tag:blogger.com,1999:blog-38644729624442673212024-03-19T05:45:22.658-07:00Blogs on Information Security and Risk ManagementAnonymoushttp://www.blogger.com/profile/05680677994525987708noreply@blogger.comBlogger11125tag:blogger.com,1999:blog-3864472962444267321.post-82374028489804877072023-11-04T23:34:00.000-07:002023-11-04T23:35:12.043-07:00test publish<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/a/AVvXsEgIZGyLPjBCJcWfsbB8VDNZoeFgrCuHOcV7PBGezP6UZyttiRRtuJfnhImAlBlpmJTXvCyZYT-Ii_0VytmIJ9yAASLvsAKM4p9g7te27aLZDRvk88HOH1C7aGPoKimldDvYUOdi9cjzFmEK5hqS9fd9PXnT9aWHbMYf8RfRuBWucC3rjC_37bNc3b2g" imageanchor="1" style="margin-left: 1em; margin-right: 1em;">
<img border="0" src="https://blogger.googleusercontent.com/img/a/AVvXsEgIZGyLPjBCJcWfsbB8VDNZoeFgrCuHOcV7PBGezP6UZyttiRRtuJfnhImAlBlpmJTXvCyZYT-Ii_0VytmIJ9yAASLvsAKM4p9g7te27aLZDRvk88HOH1C7aGPoKimldDvYUOdi9cjzFmEK5hqS9fd9PXnT9aWHbMYf8RfRuBWucC3rjC_37bNc3b2g" width="400">
</a>
</div><div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/a/AVvXsEih1-EMEVvxTW3JJ69n9ptb6K82Tuz522H06wBoT2ioI1tO0dB_x4w9dlOYHX1Bu_N5b1SvcrIGXbxaQa_CVxZ2F-AWcEh6TVow7ibxoQki1_rL0LOUXXpkHNf1lcNw_RH22JoXldsrZx3vGlNw6bepc46NqN-88Zmf_hw3DUS7CHb0rfS7NlWOsKgT" imageanchor="1" style="margin-left: 1em; margin-right: 1em;">
<img border="0" src="https://blogger.googleusercontent.com/img/a/AVvXsEih1-EMEVvxTW3JJ69n9ptb6K82Tuz522H06wBoT2ioI1tO0dB_x4w9dlOYHX1Bu_N5b1SvcrIGXbxaQa_CVxZ2F-AWcEh6TVow7ibxoQki1_rL0LOUXXpkHNf1lcNw_RH22JoXldsrZx3vGlNw6bepc46NqN-88Zmf_hw3DUS7CHb0rfS7NlWOsKgT" width="400">
</a>
</div>Anonymoushttp://www.blogger.com/profile/05680677994525987708noreply@blogger.com0tag:blogger.com,1999:blog-3864472962444267321.post-81251939757105948992015-08-03T01:55:00.000-07:002016-02-29T04:32:42.485-08:00[SERIES] POPII - Protection Of Personally Identifiable Information - Part 1<div dir="ltr" style="text-align: left;" trbidi="on">
Privacy – this is
very interesting, everybody wants protection over their own PII at the same
time people are eager to know other PII.<br />
<div class="MsoNormal">
<o:p></o:p></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
So what is Privacy
or Personally Identifiable Information (PII)?<o:p></o:p></div>
<div class="MsoNormal">
<br /></div>
<div align="center" class="MsoNormal" style="text-align: center;">
<b><span style="color: blue;">PII is any data that could identify any living
individual.<o:p></o:p></span></b></div>
<div class="MsoNormal" style="text-align: justify;">
<br /></div>
<div class="MsoNormal" style="text-align: justify;">
Before I start further, let’s understand few terminologies<o:p></o:p></div>
<table border="1" cellpadding="0" cellspacing="0" class="MsoTableGrid" style="border-collapse: collapse; border: none; mso-border-alt: solid windowtext .5pt; mso-border-insideh: .5pt solid windowtext; mso-border-insidev: .5pt solid windowtext; mso-padding-alt: 0cm 5.4pt 0cm 5.4pt; mso-yfti-tbllook: 480;">
<tbody>
<tr>
<td style="border: solid windowtext 1.0pt; mso-border-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 86.4pt;" valign="top" width="115"><div class="MsoNormal" style="text-align: justify;">
Data Controller<o:p></o:p></div>
</td>
<td style="border-left: none; border: solid windowtext 1.0pt; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 339.7pt;" valign="top" width="453"><div class="MsoNormal" style="text-align: justify;">
<b>Data controller</b> means
… a person who (either alone or jointly or in common with other persons)
determines the purposes for which and the manner in which any personal data
are, or are to be, processed.<o:p></o:p></div>
</td>
</tr>
<tr>
<td style="border-top: none; border: solid windowtext 1.0pt; mso-border-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 86.4pt;" valign="top" width="115"><div class="MsoNormal" style="text-align: justify;">
Data Processor<o:p></o:p></div>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 339.7pt;" valign="top" width="453"><div class="MsoNormal" style="text-align: justify;">
<b>Data processor</b>, in
relation to personal data, means any person (other than an employee of the
data controller) who processes the data on behalf of the data controller.<o:p></o:p></div>
</td>
</tr>
<tr>
<td style="border-top: none; border: solid windowtext 1.0pt; mso-border-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 86.4pt;" valign="top" width="115"><div class="MsoNormal" style="text-align: justify;">
Data Subject<o:p></o:p></div>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 339.7pt;" valign="top" width="453"><div class="MsoNormal" style="text-align: justify;">
<b>Data processor</b> means an
individual who is the subject of personal data.<o:p></o:p></div>
</td>
</tr>
<tr>
<td colspan="2" style="border-top: none; border: solid windowtext 1.0pt; mso-border-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 426.1pt;" valign="top" width="568"><div align="center" class="MsoNormal" style="text-align: center;">
<b><span style="background: rgb(247 , 243 , 240); font-family: "verdana"; font-size: 7.5pt;">Source:</span></b>
<b><span style="background: rgb(247 , 243 , 240); font-family: "verdana"; font-size: 7.5pt;"><a href="https://ico.org.uk/for-organisations/guide-to-data-protection/key-definitions/"><span style="font-weight: normal;">https://ico.org.uk/for-organisations/guide-to-data-protection/key-definitions/</span></a>
<o:p></o:p></span></b></div>
</td>
</tr>
</tbody></table>
<div class="MsoNormal" style="text-align: justify;">
<br /></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal" style="text-align: justify;">
There are laws and regulations on POPII across many countries. Different
countries have defined privacy rules as per their requirements. All countries
PII laws and regulations talk same with little changes. In general there are 7
to 10 Privacy Principles across various country’s laws and regulations <o:p></o:p></div>
<div class="MsoNormal" style="margin-left: 18.0pt;">
<br /></div>
<div class="MsoNormal" style="text-align: justify;">
We shall discuss these principles in detail. However what is important is:
<o:p></o:p></div>
<div align="center" class="MsoNormal" style="text-align: center;">
<br /></div>
<div align="center" class="MsoNormal" style="text-align: center;">
<span style="background: yellow; mso-bidi-font-weight: bold; mso-highlight: yellow;">When
and how organizations are receiving PII?</span><o:p></o:p></div>
<div align="center" class="MsoNormal" style="text-align: center;">
<br /></div>
<div align="center" class="MsoNormal" style="text-align: center;">
<span style="background: lime; mso-bidi-font-weight: bold; mso-highlight: lime;">OR RATHER</span> I would say<o:p></o:p></div>
<div align="center" class="MsoNormal" style="text-align: center;">
<br /></div>
<div align="center" class="MsoNormal" style="text-align: center;">
<span style="background: yellow; mso-bidi-font-weight: bold; mso-highlight: yellow;">How do
we end ourselves giving PII to different entities Knowing or -unknowingly?</span><o:p></o:p></div>
<div class="MsoNormal" style="text-align: justify;">
<br /></div>
<div class="MsoNormal" style="text-align: justify;">
To understand this holistically, let’s take examples of few different
industries<o:p></o:p></div>
<div class="MsoNormal" style="text-align: justify;">
<br /></div>
<table border="1" cellpadding="0" cellspacing="0" class="MsoTableGrid" style="border-collapse: collapse; border: none; margin-left: -3.6pt; mso-border-alt: solid windowtext .5pt; mso-border-insideh: .5pt solid windowtext; mso-border-insidev: .5pt solid windowtext; mso-padding-alt: 0cm 5.4pt 0cm 5.4pt; mso-table-layout-alt: fixed; mso-yfti-tbllook: 480;">
<thead>
<tr>
<td style="background: blue; border: solid windowtext 1.0pt; mso-border-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 23.4pt;" valign="top" width="31"><div align="center" class="MsoNormal" style="text-align: center;">
<b><span style="color: white;">Sr<o:p></o:p></span></b></div>
</td>
<td style="background: blue; border-left: none; border: solid windowtext 1.0pt; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 75.6pt;" valign="top" width="101"><div align="center" class="MsoNormal" style="text-align: center;">
<b><span style="color: white;">Industries/ Category<o:p></o:p></span></b></div>
</td>
<td style="background: blue; border-left: none; border: solid windowtext 1.0pt; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 90.0pt;" valign="top" width="120"><div align="center" class="MsoNormal" style="text-align: center;">
<b><span style="color: white;">PII Entry Point<o:p></o:p></span></b></div>
</td>
<td style="background: blue; border-left: none; border: solid windowtext 1.0pt; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 108.0pt;" valign="top" width="144"><div align="center" class="MsoNormal" style="text-align: center;">
<b><span style="color: white;">PII<o:p></o:p></span></b></div>
</td>
<td style="background: blue; border-left: none; border: solid windowtext 1.0pt; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 93.6pt;" valign="top" width="125"><div align="center" class="MsoNormal" style="text-align: center;">
<b><span style="color: white;">Mode<o:p></o:p></span></b></div>
</td>
<td style="background: blue; border-left: none; border: solid windowtext 1.0pt; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 86.4pt;" valign="top" width="115"><div align="center" class="MsoNormal" style="text-align: center;">
<b><span style="color: white;">Concerns</span><o:p></o:p></b></div>
</td>
</tr>
</thead>
<tbody>
<tr>
<td style="border-top: none; border: solid windowtext 1.0pt; mso-border-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 23.4pt;" valign="top" width="31"><div class="MsoNormal" style="text-align: justify;">
1<o:p></o:p></div>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 75.6pt;" valign="top" width="101"><div class="MsoNormal" style="text-align: justify;">
Bank or Financial industries<o:p></o:p></div>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 90.0pt;" valign="top" width="120"><div class="MsoNormal" style="margin-left: 12.6pt; mso-list: l0 level1 lfo1; tab-stops: list 12.6pt; text-align: justify; text-indent: -12.6pt;">
<!--[if !supportLists]--><span style="font-family: "symbol"; mso-bidi-font-family: Symbol; mso-bidi-font-weight: bold; mso-fareast-font-family: Symbol;">·<span style="font-family: "times new roman"; font-size: 7pt; font-stretch: normal;"> </span></span><!--[endif]--><span dir="LTR">At the time of opening an
account (Fixed Deposit, Saving / Current acc, Loan etc)<o:p></o:p></span></div>
<div class="MsoNormal" style="margin-left: 12.6pt; mso-list: l0 level1 lfo1; tab-stops: list 12.6pt; text-align: justify; text-indent: -12.6pt;">
<!--[if !supportLists]--><span style="font-family: "symbol"; mso-bidi-font-family: Symbol; mso-bidi-font-weight: bold; mso-fareast-font-family: Symbol;">·<span style="font-family: "times new roman"; font-size: 7pt; font-stretch: normal;"> </span></span><!--[endif]--><span dir="LTR"><o:p> </o:p></span></div>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 108.0pt;" valign="top" width="144"><div class="MsoNormal" style="margin-left: 12.6pt; mso-list: l0 level1 lfo1; tab-stops: list 12.6pt; text-align: justify; text-indent: -12.6pt;">
<!--[if !supportLists]--><span style="font-family: "symbol"; mso-bidi-font-family: Symbol; mso-bidi-font-weight: bold; mso-fareast-font-family: Symbol;">·<span style="font-family: "times new roman"; font-size: 7pt; font-stretch: normal;"> </span></span><!--[endif]--><span dir="LTR">Name & Address, <o:p></o:p></span></div>
<div class="MsoNormal" style="margin-left: 12.6pt; mso-list: l0 level1 lfo1; tab-stops: list 12.6pt; text-align: justify; text-indent: -12.6pt;">
<!--[if !supportLists]--><span style="font-family: "symbol"; mso-bidi-font-family: Symbol; mso-bidi-font-weight: bold; mso-fareast-font-family: Symbol;">·<span style="font-family: "times new roman"; font-size: 7pt; font-stretch: normal;"> </span></span><!--[endif]--><span dir="LTR">Age & Gender<o:p></o:p></span></div>
<div class="MsoNormal" style="margin-left: 12.6pt; mso-list: l0 level1 lfo1; tab-stops: list 12.6pt; text-align: justify; text-indent: -12.6pt;">
<!--[if !supportLists]--><span style="font-family: "symbol"; mso-bidi-font-family: Symbol; mso-bidi-font-weight: bold; mso-fareast-font-family: Symbol;">·<span style="font-family: "times new roman"; font-size: 7pt; font-stretch: normal;"> </span></span><!--[endif]--><span dir="LTR">Religion & Nationality<o:p></o:p></span></div>
<div class="MsoNormal" style="margin-left: 12.6pt; mso-list: l0 level1 lfo1; tab-stops: list 12.6pt; text-align: justify; text-indent: -12.6pt;">
<!--[if !supportLists]--><span style="font-family: "symbol"; mso-bidi-font-family: Symbol; mso-bidi-font-weight: bold; mso-fareast-font-family: Symbol;">·<span style="font-family: "times new roman"; font-size: 7pt; font-stretch: normal;"> </span></span><!--[endif]--><span dir="LTR">Education etc<o:p></o:p></span></div>
<div class="MsoNormal" style="text-align: justify;">
(Demographic Info)<o:p></o:p></div>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 93.6pt;" valign="top" width="125"><div class="MsoNormal" style="margin-left: 12.6pt; mso-list: l0 level1 lfo1; tab-stops: list 12.6pt; text-align: justify; text-indent: -12.6pt;">
<!--[if !supportLists]--><span style="font-family: "symbol"; mso-bidi-font-family: Symbol; mso-bidi-font-weight: bold; mso-fareast-font-family: Symbol;">·<span style="font-family: "times new roman"; font-size: 7pt; font-stretch: normal;"> </span></span><!--[endif]--><span dir="LTR">Physical form and later
electronic form (Computer & Media)<o:p></o:p></span></div>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 86.4pt;" valign="top" width="115"><div class="MsoNormal" style="text-align: justify;">
Not much as such industries have strict regulations to follow in most
of the countries.<o:p></o:p></div>
</td>
</tr>
<tr>
<td style="border-top: none; border: solid windowtext 1.0pt; mso-border-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 23.4pt;" valign="top" width="31"><div class="MsoNormal" style="text-align: justify;">
2<o:p></o:p></div>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 75.6pt;" valign="top" width="101"><div class="MsoNormal" style="text-align: justify;">
Research Company<o:p></o:p></div>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 90.0pt;" valign="top" width="120"><div class="MsoNormal" style="margin-left: 12.6pt; mso-list: l0 level1 lfo1; tab-stops: list 12.6pt; text-align: justify; text-indent: -12.6pt;">
<!--[if !supportLists]--><span style="font-family: "symbol"; mso-bidi-font-family: Symbol; mso-bidi-font-weight: bold; mso-fareast-font-family: Symbol;">·<span style="font-family: "times new roman"; font-size: 7pt; font-stretch: normal;"> </span></span><!--[endif]--><span dir="LTR">Online Survey<o:p></o:p></span></div>
<div class="MsoNormal" style="margin-left: 12.6pt; mso-list: l0 level1 lfo1; tab-stops: list 12.6pt; text-align: justify; text-indent: -12.6pt;">
<!--[if !supportLists]--><span style="font-family: "symbol"; mso-bidi-font-family: Symbol; mso-bidi-font-weight: bold; mso-fareast-font-family: Symbol;">·<span style="font-family: "times new roman"; font-size: 7pt; font-stretch: normal;"> </span></span><!--[endif]--><span dir="LTR">Field Survey<o:p></o:p></span></div>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 108.0pt;" valign="top" width="144"><div class="MsoNormal" style="margin-left: 12.6pt; mso-list: l0 level1 lfo1; tab-stops: list 12.6pt; text-align: justify; text-indent: -12.6pt;">
<!--[if !supportLists]--><span style="font-family: "symbol"; mso-bidi-font-family: Symbol; mso-bidi-font-weight: bold; mso-fareast-font-family: Symbol;">·<span style="font-family: "times new roman"; font-size: 7pt; font-stretch: normal;"> </span></span><!--[endif]--><span dir="LTR">Demographic Info as mentioned
above<o:p></o:p></span></div>
<div class="MsoNormal" style="margin-left: 12.6pt; mso-list: l0 level1 lfo1; tab-stops: list 12.6pt; text-align: justify; text-indent: -12.6pt;">
<!--[if !supportLists]--><span style="font-family: "symbol"; mso-bidi-font-family: Symbol; mso-bidi-font-weight: bold; mso-fareast-font-family: Symbol;">·<span style="font-family: "times new roman"; font-size: 7pt; font-stretch: normal;"> </span></span><!--[endif]--><span dir="LTR">Depend upon type of survey,
it could be your personal political opinion, relational belief, Medical /
Health related survey <o:p></o:p></span></div>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 93.6pt;" valign="top" width="125"><div class="MsoNormal" style="margin-left: 12.6pt; mso-list: l0 level1 lfo1; tab-stops: list 12.6pt; text-align: justify; text-indent: -12.6pt;">
<!--[if !supportLists]--><span style="font-family: "symbol"; mso-bidi-font-family: Symbol; mso-bidi-font-weight: bold; mso-fareast-font-family: Symbol;">·<span style="font-family: "times new roman"; font-size: 7pt; font-stretch: normal;"> </span></span><!--[endif]--><span dir="LTR">Physical form and later
electronic form (Computer & Media)<o:p></o:p></span></div>
<div class="MsoNormal" style="margin-left: 12.6pt; mso-list: l0 level1 lfo1; tab-stops: list 12.6pt; text-align: justify; text-indent: -12.6pt;">
<!--[if !supportLists]--><span style="font-family: "symbol"; mso-bidi-font-family: Symbol; mso-bidi-font-weight: bold; mso-fareast-font-family: Symbol;">·<span style="font-family: "times new roman"; font-size: 7pt; font-stretch: normal;"> </span></span><!--[endif]--><span dir="LTR"><o:p> </o:p></span></div>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 86.4pt;" valign="top" width="115"><div class="MsoNormal" style="margin-left: 12.6pt; mso-list: l0 level1 lfo1; tab-stops: list 12.6pt; text-align: justify; text-indent: -12.6pt;">
<!--[if !supportLists]--><span style="font-family: "symbol"; mso-bidi-font-family: Symbol; mso-bidi-font-weight: bold; mso-fareast-font-family: Symbol;">·<span style="font-family: "times new roman"; font-size: 7pt; font-stretch: normal;"> </span></span><!--[endif]--><span dir="LTR">Are you aware what the
purpose of these survey<o:p></o:p></span></div>
<div class="MsoNormal" style="margin-left: 12.6pt; mso-list: l0 level1 lfo1; tab-stops: list 12.6pt; text-align: justify; text-indent: -12.6pt;">
<!--[if !supportLists]--><span style="font-family: "symbol"; mso-bidi-font-family: Symbol; mso-bidi-font-weight: bold; mso-fareast-font-family: Symbol;">·<span style="font-family: "times new roman"; font-size: 7pt; font-stretch: normal;"> </span></span><!--[endif]--><span dir="LTR">Are aware how your PII would
be protected by these research companies?<o:p></o:p></span></div>
<div class="MsoNormal" style="margin-left: 12.6pt; mso-list: l0 level1 lfo1; tab-stops: list 12.6pt; text-align: justify; text-indent: -12.6pt;">
<!--[if !supportLists]--><span style="font-family: "symbol"; mso-bidi-font-family: Symbol; mso-bidi-font-weight: bold; mso-fareast-font-family: Symbol;">·<span style="font-family: "times new roman"; font-size: 7pt; font-stretch: normal;"> </span></span><!--[endif]--><span dir="LTR">Are they going to sale your
PII?<o:p></o:p></span></div>
<div class="MsoNormal" style="margin-left: 12.6pt; mso-list: l0 level1 lfo1; tab-stops: list 12.6pt; text-align: justify; text-indent: -12.6pt;">
<!--[if !supportLists]--><span style="font-family: "symbol"; mso-bidi-font-family: Symbol; mso-bidi-font-weight: bold; mso-fareast-font-family: Symbol;">·<span style="font-family: "times new roman"; font-size: 7pt; font-stretch: normal;"> </span></span><!--[endif]--><span dir="LTR">How long are they going to
keep your PII?<o:p></o:p></span></div>
</td>
</tr>
<tr>
<td style="border-top: none; border: solid windowtext 1.0pt; mso-border-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 23.4pt;" valign="top" width="31"><div class="MsoNormal" style="text-align: justify;">
3<o:p></o:p></div>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 75.6pt;" valign="top" width="101"><div class="MsoNormal" style="text-align: justify;">
BPO / KPOs<o:p></o:p></div>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 90.0pt;" valign="top" width="120"><div class="MsoNormal" style="margin-left: 12.6pt; mso-list: l0 level1 lfo1; tab-stops: list 12.6pt; text-align: justify; text-indent: -12.6pt;">
<!--[if !supportLists]--><span style="font-family: "symbol"; mso-bidi-font-family: Symbol; mso-bidi-font-weight: bold; mso-fareast-font-family: Symbol;">·<span style="font-family: "times new roman"; font-size: 7pt; font-stretch: normal;"> </span></span><!--[endif]--><span dir="LTR">Outsourcing or subcontracting<o:p></o:p></span></div>
<div class="MsoNormal" style="margin-left: 12.6pt; mso-list: l0 level1 lfo1; tab-stops: list 12.6pt; text-align: justify; text-indent: -12.6pt;">
<!--[if !supportLists]--><span style="font-family: "symbol"; mso-bidi-font-family: Symbol; mso-bidi-font-weight: bold; mso-fareast-font-family: Symbol;">·<span style="font-family: "times new roman"; font-size: 7pt; font-stretch: normal;"> </span></span><!--[endif]--><span dir="LTR">Data controller might share
PII to third party (as a part of outsourcing. Data controller could be Bank,
Insurance company, research firm, hospital, <st1:city w:st="on"><st1:place w:st="on">Parma</st1:place></st1:city> company etc.<o:p></o:p></span></div>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 108.0pt;" valign="top" width="144"><div class="MsoNormal" style="margin-left: 12.6pt; mso-list: l0 level1 lfo1; tab-stops: list 12.6pt; text-align: justify; text-indent: -12.6pt;">
<!--[if !supportLists]--><span style="font-family: "symbol"; mso-bidi-font-family: Symbol; mso-bidi-font-weight: bold; mso-fareast-font-family: Symbol;">·<span style="font-family: "times new roman"; font-size: 7pt; font-stretch: normal;"> </span></span><!--[endif]--><span dir="LTR">Any of above<o:p></o:p></span></div>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 93.6pt;" valign="top" width="125"><div class="MsoNormal" style="margin-left: 12.6pt; mso-list: l0 level1 lfo1; tab-stops: list 12.6pt; text-align: justify; text-indent: -12.6pt;">
<!--[if !supportLists]--><span style="font-family: "symbol"; mso-bidi-font-family: Symbol; mso-bidi-font-weight: bold; mso-fareast-font-family: Symbol;">·<span style="font-family: "times new roman"; font-size: 7pt; font-stretch: normal;"> </span></span><!--[endif]--><span dir="LTR">Mostly electronic form<o:p></o:p></span></div>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 86.4pt;" valign="top" width="115"><div class="MsoNormal" style="margin-left: 12.6pt; mso-list: l0 level1 lfo1; tab-stops: list 12.6pt; text-align: justify; text-indent: -12.6pt;">
<!--[if !supportLists]--><span style="font-family: "symbol"; mso-bidi-font-family: Symbol; mso-bidi-font-weight: bold; mso-fareast-font-family: Symbol;">·<span style="font-family: "times new roman"; font-size: 7pt; font-stretch: normal;"> </span></span><!--[endif]--><span dir="LTR">Are you aware data controller
is going to share PII with third?<o:p></o:p></span></div>
<div class="MsoNormal" style="margin-left: 12.6pt; mso-list: l0 level1 lfo1; tab-stops: list 12.6pt; text-align: justify; text-indent: -12.6pt;">
<!--[if !supportLists]--><span style="font-family: "symbol"; mso-bidi-font-family: Symbol; mso-bidi-font-weight: bold; mso-fareast-font-family: Symbol;">·<span style="font-family: "times new roman"; font-size: 7pt; font-stretch: normal;"> </span></span><!--[endif]--><span dir="LTR">Did you give consent to your
data controller?<o:p></o:p></span></div>
<div class="MsoNormal" style="margin-left: 12.6pt; mso-list: l0 level1 lfo1; tab-stops: list 12.6pt; text-align: justify; text-indent: -12.6pt;">
<!--[if !supportLists]--><span style="font-family: "symbol"; mso-bidi-font-family: Symbol; mso-bidi-font-weight: bold; mso-fareast-font-family: Symbol;">·<span style="font-family: "times new roman"; font-size: 7pt; font-stretch: normal;"> </span></span><!--[endif]--><span dir="LTR">Do you know how your PII is
going to be protected at third party?<o:p></o:p></span></div>
<div class="MsoNormal" style="margin-left: 12.6pt; mso-list: l0 level1 lfo1; tab-stops: list 12.6pt; text-align: justify; text-indent: -12.6pt;">
<!--[if !supportLists]--><span style="font-family: "symbol"; mso-bidi-font-family: Symbol; mso-bidi-font-weight: bold; mso-fareast-font-family: Symbol;">·<span style="font-family: "times new roman"; font-size: 7pt; font-stretch: normal;"> </span></span><!--[endif]--><span dir="LTR">Do you know if your PII is
going out of your country? Other counties might not protect your PII as your
country.<o:p></o:p></span></div>
</td>
</tr>
<tr>
<td style="border-top: none; border: solid windowtext 1.0pt; mso-border-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 23.4pt;" valign="top" width="31"><div class="MsoNormal" style="text-align: justify;">
4<o:p></o:p></div>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 75.6pt;" valign="top" width="101"><div class="MsoNormal" style="text-align: justify;">
Dispensary, hospital<o:p></o:p></div>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 90.0pt;" valign="top" width="120"><div class="MsoNormal" style="margin-left: 12.6pt; mso-list: l0 level1 lfo1; tab-stops: list 12.6pt; text-align: justify; text-indent: -12.6pt;">
<!--[if !supportLists]--><span style="font-family: "symbol"; mso-bidi-font-family: Symbol; mso-bidi-font-weight: bold; mso-fareast-font-family: Symbol;">·<span style="font-family: "times new roman"; font-size: 7pt; font-stretch: normal;"> </span></span><!--[endif]--><span dir="LTR">Hospitalization<o:p></o:p></span></div>
<div class="MsoNormal" style="margin-left: 12.6pt; mso-list: l0 level1 lfo1; tab-stops: list 12.6pt; text-align: justify; text-indent: -12.6pt;">
<!--[if !supportLists]--><span style="font-family: "symbol"; mso-bidi-font-family: Symbol; mso-bidi-font-weight: bold; mso-fareast-font-family: Symbol;">·<span style="font-family: "times new roman"; font-size: 7pt; font-stretch: normal;"> </span></span><!--[endif]--><span dir="LTR">Regular checkups<o:p></o:p></span></div>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 108.0pt;" valign="top" width="144"><div class="MsoNormal" style="text-align: justify;">
<b>Sensitive PII<o:p></o:p></b></div>
<div class="MsoNormal" style="margin-left: 12.6pt; mso-list: l0 level1 lfo1; tab-stops: list 12.6pt; text-align: justify; text-indent: -12.6pt;">
<!--[if !supportLists]--><span style="font-family: "symbol"; mso-bidi-font-family: Symbol; mso-bidi-font-weight: bold; mso-fareast-font-family: Symbol;">·<span style="font-family: "times new roman"; font-size: 7pt; font-stretch: normal;"> </span></span><!--[endif]--><span dir="LTR">insurance details<o:p></o:p></span></div>
<div class="MsoNormal" style="margin-left: 12.6pt; mso-list: l0 level1 lfo1; tab-stops: list 12.6pt; text-align: justify; text-indent: -12.6pt;">
<!--[if !supportLists]--><span style="font-family: "symbol"; mso-bidi-font-family: Symbol; mso-bidi-font-weight: bold; mso-fareast-font-family: Symbol;">·<span style="font-family: "times new roman"; font-size: 7pt; font-stretch: normal;"> </span></span><!--[endif]--><span dir="LTR">SSN<o:p></o:p></span></div>
<div class="MsoNormal" style="margin-left: 12.6pt; mso-list: l0 level1 lfo1; tab-stops: list 12.6pt; text-align: justify; text-indent: -12.6pt;">
<!--[if !supportLists]--><span style="font-family: "symbol"; mso-bidi-font-family: Symbol; mso-bidi-font-weight: bold; mso-fareast-font-family: Symbol;">·<span style="font-family: "times new roman"; font-size: 7pt; font-stretch: normal;"> </span></span><!--[endif]--><span dir="LTR">Health problem<o:p></o:p></span></div>
<div class="MsoNormal" style="margin-left: 12.6pt; mso-list: l0 level1 lfo1; tab-stops: list 12.6pt; text-align: justify; text-indent: -12.6pt;">
<!--[if !supportLists]--><span style="font-family: "symbol"; mso-bidi-font-family: Symbol; mso-bidi-font-weight: bold; mso-fareast-font-family: Symbol;">·<span style="font-family: "times new roman"; font-size: 7pt; font-stretch: normal;"> </span></span><!--[endif]--><span dir="LTR">Any health related deficiency
<o:p></o:p></span></div>
<div class="MsoNormal" style="margin-left: 12.6pt; mso-list: l0 level1 lfo1; tab-stops: list 12.6pt; text-align: justify; text-indent: -12.6pt;">
<!--[if !supportLists]--><span style="font-family: "symbol"; mso-bidi-font-family: Symbol; mso-bidi-font-weight: bold; mso-fareast-font-family: Symbol;">·<span style="font-family: "times new roman"; font-size: 7pt; font-stretch: normal;"> </span></span><!--[endif]--><span dir="LTR">History of health<o:p></o:p></span></div>
<div class="MsoNormal" style="margin-left: 12.6pt; mso-list: l0 level1 lfo1; tab-stops: list 12.6pt; text-align: justify; text-indent: -12.6pt;">
<!--[if !supportLists]--><span style="font-family: "symbol"; mso-bidi-font-family: Symbol; mso-bidi-font-weight: bold; mso-fareast-font-family: Symbol;">·<span style="font-family: "times new roman"; font-size: 7pt; font-stretch: normal;"> </span></span><!--[endif]--><span dir="LTR">Medicines related etc<o:p></o:p></span></div>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 93.6pt;" valign="top" width="125"><div class="MsoNormal" style="margin-left: 12.6pt; mso-list: l0 level1 lfo1; tab-stops: list 12.6pt; text-align: justify; text-indent: -12.6pt;">
<!--[if !supportLists]--><span style="font-family: "symbol"; mso-bidi-font-family: Symbol; mso-bidi-font-weight: bold; mso-fareast-font-family: Symbol;">·<span style="font-family: "times new roman"; font-size: 7pt; font-stretch: normal;"> </span></span><!--[endif]--><span dir="LTR">Mostly electronic form<o:p></o:p></span></div>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 86.4pt;" valign="top" width="115"><div class="MsoNormal" style="margin-left: 12.6pt; mso-list: l0 level1 lfo1; tab-stops: list 12.6pt; text-align: justify; text-indent: -12.6pt;">
<!--[if !supportLists]--><span style="font-family: "symbol"; mso-bidi-font-family: Symbol; mso-bidi-font-weight: bold; mso-fareast-font-family: Symbol;">·<span style="font-family: "times new roman"; font-size: 7pt; font-stretch: normal;"> </span></span><!--[endif]--><span dir="LTR">Most of the countries have
laws to govern health related information.<o:p></o:p></span></div>
<div class="MsoNormal" style="margin-left: 12.6pt; mso-list: l0 level1 lfo1; tab-stops: list 12.6pt; text-align: justify; text-indent: -12.6pt;">
<!--[if !supportLists]--><span style="font-family: "symbol"; mso-bidi-font-family: Symbol; mso-bidi-font-weight: bold; mso-fareast-font-family: Symbol;">·<span style="font-family: "times new roman"; font-size: 7pt; font-stretch: normal;"> </span></span><!--[endif]--><span dir="LTR"><span style="background: lime; mso-bidi-font-weight: bold; mso-highlight: lime;">But the problem I personally feel: “is there any ongoing compliance
audit? Have they published their privacy practices etc. Does Hospital staff aware of such information security requirements?</span> <o:p></o:p></span></div>
</td>
</tr>
<tr>
<td style="border-top: none; border: solid windowtext 1.0pt; mso-border-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 23.4pt;" valign="top" width="31"><div class="MsoNormal" style="text-align: justify;">
5<o:p></o:p></div>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 75.6pt;" valign="top" width="101"><div class="MsoNormal" style="text-align: justify;">
Hotels, Restaurant, Club membership <o:p></o:p></div>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 90.0pt;" valign="top" width="120"><div class="MsoNormal" style="margin-left: 12.6pt; mso-list: l0 level1 lfo1; tab-stops: list 12.6pt; text-align: justify; text-indent: -12.6pt;">
<!--[if !supportLists]--><span style="font-family: "symbol"; mso-bidi-font-family: Symbol; mso-bidi-font-weight: bold; mso-fareast-font-family: Symbol;">·<span style="font-family: "times new roman"; font-size: 7pt; font-stretch: normal;"> </span></span><!--[endif]--><span dir="LTR">check-in<o:p></o:p></span></div>
<div class="MsoNormal" style="margin-left: 12.6pt; mso-list: l0 level1 lfo1; tab-stops: list 12.6pt; text-align: justify; text-indent: -12.6pt;">
<!--[if !supportLists]--><span style="font-family: "symbol"; mso-bidi-font-family: Symbol; mso-bidi-font-weight: bold; mso-fareast-font-family: Symbol;">·<span style="font-family: "times new roman"; font-size: 7pt; font-stretch: normal;"> </span></span><!--[endif]--><span dir="LTR">opt for membership<o:p></o:p></span></div>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 108.0pt;" valign="top" width="144"><div class="MsoNormal" style="margin-left: 12.6pt; mso-list: l0 level1 lfo1; tab-stops: list 12.6pt; text-align: justify; text-indent: -12.6pt;">
<!--[if !supportLists]--><span style="font-family: "symbol"; mso-bidi-font-family: Symbol; mso-bidi-font-weight: bold; mso-fareast-font-family: Symbol;">·<span style="font-family: "times new roman"; font-size: 7pt; font-stretch: normal;"> </span></span><!--[endif]--><span dir="LTR">ID proof <o:p></o:p></span></div>
<div class="MsoNormal" style="margin-left: 12.6pt; mso-list: l0 level1 lfo1; tab-stops: list 12.6pt; text-align: justify; text-indent: -12.6pt;">
<!--[if !supportLists]--><span style="font-family: "symbol"; mso-bidi-font-family: Symbol; mso-bidi-font-weight: bold; mso-fareast-font-family: Symbol;">·<span style="font-family: "times new roman"; font-size: 7pt; font-stretch: normal;"> </span></span><!--[endif]--><span dir="LTR">demographic information<o:p></o:p></span></div>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 93.6pt;" valign="top" width="125"><div class="MsoNormal" style="margin-left: 12.6pt; mso-list: l0 level1 lfo1; tab-stops: list 12.6pt; text-align: justify; text-indent: -12.6pt;">
<!--[if !supportLists]--><span style="font-family: "symbol"; mso-bidi-font-family: Symbol; mso-bidi-font-weight: bold; mso-fareast-font-family: Symbol;">·<span style="font-family: "times new roman"; font-size: 7pt; font-stretch: normal;"> </span></span><!--[endif]--><span dir="LTR">Registration form (physical)
and later electronic mode<o:p></o:p></span></div>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 86.4pt;" valign="top" width="115"><div class="MsoNormal" style="margin-left: 12.6pt; mso-list: l0 level1 lfo1; tab-stops: list 12.6pt; text-align: justify; text-indent: -12.6pt;">
<!--[if !supportLists]--><span style="font-family: "symbol"; mso-bidi-font-family: Symbol; mso-bidi-font-weight: bold; mso-fareast-font-family: Symbol;">·<span style="font-family: "times new roman"; font-size: 7pt; font-stretch: normal;"> </span></span><!--[endif]--><span dir="LTR">Does hotel or club have
privacy policy?<o:p></o:p></span></div>
<div class="MsoNormal" style="margin-left: 12.6pt; mso-list: l0 level1 lfo1; tab-stops: list 12.6pt; text-align: justify; text-indent: -12.6pt;">
<!--[if !supportLists]--><span style="font-family: "symbol"; mso-bidi-font-family: Symbol; mso-bidi-font-weight: bold; mso-fareast-font-family: Symbol;">·<span style="font-family: "times new roman"; font-size: 7pt; font-stretch: normal;"> </span></span><!--[endif]--><span dir="LTR">Do their staffs understand
the importance of privacy?<o:p></o:p></span></div>
<div class="MsoNormal" style="margin-left: 12.6pt; mso-list: l0 level1 lfo1; tab-stops: list 12.6pt; text-align: justify; text-indent: -12.6pt;">
<!--[if !supportLists]--><span style="font-family: "symbol"; mso-bidi-font-family: Symbol; mso-bidi-font-weight: bold; mso-fareast-font-family: Symbol;">·<span style="font-family: "times new roman"; font-size: 7pt; font-stretch: normal;"> </span></span><!--[endif]--><span dir="LTR">Do they have infrastructure/system
to protect PII?<o:p></o:p></span></div>
<div class="MsoNormal" style="margin-left: 12.6pt; mso-list: l0 level1 lfo1; tab-stops: list 12.6pt; text-align: justify; text-indent: -12.6pt;">
<!--[if !supportLists]--><span style="font-family: "symbol"; mso-bidi-font-family: Symbol; mso-bidi-font-weight: bold; mso-fareast-font-family: Symbol;">·<span style="font-family: "times new roman"; font-size: 7pt; font-stretch: normal;"> </span></span><!--[endif]--><span dir="LTR">Are they going to share or
sale your PII to any other entity?<o:p></o:p></span></div>
</td>
</tr>
<tr>
<td style="border-top: none; border: solid windowtext 1.0pt; mso-border-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 23.4pt;" valign="top" width="31"><div class="MsoNormal" style="text-align: justify;">
6<o:p></o:p></div>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 75.6pt;" valign="top" width="101"><div class="MsoNormal" style="text-align: justify;">
<b>Others<o:p></o:p></b></div>
<div class="MsoNormal" style="text-align: justify;">
Shopkeeper, Shopping Mall, <o:p></o:p></div>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 90.0pt;" valign="top" width="120"><div class="MsoNormal" style="margin-left: 12.6pt; mso-list: l0 level1 lfo1; tab-stops: list 12.6pt; text-align: justify; text-indent: -12.6pt;">
<!--[if !supportLists]--><span style="font-family: "symbol"; mso-bidi-font-family: Symbol; mso-bidi-font-weight: bold; mso-fareast-font-family: Symbol;">·<span style="font-family: "times new roman"; font-size: 7pt; font-stretch: normal;"> </span></span><!--[endif]--><span dir="LTR">At the time invoice
generation<o:p></o:p></span></div>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 108.0pt;" valign="top" width="144"><div class="MsoNormal" style="margin-left: 12.6pt; mso-list: l0 level1 lfo1; tab-stops: list 12.6pt; text-align: justify; text-indent: -12.6pt;">
<!--[if !supportLists]--><span style="font-family: "symbol"; mso-bidi-font-family: Symbol; mso-bidi-font-weight: bold; mso-fareast-font-family: Symbol;">·<span style="font-family: "times new roman"; font-size: 7pt; font-stretch: normal;"> </span></span><!--[endif]--><span dir="LTR">Mobile no<o:p></o:p></span></div>
<div class="MsoNormal" style="margin-left: 12.6pt; mso-list: l0 level1 lfo1; tab-stops: list 12.6pt; text-align: justify; text-indent: -12.6pt;">
<!--[if !supportLists]--><span style="font-family: "symbol"; mso-bidi-font-family: Symbol; mso-bidi-font-weight: bold; mso-fareast-font-family: Symbol;">·<span style="font-family: "times new roman"; font-size: 7pt; font-stretch: normal;"> </span></span><!--[endif]--><span dir="LTR">demographic information<o:p></o:p></span></div>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 93.6pt;" valign="top" width="125"><div class="MsoNormal" style="margin-left: 12.6pt; mso-list: l0 level1 lfo1; tab-stops: list 12.6pt; text-align: justify; text-indent: -12.6pt;">
<!--[if !supportLists]--><span style="font-family: "symbol"; mso-bidi-font-family: Symbol; mso-bidi-font-weight: bold; mso-fareast-font-family: Symbol;">·<span style="font-family: "times new roman"; font-size: 7pt; font-stretch: normal;"> </span></span><!--[endif]--><span dir="LTR">Physical or electronic mode<o:p></o:p></span></div>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 86.4pt;" valign="top" width="115"><div class="MsoNormal" style="margin-left: 12.6pt; mso-list: l0 level1 lfo1; tab-stops: list 12.6pt; text-align: justify; text-indent: -12.6pt;">
<!--[if !supportLists]--><span style="font-family: "symbol"; mso-bidi-font-family: Symbol; mso-bidi-font-weight: bold; mso-fareast-font-family: Symbol;">·<span style="font-family: "times new roman"; font-size: 7pt; font-stretch: normal;"> </span></span><!--[endif]--><span dir="LTR">Does shopkeeper or Mall have
privacy policy?<o:p></o:p></span></div>
<div class="MsoNormal" style="margin-left: 12.6pt; mso-list: l0 level1 lfo1; tab-stops: list 12.6pt; text-align: justify; text-indent: -12.6pt;">
<!--[if !supportLists]--><span style="font-family: "symbol"; mso-bidi-font-family: Symbol; mso-bidi-font-weight: bold; mso-fareast-font-family: Symbol;">·<span style="font-family: "times new roman"; font-size: 7pt; font-stretch: normal;"> </span></span><!--[endif]--><span dir="LTR">Do their staffs understand
the importance of privacy?<o:p></o:p></span></div>
<div class="MsoNormal" style="margin-left: 12.6pt; mso-list: l0 level1 lfo1; tab-stops: list 12.6pt; text-align: justify; text-indent: -12.6pt;">
<!--[if !supportLists]--><span style="font-family: "symbol"; mso-bidi-font-family: Symbol; mso-bidi-font-weight: bold; mso-fareast-font-family: Symbol;">·<span style="font-family: "times new roman"; font-size: 7pt; font-stretch: normal;"> </span></span><!--[endif]--><span dir="LTR">Do they have
infrastructure/system to protect PII?<o:p></o:p></span></div>
<div class="MsoNormal" style="margin-left: 12.6pt; mso-list: l0 level1 lfo1; tab-stops: list 12.6pt; text-align: justify; text-indent: -12.6pt;">
<!--[if !supportLists]--><span style="font-family: "symbol"; mso-bidi-font-family: Symbol; mso-bidi-font-weight: bold; mso-fareast-font-family: Symbol;">·<span style="font-family: "times new roman"; font-size: 7pt; font-stretch: normal;"> </span></span><!--[endif]--><span dir="LTR">Are they going to share or
sale your PII to any other entity?<o:p></o:p></span></div>
</td>
</tr>
<tr>
<td style="border-top: none; border: solid windowtext 1.0pt; mso-border-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 23.4pt;" valign="top" width="31"><div class="MsoNormal" style="text-align: justify;">
7<o:p></o:p></div>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 75.6pt;" valign="top" width="101"><div class="MsoNormal" style="text-align: justify;">
All Types of employers<o:p></o:p></div>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 90.0pt;" valign="top" width="120"><div class="MsoNormal" style="margin-left: 12.6pt; mso-list: l0 level1 lfo1; tab-stops: list 12.6pt; text-align: justify; text-indent: -12.6pt;">
<!--[if !supportLists]--><span style="font-family: "symbol"; mso-bidi-font-family: Symbol; mso-bidi-font-weight: bold; mso-fareast-font-family: Symbol;">·<span style="font-family: "times new roman"; font-size: 7pt; font-stretch: normal;"> </span></span><!--[endif]--><span dir="LTR">At the time of hiring or in a
process of Interview <o:p></o:p></span></div>
<div class="MsoNormal" style="margin-left: 12.6pt; mso-list: l0 level1 lfo1; tab-stops: list 12.6pt; text-align: justify; text-indent: -12.6pt;">
<!--[if !supportLists]--><span style="font-family: "symbol"; mso-bidi-font-family: Symbol; mso-bidi-font-weight: bold; mso-fareast-font-family: Symbol;">·<span style="font-family: "times new roman"; font-size: 7pt; font-stretch: normal;"> </span></span><!--[endif]--><span dir="LTR">Periodic appraisal / feedback
meeting<o:p></o:p></span></div>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 108.0pt;" valign="top" width="144"><div class="MsoNormal" style="margin-left: 12.6pt; mso-list: l0 level1 lfo1; tab-stops: list 12.6pt; text-align: justify; text-indent: -12.6pt;">
<!--[if !supportLists]--><span style="font-family: "symbol"; mso-bidi-font-family: Symbol; mso-bidi-font-weight: bold; mso-fareast-font-family: Symbol;">·<span style="font-family: "times new roman"; font-size: 7pt; font-stretch: normal;"> </span></span><!--[endif]--><span dir="LTR">ID proof<o:p></o:p></span></div>
<div class="MsoNormal" style="margin-left: 12.6pt; mso-list: l0 level1 lfo1; tab-stops: list 12.6pt; text-align: justify; text-indent: -12.6pt;">
<!--[if !supportLists]--><span style="font-family: "symbol"; mso-bidi-font-family: Symbol; mso-bidi-font-weight: bold; mso-fareast-font-family: Symbol;">·<span style="font-family: "times new roman"; font-size: 7pt; font-stretch: normal;"> </span></span><!--[endif]--><span dir="LTR">demographic information<o:p></o:p></span></div>
<div class="MsoNormal" style="margin-left: 12.6pt; mso-list: l0 level1 lfo1; tab-stops: list 12.6pt; text-align: justify; text-indent: -12.6pt;">
<!--[if !supportLists]--><span style="font-family: "symbol"; mso-bidi-font-family: Symbol; mso-bidi-font-weight: bold; mso-fareast-font-family: Symbol;">·<span style="font-family: "times new roman"; font-size: 7pt; font-stretch: normal;"> </span></span><!--[endif]--><span dir="LTR">Salary & Bank account information<o:p></o:p></span></div>
<div class="MsoNormal" style="margin-left: 12.6pt; mso-list: l0 level1 lfo1; tab-stops: list 12.6pt; text-align: justify; text-indent: -12.6pt;">
<!--[if !supportLists]--><span style="font-family: "symbol"; mso-bidi-font-family: Symbol; mso-bidi-font-weight: bold; mso-fareast-font-family: Symbol;">·<span style="font-family: "times new roman"; font-size: 7pt; font-stretch: normal;"> </span></span><!--[endif]--><span dir="LTR">Experience, education and
qualification details<o:p></o:p></span></div>
<div class="MsoNormal" style="margin-left: 12.6pt; mso-list: l0 level1 lfo1; tab-stops: list 12.6pt; text-align: justify; text-indent: -12.6pt;">
<!--[if !supportLists]--><span style="font-family: "symbol"; mso-bidi-font-family: Symbol; mso-bidi-font-weight: bold; mso-fareast-font-family: Symbol;">·<span style="font-family: "times new roman"; font-size: 7pt; font-stretch: normal;"> </span></span><!--[endif]--><span dir="LTR">Performance & appraisal details<o:p></o:p></span></div>
<div class="MsoNormal" style="margin-left: 12.6pt; mso-list: l0 level1 lfo1; tab-stops: list 12.6pt; text-align: justify; text-indent: -12.6pt;">
<!--[if !supportLists]--><span style="font-family: "symbol"; mso-bidi-font-family: Symbol; mso-bidi-font-weight: bold; mso-fareast-font-family: Symbol;">·<span style="font-family: "times new roman"; font-size: 7pt; font-stretch: normal;"> </span></span><!--[endif]--><span dir="LTR">background / ref check check
report<o:p></o:p></span></div>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 93.6pt;" valign="top" width="125"><div class="MsoNormal" style="margin-left: 12.6pt; mso-list: l0 level1 lfo1; tab-stops: list 12.6pt; text-align: justify; text-indent: -12.6pt;">
<!--[if !supportLists]--><span style="font-family: "symbol"; mso-bidi-font-family: Symbol; mso-bidi-font-weight: bold; mso-fareast-font-family: Symbol;">·<span style="font-family: "times new roman"; font-size: 7pt; font-stretch: normal;"> </span></span><!--[endif]--><span dir="LTR">physical as well as
electronic information<o:p></o:p></span></div>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 86.4pt;" valign="top" width="115"><div class="MsoNormal" style="margin-left: 12.6pt; mso-list: l0 level1 lfo1; tab-stops: list 12.6pt; text-align: justify; text-indent: -12.6pt;">
<!--[if !supportLists]--><span style="font-family: "symbol"; mso-bidi-font-family: Symbol; mso-bidi-font-weight: bold; mso-fareast-font-family: Symbol;">·<span style="font-family: "times new roman"; font-size: 7pt; font-stretch: normal;"> </span></span><!--[endif]--><span dir="LTR">Does employer have privacy
policy to protect their employee information?<o:p></o:p></span></div>
<div class="MsoNormal" style="margin-left: 12.6pt; mso-list: l0 level1 lfo1; tab-stops: list 12.6pt; text-align: justify; text-indent: -12.6pt;">
<!--[if !supportLists]--><span style="font-family: "symbol"; mso-bidi-font-family: Symbol; mso-bidi-font-weight: bold; mso-fareast-font-family: Symbol;">·<span style="font-family: "times new roman"; font-size: 7pt; font-stretch: normal;"> </span></span><!--[endif]--><span dir="LTR">Does employee aware if employer
is going to share PII with third party?<o:p></o:p></span></div>
<div class="MsoNormal" style="margin-left: 12.6pt; mso-list: l0 level1 lfo1; tab-stops: list 12.6pt; text-align: justify; text-indent: -12.6pt;">
<!--[if !supportLists]--><span style="font-family: "symbol"; mso-bidi-font-family: Symbol; mso-bidi-font-weight: bold; mso-fareast-font-family: Symbol;">·<span style="font-family: "times new roman"; font-size: 7pt; font-stretch: normal;"> </span></span><!--[endif]--><span dir="LTR">are appropriate system /
infrastructure in place to protect PII?<o:p></o:p></span></div>
</td>
</tr>
</tbody></table>
<div class="MsoNormal" style="text-align: justify;">
<br /></div>
<div class="MsoNormal">
There could be many
industries; I have only listed few to set a context for my “POPII blog series”<o:p></o:p></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal" style="text-align: justify;">
I thought this would be good to start to explain “Where and How are
sharing PII with various “Data Controller”.
Many times we tend to forget “How PII is going to be secure? Can
somebody misuse my PII? <o:p></o:p></div>
<div class="MsoNormal" style="text-align: justify;">
<br /></div>
<div class="MsoNormal" style="text-align: justify;">
Hope this would be useful.<o:p></o:p></div>
<div class="MsoNormal" style="text-align: justify;">
<br /></div>
<div class="MsoNormal" style="text-align: justify;">
Wait and watch for my NEXT blog on “PRIVACY SERIES”. I shall explain on
types of PII and privacy principles.<o:p></o:p></div>
<div class="MsoNormal" style="text-align: justify;">
<br /></div>
<div class="MsoNormal" style="text-align: justify;">
<br /></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<br /></div>
</div>
Anonymoushttp://www.blogger.com/profile/05680677994525987708noreply@blogger.com0tag:blogger.com,1999:blog-3864472962444267321.post-70717452298649376472015-06-12T02:43:00.002-07:002015-06-16T00:28:02.037-07:00The Art of Effective POC – Part 3 (Post-POC)<div dir="ltr" style="text-align: left;" trbidi="on">
<div align="center" class="MsoNormal" style="text-align: center;">
<br /></div>
<div class="MsoNormal" style="text-align: justify;">
Before I start on Part 3, till
now we have seen:</div>
<div class="MsoNormal" style="text-align: justify;">
<br /></div>
<table border="1" cellpadding="0" cellspacing="0" class="MsoTableGrid" style="border-collapse: collapse; border: none; margin-left: 5.4pt; mso-border-alt: solid windowtext .5pt; mso-border-insideh: .5pt solid windowtext; mso-border-insidev: .5pt solid windowtext; mso-padding-alt: 0cm 5.4pt 0cm 5.4pt; mso-yfti-tbllook: 480; width: 552px;">
<tbody>
<tr>
<td style="border: solid windowtext 1.0pt; mso-border-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 27.0pt;" valign="top" width="36"><div align="center" class="MsoNormal" style="text-align: center;">
<b>Sr<o:p></o:p></b></div>
</td>
<td style="border-left: none; border: solid windowtext 1.0pt; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 108.0pt;" valign="top" width="144"><div align="center" class="MsoNormal" style="text-align: center;">
<b>Phase<o:p></o:p></b></div>
</td>
<td style="border-left: none; border: solid windowtext 1.0pt; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 279.0pt;" valign="top" width="372"><div align="center" class="MsoNormal" style="text-align: center;">
<b>Steps<o:p></o:p></b></div>
</td>
</tr>
<tr>
<td style="border-top: none; border: solid windowtext 1.0pt; mso-border-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 27.0pt;" valign="top" width="36"><div align="center" class="MsoNormal" style="text-align: center;">
1</div>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 108.0pt;" valign="top" width="144"><div align="center" class="MsoNormal" style="text-align: center;">
Pre POC</div>
<div align="center" class="MsoNormal" style="text-align: center;">
<br /></div>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 279.0pt;" valign="top" width="372"><ul style="margin-top: 0cm;" type="disc">
<li class="MsoNormal">Identify
business requirement and its weightage</li>
<li class="MsoNormal">Multiple
products & feature analysis</li>
<li class="MsoNormal">Organization’s
budget Vs Cost</li>
<li class="MsoNormal">Product
in Architecture</li>
</ul>
</td>
</tr>
<tr>
<td style="border-top: none; border: solid windowtext 1.0pt; mso-border-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 27.0pt;" valign="top" width="36"><div align="center" class="MsoNormal" style="text-align: center;">
2</div>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 108.0pt;" valign="top" width="144"><div align="center" class="MsoNormal" style="text-align: center;">
During POC</div>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 279.0pt;" valign="top" width="372"><ul style="margin-top: 0cm;" type="disc">
<li class="MsoNormal">Test
users</li>
<li class="MsoNormal">Test
scenario</li>
<li class="MsoNormal">Simulate
test scenario in </li>
</ul>
</td>
</tr>
</tbody></table>
<div class="MsoNormal" style="text-align: justify;">
<br /></div>
<div class="MsoNormal" style="text-align: justify;">
This is my last blog on this
series of “The Art of Effective POC”. The focus of this blog is on POST-POC
activities.</div>
<div class="MsoNormal" style="text-align: justify;">
<br /></div>
<div class="MsoNormal" style="text-align: justify;">
Many IT professional believes,
Once Simulation (activity at During-POC) is completed, POC is completed. Answer
is NO, a very BIG NO.</div>
<div class="MsoNormal" style="text-align: justify;">
<br /></div>
<div class="MsoNormal" style="text-align: justify;">
Before you conclude on completion
of POC, make sure you have answer of below questions:</div>
<ul style="margin-top: 0cm;" type="disc">
<li class="MsoNormal" style="mso-list: l0 level1 lfo4; tab-stops: list 36.0pt; text-align: justify;">Are you confident that Product is meeting your
BUSINESS REQUIREMENT?</li>
<li class="MsoNormal" style="mso-list: l0 level1 lfo4; tab-stops: list 36.0pt; text-align: justify;">What would be the BUSINESS IMPACT, if we go ahead
with product?</li>
<li class="MsoNormal" style="mso-list: l0 level1 lfo4; tab-stops: list 36.0pt; text-align: justify;">What would be the BUSINESS IMPACT, if we do not go
ahead with product?</li>
<li class="MsoNormal" style="mso-list: l0 level1 lfo4; tab-stops: list 36.0pt; text-align: justify;">Does this product going to meet / support my future
BUSINESS GOALS?</li>
<li class="MsoNormal" style="mso-list: l0 level1 lfo4; tab-stops: list 36.0pt; text-align: justify;">If we are going ahead with product, what RISK are
we carrying? Is these RISKS acceptable to organization?</li>
</ul>
<div class="MsoNormal" style="text-align: justify;">
<br /></div>
<div class="MsoNormal" style="text-align: justify;">
Q: How do I get an answer of
these questions?</div>
<div class="MsoNormal" style="text-align: justify;">
A: Follow Phase 3 (Post POC)</div>
<div class="MsoNormal" style="text-align: justify;">
<br /></div>
<table border="1" cellpadding="0" cellspacing="0" class="MsoTableGrid" style="border-collapse: collapse; border: none; margin-left: 5.4pt; mso-border-alt: solid windowtext .5pt; mso-border-insideh: .5pt solid windowtext; mso-border-insidev: .5pt solid windowtext; mso-padding-alt: 0cm 5.4pt 0cm 5.4pt; mso-yfti-tbllook: 480; width: 552px;">
<tbody>
<tr>
<td style="border: solid windowtext 1.0pt; mso-border-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 27.0pt;" valign="top" width="36"><div align="center" class="MsoNormal" style="text-align: center;">
<b>Sr<o:p></o:p></b></div>
</td>
<td style="border-left: none; border: solid windowtext 1.0pt; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 108.0pt;" valign="top" width="144"><div align="center" class="MsoNormal" style="text-align: center;">
<b>Phase<o:p></o:p></b></div>
</td>
<td style="border-left: none; border: solid windowtext 1.0pt; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 279.0pt;" valign="top" width="372"><div align="center" class="MsoNormal" style="text-align: center;">
<b>Steps<o:p></o:p></b></div>
</td>
</tr>
<tr>
<td style="border-top: none; border: solid windowtext 1.0pt; mso-border-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 27.0pt;" valign="top" width="36"><div align="center" class="MsoNormal" style="text-align: center;">
3</div>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 108.0pt;" valign="top" width="144"><div align="center" class="MsoNormal" style="text-align: center;">
Post POC</div>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 279.0pt;" valign="top" width="372"><ul style="margin-top: 0cm;" type="disc">
<li class="MsoNormal"><a href="https://www.blogger.com/null" name="OLE_LINK2"></a><a href="https://www.blogger.com/null" name="OLE_LINK1">Evaluate
weightage score</a></li>
<li class="MsoNormal">Walk
through to CISO</li>
<li class="MsoNormal">Risk
communication</li>
<li class="MsoNormal">Decision</li>
</ul>
</td>
</tr>
</tbody></table>
<div class="MsoNormal" style="text-align: justify;">
<br /></div>
<div class="MsoNormal">
<b>Evaluate weightage
score<o:p></o:p></b></div>
<div class="MsoNormal" style="text-align: justify;">
Let’s recall our Pre-POC phase
where we had documented BUSINESS REQUIREMENT along with weightage and category.
Now it’s time for qualitative analysis. Based on your “Test Scenario Simulation
and analysis” in Phase 2, apply simple mathematical analysis to calculate
weightage. Calculate Weighate for each BUSINESS REQUIREMENT and arrive at final
score for each product.</div>
<div class="MsoNormal" style="text-align: justify;">
Though this method is quite
subjective but if followed effectively, could be helpful for CISO to take quick
decision. The reason or objective behind weightage is to help management to
take quick decision.</div>
<div class="MsoNormal" style="text-align: justify;">
<br /></div>
<div class="MsoNormal" style="text-align: justify;">
<br /></div>
<div class="MsoNormal" style="text-align: justify;">
<br /></div>
<div class="MsoNormal" style="text-align: justify;">
<b>Walk through to CISO<o:p></o:p></b></div>
<div class="MsoNormal" style="text-align: justify;">
This is extremely important. At
least Project Owner should take CISO walk through for BUSINESS CRITICAL
requirements. Reasons are:</div>
<ul style="margin-top: 0cm;" type="disc">
<li class="MsoNormal" style="mso-list: l2 level1 lfo5; tab-stops: list 36.0pt; text-align: justify;">CISO would be able to take decision with firm
confidence.</li>
<li class="MsoNormal" style="mso-list: l2 level1 lfo5; tab-stops: list 36.0pt; text-align: justify;">To take feedback / input</li>
<li class="MsoNormal" style="mso-list: l2 level1 lfo5; tab-stops: list 36.0pt; text-align: justify;">CISO can relate product features from future
BUSINESS GOALS perspective</li>
<li class="MsoNormal" style="mso-list: l2 level1 lfo5; tab-stops: list 36.0pt; text-align: justify;">Identify risks </li>
</ul>
<div class="MsoNormal" style="text-align: justify;">
<br /></div>
<div class="MsoNormal" style="text-align: justify;">
<b>Risk Communication<o:p></o:p></b></div>
<div class="MsoNormal" style="text-align: justify;">
Companies where Information
Security is discussed at Board level, this becomes mandatory requirement. </div>
<div class="MsoNormal" style="text-align: justify;">
<br /></div>
<div class="MsoNormal" style="text-align: justify;">
Q: What is Risk Communication?</div>
<div class="MsoNormal" style="text-align: justify;">
A: Process of acknowledging that
RISKS have been understood and accepted.</div>
<div class="MsoNormal" style="text-align: justify;">
<br /></div>
<div class="MsoNormal" style="text-align: justify;">
There might be gaps between “what
are our expectations” Vs “What product is offering OR what we are procuring”.
These gaps could be non compliance against business requirement or information
security policy. In simple terms, these gaps are RISKS</div>
<div class="MsoNormal" style="text-align: justify;">
<br /></div>
<div class="MsoNormal" style="text-align: justify;">
These RISKS must be assessed by
company’s TOP MANAGEMENT to conclude whether RISKS are acceptable OR not
acceptable.</div>
<div class="MsoNormal" style="text-align: justify;">
<br /></div>
<div class="MsoNormal" style="text-align: justify;">
<b>Decision<o:p></o:p></b></div>
<div class="MsoNormal" style="text-align: justify;">
In give scenario, Decision is
“Acknowledging whether product is meeting business requirements or not meeting
business requirements”. Decision is taken considering many factors e.g.
weightage, CISO’s feedback / input, Risks , future capability and could be many
more depend upon size and type of organization.</div>
<div class="MsoNormal" style="text-align: justify;">
<br /></div>
<div class="MsoNormal" style="text-align: justify;">
With This I would like to END
this series on “The Art of Effective POC” As promised, please <span style="color: blue;"><b><a href="http://highersecurity.blogspot.in/p/download-art-of-effective-poc-excel.html">download POC-Template Excel File</a>.</b></span></div>
<div class="MsoNormal" style="text-align: justify;">
<br /></div>
<br />
<div class="MsoNormal" style="text-align: justify;">
Hope this would be useful.. </div>
</div>
Anonymoushttp://www.blogger.com/profile/05680677994525987708noreply@blogger.com0tag:blogger.com,1999:blog-3864472962444267321.post-28260129116659564862015-06-06T05:29:00.000-07:002015-06-07T21:42:12.676-07:00The Art of Effective POC – Part 2 (During-POC)<div dir="ltr" style="text-align: left;" trbidi="on">
<div class="MsoNormal" style="text-align: justify;">
In <a href="http://highersecurity.blogspot.in/2015/05/the-art-of-effective-poc-part-1-pre-poc.html">Pre-POC</a>,
We have identified business requirements; analyzed features of products, budget
vs. cost analysis and analyzed product architecture. Success of POC is depended
on meeting Pre-POC requirements.</div>
<div class="MsoNormal" style="text-align: justify;">
<br /></div>
<div class="MsoNormal" style="text-align: justify;">
SUCCESS DOES NOT MEAN SELECTION
OF PRODUCT, SUCCESS MEANS <b><span style="background: aqua; mso-highlight: aqua;">CONFIDENTLY CONCLUDE</span></b>
WHETHER PRODUCT IS GOING TO MEET ORGANIZATION’S REQUIREMENT OR NOT.</div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<b>Test Users<o:p></o:p></b></div>
<div class="MsoNormal" style="text-align: justify;">
Careful selection of test users
is also an important aspect of project. At the end you want few users to test
identified product requirements and provide a feedback. Test users should not
be identified just for the formality. I would prefer to have one session with
test users to explain what to do and what is expected. Test users should have
below qualities:</div>
<ul style="margin-top: 0cm;" type="disc">
<li class="MsoNormal" style="mso-list: l1 level1 lfo1; tab-stops: list 36.0pt; text-align: justify;">Test users should have clear understanding about
requirements identified in <a href="http://highersecurity.blogspot.in/2015/05/the-art-of-effective-poc-part-1-pre-poc.html">Pre-POC</a>.</li>
<li class="MsoNormal" style="mso-list: l1 level1 lfo1; tab-stops: list 36.0pt; text-align: justify;">Test users should have techno-process background to
provide feedback both in terms of technology as well as process aspect.</li>
<li class="MsoNormal" style="mso-list: l1 level1 lfo1; tab-stops: list 36.0pt; text-align: justify;">Test users team should be compress of IT and
Business. It is good to involve few users from business as well. In
certain product POC, it is idea to have test users team from business
only.</li>
</ul>
<div class="MsoNormal" style="text-align: justify;">
<br /></div>
<div class="MsoNormal" style="text-align: justify;">
<b>Test Scenario<o:p></o:p></b></div>
<div class="MsoNormal" style="text-align: justify;">
Test scenario is derived from
business requirements identified in <a href="http://highersecurity.blogspot.in/2015/05/the-art-of-effective-poc-part-1-pre-poc.html">Pre-POC</a>.
Test scenario is converted version of business requirements. The difference is,
Test scenario would be technical in language. Test scenario is written for each
business requirements identified. One business requirement can have multiple
test scenarios. <i>Lets take a example of
EndPoint Security<o:p></o:p></i></div>
<table border="1" cellpadding="0" cellspacing="0" class="MsoTableGrid" style="border-collapse: collapse; border: none; mso-border-alt: solid windowtext .5pt; mso-border-insideh: .5pt solid windowtext; mso-border-insidev: .5pt solid windowtext; mso-padding-alt: 0cm 5.4pt 0cm 5.4pt; mso-yfti-tbllook: 480;">
<tbody>
<tr>
<td style="background: navy; border: solid windowtext 1.0pt; mso-border-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 24.5pt;" valign="top" width="33"><div class="MsoNormal" style="text-align: justify;">
<span style="color: white;">Sr.</span></div>
</td>
<td style="background: navy; border-left: none; border: solid windowtext 1.0pt; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 88.9pt;" valign="top" width="119"><div align="center" class="MsoNormal" style="text-align: center;">
<span style="color: white;">Requirement</span></div>
</td>
<td style="background: navy; border-left: none; border: solid windowtext 1.0pt; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 63.0pt;" valign="top" width="84"><div class="MsoNormal" style="text-align: justify;">
<span style="color: white;">Weightage</span></div>
</td>
<td style="background: navy; border-left: none; border: solid windowtext 1.0pt; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 66.15pt;" valign="top" width="88"><div class="MsoNormal" style="text-align: justify;">
<span style="color: white;">Category</span></div>
</td>
<td style="background: navy; border-left: none; border: solid windowtext 1.0pt; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 176.85pt;" valign="top" width="236"><div align="center" class="MsoNormal" style="text-align: center;">
<span style="color: white;">Test Scenario
(Example)</span></div>
</td>
</tr>
<tr>
<td style="border-top: none; border: solid windowtext 1.0pt; mso-border-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 24.5pt;" valign="top" width="33"><div class="MsoNormal" style="text-align: justify;">
1</div>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 88.9pt;" valign="top" width="119"><div class="MsoNormal" style="text-align: justify;">
Virus Scanning</div>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 63.0pt;" valign="top" width="84"><div align="right" class="MsoNormal" style="text-align: right;">
30%</div>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 66.15pt;" valign="top" width="88"><div class="MsoNormal" style="text-align: justify;">
<span style="color: red;">CRITICAL<o:p></o:p></span></div>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 176.85pt;" valign="top" width="236"><div class="MsoNormal" style="margin-left: 18.45pt; mso-list: l0 level1 lfo2; tab-stops: list 18.45pt; text-align: justify; text-indent: -18.45pt;">
<!--[if !supportLists]--><span style="color: red; font-family: Symbol; mso-bidi-font-family: Symbol; mso-fareast-font-family: Symbol;">·<span style="font-family: 'Times New Roman'; font-size: 7pt; font-stretch: normal;">
</span></span><!--[endif]--><span style="color: red;">Virus scanning for
following platform:<br />
-) Windows<o:p></o:p></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span style="color: red;"> -) Mac <o:p></o:p></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span style="color: red;"> -) Linux & Unix<o:p></o:p></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span style="color: red;"> -) Virtual Servers<o:p></o:p></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span style="color: red;"> -) NAS & SAN box<o:p></o:p></span></div>
<div class="MsoNormal" style="margin-left: 18.45pt; mso-list: l0 level1 lfo2; tab-stops: list 18.45pt; text-align: justify; text-indent: -18.0pt;">
<!--[if !supportLists]--><span style="color: red; font-family: Symbol; mso-bidi-font-family: Symbol; mso-fareast-font-family: Symbol;">·<span style="font-family: 'Times New Roman'; font-size: 7pt; font-stretch: normal;">
</span></span><!--[endif]--><span style="color: red;">Schedule & Manual
scanning<o:p></o:p></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span style="color: red;">System
utilization during Full Scan<o:p></o:p></span></div>
<div class="MsoNormal" style="margin-left: 18.45pt; mso-list: l0 level1 lfo2; tab-stops: list 18.45pt; text-align: justify; text-indent: -18.0pt;">
<!--[if !supportLists]--><span style="color: red; font-family: Symbol; mso-bidi-font-family: Symbol; mso-fareast-font-family: Symbol;">·<span style="font-family: 'Times New Roman'; font-size: 7pt; font-stretch: normal;">
</span></span><!--[endif]--><span style="color: red;">Virus Found auto Alert
(e-mail, SMS)<o:p></o:p></span></div>
<div class="MsoNormal" style="margin-left: 18.45pt; mso-list: l0 level1 lfo2; tab-stops: list 18.45pt; text-align: justify; text-indent: -18.0pt;">
<!--[if !supportLists]--><span style="color: red; font-family: Symbol; mso-bidi-font-family: Symbol; mso-fareast-font-family: Symbol;">·<span style="font-family: 'Times New Roman'; font-size: 7pt; font-stretch: normal;">
</span></span><!--[endif]--><span style="color: red;">Virus Treatment
(Delete, Quarantine, Clean)<o:p></o:p></span></div>
<div class="MsoNormal" style="margin-left: 18.45pt; mso-list: l0 level1 lfo2; tab-stops: list 18.45pt; text-align: justify; text-indent: -18.0pt;">
<!--[if !supportLists]--><span style="color: red; font-family: Symbol; mso-bidi-font-family: Symbol; mso-fareast-font-family: Symbol;">·<span style="font-family: 'Times New Roman'; font-size: 7pt; font-stretch: normal;">
</span></span><!--[endif]--><span style="color: red;">Virus signature auto
update<o:p></o:p></span></div>
</td>
</tr>
<tr>
<td style="border-top: none; border: solid windowtext 1.0pt; mso-border-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 24.5pt;" valign="top" width="33"><div class="MsoNormal" style="text-align: justify;">
2</div>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 88.9pt;" valign="top" width="119"><div class="MsoNormal">
Device Control</div>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 63.0pt;" valign="top" width="84"><div align="right" class="MsoNormal" style="text-align: right;">
20%</div>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 66.15pt;" valign="top" width="88"><div class="MsoNormal" style="text-align: justify;">
<span style="color: red;">HIGH<o:p></o:p></span></div>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 176.85pt;" valign="top" width="236"><div class="MsoNormal" style="margin-left: 18.45pt; mso-list: l0 level1 lfo2; tab-stops: list 18.45pt; text-align: justify; text-indent: -18.0pt;">
<!--[if !supportLists]--><span style="color: red; font-family: Symbol; mso-bidi-font-family: Symbol; mso-fareast-font-family: Symbol;">·<span style="font-family: 'Times New Roman'; font-size: 7pt; font-stretch: normal;">
</span></span><!--[endif]--><span style="color: red;">Block USB<o:p></o:p></span></div>
<div class="MsoNormal" style="margin-left: 18.45pt; mso-list: l0 level1 lfo2; tab-stops: list 18.45pt; text-align: justify; text-indent: -18.0pt;">
<!--[if !supportLists]--><span style="color: red; font-family: Symbol; mso-bidi-font-family: Symbol; mso-fareast-font-family: Symbol;">·<span style="font-family: 'Times New Roman'; font-size: 7pt; font-stretch: normal;">
</span></span><!--[endif]--><span style="color: red;">Block CD/DVD<o:p></o:p></span></div>
<div class="MsoNormal" style="margin-left: 18.45pt; mso-list: l0 level1 lfo2; tab-stops: list 18.45pt; text-align: justify; text-indent: -18.0pt;">
<!--[if !supportLists]--><span style="color: red; font-family: Symbol; mso-bidi-font-family: Symbol; mso-fareast-font-family: Symbol;">·<span style="font-family: 'Times New Roman'; font-size: 7pt; font-stretch: normal;">
</span></span><!--[endif]--><span style="color: red;">White list of certain
system.<o:p></o:p></span></div>
</td>
</tr>
<tr>
<td style="border-top: none; border: solid windowtext 1.0pt; mso-border-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 24.5pt;" valign="top" width="33"><div class="MsoNormal" style="text-align: justify;">
3</div>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 88.9pt;" valign="top" width="119"><div class="MsoNormal">
App. Blocking</div>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 63.0pt;" valign="top" width="84"><div align="right" class="MsoNormal" style="text-align: right;">
15%</div>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 66.15pt;" valign="top" width="88"><div class="MsoNormal" style="text-align: justify;">
<span style="color: #ff9900;">MEDIUM<o:p></o:p></span></div>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 176.85pt;" valign="top" width="236"><div class="MsoNormal" style="margin-left: 18.45pt; mso-list: l2 level1 lfo3; tab-stops: list 18.45pt; text-align: justify; text-indent: -18.45pt;">
<!--[if !supportLists]--><span style="color: #ff9900; font-family: Symbol; mso-bidi-font-family: Symbol; mso-fareast-font-family: Symbol;">·<span style="font-family: 'Times New Roman'; font-size: 7pt; font-stretch: normal;">
</span></span><!--[endif]--><span style="color: #ff9900;">Allow only white
listed SW on system.<o:p></o:p></span></div>
<div class="MsoNormal" style="margin-left: 18.45pt; mso-list: l2 level1 lfo3; tab-stops: list 18.45pt; text-align: justify; text-indent: -18.45pt;">
<!--[if !supportLists]--><span style="color: #ff9900; font-family: Symbol; mso-bidi-font-family: Symbol; mso-fareast-font-family: Symbol;">·<span style="font-family: 'Times New Roman'; font-size: 7pt; font-stretch: normal;">
</span></span><!--[endif]--><span style="color: #ff9900;">Auto alerts in
case unauthorized SW found<o:p></o:p></span></div>
<div class="MsoNormal" style="margin-left: 18.45pt; mso-list: l2 level1 lfo3; tab-stops: list 18.45pt; text-align: justify; text-indent: -18.45pt;">
<!--[if !supportLists]--><span style="color: #ff9900; font-family: Symbol; mso-bidi-font-family: Symbol; mso-fareast-font-family: Symbol;">·<span style="font-family: 'Times New Roman'; font-size: 7pt; font-stretch: normal;">
</span></span><!--[endif]--><span style="color: #ff9900;">SW Inventory<o:p></o:p></span></div>
</td>
</tr>
<tr>
<td style="border-top: none; border: solid windowtext 1.0pt; mso-border-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 24.5pt;" valign="top" width="33"><div class="MsoNormal" style="text-align: justify;">
4</div>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 88.9pt;" valign="top" width="119"><div class="MsoNormal">
Patch Mgmt</div>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 63.0pt;" valign="top" width="84"><div align="right" class="MsoNormal" style="text-align: right;">
10%</div>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 66.15pt;" valign="top" width="88"><div class="MsoNormal" style="text-align: justify;">
<span style="color: #ff9900;">MEDIUM<o:p></o:p></span></div>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 176.85pt;" valign="top" width="236"><div class="MsoNormal" style="margin-left: 18.45pt; mso-list: l2 level1 lfo3; tab-stops: list 18.45pt; text-align: justify; text-indent: -18.45pt;">
<!--[if !supportLists]--><span style="color: #ff9900; font-family: Symbol; mso-bidi-font-family: Symbol; mso-fareast-font-family: Symbol;">·<span style="font-family: 'Times New Roman'; font-size: 7pt; font-stretch: normal;">
</span></span><!--[endif]--><span style="color: #ff9900;">Patch management
for all platform<o:p></o:p></span></div>
<div class="MsoNormal" style="margin-left: 18.0pt; text-align: justify;">
<span style="color: #ff9900;">-) Windows<o:p></o:p></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span style="color: #ff9900;"> -) Mac <o:p></o:p></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span style="color: #ff9900;"> -) Linux & Unix<o:p></o:p></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span style="color: #ff9900;"> -) Virtual Servers<o:p></o:p></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span style="color: #ff9900;"> -) NAS & SAN box<o:p></o:p></span></div>
<div class="MsoNormal" style="margin-left: 18.45pt; mso-list: l2 level1 lfo3; tab-stops: list 18.45pt; text-align: justify; text-indent: -18.45pt;">
<!--[if !supportLists]--><span style="color: #ff9900; font-family: Symbol; mso-bidi-font-family: Symbol; mso-fareast-font-family: Symbol;">·<span style="font-family: 'Times New Roman'; font-size: 7pt; font-stretch: normal;">
</span></span><!--[endif]--><span style="color: #ff9900;">Report Patch wise<o:p></o:p></span></div>
<div class="MsoNormal" style="margin-left: 18.45pt; mso-list: l2 level1 lfo3; tab-stops: list 18.45pt; text-align: justify; text-indent: -18.45pt;">
<!--[if !supportLists]--><span style="color: #ff9900; font-family: Symbol; mso-bidi-font-family: Symbol; mso-fareast-font-family: Symbol;">·<span style="font-family: 'Times New Roman'; font-size: 7pt; font-stretch: normal;">
</span></span><!--[endif]--><span style="color: #ff9900;">Report system wise<o:p></o:p></span></div>
<ul style="margin-top: 0cm;" type="disc">
<li class="MsoNormal" style="color: #ff9900; mso-list: l2 level1 lfo3; tab-stops: list 36.0pt; text-align: justify;">Patch release auto alter<o:p></o:p></li>
</ul>
</td>
</tr>
<tr>
<td style="border-top: none; border: solid windowtext 1.0pt; mso-border-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 24.5pt;" valign="top" width="33"><div class="MsoNormal" style="text-align: justify;">
5</div>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 88.9pt;" valign="top" width="119"><div class="MsoNormal">
Reporting</div>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 63.0pt;" valign="top" width="84"><div align="right" class="MsoNormal" style="text-align: right;">
10%</div>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 66.15pt;" valign="top" width="88"><div class="MsoNormal" style="text-align: justify;">
<span style="color: #ff9900;">MEDIUM<o:p></o:p></span></div>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 176.85pt;" valign="top" width="236"><div class="MsoNormal" style="margin-left: 18.45pt; mso-list: l2 level1 lfo3; tab-stops: list 18.45pt; text-align: justify; text-indent: -18.45pt;">
<!--[if !supportLists]--><span style="color: #ff9900; font-family: Symbol; mso-bidi-font-family: Symbol; mso-fareast-font-family: Symbol;">·<span style="font-family: 'Times New Roman'; font-size: 7pt; font-stretch: normal;">
</span></span><!--[endif]--><span style="color: #ff9900;">Audit log of each
virus detected<o:p></o:p></span></div>
</td>
</tr>
<tr>
<td style="border-top: none; border: solid windowtext 1.0pt; mso-border-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 24.5pt;" valign="top" width="33"><div class="MsoNormal" style="text-align: justify;">
6</div>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 88.9pt;" valign="top" width="119"><div class="MsoNormal">
HIPS</div>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 63.0pt;" valign="top" width="84"><div align="right" class="MsoNormal" style="text-align: right;">
10%</div>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 66.15pt;" valign="top" width="88"><div class="MsoNormal" style="text-align: justify;">
<span style="color: #ff9900;">MEDIUM<o:p></o:p></span></div>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 176.85pt;" valign="top" width="236"><div class="MsoNormal" style="text-align: justify;">
<span style="color: #ff9900;">Product
does not have HIPS feature<o:p></o:p></span></div>
</td>
</tr>
<tr>
<td style="border-top: none; border: solid windowtext 1.0pt; mso-border-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 24.5pt;" valign="top" width="33"><div class="MsoNormal" style="text-align: justify;">
7</div>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 88.9pt;" valign="top" width="119"><div class="MsoNormal">
NAC</div>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 63.0pt;" valign="top" width="84"><div align="right" class="MsoNormal" style="text-align: right;">
5%</div>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 66.15pt;" valign="top" width="88"><div class="MsoNormal" style="text-align: justify;">
<span style="color: #339966;">LOW<o:p></o:p></span></div>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 176.85pt;" valign="top" width="236"><div class="MsoNormal" style="text-align: justify;">
<span style="color: #ff9900;">Product
does not have NAC feature</span><span style="color: #339966;"><o:p></o:p></span></div>
</td>
</tr>
<tr>
<td colspan="2" style="background: navy; border-top: none; border: solid windowtext 1.0pt; mso-border-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 4.0cm;" valign="top" width="151"><div class="MsoNormal" style="text-align: justify;">
TOTAL</div>
</td>
<td style="background: navy; border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 63.0pt;" valign="top" width="84"><div align="right" class="MsoNormal" style="text-align: right;">
<span style="color: white;">100%</span></div>
</td>
<td style="background: navy; border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 66.15pt;" valign="top" width="88"><div class="MsoNormal" style="text-align: justify;">
<span style="color: white;"><br /></span></div>
</td>
<td style="background: navy; border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 176.85pt;" valign="top" width="236"><div class="MsoNormal" style="text-align: justify;">
<br /></div>
</td>
</tr>
</tbody></table>
<div class="MsoNormal" style="text-align: justify;">
<i>*Above test cases are only example, this list has be quite extensive
and needs series of meetings between IT and Product Vendor. <o:p></o:p></i></div>
<div class="MsoNormal" style="text-align: justify;">
<br /></div>
<div class="MsoNormal" style="text-align: justify;">
<b>Simulate Test Scenario<o:p></o:p></b></div>
<div class="MsoNormal" style="text-align: justify;">
Test scenario should be very
simple & specific. Once scenarios are prepared, floor should be given to
Test Users for simulation. During simulation, every day meeting between project
manager and Test user is recommended to discuss progress and share test
experience within team. </div>
<div class="MsoNormal" style="text-align: justify;">
<br /></div>
<div class="MsoNormal" style="text-align: justify;">
Test user should be given
template/format in which output needs to be recorded, certain cases test user
should preserve evidence e.g. screen shot of config file, system utilization,
abnormal system behaviour etc. Idea is to share instant feedback with vendor to
further fine tune system for effective POC. </div>
<div class="MsoNormal" style="text-align: justify;">
<br /></div>
<div class="MsoNormal" style="text-align: justify;">
Please note that every business
has a unique requirements, product/technology needs some amount of
customization during POC as well as during product implementation (Post
procurement).</div>
<div class="MsoNormal" style="text-align: justify;">
<br /></div>
<div class="MsoNormal" style="text-align: justify;">
My next blog “The Art of
Effective POC – Part 3” would focus on Post-POC. Post POC is most import phase.
In this phase Team has to present the facts and management has to take
decision. The KEY is we need to present sufficient information to management to
take decision without any stress.</div>
<div class="MsoNormal" style="text-align: justify;">
<br /></div>
<br />
<div class="MsoNormal" style="text-align: justify;">
Hope this would be useful…</div>
</div>
Anonymoushttp://www.blogger.com/profile/05680677994525987708noreply@blogger.com1tag:blogger.com,1999:blog-3864472962444267321.post-48009293801313819852015-05-31T00:28:00.001-07:002015-06-06T05:33:26.749-07:00The Art of Effective POC – Part 1 (Pre-POC)<div dir="ltr" style="text-align: left;" trbidi="on">
<div align="center" class="MsoNormal" style="text-align: center;">
<br /></div>
<div class="MsoNormal" style="text-align: justify;">
Today technologies are playing
most important role in meeting strategic business objectives. Over the period
of last 5 to 10 years, there is a significant increase in IT & Security
budget. Technologies are now considering for NEW BUSINESS INITIATIVES by
organization’s management. Today most of the organizations are heavily
dependant on technology.</div>
<div class="MsoNormal" style="text-align: justify;">
<br /></div>
<div class="MsoNormal" style="text-align: justify;">
Wrong selection of technology
might lead to significant negative impact on strategic business objectives.</div>
<div class="MsoNormal" style="text-align: justify;">
<br /></div>
<div class="MsoNormal" style="text-align: justify;">
Q: How to select RIGHT TECHNOLOGY
or PRODUT?</div>
<div class="MsoNormal" style="text-align: justify;">
A: Effective POC (Proof of
Concept)</div>
<div class="MsoNormal" style="text-align: justify;">
Q: What if POC?</div>
<div class="MsoNormal" style="text-align: justify;">
A: Testing procedure to ensure
whether Technology/Product is suitable for particular business environment.</div>
<div class="MsoNormal" style="text-align: justify;">
<br /></div>
<div class="MsoNormal" style="text-align: justify;">
I would not say, effective POC
needs long duration, rather I would say effective POC MUST follow certain steps
as mention below.</div>
<table border="1" cellpadding="0" cellspacing="0" class="MsoTableGrid" style="border-collapse: collapse; border: none; margin-left: 5.4pt; mso-border-alt: solid windowtext .5pt; mso-border-insideh: .5pt solid windowtext; mso-border-insidev: .5pt solid windowtext; mso-padding-alt: 0cm 5.4pt 0cm 5.4pt; mso-yfti-tbllook: 480; width: 552px;">
<tbody>
<tr>
<td style="border: solid windowtext 1.0pt; mso-border-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 27.0pt;" valign="top" width="36"><div align="center" class="MsoNormal" style="text-align: center;">
<b>Sr</b></div>
</td>
<td style="border-left: none; border: solid windowtext 1.0pt; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 108.0pt;" valign="top" width="144"><div align="center" class="MsoNormal" style="text-align: center;">
<b>Phase</b></div>
</td>
<td style="border-left: none; border: solid windowtext 1.0pt; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 279.0pt;" valign="top" width="372"><div align="center" class="MsoNormal" style="text-align: center;">
<b>Steps</b></div>
</td>
</tr>
<tr>
<td style="border-top: none; border: solid windowtext 1.0pt; mso-border-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 27.0pt;" valign="top" width="36"><div align="center" class="MsoNormal" style="text-align: center;">
1</div>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 108.0pt;" valign="top" width="144"><div align="center" class="MsoNormal" style="text-align: center;">
Pre POC</div>
<div align="center" class="MsoNormal" style="text-align: center;">
<br /></div>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 279.0pt;" valign="top" width="372"><ul style="margin-top: 0cm;" type="disc">
<li class="MsoNormal">Identify
business requirement and its weightage</li>
<li class="MsoNormal">Multiple
products & feature analysis</li>
<li class="MsoNormal">Organization’s
budget Vs Cost</li>
<li class="MsoNormal">Product
in Architecture</li>
</ul>
</td>
</tr>
<tr>
<td style="border-top: none; border: solid windowtext 1.0pt; mso-border-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 27.0pt;" valign="top" width="36"><div align="center" class="MsoNormal" style="text-align: center;">
2</div>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 108.0pt;" valign="top" width="144"><div align="center" class="MsoNormal" style="text-align: center;">
<a href="http://highersecurity.blogspot.com/2015/06/the-art-of-effective-poc-part-2-during.html">During POC</a></div>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 279.0pt;" valign="top" width="372"><ul style="margin-top: 0cm;" type="disc">
<li class="MsoNormal">Test
users</li>
<li class="MsoNormal">Test
scenario</li>
<li class="MsoNormal">Simulate
test scenario in </li>
</ul>
</td>
</tr>
<tr>
<td style="border-top: none; border: solid windowtext 1.0pt; mso-border-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 27.0pt;" valign="top" width="36"><div align="center" class="MsoNormal" style="text-align: center;">
3</div>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 108.0pt;" valign="top" width="144"><div align="center" class="MsoNormal" style="text-align: center;">
Post POC</div>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 279.0pt;" valign="top" width="372"><ul style="margin-top: 0cm;" type="disc">
<li class="MsoNormal">Evaluate
weightage score</li>
<li class="MsoNormal">Walk
through to CISO</li>
<li class="MsoNormal">Risk
communication</li>
<li class="MsoNormal">Decision</li>
</ul>
</td>
</tr>
</tbody></table>
<div class="MsoNormal">
This Blog’s focus on Pre POC, I will post blog on phase 2
and phase 3 as well in coming days.</div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<b>Identify business
requirement and its weightage:<o:p></o:p></b></div>
<div class="MsoNormal" style="text-align: justify;">
Needless to say, one must decide
destination prior to start journey. Effective requirement gathering helps
decision maker to make decision without any stress. Hear I have given an
approach that helps an organization to evaluate POC result in qualitative
manner once POC is completed. Requirements with higher weightage / CRITICAL and
HIGH category cannot be compromised. Product MUST meet business requirement of
such requirements.</div>
<div class="MsoNormal" style="text-align: justify;">
Organization may choose any one
of two method, weightage or category.</div>
<div class="MsoNormal" style="text-align: justify;">
<br /></div>
<table border="1" cellpadding="0" cellspacing="0" class="MsoTableGrid" style="border-collapse: collapse; border: none; mso-border-alt: solid windowtext .5pt; mso-border-insideh: .5pt solid windowtext; mso-border-insidev: .5pt solid windowtext; mso-padding-alt: 0cm 5.4pt 0cm 5.4pt; mso-yfti-tbllook: 480;">
<tbody>
<tr>
<td style="background: navy; border: solid windowtext 1.0pt; mso-border-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 24.5pt;" valign="top" width="33"><div class="MsoNormal" style="text-align: justify;">
<span style="color: white;">Sr.</span></div>
</td>
<td style="background: navy; border-left: none; border: solid windowtext 1.0pt; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 259.9pt;" valign="top" width="347"><div align="center" class="MsoNormal" style="text-align: center;">
<span style="color: white;">Requirement</span></div>
</td>
<td style="background: navy; border-left: none; border: solid windowtext 1.0pt; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 63.0pt;" valign="top" width="84"><div class="MsoNormal" style="text-align: justify;">
<span style="color: white;">Weightage</span></div>
</td>
<td style="background: navy; border-left: none; border: solid windowtext 1.0pt; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 72.0pt;" valign="top" width="96"><div class="MsoNormal" style="text-align: justify;">
<span style="color: white;">Category</span></div>
</td>
</tr>
<tr>
<td style="border-top: none; border: solid windowtext 1.0pt; mso-border-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 24.5pt;" valign="top" width="33"><div class="MsoNormal" style="text-align: justify;">
1</div>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 259.9pt;" valign="top" width="347"><div class="MsoNormal" style="text-align: justify;">
Requirement 1</div>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 63.0pt;" valign="top" width="84"><div align="right" class="MsoNormal" style="text-align: right;">
30%</div>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 72.0pt;" valign="top" width="96"><div class="MsoNormal" style="text-align: justify;">
<span style="color: red;">CRITICAL<o:p></o:p></span></div>
</td>
</tr>
<tr>
<td style="border-top: none; border: solid windowtext 1.0pt; mso-border-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 24.5pt;" valign="top" width="33"><div class="MsoNormal" style="text-align: justify;">
2</div>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 259.9pt;" valign="top" width="347"><div class="MsoNormal">
Requirement 2</div>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 63.0pt;" valign="top" width="84"><div align="right" class="MsoNormal" style="text-align: right;">
20%</div>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 72.0pt;" valign="top" width="96"><div class="MsoNormal" style="text-align: justify;">
<span style="color: red;">HIGH<o:p></o:p></span></div>
</td>
</tr>
<tr>
<td style="border-top: none; border: solid windowtext 1.0pt; mso-border-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 24.5pt;" valign="top" width="33"><div class="MsoNormal" style="text-align: justify;">
3</div>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 259.9pt;" valign="top" width="347"><div class="MsoNormal">
Requirement 3</div>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 63.0pt;" valign="top" width="84"><div align="right" class="MsoNormal" style="text-align: right;">
15%</div>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 72.0pt;" valign="top" width="96"><div class="MsoNormal" style="text-align: justify;">
<span style="color: #ff9900;">MEDIUM<o:p></o:p></span></div>
</td>
</tr>
<tr>
<td style="border-top: none; border: solid windowtext 1.0pt; mso-border-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 24.5pt;" valign="top" width="33"><div class="MsoNormal" style="text-align: justify;">
4</div>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 259.9pt;" valign="top" width="347"><div class="MsoNormal">
Requirement 4</div>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 63.0pt;" valign="top" width="84"><div align="right" class="MsoNormal" style="text-align: right;">
10%</div>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 72.0pt;" valign="top" width="96"><div class="MsoNormal" style="text-align: justify;">
<span style="color: #ff9900;">MEDIUM<o:p></o:p></span></div>
</td>
</tr>
<tr>
<td style="border-top: none; border: solid windowtext 1.0pt; mso-border-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 24.5pt;" valign="top" width="33"><div class="MsoNormal" style="text-align: justify;">
5</div>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 259.9pt;" valign="top" width="347"><div class="MsoNormal">
Requirement 5</div>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 63.0pt;" valign="top" width="84"><div align="right" class="MsoNormal" style="text-align: right;">
10%</div>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 72.0pt;" valign="top" width="96"><div class="MsoNormal" style="text-align: justify;">
<span style="color: #ff9900;">MEDIUM<o:p></o:p></span></div>
</td>
</tr>
<tr>
<td style="border-top: none; border: solid windowtext 1.0pt; mso-border-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 24.5pt;" valign="top" width="33"><div class="MsoNormal" style="text-align: justify;">
6</div>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 259.9pt;" valign="top" width="347"><div class="MsoNormal">
Requirement 6</div>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 63.0pt;" valign="top" width="84"><div align="right" class="MsoNormal" style="text-align: right;">
10%</div>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 72.0pt;" valign="top" width="96"><div class="MsoNormal" style="text-align: justify;">
<span style="color: #ff9900;">MEDIUM<o:p></o:p></span></div>
</td>
</tr>
<tr>
<td style="border-top: none; border: solid windowtext 1.0pt; mso-border-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 24.5pt;" valign="top" width="33"><div class="MsoNormal" style="text-align: justify;">
7</div>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 259.9pt;" valign="top" width="347"><div class="MsoNormal">
Requirement 7</div>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 63.0pt;" valign="top" width="84"><div align="right" class="MsoNormal" style="text-align: right;">
5%</div>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 72.0pt;" valign="top" width="96"><div class="MsoNormal" style="text-align: justify;">
<span style="color: #339966;">LOW<o:p></o:p></span></div>
</td>
</tr>
<tr>
<td colspan="2" style="background: navy; border-top: none; border: solid windowtext 1.0pt; mso-border-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 284.4pt;" valign="top" width="379"><div class="MsoNormal" style="text-align: justify;">
<span style="color: white;">TOTAL</span></div>
</td>
<td style="background: navy; border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 63.0pt;" valign="top" width="84"><div align="right" class="MsoNormal" style="text-align: right;">
<span style="color: white;">100%</span></div>
</td>
<td style="background: navy; border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 72.0pt;" valign="top" width="96"><div class="MsoNormal" style="text-align: justify;">
<br /></div>
</td>
</tr>
</tbody></table>
<div class="MsoNormal">
<br /></div>
<br />
<div class="MsoNormal">
<b>Multiple products &
feature analysis (preferably 2 or more for POC)<o:p></o:p></b></div>
<div class="MsoNormal" style="text-align: justify;">
Never consider SINGLE product for
POC. Now a days all companies are designing product with lots of features which
are not only meeting business requirement but are quite user friendly and with lots
of add-ons, I would say value added features. Each product vendor has its own
fact sheet or comparison sheet with its competitor. </div>
<div class="MsoNormal" style="text-align: justify;">
<br /></div>
<div class="MsoNormal">
<b>Budget Vs Cost<o:p></o:p></b></div>
<div class="MsoNormal">
<div style="text-align: justify;">
It is good to refer your budget and product cost. You may
not want to spend time in POC if cost is higher than budget. It is very
important to consider various cost e.g. Capex, Opex, Yearly support, license cost,
type of license, hardware cost etc. It is always ideal to prepare Capex and Opex cost summary for 3 years.</div>
</div>
<div class="MsoNormal">
<br /></div>
<table border="1" cellpadding="0" cellspacing="0" class="MsoTableGrid" style="border-collapse: collapse; border: none; mso-border-alt: solid windowtext .5pt; mso-border-insideh: .5pt solid windowtext; mso-border-insidev: .5pt solid windowtext; mso-padding-alt: 0cm 5.4pt 0cm 5.4pt; mso-yfti-tbllook: 480;">
<tbody>
<tr>
<td style="background: navy; border: solid windowtext 1.0pt; mso-border-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 23.4pt;" valign="top" width="31"><div align="center" class="MsoNormal" style="text-align: center;">
Sr</div>
</td>
<td style="background: navy; border-left: none; border: solid windowtext 1.0pt; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 147.0pt;" valign="top" width="196"><div align="center" class="MsoNormal" style="text-align: center;">
<span style="color: white;">Description</span></div>
</td>
<td style="background: navy; border-left: none; border: solid windowtext 1.0pt; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 85.2pt;" valign="top" width="114"><div align="center" class="MsoNormal" style="text-align: center;">
<span style="color: white;">Capex</span></div>
</td>
<td style="background: navy; border-left: none; border: solid windowtext 1.0pt; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 85.25pt;" valign="top" width="114"><div align="center" class="MsoNormal" style="text-align: center;">
<span style="color: white;">Opex</span></div>
</td>
<td style="background: navy; border-left: none; border: solid windowtext 1.0pt; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 85.25pt;" valign="top" width="114"><div align="center" class="MsoNormal" style="text-align: center;">
<span style="color: white;">Remarks</span></div>
</td>
</tr>
<tr>
<td rowspan="4" style="border-top: none; border: solid windowtext 1.0pt; mso-border-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 23.4pt;" valign="top" width="31"><div class="MsoNormal">
1</div>
</td>
<td colspan="4" style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 402.7pt;" valign="top" width="537"><div class="MsoNormal">
Year 1</div>
</td>
</tr>
<tr>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 147.0pt;" valign="top" width="196"><div class="MsoNormal">
Hardware (3 server)</div>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 85.2pt;" valign="top" width="114"><div align="right" class="MsoNormal" style="text-align: right;">
2,00,000</div>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 85.25pt;" valign="top" width="114"><div align="right" class="MsoNormal" style="text-align: right;">
50,000</div>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 85.25pt;" valign="top" width="114"><div align="right" class="MsoNormal" style="text-align: right;">
<br /></div>
</td>
</tr>
<tr>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 147.0pt;" valign="top" width="196"><div class="MsoNormal">
Product license for 100 users (100*5000)</div>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 85.2pt;" valign="top" width="114"><div align="right" class="MsoNormal" style="text-align: right;">
5,00,000</div>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 85.25pt;" valign="top" width="114"><div align="right" class="MsoNormal" style="text-align: right;">
-</div>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 85.25pt;" valign="top" width="114"><div align="right" class="MsoNormal" style="text-align: right;">
<br /></div>
</td>
</tr>
<tr>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 147.0pt;" valign="top" width="196"><div class="MsoNormal">
Installation </div>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 85.2pt;" valign="top" width="114"><div align="right" class="MsoNormal" style="text-align: right;">
1,00,000</div>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 85.25pt;" valign="top" width="114"><div align="right" class="MsoNormal" style="text-align: right;">
<br /></div>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 85.25pt;" valign="top" width="114"><div align="right" class="MsoNormal" style="text-align: right;">
<br /></div>
</td>
</tr>
<tr>
<td rowspan="2" style="border-top: none; border: solid windowtext 1.0pt; mso-border-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 23.4pt;" valign="top" width="31"><div class="MsoNormal">
2</div>
</td>
<td colspan="4" style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 402.7pt;" valign="top" width="537"><div class="MsoNormal">
Year 2</div>
</td>
</tr>
<tr>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 147.0pt;" valign="top" width="196"><div class="MsoNormal">
Yearly support</div>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 85.2pt;" valign="top" width="114"><div align="right" class="MsoNormal" style="text-align: right;">
<br /></div>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 85.25pt;" valign="top" width="114"><div align="right" class="MsoNormal" style="text-align: right;">
2,00,000</div>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 85.25pt;" valign="top" width="114"><div align="right" class="MsoNormal" style="text-align: right;">
<br /></div>
</td>
</tr>
<tr>
<td rowspan="2" style="border-top: none; border: solid windowtext 1.0pt; mso-border-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 23.4pt;" valign="top" width="31"><div class="MsoNormal">
3</div>
</td>
<td colspan="4" style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 402.7pt;" valign="top" width="537"><div class="MsoNormal">
Year 3</div>
</td>
</tr>
<tr>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 147.0pt;" valign="top" width="196"><div class="MsoNormal">
Yearly Support</div>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 85.2pt;" valign="top" width="114"><div align="right" class="MsoNormal" style="text-align: right;">
<br /></div>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 85.25pt;" valign="top" width="114"><div align="right" class="MsoNormal" style="text-align: right;">
2,00,000</div>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 85.25pt;" valign="top" width="114"><div align="right" class="MsoNormal" style="text-align: right;">
<br /></div>
</td>
</tr>
<tr>
<td colspan="2" style="background: navy; border-top: none; border: solid windowtext 1.0pt; mso-border-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 170.4pt;" valign="top" width="227"><div class="MsoNormal">
<span style="color: white;">Total</span></div>
</td>
<td style="background: navy; border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 85.2pt;" valign="top" width="114"><div align="right" class="MsoNormal" style="text-align: right;">
<span style="color: white;">8,00,000</span></div>
</td>
<td style="background: navy; border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 85.25pt;" valign="top" width="114"><div align="right" class="MsoNormal" style="text-align: right;">
<span style="color: white;">4,50,000</span></div>
</td>
<td style="background: navy; border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 85.25pt;" valign="top" width="114"><div align="right" class="MsoNormal" style="text-align: right;">
<br /></div>
</td>
</tr>
</tbody></table>
<div class="MsoNormal">
Capex: Capital expense, for betterment for business</div>
<div class="MsoNormal">
Opex: Operating expense, occurs every year</div>
<div class="MsoNormal">
Negotiate hard and make sure that you includes all including
training to IT team and users etc.</div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<b>Architecture <o:p></o:p></b></div>
<div class="MsoNormal">
<div style="text-align: justify;">
Prepare high level network architecture diagram. Identify
where product is going to seat in network, how data or request is going to flow,
understand relationship with other network components and analyze the impact.</div>
</div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
With this you are all most DONE with Pre POC preparation. </div>
<div class="MsoNormal">
I shall also share COMPLETE POC TEMPLATE IN XLS format in <b>"Post POC (Phase 3)"</b> blog.</div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
Hope this would be helpful to all.</div>
</div>
Anonymoushttp://www.blogger.com/profile/05680677994525987708noreply@blogger.com0tag:blogger.com,1999:blog-3864472962444267321.post-35339835154669633032015-05-09T10:44:00.001-07:002015-06-05T03:33:25.566-07:00Security Considerations while Procuring BYOD Solutions for Mobile Phone<div dir="ltr" style="text-align: left;" trbidi="on">
<div class="MsoNormal" style="text-align: justify;">
Bring Your Own Device (BYOD) is
the latest trend in many companies. Business requirements for Working from
Home, accessing E-mail 24*7, instant customer support etc are increasing and
future trend looks like this is continue to be increasing.</div>
<div class="MsoNormal" style="text-align: justify;">
<br /></div>
<div class="MsoNormal" style="text-align: justify;">
In early 2010, most companies
were using BlackBerry as company provided mobile phone device. Few months later
smartphone took over all most entire market of BlackBerry. Smartphone has made
life easy, user friendly and cost effective. Companies realized going cost of BlackBerry
server, user license, device cost and Service cost. From a security
perspective, BlackBerry is reasonably secured due to lots of security policy
options available on BlackBerry Server but too costly as compared to smartphone.</div>
<div class="MsoNormal" style="text-align: justify;">
<br /></div>
<div class="MsoNormal" style="text-align: justify;">
Further it is also a headache for
IT team to manage inventory of such mobile devices. There are other issues as
well e.g. finance to maintain book value, depreciation in device is lost or
stolen, IT team to maintain Asset Allocation Form, repair in case device is
faulty, coordination with vendor, follow purchase procedure etc. After all of these
headache and spending lots of money, business users are not satisfied due to
quality of company phone, restriction and controls over company provided phone.</div>
<div class="MsoNormal" style="text-align: justify;">
<br /></div>
<div class="MsoNormal" style="text-align: justify;">
Just to avoid these many hurdles
and cost saving, many companies have started allowing users to use their smartphone
device. However I have seen many
companies implemented BYOD policy without even thinking of “Information
Security Risk”.</div>
<div class="MsoNormal" style="text-align: justify;">
<br /></div>
<div class="MsoNormal" style="text-align: justify;">
<b>Risk Assessment (Without implementing any BYOD Security Solution)<o:p></o:p></b></div>
<table border="1" cellpadding="0" cellspacing="0" class="MsoTableGrid" style="border-collapse: collapse; border: none; mso-border-alt: solid windowtext .5pt; mso-border-insideh: .5pt solid windowtext; mso-border-insidev: .5pt solid windowtext; mso-padding-alt: 0cm 5.4pt 0cm 5.4pt; mso-yfti-tbllook: 480;">
<tbody>
<tr>
<td style="background: silver; border: solid windowtext 1.0pt; mso-border-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 86.4pt;" valign="top" width="115"><div class="MsoNormal" style="text-align: justify;">
<b>Threat<o:p></o:p></b></div>
</td>
<td style="background: silver; border-left: none; border: solid windowtext 1.0pt; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 164.5pt;" valign="top" width="219"><div class="MsoNormal" style="text-align: justify;">
<b>Vulnerability<o:p></o:p></b></div>
</td>
<td style="background: silver; border-left: none; border: solid windowtext 1.0pt; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 168.5pt;" valign="top" width="225"><div class="MsoNormal" style="text-align: justify;">
<b>Business Risk<o:p></o:p></b></div>
</td>
</tr>
<tr>
<td rowspan="4" style="border-top: none; border: solid windowtext 1.0pt; mso-border-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 86.4pt;" valign="top" width="115"><div class="MsoNormal" style="text-align: justify;">
Information Leakage through
BYOD</div>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 164.5pt;" valign="top" width="219"><div class="MsoNormal" style="text-align: justify;">
No segregation between
“Corporate Information” and “Personal Information”</div>
</td>
<td rowspan="4" style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 168.5pt;" valign="top" width="225"><div class="MsoNormal" style="text-align: justify;">
<span style="color: blue;">There
is risk of Information sharing</span> (Intentional or Unintentional) <span style="color: red;">with unauthorized person or competitor</span> due to <span style="color: #ff9900;">absent of security controls</span> over BYOD mobile; <b><span style="color: red;">this may lead to
loss of business / reputation.</span></b> </div>
</td>
</tr>
<tr>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 164.5pt;" valign="top" width="219"><div class="MsoNormal" style="text-align: justify;">
User can download any
attachments on BYOD phone memory card.</div>
</td>
</tr>
<tr>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 164.5pt;" valign="top" width="219"><div class="MsoNormal" style="text-align: justify;">
In case of user separation, IT
Team cannot delete files stored on personal memory card.</div>
</td>
</tr>
<tr>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 164.5pt;" valign="top" width="219"><div class="MsoNormal" style="text-align: justify;">
Single user can configure
company’s E-mail account on multiple mobile phone devices without IT/Security
Team’s knowledge.</div>
</td>
</tr>
</tbody></table>
<div class="MsoNormal" style="text-align: justify;">
<br /></div>
<div class="MsoNormal" style="text-align: justify;">
I hope above table is enough to
alert business stakeholders on information security assurance. No Firewall can
help to prevent Information Leakage if this is not taken care.</div>
<div class="MsoNormal" style="text-align: justify;">
<br /></div>
<div class="MsoNormal" style="text-align: justify;">
So many security companies have
developed BYOD security solution. It is important for the company’s security
officer to choose right solution to protect information. When we think of allowing
user owned device for official purpose, Follow MUST be taken care:</div>
<ol start="1" style="margin-top: 0cm;" type="1">
<li class="MsoNormal" style="mso-list: l1 level1 lfo1; tab-stops: list 36.0pt; text-align: justify;">Ensure company's information is protected on user owned
device</li>
<li class="MsoNormal" style="mso-list: l1 level1 lfo1; tab-stops: list 36.0pt; text-align: justify;">Ensure user’s privacy. At the end, its user’s
device, company has no rights to monitor what’s store on use’s mobile
phone.</li>
</ol>
<div class="MsoNormal" style="text-align: justify;">
<br /></div>
<div class="MsoNormal" style="text-align: justify;">
Most recognized BYOD Security
Solutions are providing THE MOST IMPORTANT SECURITY FEATURE CALL – SECURE
CONTAINER.</div>
<div class="MsoNormal" style="text-align: justify;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgX-48zdAcevvVCPFh5S5mMPOAW1-VLHOJOM159TG7PiXv28Di1-DoC1creZT37qutWS3miyccxKR_quQ0ObwGGBzK7Zvb62MJAnYRoW7CMgoZTxV1ANClKtILN4U0mg4UMbTsB1iBCFQ/s1600/BYOD.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="300" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgX-48zdAcevvVCPFh5S5mMPOAW1-VLHOJOM159TG7PiXv28Di1-DoC1creZT37qutWS3miyccxKR_quQ0ObwGGBzK7Zvb62MJAnYRoW7CMgoZTxV1ANClKtILN4U0mg4UMbTsB1iBCFQ/s400/BYOD.jpg" width="400" /></a></div>
<div align="center" class="MsoNormal" style="text-align: center;">
<br /></div>
<div class="MsoNormal" style="text-align: justify;">
<br /></div>
<div class="MsoNormal" style="text-align: justify;">
Such tool creates “Corporate
Space” within phone memory to segregate the company’s information and personal
information. User can access “Corporate Space” through BYOD client installed on
their device. The magic of this control is: “User cannot copy and paste any
information from “Corporate Space” to “Personal Space”.</div>
<div class="MsoNormal" style="text-align: justify;">
<br /></div>
<div class="MsoNormal" style="text-align: justify;">
Following are <b><span style="background: aqua; mso-highlight: aqua;">TOP 10 security controls</span></b> MUST be considered on your BYOD
security solution</div>
<div class="MsoNormal" style="text-align: justify;">
<br /></div>
<table border="1" cellpadding="0" cellspacing="0" class="MsoTableGrid" style="border-collapse: collapse; border: none; mso-border-alt: solid windowtext .5pt; mso-border-insideh: .5pt solid windowtext; mso-border-insidev: .5pt solid windowtext; mso-padding-alt: 0cm 5.4pt 0cm 5.4pt; mso-yfti-tbllook: 480;">
<tbody>
<tr>
<td style="border: solid windowtext 1.0pt; mso-border-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 23.4pt;" valign="top" width="31"><div class="MsoNormal" style="text-align: justify;">
<b>Sr<o:p></o:p></b></div>
</td>
<td style="border-left: none; border: solid windowtext 1.0pt; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 144.0pt;" valign="top" width="192"><div class="MsoNormal" style="text-align: justify;">
<b>Control<o:p></o:p></b></div>
</td>
<td style="border-left: none; border: solid windowtext 1.0pt; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 258.7pt;" valign="top" width="345"><div class="MsoNormal" style="text-align: justify;">
<b>Description<o:p></o:p></b></div>
</td>
</tr>
<tr>
<td style="border-top: none; border: solid windowtext 1.0pt; mso-border-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 23.4pt;" valign="top" width="31"><div class="MsoNormal" style="text-align: justify;">
1</div>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 144.0pt;" valign="top" width="192"><div class="MsoNormal" style="text-align: justify;">
Secure Container</div>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 258.7pt;" valign="top" width="345"><div class="MsoNormal" style="text-align: justify;">
As mentioned above. Please
don’t even do POC if solution does not provide secure container feature. All business E-mail attachments to store on corporate space only and not on personal space. Copy and paste should not be allowed from corporate space to personal space.</div>
</td>
</tr>
<tr>
<td style="border-top: none; border: solid windowtext 1.0pt; mso-border-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 23.4pt;" valign="top" width="31"><div class="MsoNormal" style="text-align: justify;">
2</div>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 144.0pt;" valign="top" width="192"><div class="MsoNormal" style="text-align: justify;">
Restrict screenshot</div>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 258.7pt;" valign="top" width="345"><div class="MsoNormal" style="text-align: justify;">
No screenshot on corporate
space</div>
</td>
</tr>
<tr>
<td style="border-top: none; border: solid windowtext 1.0pt; mso-border-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 23.4pt;" valign="top" width="31"><div class="MsoNormal" style="text-align: justify;">
3</div>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 144.0pt;" valign="top" width="192"><div class="MsoNormal" style="text-align: justify;">
Integrate with company’s
central authentication control</div>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 258.7pt;" valign="top" width="345"><div class="MsoNormal" style="text-align: justify;">
BYOD security solution should
be able to integrate with company’ AD to access E-mails. This feature reduce
IT team’s headache to maintain separate user management system.</div>
</td>
</tr>
<tr>
<td style="border-top: none; border: solid windowtext 1.0pt; mso-border-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 23.4pt;" valign="top" width="31"><div class="MsoNormal" style="text-align: justify;">
4</div>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 144.0pt;" valign="top" width="192"><div class="MsoNormal" style="text-align: justify;">
Remote wipe-out</div>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 258.7pt;" valign="top" width="345"><div class="MsoNormal" style="text-align: justify;">
In case of theft of stolen,
company’s IT team should be able to wipe out device remotely without
anybody’s intervention.</div>
</td>
</tr>
<tr>
<td style="border-top: none; border: solid windowtext 1.0pt; mso-border-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 23.4pt;" valign="top" width="31"><div class="MsoNormal" style="text-align: justify;">
5</div>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 144.0pt;" valign="top" width="192"><div class="MsoNormal" style="text-align: justify;">
Selective wipe-out</div>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 258.7pt;" valign="top" width="345"><div class="MsoNormal" style="text-align: justify;">
There should be option of
“Selective Wide-out” to wide only “Corporate Space”. No personal data should
be wiped out.</div>
</td>
</tr>
<tr>
<td style="border-top: none; border: solid windowtext 1.0pt; mso-border-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 23.4pt;" valign="top" width="31"><div class="MsoNormal" style="text-align: justify;">
6</div>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 144.0pt;" valign="top" width="192"><div class="MsoNormal" style="text-align: justify;">
Password Policy</div>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 258.7pt;" valign="top" width="345"><div class="MsoNormal" style="text-align: justify;">
Few BYOD Security solutions do
ask for “Password” while accessing corporate emails. This is separate from
phone lock password. </div>
</td>
</tr>
<tr>
<td style="border-top: none; border: solid windowtext 1.0pt; mso-border-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 23.4pt;" valign="top" width="31"><div class="MsoNormal" style="text-align: justify;">
7</div>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 144.0pt;" valign="top" width="192"><div class="MsoNormal" style="text-align: justify;">
Device Restriction</div>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 258.7pt;" valign="top" width="345"><div class="MsoNormal" style="text-align: justify;">
User should be restricted to
configure company’s email account only on ONE device. In case users attempts
to configure another device, BYOD security solutions should prevent and
through alert to security administrator.</div>
</td>
</tr>
<tr>
<td style="border-top: none; border: solid windowtext 1.0pt; mso-border-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 23.4pt;" valign="top" width="31"><div class="MsoNormal" style="text-align: justify;">
8</div>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 144.0pt;" valign="top" width="192"><div class="MsoNormal" style="text-align: justify;">
Audit Logs</div>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 258.7pt;" valign="top" width="345"><div class="MsoNormal" style="text-align: justify;">
Various logs:</div>
<ul style="margin-top: 0cm;" type="disc">
<li class="MsoNormal" style="mso-list: l0 level1 lfo2; tab-stops: list 36.0pt; text-align: justify;">Last sync Date and Time</li>
<li class="MsoNormal" style="mso-list: l0 level1 lfo2; tab-stops: list 36.0pt; text-align: justify;">Device details e.g. <st1:place w:st="on">Mobile</st1:place> no, IMIE etc</li>
<li class="MsoNormal" style="mso-list: l0 level1 lfo2; tab-stops: list 36.0pt; text-align: justify;">Activity logs</li>
<li class="MsoNormal" style="mso-list: l0 level1 lfo2; tab-stops: list 36.0pt; text-align: justify;">Security logs</li>
<li class="MsoNormal" style="mso-list: l0 level1 lfo2; tab-stops: list 36.0pt; text-align: justify;">User ID and E-mail ID</li>
</ul>
<div class="MsoNormal" style="text-align: justify;">
Also check of log retention,
access to logs, security of logs etc.</div>
</td>
</tr>
<tr>
<td style="border-top: none; border: solid windowtext 1.0pt; mso-border-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 23.4pt;" valign="top" width="31"><div class="MsoNormal" style="text-align: justify;">
9</div>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 144.0pt;" valign="top" width="192"><div class="MsoNormal" style="text-align: justify;">
Compatibility</div>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 258.7pt;" valign="top" width="345"><div class="MsoNormal" style="text-align: justify;">
Does your solution support IOS,
Android, and Windows Phone etc.</div>
</td>
</tr>
<tr>
<td style="border-top: none; border: solid windowtext 1.0pt; mso-border-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 23.4pt;" valign="top" width="31"><div class="MsoNormal" style="text-align: justify;">
10</div>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 144.0pt;" valign="top" width="192"><div class="MsoNormal" style="text-align: justify;">
User’s Private data</div>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 258.7pt;" valign="top" width="345"><div class="MsoNormal" style="text-align: justify;">
BYOD solutions should not
access user’s private space. Solution should respect user’s privacy</div>
</td>
</tr>
</tbody></table>
<div class="MsoNormal" style="text-align: justify;">
<br /></div>
<div class="MsoNormal" style="text-align: justify;">
Security checklist can be further
enhanced along with BYOD security solution vendor and security officer based on
need. Once solution is implemented, organization’s HR team rollout BYOD policy
with eligibility criteria, does and don’ts etc.</div>
<div class="MsoNormal" style="text-align: justify;">
<br /></div>
<div class="MsoNormal" style="text-align: justify;">
There are lots of BYOD security
solutions in market; generally CISO function should lead BYOD security solution
assessment.</div>
<div class="MsoNormal" style="text-align: justify;">
<br /></div>
<br />
<div class="MsoNormal" style="text-align: justify;">
Hope this would be useful…..</div>
</div>
Anonymoushttp://www.blogger.com/profile/05680677994525987708noreply@blogger.com0tag:blogger.com,1999:blog-3864472962444267321.post-41920436256920158012015-05-02T00:08:00.003-07:002015-05-08T01:12:14.013-07:00Business Information @ Risk @ Dropbox or Similar Personal Storage Sites<div dir="ltr" style="text-align: left;" trbidi="on">
<div class="MsoNormal" style="text-align: left;">
<div class="MsoNormal" style="text-align: justify;">
Dropbox… an amazing stuff came
into market some where around 2007. This has been into limelight for last three
to four years for its features like file storage, file sharing and file
collaboration, and mobility (access anywhere, anytime) features.</div>
</div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal" style="text-align: justify;">
In simple language, do anything
with you data anytime and anywhere. Wow. I have seen many companies have
started using this as a cost effective collaboration tool where multiple users
are working on same files. </div>
<div class="MsoNormal" style="text-align: justify;">
<br /></div>
<div class="MsoNormal" style="text-align: justify;">
<span style="color: blue;">One of
the MOST MOST user friendly feature is “Multi Platform Support”. This works on
Microsoft Windows, Mac OS
X, Linux, Android, iOS, BlackBerry OS, Windows
Phone and web browsers”.<o:p></o:p></span></div>
<div class="MsoNormal">
<br /></div>
<div align="center" class="MsoNormal" style="text-align: center;">
<b>Every technology has its own BENEFITS and RISKS<o:p></o:p></b></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<b>Legal and Regulatory
Risk:<o:p></o:p></b></div>
<div class="MsoNormal" style="text-align: justify;">
Dropbox data center/ data storage
is located in some part of the world. If you are into financial industries or
BPO, KPO, IT/ITES-Services Company and dealing with customer/end user’s PII
(Personally Identifiable Information) or Sensitive PII (SPII), you could be in
danger risk if you are using Dropbox for business operation or process. Few
legal concerns could be:</div>
<div class="MsoNormal" style="text-align: justify;">
<br /></div>
<div class="MsoNormal" style="margin-left: 39.0pt; mso-list: l0 level1 lfo1; tab-stops: list 39.0pt; text-align: justify; text-indent: -18.0pt;">
<!--[if !supportLists]--><span style="font-family: Symbol; mso-bidi-font-family: Symbol; mso-fareast-font-family: Symbol;">·<span style="font-family: 'Times New Roman'; font-size: 7pt; font-stretch: normal;">
</span></span><!--[endif]-->Does your country’s law/regulation allow to
store citizen’s PII or SPII out side of country’s border?</div>
<div class="MsoNormal" style="margin-left: 39.0pt; mso-list: l0 level1 lfo1; tab-stops: list 39.0pt; text-align: justify; text-indent: -18.0pt;">
<!--[if !supportLists]--><span style="font-family: Symbol; mso-bidi-font-family: Symbol; mso-fareast-font-family: Symbol;">·<span style="font-family: 'Times New Roman'; font-size: 7pt; font-stretch: normal;">
</span></span><!--[endif]-->Have you communicated your customer – “Where
their PII or SPII is going to store” and “How it is going to be protected”?</div>
<div class="MsoNormal" style="margin-left: 39.0pt; mso-list: l0 level1 lfo1; tab-stops: list 39.0pt; text-align: justify; text-indent: -18.0pt;">
<br /></div>
<div class="MsoNormal" style="text-align: justify;">
You could be serious legal &
regulation implication if this is not taken care.</div>
<div class="MsoNormal" style="text-align: justify;">
<br /></div>
<div class="MsoNormal" style="text-align: justify;">
<b>Data Retention:<o:p></o:p></b></div>
<div class="MsoNormal" style="text-align: justify;">
Many People believes that “delete
means deleted permanently”, but people are forgetting the backup tapes where
data is lying for many years.</div>
<div class="MsoNormal" style="text-align: justify;">
<br /></div>
<div class="MsoNormal" style="text-align: justify;">
I am 100% sure all organization
has its own Data Retention policy based on the type of industry and legal and
regulatory requirements. The objective Data Retention Policy is to flush out
data (older / not required) from the environment completely. However I would
also like to see this from “Risk Mitigation” perspective as well. The moment
you have flushed out data, you have mitigated your organization’s risk from
<span style="color: #073763;">“Intentional / Unintentional Leakage of Information”</span>. No organization would be
happy if their data gets leaked (no matter whether 7 or 10 years old). At the
end, data could be PII or SPII or any customer’s report.</div>
<div class="MsoNormal" style="text-align: justify;">
<br /></div>
<div class="MsoNormal" style="text-align: justify;">
I have seen many business level
agreements where customer wants service provider to destroy data as soon as
engagement is over.</div>
<div class="MsoNormal" style="text-align: justify;">
<br /></div>
<div class="MsoNormal" style="text-align: justify;">
But case is very much different
with data stored on Dropbox, </div>
<div align="center" class="MsoNormal" style="text-align: center;">
<o:p> </o:p><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEibwe5Szv5LJvso4-PyKWmwR5u92Nrjs5CbkHdiaaMVh1GN8OcK-sE9v0hmWFIv0xPsqBfv3VyXq1Lm5dW8OxbQNRhRu8lvvHJU0t1bXCPGO_WpMVzMcEZL0BFtYhpDjgyXnE674kZuwQ/s1600/dropbox-screenshot.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="480" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEibwe5Szv5LJvso4-PyKWmwR5u92Nrjs5CbkHdiaaMVh1GN8OcK-sE9v0hmWFIv0xPsqBfv3VyXq1Lm5dW8OxbQNRhRu8lvvHJU0t1bXCPGO_WpMVzMcEZL0BFtYhpDjgyXnE674kZuwQ/s1600/dropbox-screenshot.jpg" width="640" /></a></div>
<div class="MsoNormal" style="text-align: justify;">
Have a look Retention Section:
this indicates Dropbox is not bounded to delete/destroy your customer’s data
even if your engagement is over with customer. So RISK here is your customer’s
data is still lying on Dropbox backup tapes. It further implies that they are bounded
only to follow their on “data retention policy”. This could lead to customer’s
dissatisfaction, reputation loss if data gets leaked from Dropbox server.</div>
<div class="MsoNormal">
<b>Accessibility:<o:p></o:p></b></div>
<div class="MsoNormal" style="text-align: justify;">
As I said the most most user
friendly feature. But to me this is most most serious “Business Information
Leakage Risk”. Dropbox is available in almost for every platform. You can
access Dropbox from any device. </div>
<div align="center" class="MsoNormal" style="text-align: center;">
<br /></div>
<div align="center" class="MsoNormal" style="text-align: center;">
“Internal Employees are the biggest threat to
the organization”</div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<span style="background: aqua; mso-highlight: aqua;">Let’s take
an example</span></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal" style="text-align: justify;">
A person call Bob is Sr
.Execution and managing multiple key customer accounts at XYZ Company. Company
has provided laptop and smart phone to Bob to work remotely. Due to global
business, company has decided to use Dropbox for file sharing and
collaboration. </div>
<div class="MsoNormal" style="text-align: justify;">
<br /></div>
<div class="MsoNormal" style="text-align: justify;">
One day Bob forgot to carry smart
phone (company provided) so he used his personal smart phone to Access
Company’s information stored on Dropbox. </div>
<div class="MsoNormal" style="text-align: justify;">
BIGGEST RISK is company’s
information has been downloaded on personal device without anybody’s knowledge
and without any traceability.</div>
<div class="MsoNormal" style="text-align: justify;">
<br /></div>
<div class="MsoNormal">
Now let’s assume a case where Bob is disgruntle employee. </div>
<div class="MsoNormal" style="text-align: justify;">
BIGGEST RISK could be Bob can
download all company’s information stored on Dropbox without anybody’s
knowledge and without any traceability. This is as good as theft of information
and this can be sold for misuse.</div>
<div class="MsoNormal" style="text-align: justify;">
<br /></div>
<div class="MsoNormal" style="text-align: justify;">
<b>User Management:<o:p></o:p></b></div>
<div class="MsoNormal" style="text-align: justify;">
Most of the companies have
central authentication server to grant and revoke accesses. If any person
leaves, you can simply disable or delete user ID from central authentication
server. </div>
<div class="MsoNormal" style="text-align: justify;">
<br /></div>
<div class="MsoNormal" style="text-align: justify;">
But with Dropbox this becomes
cumbersome. You have to manually delete or disable access. This method is
definitely prone to human error. If this is not followed, Bob would be enjoying
all access even after not being part of organization. Dropbox do have “Event”
features shows recent events but if user is only viewing information, I don’t
think any “Event” would be triggered.</div>
<div class="MsoNormal" style="text-align: justify;">
<br /></div>
<div class="MsoNormal" style="text-align: justify;">
<b><span style="font-size: 12pt;">Your organization’s Name on Dropbox’s website:</span></b><span style="font-size: 12pt;"><br clear="all" style="mso-special-character: line-break; page-break-before: always;" /></span></div>
<div class="MsoNormal" style="text-align: justify;">
<b><span style="font-size: 12pt;"><br /></span></b></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhDTzUHbCPlzAyRJQzneMwVmniLcIEo7Mv5DSuTXWrNSmsiSVnJ2JqLS5v2m4dpLDrvxlZLAGh69d_RK2PAJQa811k8LOAAm1I8obBaidMa92xckC8Lf4uX3W4s4UE1r4-XP0VM82M27A/s1600/db2-screenshot.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="480" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhDTzUHbCPlzAyRJQzneMwVmniLcIEo7Mv5DSuTXWrNSmsiSVnJ2JqLS5v2m4dpLDrvxlZLAGh69d_RK2PAJQa811k8LOAAm1I8obBaidMa92xckC8Lf4uX3W4s4UE1r4-XP0VM82M27A/s1600/db2-screenshot.jpg" width="640" /></a></div>
<div class="MsoNormal" style="text-align: center;">
<br /></div>
<div class="MsoNormal" style="text-align: justify;">
This is very clear. Not further explanation needed. But question arises is “Is this acceptable to your organization? What if
your customer’s comes know? How customer is going to react? What immediate response comes to your mind if your customer is react negatively? Just Think…. </div>
<div class="MsoNormal" style="text-align: justify;">
<o:p><br /></o:p></div>
<div class="MsoNormal" style="text-align: justify;">
As of now I could see these FOUR KEY RISKS, this risks are also applies to other site/services generally
we call personal storage category site.</div>
<div class="MsoNormal" style="text-align: justify;">
<br /></div>
<div class="MsoNormal" style="text-align: justify;">
If I have to use Dropbox, I shall
use only for sharing PUBLIC classified information. I shall NEVER EVER put my
personal contacts or personal information or any confidential information.</div>
<div class="MsoNormal" style="text-align: justify;">
<br /></div>
<div class="MsoNormal" style="text-align: justify;">
Hope this would be useful.....</div>
<br />
<div class="MsoNormal">
<br /></div>
</div>
Anonymoushttp://www.blogger.com/profile/05680677994525987708noreply@blogger.com0tag:blogger.com,1999:blog-3864472962444267321.post-15094664103096718882015-04-26T10:24:00.001-07:002015-04-27T04:39:34.908-07:00ISO/IEC 27001:2013 – A.6.1.5 Information security in Project Management<div dir="ltr" style="text-align: left;" trbidi="on">
<div class="MsoNormal" style="text-align: justify;">
<b>Information Security in Project
Management:</b> Information
security shall be addressed in project management regardless of the type of the
project.<o:p></o:p></div>
<div class="MsoNormal" style="text-align: justify;">
<br /></div>
<div class="MsoNormal" style="text-align: justify;">
<br /></div>
<div class="MsoNormal" style="text-align: justify;">
This is NEW control in 2013 version of ISO27001. However I have my own
perspective with respect to this control.<o:p></o:p></div>
<div class="MsoNormal" style="text-align: justify;">
<br /></div>
<div class="MsoNormal" style="text-align: justify;">
According to me ISO27001:2005 A.6.1.4 (Authorization process for
information processing facility) has been <span style="background: lime; mso-highlight: lime;">broaden</span> in ISO27001:2013 A.6.1.5 (Information
security in project management).<o:p></o:p></div>
<div class="MsoNormal" style="text-align: justify;">
<br /></div>
<table border="1" cellpadding="0" cellspacing="0" class="MsoTableGrid" style="border-collapse: collapse; border: none; mso-border-alt: solid windowtext .5pt; mso-border-insideh: .5pt solid windowtext; mso-border-insidev: .5pt solid windowtext; mso-padding-alt: 0cm 5.4pt 0cm 5.4pt; mso-yfti-tbllook: 480;">
<tbody>
<tr>
<td style="background: blue; border: solid windowtext 1.0pt; mso-border-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 213.05pt;" valign="top" width="284"><div align="center" class="MsoNormal" style="text-align: center;">
ISO/IEC 27001:2005<o:p></o:p></div>
</td>
<td style="background: blue; border-left: none; border: solid windowtext 1.0pt; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 213.05pt;" valign="top" width="284"><div align="center" class="MsoNormal" style="text-align: center;">
ISO/IEC 27001:2015<o:p></o:p></div>
</td>
</tr>
<tr>
<td style="border-top: none; border: solid windowtext 1.0pt; mso-border-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 213.05pt;" valign="top" width="284"><div class="MsoNormal" style="text-align: justify;">
A.6.1.4 Authorization process for information processing facility<o:p></o:p></div>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 213.05pt;" valign="top" width="284"><div class="MsoNormal" style="text-align: justify;">
A.6.1.5 Information security in project management<o:p></o:p></div>
</td>
</tr>
<tr>
<td style="border-top: none; border: solid windowtext 1.0pt; mso-border-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 213.05pt;" valign="top" width="284"><ul style="margin-top: 0cm;" type="disc">
<li class="MsoNormal" style="mso-list: l3 level1 lfo1; tab-stops: list 36.0pt; text-align: justify;">Limited
focus on end point devices e.g. desktop, laptop, personal or hand held
devices, software check etc<o:p></o:p></li>
<li class="MsoNormal" style="mso-list: l3 level1 lfo1; tab-stops: list 36.0pt; text-align: justify;">More
focused on authorization and less on end to end security <o:p></o:p></li>
</ul>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 213.05pt;" valign="top" width="284"><ul style="margin-top: 0cm;" type="disc">
<li class="MsoNormal" style="mso-list: l3 level1 lfo1; tab-stops: list 36.0pt; text-align: justify;">Broaden
focus from end point to end to end project implementation<o:p></o:p></li>
<li class="MsoNormal" style="mso-list: l3 level1 lfo1; tab-stops: list 36.0pt; text-align: justify;">Complete
focus on security.<o:p></o:p></li>
<li class="MsoNormal" style="mso-list: l3 level1 lfo1; tab-stops: list 36.0pt; text-align: justify;">Identify
and address RISKS as a part of project<o:p></o:p></li>
<li class="MsoNormal" style="mso-list: l3 level1 lfo1; tab-stops: list 36.0pt; text-align: justify;">Information
Security Risk Management for Project<o:p></o:p></li>
</ul>
</td>
</tr>
</tbody></table>
<div class="MsoNormal" style="text-align: justify;">
<br /></div>
<div class="MsoNormal" style="text-align: justify;">
While interacting with many people, I have observed common challenge
with respect to this control; the challenge is “How to implement this control”?
This has become challenge for many security organizations and professionals as
SCOPE has been widen from “End Point” to “Project Management”. <o:p></o:p></div>
<div class="MsoNormal" style="text-align: justify;">
<br /></div>
<div class="MsoNormal" style="text-align: justify;">
Let’s start breaking jargons:<o:p></o:p></div>
<ul style="margin-top: 0cm;" type="disc">
<li class="MsoNormal" style="mso-list: l1 level1 lfo2; tab-stops: list 36.0pt; text-align: justify;">Understand
what is “PROJECT” for your organization: if you ask me, simple examples
could be:<o:p></o:p></li>
<ul style="margin-top: 0cm;" type="circle">
<li class="MsoNormal" style="mso-list: l1 level2 lfo2; tab-stops: list 72.0pt; text-align: justify;">Implementation
of DLP, Anti-Virus, Firewall, BYOD or any technology solutions<o:p></o:p></li>
<li class="MsoNormal" style="mso-list: l1 level2 lfo2; tab-stops: list 72.0pt; text-align: justify;">Buying new
office location<o:p></o:p></li>
<li class="MsoNormal" style="mso-list: l1 level2 lfo2; tab-stops: list 72.0pt; text-align: justify;">Develop or
procure new business application<o:p></o:p></li>
<li class="MsoNormal" style="mso-list: l1 level2 lfo2; tab-stops: list 72.0pt; text-align: justify;">Adding a
new client or new process (depend upon size and complexity)<o:p></o:p></li>
</ul>
<li class="MsoNormal" style="mso-list: l1 level1 lfo2; tab-stops: list 36.0pt; text-align: justify;">Understand
the business & security purpose of the PROJECT: You cannot start the
project unless you know the Value (Benefits) project is going to
contribute to organization<o:p></o:p></li>
<li class="MsoNormal" style="mso-list: l1 level1 lfo2; tab-stops: list 36.0pt; text-align: justify;">Understand
end to end project flow from respective owner. This could be data flow
diagram, application architecture, network diagram, input-process-output
etc<o:p></o:p></li>
<div style="border-bottom: solid windowtext 1.5pt; border: none; margin-left: 18.0pt; margin-right: 0cm; mso-element: para-border-div; padding: 0cm 0cm 1.0pt 0cm;">
<br />
<li class="MsoNormal" style="border: none; margin-left: 18.0pt; mso-border-bottom-alt: solid windowtext 1.5pt; mso-list: l1 level1 lfo2; mso-padding-alt: 0cm 0cm 1.0pt 0cm; padding: 0cm; tab-stops: list 36.0pt; text-align: justify;">Define security baseline for a
particular project -> Complete the Project -> verify security
baseline (project risk management)<o:p></o:p></li>
</div>
<div class="MsoNormal" style="border: none; margin-left: 18.0pt; mso-border-bottom-alt: solid windowtext 1.5pt; mso-padding-alt: 0cm 0cm 1.0pt 0cm; padding: 0cm; text-align: justify;">
<br /></div>
</ul>
<div class="MsoNormal" style="margin-left: 18.0pt; text-align: justify;">
<br /></div>
<div class="MsoNormal" style="margin-left: 18.0pt; text-align: justify;">
I know this theory is very boring. Let’s <span style="background: lime; mso-highlight: lime;">take an example of “Implementation
of DLP”</span><o:p></o:p></div>
<div class="MsoNormal" style="margin-left: 18.0pt; text-align: justify;">
<br /></div>
<div class="MsoNormal" style="margin-left: 18.0pt; text-align: justify;">
<br /></div>
<div class="MsoNormal" style="margin-left: 18.0pt; text-align: justify;">
<b>Purpose:<o:p></o:p></b></div>
<ul style="margin-top: 0cm;" type="disc">
<li class="MsoNormal" style="margin-left: 54.0pt; mso-list: l0 level1 lfo3; tab-stops: list 36.0pt; text-align: justify;">Prevent organization’s IPR and customer’s information from
information leakage.<o:p></o:p></li>
</ul>
<div class="MsoNormal" style="margin-left: 18.0pt; text-align: justify;">
<b>Project
Understanding:<o:p></o:p></b></div>
<ul style="margin-top: 0cm;" type="disc">
<li class="MsoNormal" style="margin-left: 54.0pt; mso-list: l0 level1 lfo3; tab-stops: list 36.0pt; text-align: justify;">Organization has developed /
customized an internal application for processing customer’s information.
Protection of application source code and customer information is utmost
important</li>
<li class="MsoNormal" style="margin-left: 54.0pt; mso-list: l0 level1 lfo3; tab-stops: list 36.0pt; text-align: justify;">Customer sends input file through
FTP, project user downloads file from FTP and upload on application to
process. There are 50 users working on this project and has access to FTP
and application. Once processing is completed, project user sends and
output file back to customer through FTP.</li>
</ul>
<div class="MsoNormal" style="margin-left: 18.0pt; text-align: justify;">
<b>Proposed
Project Design<o:p></o:p></b></div>
<div align="center" class="MsoNormal" style="margin-left: 36.0pt; text-align: center;">
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiWtJ9XVjOltCgL6U_gpJ87-UK2BliIWvb8RdZIubtlXGSIUarSmgf-tSx_QDhSbo-H8xt5U559LPsGNAA2N35QZsNiqJ_qMv7ettdYDd9_ap4HvIgD9aYrKwZsVCRfVH-J7XUI9yMKTw/s1600/InfoSec-in-PM.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiWtJ9XVjOltCgL6U_gpJ87-UK2BliIWvb8RdZIubtlXGSIUarSmgf-tSx_QDhSbo-H8xt5U559LPsGNAA2N35QZsNiqJ_qMv7ettdYDd9_ap4HvIgD9aYrKwZsVCRfVH-J7XUI9yMKTw/s1600/InfoSec-in-PM.jpg" height="240" width="320" /></a></div>
<br /><!--[endif]--></div>
<div class="MsoNormal" style="margin-left: 36.0pt;">
<b><u>Security Baseline for DLP Project<o:p></o:p></u></b></div>
<div class="MsoNormal" style="margin-left: 72.0pt; mso-list: l4 level1 lfo4; tab-stops: list 54.0pt; text-indent: -18.0pt;">
<!--[if !supportLists]--><span style="font-family: Symbol; mso-bidi-font-family: Symbol; mso-fareast-font-family: Symbol;">·<span style="font-family: 'Times New Roman'; font-size: 7pt; font-stretch: normal;">
</span></span><!--[endif]-->Data stored on Code Repository shall not go out
of the organization (through any medium E-mail, FTP, internet, file upload etc)</div>
<div class="MsoNormal" style="margin-left: 72.0pt; mso-list: l4 level1 lfo4; tab-stops: list 54.0pt; text-indent: -18.0pt;">
<!--[if !supportLists]--><a href="https://www.blogger.com/blogger.g?blogID=3864472962444267321" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"></a><a href="https://www.blogger.com/blogger.g?blogID=3864472962444267321" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"></a><span style="font-family: Symbol; mso-bidi-font-family: Symbol; mso-fareast-font-family: Symbol;">·<span style="font-family: 'Times New Roman'; font-size: 7pt; font-stretch: normal;">
</span></span><!--[endif]-->Data stored on “File Server” -> Folder Name
“Prising” shall not go out of the organization</div>
<div class="MsoNormal" style="margin-left: 72.0pt; mso-list: l4 level1 lfo4; tab-stops: list 54.0pt; text-indent: -18.0pt;">
<!--[if !supportLists]--><span style="font-family: Symbol; mso-bidi-font-family: Symbol; mso-fareast-font-family: Symbol;">·<span style="font-family: 'Times New Roman'; font-size: 7pt; font-stretch: normal;">
</span></span><!--[endif]-->Any data stored on “DB and App Server” shall not
go out the organization.</div>
<div class="MsoNormal" style="margin-left: 72.0pt; mso-list: l4 level1 lfo4; tab-stops: list 54.0pt; text-indent: -18.0pt;">
<!--[if !supportLists]--><span style="font-family: Symbol; mso-bidi-font-family: Symbol; mso-fareast-font-family: Symbol;">·<span style="font-family: 'Times New Roman'; font-size: 7pt; font-stretch: normal;">
</span></span><!--[endif]-->User shall be able to send data with file
extension .xml only</div>
<div class="MsoNormal" style="margin-left: 72.0pt; mso-list: l4 level1 lfo4; tab-stops: list 54.0pt; text-indent: -18.0pt;">
<!--[if !supportLists]--><span style="font-family: Symbol; mso-bidi-font-family: Symbol; mso-fareast-font-family: Symbol;">·<span style="font-family: 'Times New Roman'; font-size: 7pt; font-stretch: normal;">
</span></span><!--[endif]-->Any attempt to information leakage shall be
logged in DLP server</div>
<div class="MsoNormal" style="margin-left: 72.0pt; mso-list: l4 level1 lfo4; tab-stops: list 54.0pt; text-indent: -18.0pt;">
<!--[if !supportLists]--><span style="font-family: Symbol; mso-bidi-font-family: Symbol; mso-fareast-font-family: Symbol;">·<span style="font-family: 'Times New Roman'; font-size: 7pt; font-stretch: normal;">
</span></span><!--[endif]-->Any attempt to Source code leakage shall be
alerted to management immediately through email or SMS</div>
<div class="MsoNormal" style="margin-left: 36.0pt;">
<span style="background: aqua; mso-highlight: aqua;">I have listed few baseline checks; this could be much more
in detail. This can be prepared with the help of product vendor and security
professionals. These checks are depending upon organization’s requirement.</span>
</div>
<div class="MsoNormal" style="margin-left: 36.0pt;">
<b><u>Verification of baseline<o:p></o:p></u></b></div>
<div class="MsoNormal" style="margin-left: 72.0pt; mso-list: l2 level1 lfo5; tab-stops: list 54.0pt; text-indent: -18.0pt;">
<!--[if !supportLists]--><span style="font-family: Symbol; mso-bidi-font-family: Symbol; mso-fareast-font-family: Symbol;">·<span style="font-family: 'Times New Roman'; font-size: 7pt; font-stretch: normal;">
</span></span><!--[endif]-->Security professional to verify the compliance
of each and every security baseline, in case there is any non compliance; same
shall be documented in risk management methodology.</div>
<div class="MsoNormal" style="margin-left: 54.0pt;">
For example in this example,
customer data (input and output file) can be leaked through FTP as FTP is
accessible from anywhere</div>
<br />
<div class="MsoNormal" style="margin-left: 18.0pt;">
<br /></div>
</div>
Anonymoushttp://www.blogger.com/profile/05680677994525987708noreply@blogger.com1tag:blogger.com,1999:blog-3864472962444267321.post-53063002865203465392015-04-17T20:59:00.001-07:002015-04-27T04:42:43.474-07:00Making Effective Information Security Policy<div dir="ltr" style="text-align: left;" trbidi="on">
<div align="center" class="MsoNormal" style="text-align: center;">
<br /></div>
<div class="MsoNormal" style="text-align: justify;">
I am working in Information Security for last 9 years; my general
observation is most of people do not like documentations because they are
thinking “Documentation is not their cup of tea and different skill sets are
required”. Many people are good in doing practical e.g. conducting information
security audit, verifying records, identifying new or unknown risks, technology
review audit etc.<o:p></o:p></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal" style="text-align: justify;">
To give you a perspective, in the field of information security,
Documentation skill will make you “End to End Professional”. In my view none of
the information security activities would start unless there is defined
information security policy. A documentation skill gives you an opportunity to
convert “Management Thinking” into “Line Item”.<o:p></o:p></div>
<div class="MsoNormal" style="text-align: justify;">
<br /></div>
<div class="MsoNormal" style="text-align: justify;">
I have listed key Information Security Policies and Key Considerations while designing IS policy.<o:p></o:p></div>
<ol start="1" style="margin-top: 0cm;" type="1">
<li class="MsoNormal" style="mso-list: l0 level1 lfo1; tab-stops: list 36.0pt; text-align: justify;">Information
Security Policy<o:p></o:p></li>
<ul style="margin-top: 0cm;" type="disc">
<li class="MsoNormal" style="mso-list: l0 level2 lfo1; tab-stops: list 72.0pt; text-align: justify;">Management’s
commitment towards information security<o:p></o:p></li>
</ul>
<li class="MsoNormal" style="mso-list: l0 level1 lfo1; tab-stops: list 36.0pt; text-align: justify;">Information
Security Risk Management<o:p></o:p></li>
<ul style="margin-top: 0cm;" type="disc">
<li class="MsoNormal" style="mso-list: l0 level2 lfo1; tab-stops: list 72.0pt; text-align: justify;">Define
objective and scope of risk management<o:p></o:p></li>
<li class="MsoNormal" style="mso-list: l0 level2 lfo1; tab-stops: list 72.0pt; text-align: justify;">How information
criticality shall be evaluated<o:p></o:p></li>
<li class="MsoNormal" style="mso-list: l0 level2 lfo1; tab-stops: list 72.0pt; text-align: justify;">What
parameters shall be identified to arrive at risk value e.g. threat,
likelihood, vulnerability etc<o:p></o:p></li>
<li class="MsoNormal" style="mso-list: l0 level2 lfo1; tab-stops: list 72.0pt; text-align: justify;">Define how
risk value shall be calculated<o:p></o:p></li>
<li class="MsoNormal" style="mso-list: l0 level2 lfo1; tab-stops: list 72.0pt; text-align: justify;">What is
acceptable level of risk value<o:p></o:p></li>
</ul>
<li class="MsoNormal" style="mso-list: l0 level1 lfo1; tab-stops: list 36.0pt; text-align: justify;">Information
classification <o:p></o:p></li>
<ul style="margin-top: 0cm;" type="disc">
<li class="MsoNormal" style="mso-list: l0 level2 lfo1; tab-stops: list 72.0pt; text-align: justify;">Define
information classification scheme e.g.<o:p></o:p></li>
</ul>
</ol>
<div class="MsoNormal" style="margin-left: 108.0pt; mso-list: l0 level3 lfo1; mso-text-indent-alt: -9.0pt; tab-stops: list 108.0pt; text-align: justify; text-indent: -108.0pt;">
<!--[if !supportLists]--><span style="font-size: 7pt; font-stretch: normal;">
</span>i.<span style="font-size: 7pt; font-stretch: normal;">
</span><!--[endif]-->Strictly
confidential<o:p></o:p></div>
<div class="MsoNormal" style="margin-left: 108.0pt; mso-list: l0 level3 lfo1; mso-text-indent-alt: -9.0pt; tab-stops: list 108.0pt; text-align: justify; text-indent: -108.0pt;">
<!--[if !supportLists]--><span style="font-size: 7pt; font-stretch: normal;">
</span>ii.<span style="font-size: 7pt; font-stretch: normal;">
</span><!--[endif]-->Confidential<o:p></o:p></div>
<div class="MsoNormal" style="margin-left: 108.0pt; mso-list: l0 level3 lfo1; mso-text-indent-alt: -9.0pt; tab-stops: list 108.0pt; text-align: justify; text-indent: -108.0pt;">
<!--[if !supportLists]--><span style="font-size: 7pt; font-stretch: normal;">
</span>iii.<span style="font-size: 7pt; font-stretch: normal;">
</span><!--[endif]-->Internal<o:p></o:p></div>
<div class="MsoNormal" style="margin-left: 108.0pt; mso-list: l0 level3 lfo1; mso-text-indent-alt: -9.0pt; tab-stops: list 108.0pt; text-align: justify; text-indent: -108.0pt;">
<!--[if !supportLists]--><span style="font-size: 7pt; font-stretch: normal;">
</span>iv.<span style="font-size: 7pt; font-stretch: normal;">
</span><!--[endif]-->Public<o:p></o:p></div>
<ol start="3" style="margin-top: 0cm;" type="1">
<ul style="margin-top: 0cm;" type="disc">
<li class="MsoNormal" style="mso-list: l0 level2 lfo1; tab-stops: list 72.0pt; text-align: justify;">Minimum
protection requirement for each information classification scheme<o:p></o:p></li>
<li class="MsoNormal" style="mso-list: l0 level2 lfo1; tab-stops: list 72.0pt; text-align: justify;">Users
awareness on information classification and protection requirement
(information handling requirements)<o:p></o:p></li>
<li class="MsoNormal" style="mso-list: l0 level2 lfo1; tab-stops: list 72.0pt; text-align: justify;">Information
labeling <o:p></o:p></li>
</ul>
<li class="MsoNormal" style="mso-list: l0 level1 lfo1; tab-stops: list 36.0pt; text-align: justify;">Organization
of Information Security <o:p></o:p></li>
<ul style="margin-top: 0cm;" type="disc">
<li class="MsoNormal" style="mso-list: l0 level2 lfo1; tab-stops: list 72.0pt; text-align: justify;">Setup
information security steering committee<o:p></o:p></li>
<li class="MsoNormal" style="mso-list: l0 level2 lfo1; tab-stops: list 72.0pt; text-align: justify;">Setup
InfoSec team<o:p></o:p></li>
<li class="MsoNormal" style="mso-list: l0 level2 lfo1; tab-stops: list 72.0pt; text-align: justify;">Define
roles and responsibility for steering committee and InfoSec team<o:p></o:p></li>
<li class="MsoNormal" style="mso-list: l0 level2 lfo1; tab-stops: list 72.0pt; text-align: justify;">Define
frequency and agenda for IS steering committee meeting<o:p></o:p></li>
</ul>
<li class="MsoNormal" style="mso-list: l0 level1 lfo1; tab-stops: list 36.0pt; text-align: justify;">Human
Resource <o:p></o:p></li>
<ul style="margin-top: 0cm;" type="disc">
<li class="MsoNormal" style="mso-list: l0 level2 lfo1; tab-stops: list 72.0pt; text-align: justify;">Background
check prior to joining<o:p></o:p></li>
<li class="MsoNormal" style="mso-list: l0 level2 lfo1; tab-stops: list 72.0pt; text-align: justify;">Communicate
and take acknowledgement towards IS roles and responsibility on first day
of joining<o:p></o:p></li>
<li class="MsoNormal" style="mso-list: l0 level2 lfo1; tab-stops: list 72.0pt; text-align: justify;">Periodic
information security refresher training<o:p></o:p></li>
<li class="MsoNormal" style="mso-list: l0 level2 lfo1; tab-stops: list 72.0pt; text-align: justify;">Sign
organization’s terms and conditions<o:p></o:p></li>
</ul>
<li class="MsoNormal" style="mso-list: l0 level1 lfo1; tab-stops: list 36.0pt; text-align: justify;">Information
backup<o:p></o:p></li>
<ul style="margin-top: 0cm;" type="disc">
<li class="MsoNormal" style="mso-list: l0 level2 lfo1; tab-stops: list 72.0pt; text-align: justify;">Prepare
backup plan which defines “What information to backup”, “Where to
backup”, “Frequency of backup” and information owner.<o:p></o:p></li>
<li class="MsoNormal" style="mso-list: l0 level2 lfo1; tab-stops: list 72.0pt; text-align: justify;">Offsite
backup requirement<o:p></o:p></li>
<li class="MsoNormal" style="mso-list: l0 level2 lfo1; tab-stops: list 72.0pt; text-align: justify;">Secure
transportation between primary site and offsite backup location<o:p></o:p></li>
<li class="MsoNormal" style="mso-list: l0 level2 lfo1; tab-stops: list 72.0pt; text-align: justify;">Encryption
<o:p></o:p></li>
<li class="MsoNormal" style="mso-list: l0 level2 lfo1; tab-stops: list 72.0pt; text-align: justify;">Backup
requirement reconciliation<o:p></o:p></li>
</ul>
<li class="MsoNormal" style="mso-list: l0 level1 lfo1; tab-stops: list 36.0pt; text-align: justify;">Change
Management<o:p></o:p></li>
<ul style="margin-top: 0cm;" type="disc">
<li class="MsoNormal" style="mso-list: l0 level2 lfo1; tab-stops: list 72.0pt; text-align: justify;">Define
what is change, types of changes<o:p></o:p></li>
<li class="MsoNormal" style="mso-list: l0 level2 lfo1; tab-stops: list 72.0pt; text-align: justify;">How to
raise change management request / change management template<o:p></o:p></li>
<li class="MsoNormal" style="mso-list: l0 level2 lfo1; tab-stops: list 72.0pt; text-align: justify;">Who should
approve change management request<o:p></o:p></li>
<li class="MsoNormal" style="mso-list: l0 level2 lfo1; tab-stops: list 72.0pt; text-align: justify;">Define
emergency change<o:p></o:p></li>
<li class="MsoNormal" style="mso-list: l0 level2 lfo1; tab-stops: list 72.0pt; text-align: justify;">Test the
changes<o:p></o:p></li>
<li class="MsoNormal" style="mso-list: l0 level2 lfo1; tab-stops: list 72.0pt; text-align: justify;">Communication
to relevant users about changes being done.<o:p></o:p></li>
</ul>
<li class="MsoNormal" style="mso-list: l0 level1 lfo1; tab-stops: list 36.0pt; text-align: justify;">Malicious
code Policy<o:p></o:p></li>
<ul style="margin-top: 0cm;" type="disc">
<li class="MsoNormal" style="mso-list: l0 level2 lfo1; tab-stops: list 72.0pt; text-align: justify;">Central
Anti-Virus solution<o:p></o:p></li>
<li class="MsoNormal" style="mso-list: l0 level2 lfo1; tab-stops: list 72.0pt; text-align: justify;">Install on
every desktops, laptops, servers, mobile devices<o:p></o:p></li>
<li class="MsoNormal" style="mso-list: l0 level2 lfo1; tab-stops: list 72.0pt; text-align: justify;">Regular
Anti-Virus signature updation<o:p></o:p></li>
<li class="MsoNormal" style="mso-list: l0 level2 lfo1; tab-stops: list 72.0pt; text-align: justify;">Weekly
Anti-Virus report to IT Team<o:p></o:p></li>
<li class="MsoNormal" style="mso-list: l0 level2 lfo1; tab-stops: list 72.0pt; text-align: justify;">Restrict
users to disable antivirus settings<o:p></o:p></li>
<li class="MsoNormal" style="mso-list: l0 level2 lfo1; tab-stops: list 72.0pt; text-align: justify;">Daily/weekly
full system scan for virus/malware<o:p></o:p></li>
<li class="MsoNormal" style="mso-list: l0 level2 lfo1; tab-stops: list 72.0pt; text-align: justify;">Disable
USB/CD/DVD drive<o:p></o:p></li>
<li class="MsoNormal" style="mso-list: l0 level2 lfo1; tab-stops: list 72.0pt; text-align: justify;">Scan third
party device before connecting to organization’s network<o:p></o:p></li>
</ul>
<li class="MsoNormal" style="mso-list: l0 level1 lfo1; tab-stops: list 36.0pt; text-align: justify;">Network
Security<o:p></o:p></li>
<ul style="margin-top: 0cm;" type="disc">
<li class="MsoNormal" style="mso-list: l0 level2 lfo1; tab-stops: list 72.0pt; text-align: justify;">Firewall between
internal and external word<o:p></o:p></li>
<li class="MsoNormal" style="mso-list: l0 level2 lfo1; tab-stops: list 72.0pt; text-align: justify;">Specific
ports open on firewall based on business requirements<o:p></o:p></li>
<li class="MsoNormal" style="mso-list: l0 level2 lfo1; tab-stops: list 72.0pt; text-align: justify;">Regular
firewall rulebase review<o:p></o:p></li>
<li class="MsoNormal" style="mso-list: l0 level2 lfo1; tab-stops: list 72.0pt; text-align: justify;">Change
management to follow to make any changes in firewall<o:p></o:p></li>
<li class="MsoNormal" style="mso-list: l0 level2 lfo1; tab-stops: list 72.0pt; text-align: justify;">Periodic
VAPT<o:p></o:p></li>
<li class="MsoNormal" style="mso-list: l0 level2 lfo1; tab-stops: list 72.0pt; text-align: justify;">Firewall
hardening to protect network from malicious attack/hacking<o:p></o:p></li>
<li class="MsoNormal" style="mso-list: l0 level2 lfo1; tab-stops: list 72.0pt; text-align: justify;">Regular
patching<o:p></o:p></li>
<li class="MsoNormal" style="mso-list: l0 level2 lfo1; tab-stops: list 72.0pt; text-align: justify;">Redudancy<o:p></o:p></li>
</ul>
<li class="MsoNormal" style="mso-list: l0 level1 lfo1; tab-stops: list 36.0pt; text-align: justify;">Server OS
Security Policy<o:p></o:p></li>
<ul style="margin-top: 0cm;" type="disc">
<li class="MsoNormal" style="mso-list: l0 level2 lfo1; tab-stops: list 72.0pt; text-align: justify;">Strong
authentication policy<o:p></o:p></li>
<li class="MsoNormal" style="mso-list: l0 level2 lfo1; tab-stops: list 72.0pt; text-align: justify;">Access
requirement e.g. who should have access to server<o:p></o:p></li>
<li class="MsoNormal" style="mso-list: l0 level2 lfo1; tab-stops: list 72.0pt; text-align: justify;">Server
hardening<o:p></o:p></li>
<li class="MsoNormal" style="mso-list: l0 level2 lfo1; tab-stops: list 72.0pt; text-align: justify;">Patch
management<o:p></o:p></li>
<li class="MsoNormal" style="mso-list: l0 level2 lfo1; tab-stops: list 72.0pt; text-align: justify;">High
availability requirement / redundancy<o:p></o:p></li>
</ul>
<li class="MsoNormal" style="mso-list: l0 level1 lfo1; tab-stops: list 36.0pt; text-align: justify;">Log
monitoring policy<o:p></o:p></li>
<ul style="margin-top: 0cm;" type="disc">
<li class="MsoNormal" style="mso-list: l0 level2 lfo1; tab-stops: list 72.0pt; text-align: justify;">Identify
critical servers to monitor<o:p></o:p></li>
<li class="MsoNormal" style="mso-list: l0 level2 lfo1; tab-stops: list 72.0pt; text-align: justify;">Configure
audit logs as per best industry practice<o:p></o:p></li>
<li class="MsoNormal" style="mso-list: l0 level2 lfo1; tab-stops: list 72.0pt; text-align: justify;">Implement
central log server which pull logs from all critical devices<o:p></o:p></li>
<li class="MsoNormal" style="mso-list: l0 level2 lfo1; tab-stops: list 72.0pt; text-align: justify;">Dedicated
log monitoring team<o:p></o:p></li>
<li class="MsoNormal" style="mso-list: l0 level2 lfo1; tab-stops: list 72.0pt; text-align: justify;">Read only
access to admin<o:p></o:p></li>
<li class="MsoNormal" style="mso-list: l0 level2 lfo1; tab-stops: list 72.0pt; text-align: justify;">Monitor
administrator’s log<o:p></o:p></li>
<li class="MsoNormal" style="mso-list: l0 level2 lfo1; tab-stops: list 72.0pt; text-align: justify;">Incident
management process<o:p></o:p></li>
</ul>
<li class="MsoNormal" style="mso-list: l0 level1 lfo1; tab-stops: list 36.0pt; text-align: justify;">Third party
/ service level policy<o:p></o:p></li>
<ul style="margin-top: 0cm;" type="disc">
<li class="MsoNormal" style="mso-list: l0 level2 lfo1; tab-stops: list 72.0pt; text-align: justify;">NDA and confidentiality
agreement with third party<o:p></o:p></li>
<li class="MsoNormal" style="mso-list: l0 level2 lfo1; tab-stops: list 72.0pt; text-align: justify;">Third
party’s capability and skill with respect to information security<o:p></o:p></li>
<li class="MsoNormal" style="mso-list: l0 level2 lfo1; tab-stops: list 72.0pt; text-align: justify;">Information
security benchmark<o:p></o:p></li>
<li class="MsoNormal" style="mso-list: l0 level2 lfo1; tab-stops: list 72.0pt; text-align: justify;">Right to
audit<o:p></o:p></li>
</ul>
<li class="MsoNormal" style="mso-list: l0 level1 lfo1; tab-stops: list 36.0pt; text-align: justify;">Physical
security<o:p></o:p></li>
<ul style="margin-top: 0cm;" type="disc">
<li class="MsoNormal" style="mso-list: l0 level2 lfo1; tab-stops: list 72.0pt; text-align: justify;">Physical
perimeter security<o:p></o:p></li>
<li class="MsoNormal" style="mso-list: l0 level2 lfo1; tab-stops: list 72.0pt; text-align: justify;">Access
control to facility and data center<o:p></o:p></li>
<li class="MsoNormal" style="mso-list: l0 level2 lfo1; tab-stops: list 72.0pt; text-align: justify;">Stuffiest
power supply with UPS and DGSet<o:p></o:p></li>
<li class="MsoNormal" style="mso-list: l0 level2 lfo1; tab-stops: list 72.0pt; text-align: justify;">Fire fight
equipments e.g. smoke detectors, fire extinguishers, water detectors,
water splinters, FM200 for data center etc<o:p></o:p></li>
<li class="MsoNormal" style="mso-list: l0 level2 lfo1; tab-stops: list 72.0pt; text-align: justify;">Regular
preventive maintenance for facility management equipments<o:p></o:p></li>
</ul>
<li class="MsoNormal" style="mso-list: l0 level1 lfo1; tab-stops: list 36.0pt; text-align: justify;"> Access control<o:p></o:p></li>
<ul style="margin-top: 0cm;" type="disc">
<li class="MsoNormal" style="mso-list: l0 level2 lfo1; tab-stops: list 72.0pt; text-align: justify;">How to
raise request for access<o:p></o:p></li>
<li class="MsoNormal" style="mso-list: l0 level2 lfo1; tab-stops: list 72.0pt; text-align: justify;">Approval
from information owner<o:p></o:p></li>
<li class="MsoNormal" style="mso-list: l0 level2 lfo1; tab-stops: list 72.0pt; text-align: justify;">Access
control matrix or levels <o:p></o:p></li>
<li class="MsoNormal" style="mso-list: l0 level2 lfo1; tab-stops: list 72.0pt; text-align: justify;">Regular
access reconciliation <o:p></o:p></li>
<li class="MsoNormal" style="mso-list: l0 level2 lfo1; tab-stops: list 72.0pt; text-align: justify;">Restrict
administrator to limited users<o:p></o:p></li>
</ul>
<li class="MsoNormal" style="mso-list: l0 level1 lfo1; tab-stops: list 36.0pt; text-align: justify;">business
continuity<o:p></o:p></li>
<ul style="margin-top: 0cm;" type="disc">
<li class="MsoNormal" style="mso-list: l0 level2 lfo1; tab-stops: list 72.0pt; text-align: justify;">business
impact analysis<o:p></o:p></li>
<li class="MsoNormal" style="mso-list: l0 level2 lfo1; tab-stops: list 72.0pt; text-align: justify;">RPO and
RTO<o:p></o:p></li>
<li class="MsoNormal" style="mso-list: l0 level2 lfo1; tab-stops: list 72.0pt; text-align: justify;">Critical
business requirement to be made available from DR<o:p></o:p></li>
<li class="MsoNormal" style="mso-list: l0 level2 lfo1; tab-stops: list 72.0pt; text-align: justify;">Periodic
DR Drill<o:p></o:p></li>
<li class="MsoNormal" style="mso-list: l0 level2 lfo1; tab-stops: list 72.0pt; text-align: justify;">Share
findings with IS steering committee<o:p></o:p></li>
</ul>
<li class="MsoNormal" style="mso-list: l0 level1 lfo1; tab-stops: list 36.0pt; text-align: justify;">Information
Security incident management<o:p></o:p></li>
<ul style="margin-top: 0cm;" type="disc">
<li class="MsoNormal" style="mso-list: l0 level2 lfo1; tab-stops: list 72.0pt; text-align: justify;">Define
what is incident<o:p></o:p></li>
<li class="MsoNormal" style="mso-list: l0 level2 lfo1; tab-stops: list 72.0pt; text-align: justify;">Create
awareness on “What is incident”<o:p></o:p></li>
<li class="MsoNormal" style="mso-list: l0 level2 lfo1; tab-stops: list 72.0pt; text-align: justify;">Incident
reporting channel<o:p></o:p></li>
<li class="MsoNormal" style="mso-list: l0 level2 lfo1; tab-stops: list 72.0pt; text-align: justify;">Who can
report incident (generally any uses should be able to report incident)<o:p></o:p></li>
<li class="MsoNormal" style="mso-list: l0 level2 lfo1; tab-stops: list 72.0pt; text-align: justify;">Maintain
privacy for users who has raised incident<o:p></o:p></li>
<li class="MsoNormal" style="mso-list: l0 level2 lfo1; tab-stops: list 72.0pt; text-align: justify;">Incident
analysis and gather evidence <o:p></o:p></li>
<li class="MsoNormal" style="mso-list: l0 level2 lfo1; tab-stops: list 72.0pt; text-align: justify;">Disciplinary
actions<o:p></o:p></li>
<li class="MsoNormal" style="mso-list: l0 level2 lfo1; tab-stops: list 72.0pt; text-align: justify;">Preserve
evidence and take corrective actions<o:p></o:p></li>
</ul>
</ol>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
Every organization
has unique requirement, adopt organization’s philosophy and key points
(mentioned above) to frame “Good information security policy statements”<o:p></o:p><br />
<br />
<span style="background-color: blue;"><span style="color: white;">Lets take an example from one of above key point.</span></span><br />
<br />
<b style="background-color: lime;">Policy Document:</b> Information Security Incident Management (Point no 15 Above)<br />
<br />
<b style="background-color: lime;">Key point</b>: Incident analysis and gather evidence<br />
<br /></div>
<div class="MsoNormal">
<a href="https://www.blogger.com/blogger.g?blogID=3864472962444267321" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"></a><a href="https://www.blogger.com/blogger.g?blogID=3864472962444267321" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"></a><span style="background-color: lime;"><b>Lets make good statement</b> </span>which suites to organization's philosophy. See Below..<br />
<br /></div>
<div class="MsoNormal">
<b><i><span style="color: #3366ff; mso-bidi-font-size: 10.0pt;">Organization’s information security team shall take the
ownership of incident analysis and shall gather the evidences towards reported
incident.</span></i></b><br />
<b><i><span style="color: #3366ff; mso-bidi-font-size: 10.0pt;"><br /></span></i></b>
<b><i>Keep below philosophy in mind while you are doing documentation:</i></b><br />
<div style="text-align: center;">
<b><i><span style="color: blue;">"Document what you DO" and then "DO what you have DOCUMENTED"</span></i></b></div>
</div>
<div class="MsoNormal">
<div style="text-align: center;">
<o:p></o:p><br /></div>
</div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
Hope this would be useful…..<o:p></o:p></div>
<br />
<div class="MsoNormal">
<br /></div>
</div>
Anonymoushttp://www.blogger.com/profile/05680677994525987708noreply@blogger.com0tag:blogger.com,1999:blog-3864472962444267321.post-90418318600475597352015-04-12T01:29:00.001-07:002015-04-12T02:12:21.424-07:00Effectiveness Measurement : Information Security<div dir="ltr" style="text-align: left;" trbidi="on">
<div class="MsoNormal" style="text-align: center;">
<b>Why Measurement of Information Security is so Important and challenging?</b></div>
<div class="MsoNormal" style="text-align: justify;">
<br /></div>
<div class="MsoNormal" style="text-align: justify;">
In today’s edge, businesses are going global across the world. In this
competitive environment, organizations are creating, collecting and receiving
lot of information through various channels such as analyzing social media,
research, survey, outsourcing business process to another country. Many
organizations are dealing with HUGE VOLUME OF INFORMATION rather I would say
SENSETIVE INFORMATION. <o:p></o:p></div>
<div class="MsoNormal" style="text-align: justify;">
<br /></div>
<div class="MsoNormal" style="text-align: justify;">
Today many organizations are investing huge amount to ensure
CONFIDENTIALITY, INTEGRITY and AVAILABILITY of such Information.<o:p></o:p></div>
<div class="MsoNormal" style="text-align: justify;">
<br /></div>
<div class="MsoNormal" style="text-align: justify;">
These investments could be in terms of:<o:p></o:p></div>
<ul style="margin-top: 0cm;" type="disc">
<li class="MsoNormal" style="mso-list: l0 level1 lfo1; tab-stops: list 36.0pt; text-align: justify;">Hiring
competent people<o:p></o:p></li>
<li class="MsoNormal" style="mso-list: l0 level1 lfo1; tab-stops: list 36.0pt; text-align: justify;">Establish
workflow terms of IT as well as INFORMATION SECURITY related processes<o:p></o:p></li>
<li class="MsoNormal" style="mso-list: l0 level1 lfo1; tab-stops: list 36.0pt; text-align: justify;">Procuring
secured technology<o:p></o:p></li>
<li class="MsoNormal" style="mso-list: l0 level1 lfo1; tab-stops: list 36.0pt; text-align: justify;">Third party
assurance on organization’s INFORMATION SECURITY practices<o:p></o:p></li>
<li class="MsoNormal" style="mso-list: l0 level1 lfo1; tab-stops: list 36.0pt; text-align: justify;">Spending
lot of time as INFORMATION SECURITY needs checks and balances<o:p></o:p></li>
</ul>
<div class="MsoNormal" style="text-align: justify;">
With such huge investment in INFORMATION SECURITY, board of directors
are more concerned about the effectiveness of implementation of INFORMATION
SECURITY practices to protect SENSITIVE INFORMATION. Such huge investment has
NO VALUE if there is no reasonable assurance on implemented practices from an
Independent IS Auditor.</div>
<div class="MsoNormal" style="text-align: justify;">
<o:p></o:p></div>
<div class="MsoNormal" style="text-align: justify;">
<br /></div>
<div class="MsoNormal" style="text-align: justify;">
Many organizations are now more concerned about the overall “Health of
Information Security Management System”. Board of directors are now taking
interest in reviewing IS audit findings and showing commitment towards
information security. Board of directors are expecting to see the quantities or
qualitative analysis with trend analysis.<o:p></o:p></div>
<div class="MsoNormal" style="text-align: justify;">
<br /></div>
<div class="MsoNormal" style="text-align: justify;">
For an organization’s Information Security Manager, this is becoming challenge
to measure the effectiveness of information security. Measurement of process is
now common requirement of many international standards such as
ISO/IEC27001:2013. Board of Directors might not understand the technicality of
information security controls, this creates further difficulties for an
Information Security Manages in terms of:<o:p></o:p></div>
<ul style="margin-top: 0cm;" type="disc">
<li class="MsoNormal" style="mso-list: l1 level1 lfo2; tab-stops: list 36.0pt; text-align: justify;">What to
present: board of directors might not understand all technical jargon.
these people are more interested in high level dash board which shows
overall analysis in few graphs or statistics.<o:p></o:p></li>
<li class="MsoNormal" style="mso-list: l1 level1 lfo2; tab-stops: list 36.0pt; text-align: justify;">How to
present: it would be so foolish to open complete word document or PDF or
complete VAPT technical report in front of management. Simple power point
presentation would work for them.<o:p></o:p></li>
<li class="MsoNormal" style="mso-list: l1 level1 lfo2; tab-stops: list 36.0pt; text-align: justify;">How much to
present: Finally you want board of directors to take key decisions.
According to approved measurement approach, you may only want to present
TOP 5 or TOP 10 key risks to prioritize risk treatment plan.<o:p></o:p></li>
</ul>
<div class="MsoNormal" style="text-align: justify;">
<br /></div>
<div class="MsoNormal" style="text-align: justify;">
In this entire measurement
exercises, information security manager has to play a vital role in defining:<o:p></o:p></div>
<ul style="margin-top: 0cm;" type="disc">
<li class="MsoNormal" style="mso-list: l2 level1 lfo3; tab-stops: list 36.0pt; text-align: justify;">Management’s
expectations in terms of “Health of Information Security Management
System”<o:p></o:p></li>
<li class="MsoNormal" style="mso-list: l2 level1 lfo3; tab-stops: list 36.0pt; text-align: justify;">Information
security control metrics<o:p></o:p></li>
<li class="MsoNormal" style="mso-list: l2 level1 lfo3; tab-stops: list 36.0pt; text-align: justify;">Identify
metrics owner<o:p></o:p></li>
<li class="MsoNormal" style="mso-list: l2 level1 lfo3; tab-stops: list 36.0pt; text-align: justify;">Define
measurement frequency<o:p></o:p></li>
<li class="MsoNormal" style="mso-list: l2 level1 lfo3; tab-stops: list 36.0pt; text-align: justify;">Create meaningful
dashboard for management<o:p></o:p></li>
<li class="MsoNormal" style="mso-list: l2 level1 lfo3; tab-stops: list 36.0pt; text-align: justify;">Trend
analysis<o:p></o:p></li>
</ul>
<div class="MsoNormal" style="text-align: justify;">
Once implemented, over a period of 12 to 18 months, both information
security manager and board of directors would have reasonable understanding in
terms of information security control effectiveness and how these metrics are
adding value to their organization.</div>
<div class="MsoNormal" style="text-align: justify;">
<o:p></o:p></div>
<div class="MsoNormal" style="text-align: justify;">
<br /></div>
<div class="MsoNormal" style="text-align: justify;">
NOTE: if your organization is planning to implement information
security effectiveness measurement framework, reach out to me <a href="mailto:janakmajithiya@gmail.com">janakmajithiya@gmail.com</a> <o:p></o:p></div>
<br />
<div class="MsoNormal" style="text-align: justify;">
<br /></div>
</div>
Anonymoushttp://www.blogger.com/profile/05680677994525987708noreply@blogger.com0tag:blogger.com,1999:blog-3864472962444267321.post-37663067651802299352015-04-10T19:47:00.001-07:002015-04-12T02:12:50.150-07:00The Very Basic of Information Security Risk Management<div dir="ltr" style="text-align: left;" trbidi="on">
<h1 style="margin-left: 18.0pt; mso-list: l0 level1 lfo1; tab-stops: list 18.0pt; text-indent: -18.0pt;">
<br /></h1>
<div class="MsoNormal" style="text-align: justify;">
<span style="font-size: 10pt;">We
all talk about the word “<b><span style="color: #ff6600;">RISK</span></b>” every day during many discussions both
personally and professionally, with family and friends, with doctors and
lawyers, with builders and stock brokers and with all others.<o:p></o:p></span></div>
<div class="MsoNormal" style="text-align: justify;">
<br /></div>
<div class="MsoNormal" style="text-align: justify;">
<i><span style="font-size: 10pt;">Have we understood the word “<b><span style="color: #ff6600;">RISK</span></b>”?<o:p></o:p></span></i></div>
<div class="MsoNormal" style="text-align: justify;">
<b><i><span style="font-size: 10pt;">Reply:</span></i></b><i><span style="font-size: 10pt;"> I…. Think….
Yesss.<o:p></o:p></span></i></div>
<div class="MsoNormal" style="text-align: justify;">
<br /></div>
<div class="MsoNormal" style="text-align: justify;">
<b><span style="color: #ff6600; font-size: 10pt;">RISK</span></b><span style="font-size: 10pt;"> is integral part of <b><span style="color: blue;">EVERY ACTION</span></b> that we do in our <b><span style="color: #99cc00;">LIFE</span></b>.
Action could be anything, it could be walking on street, driving to office,
having dinner at five star restaurant, Buying any objects, switch to new job
etc. Every thing we do during a day is <b><span style="color: blue;">ACTION</span></b>.<o:p></o:p></span></div>
<div class="MsoNormal" style="text-align: justify;">
<br /></div>
<div class="MsoNormal" style="text-align: justify;">
<span style="font-size: 10pt;">There
is “</span><b style="font-size: 10pt;"><span style="color: #ff6600;">RISK</span></b><span style="font-size: 10pt;">”</span><b style="font-size: 10pt;"><span style="color: #ffcc00;"> OF </span></b><span style="color: #ffcc00;"><span style="font-size: 13.33px;"><b>ACCIDENT</b></span></span><span style="font-size: 10pt;"> while walking on street or driving a car. There is a “</span><b style="font-size: 10pt;"><span style="color: #ff6600;">RISK</span></b><span style="font-size: 10pt;">” </span><b style="font-size: 10pt;"><span style="color: #ffcc00;">OF THEFT/LOSS</span></b><span style="font-size: 10pt;"> while buying any
object. There is “</span><b style="font-size: 10pt;"><span style="color: #ff6600;">RISK</span></b><span style="font-size: 10pt;">” </span><b><span style="color: #ffcc00;"><span style="font-size: 10pt;">OF DISEASE/FOOD </span><span style="font-size: 13.33px;">POISONING</span><span style="font-size: 10pt;"> </span></span></b><span style="font-size: 10pt;">while having dinner
at restaurants.<o:p></o:p></span></div>
<div class="MsoNormal" style="text-align: justify;">
<br /></div>
<div class="MsoNormal" style="text-align: justify;">
<span style="font-size: 10pt;">From
an INFORMATION SECURITY context, there is “<b><span style="color: #ff6600;">RISK</span></b>” OF LOSS OF CUSTOMER in case security
requirements are violated by the organization. In fact, in today’s edge, this
is not only about <b><span style="color: #ffcc00;">LOSS OF CUSTOMER</span></b> but this may also come with
other bigger aspects like “<b><span style="color: #ff6600;">RISK</span></b>” <b><span style="color: #ffcc00;">OF LOSS OF REPUTATION</span></b> due to non compliance of
contract or legal or regulatory requirements. This could event became worst in
case of huge legal liability under legal & regulatory requirement and could
result into huge financial penalty and may lead to <span style="color: red;">“OUT
of BUSINESS”.<o:p></o:p></span></span></div>
<div class="MsoNormal" style="text-align: justify;">
<br /></div>
<div class="MsoNormal" style="text-align: justify;">
<i><span style="font-size: 10pt;">So tell me what is <b><span style="color: #ff6600;">RISK</span></b>?<o:p></o:p></span></i></div>
<div class="MsoNormal" style="text-align: justify;">
<b><span style="color: #ff6600; font-size: 10pt;">RISK</span></b><span style="font-size: 10pt;">” is a function of<i>
<b><span style="color: grey;">IMPACT</span><span style="color: #993366;"> </span>and<span style="color: #993366;"> LIKELIHOOD OF
OCCURRENCE</span><span style="color: grey;"> </span></b></i><o:p></o:p></span></div>
<div class="MsoNormal" style="text-align: justify;">
<br /></div>
<div class="MsoNormal" style="text-align: justify;">
<span style="font-size: 10pt;">Every</span><b style="font-size: 10pt;"><i><span style="color: grey;"> </span></i><span style="color: blue;">ACTION</span><i><span style="color: grey;"> </span></i></b><span style="font-size: 10pt;">has
</span><b style="font-size: 10pt;"><span style="color: #339966;">POSITIVE</span></b><span style="font-size: 10pt;">
or </span><b style="font-size: 10pt;"><span style="color: red;">NEGATIVE</span></b>
<b style="font-size: 10pt;"><i><span style="color: grey;">IMPACT</span></i></b><span style="font-size: 10pt;">. Since we are talking about</span><b style="font-size: 10pt;"><i><span style="color: grey;"> </span></i></b><span style="font-size: 10pt;">“</span><b style="font-size: 10pt;"><span style="color: #ff6600;">RISK</span></b><span style="font-size: 10pt;">”, let’s think of negative outcome of an </span><b style="font-size: 10pt;"><span style="color: blue;">ACTION. </span></b><span style="font-size: 10pt;">Think
of what worst could happen to BUSINESS. Think what could be the magnitude of </span><b style="font-size: 10pt;"><i><span style="color: grey;">IMPACT</span><span style="color: #993366;"> </span></i></b><span style="font-size: 10pt;">in
terms of </span><b><span style="color: #ffcc00;"><span style="font-size: 13.33px;">MONITORY</span><span style="font-size: 10pt;"> LOSS</span></span></b><span style="font-size: 10pt;"> or </span><b><span style="color: #ffcc00;"><span style="font-size: 13.33px;">REPUTATION</span><span style="font-size: 10pt;"> LOSS.</span></span></b><i style="font-size: 10pt;"><o:p></o:p></i></div>
<div class="MsoNormal" style="text-align: justify;">
<br /></div>
<div class="MsoNormal" style="text-align: justify;">
<span style="font-size: 10pt;">Unless
we consider the likelihood factor, Magnitude of<i> <b><span style="color: grey;">IMPACT
</span></b></i>shall always remains on<i> </i>HIGHER
side hence <i>this might not reflect
accurate RISK POSTURE.</i> Further without factoring likelihood of occurrence,
“COST-EFFECTIVE” risk treatment plan is difficult to arrive. <o:p></o:p></span></div>
<div class="MsoNormal" style="text-align: justify;">
<br /></div>
<div class="MsoNormal" style="text-align: justify;">
<i><span style="font-size: 10pt;">But I have already implemented controls
to reduce both <b><span style="color: grey;">IMPACT
</span></b>and<b><span style="color: grey;"> </span><span style="color: #993366;">LIKELIHOOD OF OCCURRENCE.<o:p></o:p></span></b></span></i></div>
<div class="MsoNormal" style="text-align: justify;">
<i><span style="font-size: 10pt;">Reply: Great. These controls are
implemented against <b><span style="color: red;">VULNERABILITIES</span></b>.<o:p></o:p></span></i></div>
<div class="MsoNormal" style="text-align: justify;">
<br /></div>
<div class="MsoNormal" style="text-align: justify;">
<b><span style="color: red; font-size: 10pt;">VULNERABILITY</span></b><span style="font-size: 10pt;"> is a weakness associated with Information System.
These could be “Improper Firewall Configuration”, “</span><span style="font-size: 13.33px;">Unsecured</span><span style="font-size: 10pt;"> Ports are OPEN”,
“No Periodic Review of Access Rules” etc. <o:p></o:p></span></div>
<h2 style="text-align: justify;">
<span style="font-size: 10pt; font-weight: normal;">IN MOST OF THE CASE, primary
reason of successful attack is existence of such </span><span style="color: red; font-size: 10pt;">VULNERABILITIES</span><span style="font-size: 10pt; font-weight: normal;"> or </span><span style="color: red; font-size: 10pt;">WEAKNESSES</span><span style="font-size: 10pt; font-weight: normal;">. <o:p></o:p></span></h2>
<div class="MsoNormal">
<i><span style="font-size: 10.0pt; mso-fareast-font-family: Batang;">Now, how would you
prevent such attack?</span></i></div>
<div class="MsoNormal">
<i><span style="font-size: 10.0pt; mso-fareast-font-family: Batang;">Response: work on
weaknesses.<o:p></o:p></span></i></div>
<div class="MsoNormal">
<i><span style="font-size: 10.0pt; mso-fareast-font-family: Batang;"><br /></span></i></div>
<div class="MsoNormal" style="text-align: justify;">
<span style="font-size: 10.0pt; mso-fareast-font-family: Batang;">In an ideal Information Security Risk
Management, RISK is measured after considering <b><span style="color: red;">existing VULNERABILITIES</span></b> and <b><span style="color: #99cc00;">existing
IMPLEMENTED CONTROLS.<o:p></o:p></span></b></span></div>
<div class="MsoNormal" style="text-align: justify;">
<br /></div>
<div class="MsoNormal" style="text-align: justify;">
<span style="font-size: 10.0pt; mso-fareast-font-family: Batang;">There are many Information Security Risk
Management methodologies available. An organization can choose best suitable
for them based on their requirements, level of complexity, capability to
perform risk management and organization structure. </span><span style="font-size: 10pt;"><o:p></o:p></span></div>
<br />
<div class="MsoNormal">
<br /></div>
</div>
Anonymoushttp://www.blogger.com/profile/05680677994525987708noreply@blogger.com6