dato e se sappiamo che è la data di nascita di una persona (la mia) allora è un’informazione perché ha un significato. Quindi informazione significa dati che hanno un significato.

Qual è la differenza tra la information security (sicurezza delle informazioni) e la cyber security (sicurezza informatica)?

La sicurezza delle informazioni e la sicurezza informatica sono campi correlati ma distinti che si concentrano sulla protezione di diversi aspetti dei sistemi informativi e tecnologici di un’organizzazione.

La sicurezza delle informazioni è un campo ampio che comprende tutti gli aspetti della protezione delle informazioni e dei sistemi informativi di un’organizzazione da accesso, uso, divulgazione, interruzione, modifica o distruzione non autorizzati.

I pilastri su cui si basa sono ovviamente:

  • confidentiality
  • integrity
  • availability

cui occorrerebbe aggiungere

  • non repudiation
  • authenticity
  • accountability

La sicurezza delle informazioni include la protezione delle informazioni sensibili, come i dati personali e le informazioni finanziarie, nonché i sistemi e i processi utilizzati per archiviare, trasmettere ed elaborare tali informazioni. All’interno della sicurezza delle informazioni ricadono quindi anche aspetti legati alla protezione del dato sia questo digitale che analogico.

Esempi e inclusione della sicurezza delle informazioni sono i seguenti:

  • Controlli procedurali
  • Controlli di accesso
  • Controlli tecnici
  • Controlli di conformità

La cyber security, d’altra parte, è largamente un sottoinsieme della sicurezza delle informazioni che si concentra specificamente sulla protezione dei sistemi tecnologici e dei dati di un’organizzazione da attori malintenzionati nel cyberspazio. Ciò include la protezione da attacchi di rete, violazioni dei dati e altri tipi di criminalità informatica. La sicurezza informatica include anche la protezione delle infrastrutture critiche, come centrali elettriche e sistemi finanziari, dagli attacchi informatici che espande il perimetro rispetto la Information security.

Esempi e inclusione della sicurezza informatica sono i seguenti:

  • Sicurezza della rete
  • Sicurezza delle applicazioni
  • Sicurezza nel cloud
  • Infrastrutture critiche

In sintesi, la sicurezza delle informazioni è un campo ampio che comprende tutti gli aspetti della protezione delle informazioni e dei sistemi informativi, mentre la cyber security si concentra specificamente sulla protezione contro le minacce e gli attacchi informatici. Entrambi sono importanti per garantire la sicurezza e l’integrità dei sistemi informatici e tecnologici di un’organizzazione.

vi torna?

ciao

domenica 25 agosto 2013

check out my new article on hakin9

http://hakin9.org/read-hakin9s-qr-code-hacking-issue-and-get-knowledge-how-to-protect-yourself-from-data-loss/

Read Hakin9‘s QR Code Hacking Tutorial and Learn How To Avoid Data Loss

You received this newsletter because you subscribed to autoresponder address list of Hakin9 magazine.
If you want to unsubscribe please click the link.
Dear Readers,

we are pleased to inform you that our new tutorial about QR code hacking has just arrived. You can download it here.

In this issue you will find articles such as:

QR Code Hacking

BASICS

Hacking QR Codes
By Rishabh Rastogi
An information security, risk and governance minded professional who thrives on evaluating technologies and business processes from a critical perspective.

Popularly QR Codes have found their application in encoding URLs, visiting cards, addresses and various forms of advertisement data on posters. Along with its great uses, QR codes have also many potential risks due to the vulnerabilities around its design and hence prying threat vectors would always be after exploiting those vulnerabilities. Hence not making a very sweeping statement, but
funnily enough every kid on the block has a QR Code scanner and is a potential victim of being hacked.

Sim Card Hacking
By Carlos Rodriquez Perez
Imagine you’re a malware developer, and you are looking for new techniques to spread your malware, you’re tired of thinking and suddenly you have an idea, why not include my trojan in a QR Code? This is the question that many cyberdelinquents ask to themselves, is very easy to pass a trojan by an application for our smatphone, for example an X-Ray Reader (fake of course), once we have read the fraudulent code, the malware disburdens himself and attack, usually the attack consists in a malware that is installed in our smatphone, once installed is dedicated to ilegal activities, such as sending SMS to a payment service that takes advantages of the attacker.

THE TECHNIQUES

Hijacking QR Codes
By David Allen
Managing Director at @MobileEngage

The QR code system was invented in 1994 by Toyota’s subsidiary, Denso Wave. Its purpose was to track vehicles during manufacturing; it was designed to allow high-speed component scanning. It has since become one of the most popular types of two-dimensional barcodes. Originally designed for industrial uses, QR codes have become common in consumer advertising. Typically, a smartphone is used as a QR-code scanner, displaying the code and converting it to some useful form.

QR Code A Real Treat Or Not
By Antonio Ierano
Security Consultant, Evangelist, Speaker, Trainer and Blogger at The Puchi Herald

We could easily create a related to a malware infection, convert this URL through a shortened URL service, associate it to a common logo and embed this info in a QRCode. A normal User would check the code through its application and would find a familiar logo to click on; although he would check the URL he would probably see the short version that is anyway not readable. Unless the user is using on its smartphone or tablet a security suite could be easily fooled and redirected anywhere.

QR Codes: Convenience or Minefield?
By David Nordell
CEO of New Global Markets

Imagine that you are walking in the street in the town where you live. You need to find a new place to live, and don’t really want to use an estate agent, because they usually lie about the places they have available, and charge a commission too. But you pass a tree with a sheet of paper stapled to the bark, reading “beautiful two-room apartment, lots of light, modern kitchen and bathroom … no agents.”

QR Codes – Hacking, cracking and other security considerations.
By V. Michael Balas
Founder and CEO at VitreoQR, LLC

On March 6th of 1992, the world waited for the Michaelangelo Computer Virus to strike hundreds of thousands of computers across the planet. The threat was so great this one computer event received massive and widespread media attention in virtually every industrialized country. Ultimately, the virus did little actual damage but its media coverage frightened the world into a more pro-active position regarding protection from such attacks. The antivirus software industry now had its first truly legitimate example of the need for antivirus software. John McAfee was well on his way to making millions.

6 Ways To Protect Yourself From QR Code Hacking
By Nick Lynch
Co-Founder of OakReach, a native ad and content marketing platform

In today’s fast moving times, getting information and content instantly at our figure tips has become an increasing necessity. Because of this, Quick Response (QR) codes continue to be the biggest driver of print to mobile activations. When scanned, the codes often contain web links that automatically take a user to a website. Over the last few years, the practice of placing this type of matrix barcode on billboards, posters, clothing tags, concert tickets, business cards, TV ads and magazines has become common practice. According to ClickZ.com, QR scans saw an increase of 400% between June 2011 and June 2012.

EXTRA

Interview with Nick Lynch
By Magdalena Gierwatowska

Interview with Antonio Ierano
By Magdalena Gierwatowska

Please spread the word about Hakin9.
Hakin9 team wish you good reading!
Product Manager: krzysztof.samborski@hakin9.org
www.hakin9.org/en

New profiles on:

Related articles

check out my new article on hakin9

http://hakin9.org/read-hakin9s-qr-code-hacking-issue-and-get-knowledge-how-to-protect-yourself-from-data-loss/

Read Hakin9‘s QR Code Hacking Tutorial and Learn How To Avoid Data Loss

You received this newsletter because you subscribed to autoresponder address list of Hakin9 magazine.
If you want to unsubscribe please click the link.
Dear Readers,

we are pleased to inform you that our new tutorial about QR code hacking has just arrived. You can download it here.

In this issue you will find articles such as:

QR Code Hacking

BASICS

Hacking QR Codes
By Rishabh Rastogi
An information security, risk and governance minded professional who thrives on evaluating technologies and business processes from a critical perspective.

Popularly QR Codes have found their application in encoding URLs, visiting cards, addresses and various forms of advertisement data on posters. Along with its great uses, QR codes have also many potential risks due to the vulnerabilities around its design and hence prying threat vectors would always be after exploiting those vulnerabilities. Hence not making a very sweeping statement, but
funnily enough every kid on the block has a QR Code scanner and is a potential victim of being hacked.

Sim Card Hacking
By Carlos Rodriquez Perez
Imagine you’re a malware developer, and you are looking for new techniques to spread your malware, you’re tired of thinking and suddenly you have an idea, why not include my trojan in a QR Code? This is the question that many cyberdelinquents ask to themselves, is very easy to pass a trojan by an application for our smatphone, for example an X-Ray Reader (fake of course), once we have read the fraudulent code, the malware disburdens himself and attack, usually the attack consists in a malware that is installed in our smatphone, once installed is dedicated to ilegal activities, such as sending SMS to a payment service that takes advantages of the attacker.

THE TECHNIQUES

Hijacking QR Codes
By David Allen
Managing Director at @MobileEngage

The QR code system was invented in 1994 by Toyota’s subsidiary, Denso Wave. Its purpose was to track vehicles during manufacturing; it was designed to allow high-speed component scanning. It has since become one of the most popular types of two-dimensional barcodes. Originally designed for industrial uses, QR codes have become common in consumer advertising. Typically, a smartphone is used as a QR-code scanner, displaying the code and converting it to some useful form.

QR Code A Real Treat Or Not
By Antonio Ierano
Security Consultant, Evangelist, Speaker, Trainer and Blogger at The Puchi Herald

We could easily create a related to a malware infection, convert this URL through a shortened URL service, associate it to a common logo and embed this info in a QRCode. A normal User would check the code through its application and would find a familiar logo to click on; although he would check the URL he would probably see the short version that is anyway not readable. Unless the user is using on its smartphone or tablet a security suite could be easily fooled and redirected anywhere.

QR Codes: Convenience or Minefield?
By David Nordell
CEO of New Global Markets

Imagine that you are walking in the street in the town where you live. You need to find a new place to live, and don’t really want to use an estate agent, because they usually lie about the places they have available, and charge a commission too. But you pass a tree with a sheet of paper stapled to the bark, reading “beautiful two-room apartment, lots of light, modern kitchen and bathroom … no agents.”

QR Codes – Hacking, cracking and other security considerations.
By V. Michael Balas
Founder and CEO at VitreoQR, LLC

On March 6th of 1992, the world waited for the Michaelangelo Computer Virus to strike hundreds of thousands of computers across the planet. The threat was so great this one computer event received massive and widespread media attention in virtually every industrialized country. Ultimately, the virus did little actual damage but its media coverage frightened the world into a more pro-active position regarding protection from such attacks. The antivirus software industry now had its first truly legitimate example of the need for antivirus software. John McAfee was well on his way to making millions.

6 Ways To Protect Yourself From QR Code Hacking
By Nick Lynch
Co-Founder of OakReach, a native ad and content marketing platform

In today’s fast moving times, getting information and content instantly at our figure tips has become an increasing necessity. Because of this, Quick Response (QR) codes continue to be the biggest driver of print to mobile activations. When scanned, the codes often contain web links that automatically take a user to a website. Over the last few years, the practice of placing this type of matrix barcode on billboards, posters, clothing tags, concert tickets, business cards, TV ads and magazines has become common practice. According to ClickZ.com, QR scans saw an increase of 400% between June 2011 and June 2012.

EXTRA

Interview with Nick Lynch
By Magdalena Gierwatowska

Interview with Antonio Ierano
By Magdalena Gierwatowska

Please spread the word about Hakin9.
Hakin9 team wish you good reading!
Product Manager: krzysztof.samborski@hakin9.org
www.hakin9.org/en

New profiles on:

Related articles

venerdì 10 maggio 2013

(ISC)2 Italy Chapter Site » Mobile Security Series – Beyond BYOD – Slides

(ISC)2 Italy Chapter Site » Mobile Security Series – Beyond BYOD – Slides

Mobile Security Series – Beyond BYOD – Slides

Le slide del primo approfondimento (ISC)2 Italy Chapter sul Mobile (Beyond BYOD) sono disponibili ai soci a questo link(*)Webinar – (ISC)2 Italy – Mobile Series 1 – Beyond BYOD
Ringraziamo tutti coloro che hanno seguito il seminario e ancor di piu’ chi ha dedicato del tempo per completare il sondaggio sull’iniziativa. Stay tuned: nelle prossime settimane vi informeremo sulle date del secondo e poi del terzo seminario della serie.
(*) Per accedere alle slides e’ necessario essere Soci di (ISC)Italy Chapter; l’utenza per l’accesso e’ stata inviata contestualmente all’associazione. Per problemi tecnici, e’ possibile inviare una mail a webmaster@isc2chapter-italy.it

martedì 12 marzo 2013

(ISC)2 Italy Chapter Site » (ISC)2 Chapter Italy al Security Summit

(ISC)2 Italy Chapter Site » (ISC)2 Chapter Italy al Security Summit

(ISC)2 Chapter Italy al Security Summit

Domani 12 Marzo inizia a Milano il Security Summit, probabilmente la piu rilevante manifestazione di Sicurezza ICT nel panorama Italiano. Lo scorso anno il Capitolo Italiano di (ISC)2 ha annunciato la propria nascita proprio a questa manifestazione ed è naturale per tutti noi esserci affezionati e presenti anche per questo motivo.
Anche quest’anno dunque parteciperemo ed avremo uno spazio tutto per noi. L’appuntamento è quindi per il secondo giorno, ovvero il 13 marzo Mercoledi alle 16.30.
Pierluigi Sartori, socio (ISC)2 Italy Chapter, presenterà un orientamento fra l’approccio in-house e quello managed in ambito Sicurezza Informatica, un contenuto inedito basato sull’esperienza reale.

mercoledì 6 marzo 2013

Security Summit :: Il 12 marzo si apre l'edizione 2013: pronto il programma, definiti i contenuti

Steve Purser, Head of the Technical Department...
Steve Purser, Head of the Technical Department, ENISA (Photo credit: Security & Defence Agenda)

Security Summit :: Il 12 marzo si apre l’edizione 2013: pronto il programma, definiti i contenuti

Il 12 marzo si apre l’edizione 2013: pronto il programma, definiti i contenuti
E’ praticamente definito il programma della prima tappa del Security Summit 2013 che si aprirà la mattina del 12 marzo a Milano.
Si inizia infatti con un ospite d’eccezione, Steve Purser, Head of Technical Department, ENISA – European Network and Information Security Agency, che disegnerà il quadro dei progetti europei in tema di Ict security, tema di grande rilevanza perchè naturalmente coinvolge poi le politiche dei singoli Paesi.

Security Summit :: Il 12 marzo si apre l'edizione 2013: pronto il programma, definiti i contenuti

Steve Purser, Head of the Technical Department...
Steve Purser, Head of the Technical Department, ENISA (Photo credit: Security & Defence Agenda)

Security Summit :: Il 12 marzo si apre l’edizione 2013: pronto il programma, definiti i contenuti

Il 12 marzo si apre l’edizione 2013: pronto il programma, definiti i contenuti
E’ praticamente definito il programma della prima tappa del Security Summit 2013 che si aprirà la mattina del 12 marzo a Milano.
Si inizia infatti con un ospite d’eccezione, Steve Purser, Head of Technical Department, ENISA – European Network and Information Security Agency, che disegnerà il quadro dei progetti europei in tema di Ict security, tema di grande rilevanza perchè naturalmente coinvolge poi le politiche dei singoli Paesi.