Information Security

This post was published when this blog was also in French. This post is available in English. Depuis les dernières années, je suis de plus en plus du côté de l’audit TI et de la sécurité de l’information. Du moins, en théorie, j’ai encore plusieurs projets techniques… Toutefois, ça faisait déjà quelque temps que je voulais poursuivre la certification « Offensive Security Certified Professional » (OSCP).

I am more an IT auditor, and on the business side of information security (at least, in theory, I still like doing many technical projects). However, it was still important for me to pursue the Offensive Security Certified Professional (OSCP) certification.

As I wrote in one of my previous posts, emails are not a secure way to communicate and exchange confidential information but this is not all. In information security, the CIA triad (confidentiality, integrity and availability) is often cited alongside with other key elements such as authenticity and non-repudiation.

Accountability is one principle often forgotten in daily business and many employees don’t take seriously their credentials e.g. usernames and passwords. What would be your reaction if an auditor or a person from a law enforcement agency would like to ask you some questions regarding a fraud in your organization?

This post was published when this blog was only in French. At the moment, there is no translation available for this post. Pour protéger ses informations, il ne s’agit pas toujours de mettre en place des solutions avancées. En fait, c’est souvent l’ensemble de plusieurs mesures de sécurité qui permettent de protéger globalement l’information.

This post was published when this blog was only in French. At the moment, there is no translation available for this post. Que ce soit dans nos vies personnelles ou professionnelles, la gestion des courriels est bien souvent un des premiers services maitrisés sur un ordinateur.

This post was published when this blog was only in French. At the moment, there is no translation available for this post. Suite à mon dernier article concernant l’authentification à deux facteurs, j’ai contacté les principales banques canadiennes pour vérifier s’il était possible d’activer une solution d’authentification à multifacteurs avec leurs services bancaires en ligne.

This post was published when this blog was only in French. At the moment, there is no translation available for this post. Tout d’abord, il est important de mentionner que l’authentification à deux facteurs n’est aucunement un nouveau concept. Auparavant, les possibilités étaient simplement réservées aux grandes entreprises notamment avec la solution SecurID de RSA Security pour accéder à différents systèmes d’information.