Abusaif Information Security

In this article, I will introduce the concept of Information Security (InfoSec) as an independent section or department in the organization. I will start from the beginning by explaining what is information and what is information in the organization until we reach to a point where we can differentiate between Information Technology (IT) and Information Security (InfoSec) which is somehow related terms and also a related department in the organization. But, it should to independent departments in the organization. Just to mention at the beginning that the purpose of this article is not to reduce the importance of IT in the organization but to clarify that IT is a department that is handling an important part of the organization strategy and goals and InfoSec also handling another impotent part of the organization strategy and goals. Better to start by explaining what is Information. It is something that people can learn, know about, or understand. For example, the book contain

Passwords are the weakest and most popular factor of authentication to access websites and systems. Now a day all systems demand specific criteria to set the password, for example, the password complexity which it should include capital letters, small letters, special characters, and numbers. Also, it should be expired after a specific period of time for example 60 or 90 days. Moreover, using the password history to avoid using password already used. And more criteria that make the user life difficult with passwords. These rules and restrictions make the users abusing the password. For example, by using the same password in all accounts belong to them. Writing the password somewhere so they can come back for it when they need it. In that way, they make the job of the attacker much easier to hack their accounts and by hacking one password they will have access to all your accounts.  How to hack the password? different techniques available. The most effective techni

I was facing problem in arranging my thoughts on how I can manage the vulnerability scan results of the servers and other equipment on my network.  I wrote this article to bring the results of the research that I performed in this field to help others in managing the vulnerabilities and resolve it as soon as possible. Because the main factor in vulnerability management is time as soon as you resolve it as soon as you will be secure.    Vulnerability assessment (VA)  is part of the vulnerability management (VM) tasks that the security professional perform on regular basis. The first step in any VM task is to discover your network and find all the assets you have to assess the vulnerabilities on it. So, you need a tool to map and discover your network and run it. Keep in mind to perform the discovery scan on a frequent basis to keep your asset list up to date.  The second step reviews the results and group  the assets based on an operating system that assets run on. The method I u