Cyber Security Through Technology Risk Management

RBI Cyber Security Framework(RBI-CSF) History RBI stands for Reserve Bank of India, a India's central bank and regulatory body establish in 1 April 1935 in accordance with Reserve Bank of India Act 1934. Purpose & Objective RBI's basic function as a reserve bank is to " to regulate the issue of Bank notes and keeping of reserves with a view to securing monetary stability in India and generally to operate the currency and credit system of the country to its advantage; to have a modern monetary policy framework to meet the challenge of an increasingly complex economy, to maintain price stability while keeping in mind the objective of growth ." The primary objectives of RBI are to undertake initiatives to: Define the  framework and guidelines and act as monitoring regulatory body for financial sectors  consisting of commercial banks, financial institutions and non- banking financial companies (NBFC),  Urban co-operative bank (UCB) etc. Fortifying the role of statutor

What is the need for this PowerShell script. This script is needed when there is a discrepancy reported by vulnerability scan claiming that a set of windows systems are missing particular patch however the centralized patching tool is showing them as installed. This script could be handy for auditors, control validator/tester to test if patches are installed periodically or to check recently patched dates etc. Option 1 $cDate = Get-Date   # Get the date 30 adys ago $DaysAgo = $cDate .AddDays(-30)  # Get all the Updates installed since 30 days ago Get-HotFix | Where-Object { $_ .InstalledOn -gt $DaysAgo } $LastPatch = Get-HotFix | Sort-Object InstalledOn -Descending | Select-Object -First 1 Option 2 Get-CimInstance -Class win32_quickfixengineering | Where-Object { $_ .InstalledOn -gt ( Get-Date ).AddDays(-30) } Option 3 $Hosts = Get-Content -Path '.\hosts.txt'   #contains list of hosts #For each of the hosts in that file, run a command to gather patches installed on

Introduction. We are going to discuss various file transfer options in brief and the security concerns associated with them. By understanding how these solution operate we can have an informed decision over its usage across the organization . Let's see if we could find answers to below question.  Differences between FTP, SFTP, FTPS and FTP over SSH? Why not just use FTP? Why should I use SFTP instead of FTP? Is SFTP better than FTPS?

WPAD protocol is a mechanism used by web clients to locate a browser configuration file ( WPAD.dat ) to obtain nearby proxy server details.

Assume you are supporting a big datacenter where multiple Access Switches are connected to the core switches or routers and  then tracing a device like a PC or a server for troubleshooting or security purposes is one of those tasks  that you often end up doing. This is not a difficult task but can certainly  a time consuming.

What is PAC File? Proxy Auto Configuration file is text file having a single function containing various rules coded in JavaScript that instructs web browser to forward traffic to a proxy server or directly to the destination server. Along with proxy server details there are optional and additional parameter that specify when and under what circumstances a browser forwards traffic to proxy server. Example: function FindProxyForURL(url, host) { if (shExpMatch(url, "*.google.com/*"))        return 10.10.10.1:8080;        return DIRECT' } Advantage of PAC file: PAC file can be hosted on a centralized place such as workstation, internal web server, or server outside the corporate network. Perform Load distribution Handle proxy failover. Supported by all browsers. Exceptions rules can be configured for internal or external sites. Provides critical security, ensuring that traffic is always proxied when it should be. History Originally developed by Netscape in 19