Masala [mah-SAH-lah] – A word used for a spice blend with myriad variations.
SecurityMasala.com is a portal set up for individuals to discuss the different flavors (spice blends) of information security ranging from Application Security to Zero Day Attacks.
Some of the common categories and their descriptions are given below.
Application Security - Covers software Security areas like Abuse Case Modeling, Security Design and Architecture Reviews, Security Code Review, Security Testing, Vulnerability Analysis (VA) and Penetration Testing.
Business Continuity and Recovery - Covers areas pertaining to BCRP (Business Continuity and Recovery Procedures), Business Impact Analysis, DR (Disaster Recovery), Version Controls and Configuration Management Planning.
Compliance - Covers areas apropos the various compliance regulations like Sarbanes-Oxley (SOX), Payment Card Industry (PCI), GLBA, FISMA, DoD 8570.1 mandates etc, and how companies have been intelligently addressing compliance requirements.
Events - Covers the various upcoming events like Conferences, Trade Shows, Training and other sponsored events by the information security community.
Forensics - Covers areas around Discovery, Incident Handling Do’s and Dont’s, Chain of Custody, Evidence Admissibility and many more Forensics topics.
ISM-Community.org – Covers topics related to the Information Security Management Community and its various chapters and projects.
Jobs - Covers the areas of information security jobs and careers, the movers and shakers, the profile of an information security professional, roles of a CSO/CISO and opportunities.
Management - Covers the principles of security management, CSOs and CISOs and executives who are in the information security space.
Network Security - Covers topics such as perimeter defense, intrusion detection systems (IDS’), intrusion prevention systems (IPS’), secure network topologies and architecture, segmented and distributed network computing, L2 attacks and defenses etc.
OS Security - Its not all about patching, patching, patching. Covers areas of minimum security baselines, hardening configurations for various Windows and Linux /Unix OS’.
Risk Management - This area is dedicated to risk management, comprising of risk assessment, modeling, analysis, mitigation, transfer and avoidance areas.
Tools - This area is to discuss the various free and commercial security tools available to the information security professional.
Vulnerabilities - Section is dedicated to cover topics regarding vulnerabilities that are hot-off-the-press, full disclosure items, research findings and defense mechanisms.
Wireless Security - No longer do you need to be connected to be compromised. This section will cover wireless attacks, tools, the potentially “hostile air-space”, research in this regard, WEP, WPA etc.
Zero Day - Covers areas of information security disclosures unlawfully released or on the day of public releases.
