Ayal Harshana

13/07/2024

💔🫥

14/05/2024

The reality in our life with Information Security 😉

07/02/2024

The Chief Information Security Officer (CISO) is a senior-level executive responsible for establishing and maintaining the enterprise vision, strategy, and program to ensure information assets and technologies are adequately protected. The CISO's responsibilities typically include, but are not limited to, the following:

1. Information Security Strategy: Developing and maintaining a strategic, comprehensive enterprise information security and IT risk management program to ensure the integrity, confidentiality, and availability of information and systems.

2. Security Policies and Standards: Establishing, maintaining, and overseeing the implementation of policies and procedures that guide the organization's protection of information assets.

3. Security Awareness and Training: Promoting security awareness and education within the organization to ensure employees understand their role in safeguarding data and systems.

4. Compliance and Regulatory Requirements: Ensuring the organization's compliance with relevant laws, regulations, and standards regarding information security and privacy.

5. Incident Response and Management: Developing and implementing an incident response plan and overseeing the organization's response to security incidents.

6. Risk Management: Identifying, evaluating, and reporting on information security risks in a manner that meets compliance and regulatory requirements.

7. Security Architecture: Providing oversight and guidance to ensure that security is integrated into the design and implementation of systems and applications.

8. Security Operations: Overseeing the operation of security technologies, including firewalls, intrusion detection systems, and encryption systems.

9. Security Governance: Leading the organization's information security governance processes, including the development and implementation of security policies, procedures, and standards.

10. Vendor Security Management: Assessing and managing the security posture of third-party vendors and partners to ensure the protection of the organization's data and systems.

11. Collaboration and Communication: Collaborating with other executives to align security initiatives with enterprise goals, and communicating with the board of directors and relevant stakeholders about security risks and mitigation strategies.

Overall, the CISO plays a critical role in ensuring the confidentiality, integrity, and availability of an organization's information assets, and in protecting the organization from security threats and incidents.

30/10/2023

Today motivation❤️🔥
Mobile.lk📱📱📱📱

04/09/2023

Uditha KariyawasamAyal Sasith Harshana𝗖𝗮𝗺𝗽𝘂𝘀 𝗖𝗹𝘂𝘀𝘁𝗲𝗿 / කැම්පස් පොකුර

𝐏𝐚𝐬𝐬𝐰𝐨𝐫𝐝-𝐁𝐚𝐬𝐞𝐝 𝐀𝐮𝐭𝐡𝐞𝐧𝐭𝐢𝐜𝐚𝐭𝐢𝐨𝐧:
Users provide a username and password. Common and easy to implement, but susceptible to password-related vulnerabilities (e.g., weak passwords, password reuse). Two-factor authentication (2FA) can enhance security by requiring a second factor, such as a one-time code from a mobile app.

𝐁𝐢𝐨𝐦𝐞𝐭𝐫𝐢𝐜 𝐀𝐮𝐭𝐡𝐞𝐧𝐭𝐢𝐜𝐚𝐭𝐢𝐨𝐧:
Uses physical or behavioral characteristics of the user, like fingerprints, facial recognition, voice recognition, or iris scans. Highly secure, but may have privacy concerns and can be expensive to implement.

𝐓𝐨𝐤𝐞𝐧-𝐁𝐚𝐬𝐞𝐝 𝐀𝐮𝐭𝐡𝐞𝐧𝐭𝐢𝐜𝐚𝐭𝐢𝐨𝐧:
Involves the use of a physical or digital token (e.g., smart card, hardware token, or mobile app). Provides an additional layer of security compared to just passwords.

𝐌𝐮𝐥𝐭𝐢-𝐅𝐚𝐜𝐭𝐨𝐫 𝐀𝐮𝐭𝐡𝐞𝐧𝐭𝐢𝐜𝐚𝐭𝐢𝐨𝐧 (𝐌𝐅𝐀):
Requires users to provide two or more authentication factors (e.g., something you know, something you have, something you are). Offers robust security by combining different authentication methods.

𝐒𝐢𝐧𝐠𝐥𝐞 𝐒𝐢𝐠𝐧-𝐎𝐧 (𝐒𝐒𝐎):
Allows users to log in once and gain access to multiple related services or applications without the need to enter credentials again. Enhances user convenience and can be implemented using protocols like OAuth and OpenID Connect.

𝐎𝐀𝐮𝐭𝐡 (𝐎𝐩𝐞𝐧 𝐀𝐮𝐭𝐡𝐨𝐫𝐢𝐳𝐚𝐭𝐢𝐨𝐧):
Used for authorization rather than authentication, often for granting third-party applications access to user data without sharing credentials. Widely used in modern web applications for delegated authorization.

𝐎𝐩𝐞𝐧𝐈𝐃 𝐂𝐨𝐧𝐧𝐞𝐜𝐭:
An authentication layer built on top of OAuth 2.0, providing identity authentication services. Used for single sign-on and identity federation.

22/07/2023

Ayal Sasith Harshana

The NIST Cybersecurity Framework, developed by the National Institute of Standards and Technology (NIST) in the United States, is a widely recognized and widely adopted framework for improving cybersecurity risk management. It provides a structured approach for organizations to assess and manage their cybersecurity risks, protect their systems and data, detect and respond to cybersecurity incidents, and recover from them.

The NIST Cybersecurity Framework consists of three main components:

1. Core Functions: The core functions of the framework are five high-level categories of cybersecurity activities, which are Identify, Protect, Detect, Respond, and Recover. These functions represent the key areas that organizations need to focus on to establish a comprehensive cybersecurity program.

2. Framework Core: The framework core consists of a set of cybersecurity activities, outcomes, and informative references that help organizations achieve their desired cybersecurity outcomes. It provides a flexible structure for organizations to align their cybersecurity efforts with their business requirements, risk tolerance, and available resources.

3. Implementation Tiers: The implementation tiers describe the level of sophistication and maturity of an organization's cybersecurity program. There are four tiers: Partial, Risk Informed, Repeatable, and Adaptive. These tiers help organizations assess their current cybersecurity capabilities and develop a roadmap for improvement.

The NIST Cybersecurity Framework is designed to be adaptable to different sectors, organizations of various sizes, and varying risk profiles. It promotes a risk-based approach to cybersecurity, emphasizing the importance of identifying and prioritizing cybersecurity risks based on business needs and available resources.

By implementing the NIST Cybersecurity Framework, organizations can enhance their cybersecurity posture, better protect their systems and data, and improve their ability to respond to and recover from cybersecurity incidents. It is important to note that while the NIST Cybersecurity Framework provides valuable guidance, it is not a one-size-fits-all solution, and organizations should tailor its implementation to their specific needs and requirements.

22/07/2023

The NIST Cybersecurity Framework, developed by the National Institute of Standards and Technology (NIST) in the United States, is a widely recognized and widely adopted framework for improving cybersecurity risk management. It provides a structured approach for organizations to assess and manage their cybersecurity risks, protect their systems and data, detect and respond to cybersecurity incidents, and recover from them.

The NIST Cybersecurity Framework consists of three main components:

1. Core Functions: The core functions of the framework are five high-level categories of cybersecurity activities, which are Identify, Protect, Detect, Respond, and Recover. These functions represent the key areas that organizations need to focus on to establish a comprehensive cybersecurity program.

2. Framework Core: The framework core consists of a set of cybersecurity activities, outcomes, and informative references that help organizations achieve their desired cybersecurity outcomes. It provides a flexible structure for organizations to align their cybersecurity efforts with their business requirements, risk tolerance, and available resources.

3. Implementation Tiers: The implementation tiers describe the level of sophistication and maturity of an organization's cybersecurity program. There are four tiers: Partial, Risk Informed, Repeatable, and Adaptive. These tiers help organizations assess their current cybersecurity capabilities and develop a roadmap for improvement.

The NIST Cybersecurity Framework is designed to be adaptable to different sectors, organizations of various sizes, and varying risk profiles. It promotes a risk-based approach to cybersecurity, emphasizing the importance of identifying and prioritizing cybersecurity risks based on business needs and available resources.

By implementing the NIST Cybersecurity Framework, organizations can enhance their cybersecurity posture, better protect their systems and data, and improve their ability to respond to and recover from cybersecurity incidents. It is important to note that while the NIST Cybersecurity Framework provides valuable guidance, it is not a one-size-fits-all solution, and organizations should tailor its implementation to their specific needs and requirements.

06/05/2023

🔴 What you can do with your IP💻

Ayal Sasith Harshana
Campus Cluster / කැම්පස් පොකුර
Uditha Kariyawasam

09/04/2023

How does HTTP work 🌏