Tag Archives: Null

ISO 27001 : A Business View

Hi People,

I am back after a strong lethargic break. Before i go back to hibernation (i can promise that i will be regular from now onward, but people who know me will differ — and i don’t blame them, either — but i digress), let me share a presentation that i did for a NULL meeting (what? You don’t know NULL? Shame on you!, go back and Google; on second thoughts, read this please and then go back, coz i am not sure if you will come back!).

Please visit this Google Presentation and share the feedback. My take is:-

ISO 27001 is a standard which provides a structured and step-by-step approach in solving many security problems , most of which do not involve technology.

I have tried to take some examples to illustrate some events that technology will need some years to solve. However, using a methodology such as ISO 27001 helps us in securing, and maintaining the same, the information and infrastructure supporting it.

null Chapter started in Hyderabad

I had a chance to be a part of the first meeting of hyderabad chapter of null (29th August ’10, Sunday, 16:30–18:30), and i must say, it was not without some apprehension that i started for it. For one, i had a humbling experience with local OWASP chapter as it is in its second month of inactivity (do include me if you plan to blame someone, for i had a small part to play — by not doing anything, that is). However, i had been following these people for quite some time, and must say, have learned a lot just by reading the mailing list, and i was not disappointed. Though it is too early to say, but i think null will survive the inertial forces that tend to take over any new initiative.

The meeting started with Prajwal (one of the moderators of the hyderabad chapter) giving a nice presentation on w3af (Web Application Attack and Audit Framework). He also presented Matriux, a distro dedicated to security professionals. The co-founders of null|con have come by the time Prajwal finished, and they took it on from there. Oh, lest i forget, let me tell you that some OWASP members were also spotted (including yours truly).

Further, i have decided to talk, in the next-to-next meeting (mind you, meetings will be monthly, so that makes it october’10), on ISO 27001 (coz that’s what my limited knowledge is limited to!). But before that, i guess there will be some more talks on vulnerability assessments and other stuff.

All in all, nice thing that they have started a chapter in my karmabhoomi; i hope i learn new things and share with everyone through this medium (do i see enough eyeballs to quit my job and turn full-time blogger!).