Identity Management and Enterprise Single Sign-On (ESSO) - ppt download

Identity Management and Enterprise Single Sign-On (ESSO) - ppt download: Introduction Follows on from other related themes: Unified Operator Interface (UOI) Network Convergence Network Security and Domains Circles of Trust Federated Identities Security as a Service Location transparency Virtualisation

Let's Chennai!

India is diverse - from snowy Himalayas to serene coasts of Indian Ocean, and Chennai, name it the shore of majestic Marina or the vibrant window of Southern India, is one of the shinning gems that glitters on India's tip.

Looking at pictures of havoc caused by floods in Chennai had my memories of the city come alive, so this Sunday, over a shot of espresso, am putting my thoughts for you, Chennai. I have been seeing a lot of feeds on my social networking connections about people in Chennai and across the country lending hands and love for the charmingly chilly Chennai. This is India's strength. We stand together holding hands, when the need of hour be. 

I always see these moments to remind cities like Chennai of its strength and to look back and within to remind them of what they hold beneath them.  I have had the charm of living in various cities, and they happen to not let me see them as just mere cities but a living soul with a distinct culture and a story to inspire many souls. These cities are like those humans, who inspire us. Whether it's the never dying spirit of Mumbai which keeps growing strong, or the vibrant and cultured charm of Ahmedabad, that focuses on strategic evolution. Let's be honest, we fall in love with a city we tend to know more-and-more about, and as-and-when we happen to know them. 

My memories of Chennai are pleasant, may be of course I visited Chennai in winters and not sunny summers. In both my interaction with this majestic city, I realized it holds a warm, and a set of always helpful people beneath it. They are happy and jolly in living life the way they do. It's like straight being out of a 700 MM screen, where everything about it is normal, but a dream in our eyes to be larger than life. In fact, within my Tech Mahindra's tenure as well, and otherwise around Hinjewadi IT Park, I happen to meet people from Chennai and elsewhere, holding promises in eyes to be long lasting friends, and they just want you to know more about their culture and always eager to see do what your culture holds for them. That breaks the very stereo-type that Chennai souls hardly get interactively closer to the way others live. All you need to do with Chennai and its people is, shake a hand, give them a warm greeting and they open a box of happiness for you; this has been my experience.

Chennai has a glorious and uniquely inspirational history, just like any other majestic Indian city going as deep as 7th and 8th centuries. It has the distinct flavor from the ancient Indian culture ( Mahabalipuram temple or the morning sh​lokas that are very Sanskrit) , blend of Mughal and English savor (Triumph of Labour).

It gives a feeling of discomfort to see our cities being uprooted by calamities. So Chennai, you hold a lot within you, let's get back on the track of unlimited entertainment, beating the drum of sneering equatorial heat, thriving roads and pumping the life of many. You've made the look the wrath of 2004 tsunami and its aftermath look pity in front of your majestic charisma! One long Whsitle podu, and stand tall larger, bigger. Lets Chennai!​ 

Information Security - More about Implanting Practices Than Just Awareness & Training

With more and more data getting electronic, and with more and more data going on line, information security is becoming a vital discussion and area of concern for organizations, federal agencies, governments, even individuals.

Because of this, many organizations have been spending a certain amount of effort and time in conducting awareness training, and, coming up with ways to make people more aware with hoardings, sign boards and what not. This is done to take the best short-cut approach in making their most vulnerable asset for information security, their people, educate and realize the pros & cons, and to preach awareness about how responsible they should be.

But lets be honest to ourselves? Have we been successful? There are still cases I hear knowing organizations, colleagues, friends, acquaintances compromising their vital information and getting hooked, whether be their own personal credit cards, documents and what not!

I believe that a well presented training and awareness program does invoke thoughts about aspects of information security and realization of being secured, but it CANNOT ensure how the attendees may take that very invoked thought ahead and if they can really implement the thoughts in their lives, unless and until they happen to witness an incidence themselves!

Through this article, I am trying to open a thought process, where we think beyond just training and awareness campaigns, but infact implant the very practices in their people.

Everybody is aware about wearing a seat-belt while driving and helmet while riding, everybody is aware about the fact that smoking tobacco is injurious to health, everybody is aware about the benefits of having good food habits, exercising daily and waking up early. Awareness exist, but practices does not.

As health is important for people to think about, similarly, information security is equally important for organizations to maintain their competitive edge, confidentiality of their data, integrity of their organizational practices, and availability of resources and data as and when required.

By and large, following are the gaps with training and awareness programs:

• Training programs are not aligned with the risk assessment that has identified the potential risk areas to the business and organization;
• Success of majority of training programs are immeasurable;
• Majority of training programs are unrealistic and based on generic aspects i.e. they're not tailor-made;
• Focus is more on presentation, or as a periodic practice of just having a training program but not on what people want.

So what next?

Simple. Just three aspects:

1. Conduct risk assessment to identify risks;
2. Target behavior change;
3. Prepare a yearly timeline and set realistic targets;
4. Engage people personally.

Lets get realistic. Lets start putting efforts in the right direction, because you anyways are or you anyways will have to. Remember, precautions are always easier than corrections! The awareness has to be embedded in the most important and most vulnerable asset of the organization - human resource i.e. people, and at certain stages in some organizations, this has been.

For example, when was the last time, you changed the password of your LinkedIn, Facebook or Twitter account? That's because LinkedIn or Facebook doesn't prompt you to change passwords every 60 days! But, if you work in an organization, where the password is set to be changed in every 60 days, you will do it, and there's no other way out to avoid it. But again, every organization doesn't has this practice implemented or is been restricted to certain users; but they will always talk about securing their data and pass-coding their machines / workstations through passwords!

Tail-gating, phishing emails, malware attacks, you've been talking about it in your training, but no one takes it seriously. Implement practices to curb or catch hold of people to train them that they are doing it wrong.

For ex: create a dummy account, send an email which looks like a phishing mail, see how many open it. Call those people and then train them, that it is not the correct practice and they shouldn't be opening emails, make them aware about the real time incidents of how the accounts of even many CEOs, CTOs were compromised because of phishing emails and the consequences, ask them to report such emails to the network monitoring team (or whosoever can take care of these aspects in the organization). 

You see an unlocked workstation, click it and then tell the custodian that you were abut to send his resignation letter to his boss with a pinch of humor. 

I believe Information Security is one of the most discussed and challenging subjects for organizations, federal agencies, and governments, but at the same time it is one of the most easiest practice to secure the information, only if you follow the basics and the under-lying processes efficiently. The most basic fundamental about information security is the fact that it all depends on the custodian themselves to realize how vulnerable they're and it is them who must follow and embed culture around them to become immune to any InfoSec attacks! It is like snow and rains, which is targeting everything around you, but if you have the right gear, you will walk without feeling a pinch of it.