Tag Archive for: Audit

Cyber security audit of websites

/in


Niraj Dubey
India is one of the fastest-growing digital markets in the world with close to 881.25 million internet users. It is home to the third-largest number of Internet users in the world, after the US and China. Eyeing the huge consumer base that India presented, Internet-based services flooded in India. Around 346 million Indians are engaged in online transactions including e-commerce, and digital payments. Even the orthodoxical industries which functioned largely on manpower earlier joined the digital bandwagon in order to stay relevant in the changing times. The ballooning Indian digital market also caught the eyes of cybercriminals. And as India moves further ahead on the path to digital transformation, threats to its different economic sectors rise simultaneously. Further, a presentation by the NITI Aayog underlines the biggest victims of these data breaches as financial organizations, healthcare, universities, higher education and public sector etc. In order to meet such alarming situation and emerging cyber security challenges, security audit of respective websites is need of the hour. A cyber-security audit involves a comprehensive analysis and review of the IT infrastructure of your business. Security audits will help protect critical data, identify security loopholes, create new security policies and track the effectiveness of security strategies. Regular audits can help ensure employees stick to security practices and can catch new vulnerabilities. It is a primary method for examining compliance. It is designed to evaluate something (a company, system, product, etc.). The Indian Government and stakeholders who were exploring ways to fight off the rising threat landscape, zeroed in on regulatory norms and guidelines for all services operating in India, putting a more stringent focus on BFSI (Banking, Financial Sector & Insurance) and Government sectors. These stringent regulations forced organizations to take due cybersecurity steps to combat cyber attacks. It is estimated that the security testing services market in India would increase from USD 201 million in 2019 to USD 4.70 billion by 2024. In order to check menace of ransomware,…

Source…

City of St. Albert to undertake cyber security audit

/in


The City of St. Albert is planning an audit of its cybersecurity processes, policies, and programs this spring.

“This is to really minimize the risk,” Coun. Sheena Hughes said. “Should things go not the way you’re hoping in the risk department for cybersecurity, it can be very expensive.”

Hughes also said she thinks the audit will make the city government more effective, and cybersecurity is something all governments need to be on top of.

“The project objective is to evaluate the effectiveness of the city’s cybersecurity practices and controls to identify key risks and vulnerabilities, develop a plan to mitigate risks, and ensure the confidentiality, integrity, and availability of sensitive data and critical systems is protected against potential cyber threats and attacks,” reads an audit outline presented to St. Albert’s internal audit steering committee last month.

The committee is made up of two residents, and in 2024 will include Hughes, Coun. Wes Brodhead, and Coun. Ken MacKay.

The outline says the city will hire a consultant to use frameworks like the V8 Controls developed by the Centre for Internet Security or the United States government’s National Institute of Standards and Technology’s Cyber Security Framework to “identify, score, and assess risk level and maturity for each domain and related processes within the [frameworks] and provide [a] detailed report that outlines observations and recommendations for enhancements … to address identified gaps in controls or improvements of cybersecurity processes.”

Some aspects of the city’s processes that will be covered under the audit, according to the outline, include data recovery, malware defences, network monitoring and defence, penetration testing, incident-response management, security awareness and skills training, and more.

“You can prevent a lot of unnecessary costs by making sure that your risks are covered or minimized,” Hughes said. “So, this will allow that ability to recognize the fact that because everything is basically online now, we need to have the proper checks and balances in place to make sure that our data and all the other data for residents is properly…

Source…

North Tonawanda School District tightens computer system security after state audit

/in


The North Tonawanda City School District has tightened protection of its computer network following an audit of its security procedures, according to a report from the State Comptroller’s Office.

“Most of the issues that were identified during the audit were addressed immediately,” School Superintendent Gregory J. Woytila wrote in response to technology audit for time between July 1, 2022, and April 12, 2023. “These enhancements will be part of the corrective action plan drafted in response to the findings.”

Auditors discovered 246 unnecessary user accounts that were subsequently disabled. Fifty-five of them were non-student accounts assigned to previous district employees, contractors and interns. One of them had been assigned to a substitute teacher who left in 2019.

The audit also found 29 unnecessary shared user accounts which were disabled and learned that no one kept track of the accounts or had a policy to disable them. Auditors said they were told that no policy had been developed because the district had not experienced a data leak or cyberattack in more than 20 years.

The audit additionally advised the district to develop an IT contingency plan so that employees could communicate and continue doing their jobs in case of a disruption.

Source…

Android VPNs to get audit badges in Google Play Store if they aren’t comically crap • The Register

/in


Google wants to help Android users find more trustworthy VPN apps through better badging alerting to independent audits.

The ad impresario and cloud concession has afforded independently audited applications in its Play store a more prominent display of their security bonafides, specifically a banner atop their Google Play page.

VPN apps are the first to receive this special treatment, explained Nataliya Stanetsky, from Google’s Android Security and Privacy Team, in an announcement, because they handle significant amounts of sensitive data. And they’re thus a popular target for subversion by miscreants.

“When a user searches for VPN apps, they will now see a banner at the top of Google Play that educates them about the ‘Independent security review’ badge in the Data Safety Section,” said Stanetsky.

Last year, Google’s partnership with the App Defense Alliance (ADA), launched in 2019, was expanded to include the Mobile App Security Assessment (MASA), a way to check Android apps to ensure they comply with a security standard defined by OWASP.

It’s not a particularly thorough audit. As the ADA’s website states, “MASA is intended to provide more transparency into the app’s security architecture, however the limited nature of testing does not guarantee complete safety of the application.”

The ADA also advises that MASA does not necessarily check app developers’ safety declarations. Obviously the alliance doesn’t want to be blamed if it misses something and an info-stealing app slips by, but the group’s MASA endorsement counts for something.

MASA looks for obvious bad practices, like whether sensitive data gets written to application log files and whether the app reuses cryptographic keys for multiple purposes, among its many checks. It’s safe to say you’re better off with apps that avoid such missteps, even if it’s not safe to say they’re guaranteed to be secure.

At least if MASA misses, the Android ecosystem has other security measures in place. As Google proudly proclaims, it tries to protect against PHAs and MUwS – potentially harmful applications and mobile unwanted software, in case your gibberish translator is down. It does so through static and dynamic risk…

Source…