Thursday, January 31, 2008

HARRY POTTER CONDEMNED!

Harry Potter the famous teenage wizard, penned by JK Rowling has drawn flak from Vatican newspapers. The character which became an unforeseen hit has now been criticised by none other than the Pope himself.


The official newspaper of the Vatican has condemned JK Rowling for promoting witchcraft and wizardry which could adversely affect children. The boy wonder has been dubbed as the ‘wrong kind of hero’.

The papers further criticize Rowling for portraying witchcraft as a positive ideal. It also criticizes the manner in which non magic folk referred to as ‘muggles’ in the book have been portrayed as people who know nothing other than bad and
wicked things.

Even the Pope has gone on to condemn Harry for giving children an unhealthy interest in Satanism. Inspite of the phenomenal response for the book from the children, the teenage wizard has his critics.

CRICKET: CLASH OF THE TITANS


In what is anticipated to be an edge of the seat thriller, the Indians take on the mighty OZs in the shortest format of the game. For once the OZs do not bear the weight of the ‘Champions’ tag. It rests solely with the Indians.

As the Indians look forward to establish their supremacy yet again, the absence of two of their best players is bound to hurt them. The flamboyant Yuvraj Singh will definitely be missed. Yuvi though not in the best of form in the series Down under could set the stage on fire in a single over as he showed in the game against England, Stuart Broad being the unfortunate victim. In the absence of Yuvi the team would be banking on Viru, the senior pro. Given his form of late, he could be a safe bet.

Adding to India’s woes is the absence of RP Singh, who played a vital role in the T20 World Cup. He provided the crucial breakthroughs and also maintained a tight leash on the scoring rate. Now the team may have to rely on the effervescent Sreesanth to deliver the goods when it matters most. But the Indians are still potential world beaters in this format of the game.

The aussies have their own share of miseries with the absence of Shaun Tait, and the injuries to Punter and Hayden. But whatever the team combination is, one can definitely expect Thunder down under. So fasten your seat belts and gear up for a run feast.

GET READY FOR ‘INDIRA LOGATHIL……….’


Comedian turned hero, Vadivelu is on cloud nine in anticipation of his new film ‘Indira logathil na azhagappan’ which is all set to hit the screens worldwide on Friday. This potential blockbuster is expected to enthrall the audience with rib tickling comedy leaving them in a fit of laughter.

After his successful stint, playing the lead role in ‘Imsai Arasan’ Vadivelu has been very choosy about his next movie as hero. The hype and hoopla surrounding the movie is solely due to the actor himself. The actor exposed his acting skills with his dual role in his previous hit ‘Imsai Arasan’. But in ‘Indira….’ He has a lot more on his hands as he dons 3 roles.

The fact that actress Shreya has stepped in for a peppy number has increased the expectations. Many fans feel that this could be 2 in a row of hits for the actor. ‘Vaigai Puyal’ Vadivelu is expected to release a hurricane at the box office.

Wednesday, January 30, 2008

ISHANT SHARMA – INDIAN MCGRATH?

A 19 year old announced his arrival into international cricket in a majestic manner. The Indian pace battery have never been able to boast of a racy pacer for long. But that is now history. Ishant sharma is one of the signs of the changing times.

The rookie pacer about 6’4” tall has proved his mettle in the just concluded series down under. His relatively frail physique is a camouflage for the immense skill within him. Here is a guy who clocks in the 140s regularly; a feat unparalleled by most former Indian pacers. His high arm action could trouble even the best in the business. It definitely gave ponting some worst nightmares.

The lanky pacer showed everyone what he is capable of when he produced a mesmerizing spell at the WACA in what was only his fourth test. His ability to bowl long spells is a testimonial to his fitness. A sharp bouncer is another weapon that he possesses.

In so short a career he has become a fearsome bowler and has earned praise from all quarters. If he continues in the same vein, punter may not be the last batsman having nightmares. So is Ishant India’s reply to the Pigeon or is it a bit premature to predict?

Anyway Indian cricket fans have yet another reason to celebrate.

Tuesday, January 29, 2008

Bhajji's - racist charge dropped

The second test between india and australia was full of controversy because of bad umpiring and charging bhajji for offensive behaviour. In that match there were 11 decisions against india and 1 against the aussies.
For the first time in his carrier bhaji was charged with level 3.3 offence for an alleged racial slur against andrew symonds.The indan team and the BCCI were unhappy with this judgement given by the ICC as it was one sided. The indian team decided to halt the tour down under if the ban was not lifted.

The BCCI-appointed lawyer for the off-spinner,Manohar said "The BCCI was firm on its stance that racism charges levelled against Harbhajan should be totally dropped. Had the charges stuck, they would have reflected badly on the BCCI and the nation at large"
The final verdict came today which was a great relief for millions of cricket fans as well as for the BCCI as Bhajji escaped with a relatively minor punishment.in which he was charged with 50% 0f the match fee, there was no ban on him.His past record had greatly healped him in releaving from this charge.This judgement will be a good lesson for racist-minded umpiries.

The great question which remains unanswered is
"WHAT WILL ICC DO WITH MATCH REFREE"



THE LEGEND OF THE YETI

The Yeti is a large ape like creature which is said to inhabit the Himalayan ranges. It is a Tibetan word which translates into “rock bear” in English. The Yeti is yet another of those legendary creatures whose existence is yet to be proved beyond doubts


It is described variously by various people. The most common description amounts to a hairy biped creature with big feet, almost identical to a human in shape.

The reports of the Yeti date as far back as the 1920s. Tombazi, a Greek photographer had spotted such a creature in the Himalayas and described it as a creature looking like a human walking upright. The footprints that he found were way larger than a human’s. the reports do not end there. Many more sightings were reported in the 20th century.

The so called rumours of the Yeti had become so popular that it began to feature in comic books and movies. The character called ‘Wampa’ in the movie ‘Star Wars‘ seem to be based on the Yeti. More recently a similar creature featured in the Walt Disney movie ‘Monsters Inc’. it also featured in the hit comic series the adventures of ‘Tintin’ ( Tintin in Tibet).

Is the Yeti a myth? A question that could remain unanswered for a long time.

Monday, January 28, 2008

SATELLITE RUNS AMUCK


Heads up! A US satellite has lost power and is currently plunging towards the Earth. It is expected to crash land in February. The satellite, of the size of a small bus, is estimated to be around 20000 pounds. Officials are not able to pinpoint the exact location where it might crash.

It is feared that there could be some hazardous material on board. Some anonymous reports say that the spacecraft could contain Hydrazine, a rocket fuel. It is a toxic chemical that could cause harm on contact with the skin.

John Pike, an intelligence expert feared that such a crash could result in the exposure of US secrets. Usually such satellites would be directed to the ocean so that no one can access it.This is not the first instance of such occurances. Earlier on 11th july 1979 the US space laboratory, Skylab plunged to the Earth and scattered debris over western Australia.

So can the satellite be destroyed ala Bruce Willis style (in the movie ‘Armageddon’)? No, says the Intelligence expert. Shooting it down with a missile would create a lot of debris that would hit the ground or burn up in the atmosphere.

So the next time when you spot something odd above your head don’t dismiss it as a bird or as Superman; it could be the runaway satellite. So be careful as to where you park your car!
.

Sehwag sizzles



Virender Sehwag who was struggling for his form for long time had made a good come back in the Border-Gavaskar trophy. He was the hero on the day 5 of the fouth and final test. while all the batsman struggled to make runs in the second innings. He smashed 151 runs which helped India draw the final test.


Finally the war between the India and Australia has come to the end. even though OZ has won the series 2-! and retained the Border-Gavaskar trophy. india has won the hearts of many people.

….AND THE ITALIAN STALLION WINS AGAIN

Sylvester Stallone! How long will this guy rule the box office? Here is an action hero with a Midas touch. A natural for the macho role, he gave life to two phenomenal characters. One, a boxer who surpasses all obstacles to become a champion and the other the legendary John Rambo. Immortal roles that would remain etched in the annals of filmdom forever.

Popularly known as the ‘Italian Stallion’, his first big break came with the release of ‘Rocky’ in the mid 1970s. The film was nominated for ten academy awards. His excellent portrayal of the underdog in the film fetched him a lot of fame. This led to the sequel in the form of ‘Rocky 2’, a runaway hit.

Then came the action adventure ‘First Blood’ which lead him to the peaks of fame. Even his critics started to praise his performance. It did not stop there. More hits followed with ‘Rambo 2’ ‘Rambo 3’, ‘Rocky 3’, and many more.

Just when one felt that the Stallion’s rampage has come to a halt, ‘Rambo 4’ hits the screens worldwide like a lightning in the clear sky. Nothing has changed. Fans still throng the multiplexes to watch their favourite star. Rambo, John Rambo. The Stallion has won yet again.

Keep jogging Stallion.

Sunday, January 27, 2008

SELECTION WOES

Selecting an Indian Cricket team is definitely one of the toughest jobs ever: a pain in the neck indeed. Every time a selection occurs the selectors draw flak from one part of the world or the other. So what is a selector expected to do? He has to concentrate on selecting a team for the future and has to do it in such a way that it does not affect the current bunch of players. Nowadays the problem of plenty has become a major issue; but a welcome issue indeed.


There are a number of youngsters putting their hands up and there are always the omnipresent seniors who seem to deliver at every opportunity that arises. So what should one go for? Youth over experience? A debatable issue which could go on for hours at end.
Is it fair to drop aged players even though they are in their prime? Should age be a criteria for selection? Haven’t the experienced players proven their value? Even a world beating side like Australia banks on experience. Take Matthew Hayden for instance. He is still one of the best ODI players ever to have graced the game.
Contradictingly isn’t it unjust to deny a performing youngster his share of opportunities. Some questions cannot be given justifiable answers.
So are experience and youth two sides of a coin? They most certainly are not. Fortunately the two entities can coexist. A good blend of experience and youth could be the need of the hour rather than banking completely on one side.
So were the selectors right in dropping tried and tested players for giving the freshers a run? It is for the reader to decide. A firm answer may not be possible unless of course if you have designed a time portal.

Global Warming

Global warming was turning as the most serious issue in the present world. It is the average increase in earth’s temperature resulting in an increase in the volume of water which contributes to sea-level rise .it also leads to the increased frequency and intensity of extreme weather events, such as floods,droughts,heat waves, hurricanes.

some other effect of global warming include higher or lower agricultural yields, glacier retreat and many more effects.Green house gases(carbon dipoxide)is the major cause for global warming .the amount of this gases released was increasing which will further worsen the situation.the same green house gases was the cause for ozone layer depletion.


At present the current ice sheets are Antarctic and Greenland; The Antarctic ice sheet is the largest single mass of ice on Earth.The Greenland ice sheet occupies about 82% of the surface of Greenland, and if melted would cause sea levels to rise by 7.2 metres.Estimated changes in the mass of Greenland's ice sheet suggest it is melting at a rate of about 239 cubic kilometres (57.3 cubic miles) per year.

Physical impacts:

  • Extreme weather
  • Increased evaporation
  • Glacier rethreat and disappearance
  • Sea level rise
  • Temperature rise
  • Acidification
  • Forest fire
  • Ecosystem imbalance

Global warming should be controlled. For this awareness should be spread among all kinds of people. some way of controlling global warming include afforestation,eco freindly vechile, minimizing the usage of fossil fuels,recycling, finally we should make our local government part of the solution.


A WARRIOR CALLS IT A DAY


Australian wicket keeper batsman ADAM GILCHRIST shocked the world by announcing his retirement. This comes out of the blue even as he very recently broke the world record for the most number of dismissals. ‘Gilly’ as he is more affectionately known has decided to quit on a high following McGrath and Warne. A man who was booed when he initially took over the mantle from Ian Healy, retires as a vastly respected player in the cricketing fraternity. He will always be remembered as a gentleman cricketer who walked even before the umpire raised his finger: a feat yet to be repeated by his team mates.

Gilchrist who changed the way the world looked upon wicket keepers said that “I have been fortunate to have had an amazing journey full of rich experiences”. Rich experiences indeed, considering his various records among which 100 sixes in tests and the most centuries by a wicket keeper stand out. He always played with passion and was always ready to congratulate and acknowledge other’s achievements. A sample was on view when he acknowledged Indian skipper Anil Kumble‘s feat of 600 wickets even when there was a bitter feeling between the two teams after Sydney.

Gilchrist who played a record number of test matches on the trot from his debut will definitely be missed by Australia and the entire world. Though he was denied a fairytale farewell in Adelaide one can expect him to hammer a few balls way out of the stadium in his own inimitable style, in what would be his last outing in the forthcoming triseries. Definitely a warrior to be saluted!

Saturday, January 26, 2008

The world's cheapest car

TATA NANO

Tata Motors has launched the world's cheapest car on Jan 10 2007. It costs Rs 1 lakh +VAT + transport as the customer price. This make’s millions of people to become car owner’s. it was named as “People's Car” by Ratan tata at the Auto Expo in New Delhi.

The car was also designed to meet all the crash requirements. Tata said , “The car meets the frontal crash norms that are required in India and have been designed to meet the offset and the side impact crash test that are presently required oversees. So in fact it will meet all the known crash requirements”.

It will be safer than a scooter. According to tata " what drove me -- a man on a two-wheeler with a child standing in front, his wife sitting behind, add to that the wet roads - a family in potential danger," the deluxe version of the car will have AC and the price will be little higher.


Some details of the car are included below:

Length: 3.1 metres

Height: 1.6 metres

Width: 1.5 metres

Engine: Rear-wheel drive, 2-cylinder, 623 cc, multi-point fuel-injection petrol engine

The car will have front disk and rear drum brakes and it gives mileage of 22 kmpl in city and 26

kmpl on highway.

Friday, January 25, 2008

LOCHNESS MONSTER A MYTH? OR TRUTH?

It is believed that the Earth was once inhabited by large monsters and dinosaurs. It is also widely believed that a comet had crash landed on the Earth destroying all those prehistoric animals. But has each and every one of those species become extinct?

A number of sightings of monsters have been reported. The most prominent of which is the LOCHNESS MONSTER affectionately referred to as the ‘Nessie’. There are various reports on sightings of the Nessie in the Lochness lake in Scotland.
Reports of this monster had begun from as early as the 7th century. The monster has been described by many as possessing a large body with a long neck, a small head and two flippers. Some photos have been taken in the past to prove its existence. But a few of them have been proved to be fake and some of them have been considered inconclusive and insufficient proof.


But inspite of a lot of investigations it has not been possible to prove the existence of such a monster. Scientists have tried to reason that it is not easy to judge the size of objects under water. They say that people could have misjudged some Otters or birds or some oddly shaped tree trunks as the Nessie.

Nevertheless there is a very wide spread belief about the existence of the Nessie.
Possibly in the future conclusive proofs may be obtained.

An Elevator to space?

Imagine a situation where one can explore space via lifts instead of rockets.

Believe it or not an age would arise when rockets would be a thing of the past.

Scientists are currently working on a project to connect the space to the earth through as simple an object as a lift. A cable would be anchored to the Earth's surface and another. weight would be attached at the other end of the cable beyond the geosynchronous orbit. An elevator would climb along the cable to the destination.


Imagine the effectiveness of such a project which would replace rocket propulsion and reduce environmental harm. Outer space which is now littered with rocket wastes would then be free of junk.
Is it feasible? Scientists feel so. The main cause for concern is the tether material.
Scientists are looking at carbon nano particles for the purpose.
So get ready for a trip to outer space on a lift.

BADSHAH OF BOLLYWOOD- KING OF KOLKATTA?


BOLLYWOOD STAR SHARUKH KHAN has treaded onto a new path in his life.
King khan who went places with his recent block busters OSO and CHAKDE INDIA has entered a never been seen before role in his off screen life. The ace actor is now the owner of the Kolkatta team in the BCCI's brain child THE INDIAN PREMIER LEAGUE. He has shed a whopping $75.09 million to bag his favourite team.

His passion for the game is obvious for everyone to see. Speaking to the press after his triumph at the bids he made it clear that he was there to support Cricket and not to promote it as critics would call it an act to promote his films. Cautious words indeed.

He also added that the whole idea was to nurture youngsters and give them more platform for playing cricket. He also expressed his hope that the prince of kolkatta would lead his side. A king and a prince; what more can kolkata ask for?

Will the king rock in his new role? Only time will tell.

Wednesday, January 23, 2008

iPhone

The iphone was introduced by Apple.by combinning mobile phone, a iPod with touch controls, and Internet communications device with desktop-class email, web browsing, searching and maps, into one small and lightweight handheld device.
Iphone was released in last year june.It allows us to make a call by simply pointing the finger at a name or number in your address booki


It's features include:
voice dialing
visual voicemail
safari web Browser
accelerometer





Manufacturer

Apple Inc.
Carrier

USA · AT&T Mobility
UK · O2
Germany · T-Mobile
France · Orange

Available

USA · June 29, 2007
UK · November 9, 2007
Germany · November 9, 2007
France · November 29, 2007

Screen

320×480 px, 3.5 in, color LCD
Camera

2.0 megapixel
Operating system

Mobile OS X (1.1.3)
Input

Multi-touch touchscreen
CPU

620 MHz ARM 1176[1]
Ringtone

iTunes Store via iTunes (U.S. only), custom creation using GarageBand 4.1.1[2]
Memory

Flash memory from 4 to 8 GB
Currently 8 GB

Networks

Quad band GSM
GPRS/EDGE
Data speeds up to 220 kbit/s

Connectivity

Dock connector
Headphone jack
USB
FireWire (charging only)
Wi-Fi (802.11b/g)
Bluetooth

Battery

Lithium-ion polymer battery[3]
Physical size

4.5×2.4×0.46 in
(115×61×11.6 mm)

Weight

4.8 oz (135 g)
Form factor

Candybar Smartphone
Media capabilities

iTunes Wi-Fi Music Store
iPod
H.264 (YouTube)

My New Year resolution





Tuesday, January 22, 2008

The ISO 27000 Newsletter

Covered in this issue are the following topics:

1) Obtaining the ISO 27001 and ISO 27002 Standards
2) Cell Phone / Mobile Phone Security
3) Trials and Tribulations of an Information Security Officer
4) More ISO 17799/27001 Frequently Asked Questions
5) Using COBIT: The Acquisition Process
6) Information Security News
7) ISO 27000: The World Wide Phenomenon
8) Business Continuity Management: Preparation and Risk
9) ISO 27001/2: Common Mistakes Part 1
10) Security Incident Response
11) ISO 27000 Related Definitions and Terms
12) It Couldn't Happen Here, Could It?

Appendix: Subscription Information


Obtaining ISO 27001 And ISO 27002
============ ========= ========= ===

The most frequent question we field is "Where can I obtain a copy of
the standard?" The standard itself is available from:

http://17799. cryptovb. com
This is the web site for the ISO 27000 Toolkit. This downloadable
package includes both ISO 27001 and ISO 27002, and was created to help
those taking the first steps towards addressing the standards. It
includes both parts of the standard, audit checklists, a roadmap, a
set of ISO compliant security policies, and a range of other items and
materials.

http://17799. standardsdirect. org
This is the BSI Online Shop, a vending site for downloadable copies of
the standards.

Cell Phone / Mobile Phone Security
============ ========= ========= ====

The wide scale use of cell / mobile phones for business purposes has
brought with it a raft of new risks and potential exposures. These
devices can not only store voice messages (information) , but text
messages, and often complex data, particularly with the advent of
internet browsable smartphones.

It is hardly surprising therefore that there has been a gradual
increase in the number of security breaches and consequential losses
resulting from phone theft or unauthorized phone access.

These issues are covered in a number of sections within ISO 27002.
These include Section 9.2.5 (Security of Equipment Off Premises) and
10.8.1 (Information Exchange Policies and Procedures). However, most
focus is applied within section 11.7.1: Mobile Computing and
Communication.

The general objective of this section states: "The protection required
should be commensurate with the risks these specific ways of working
cause. When using mobile computing the risks of working in an
unprotected environment should be considered and appropriate
protection applied."

The section offers specific guidance with respect to the physical
protection of the device itself, cryptography of the data held,
backups of the data/information, and of course virus protection
(particularly relevant to smart phones).

We would argue that awareness is also a major factor with respect to
phone security. This type of device can very easily be taken for
granted, and the security aspects overlooked. The following is perhaps
a start point for a list to include in an awareness campaign for your
employees:
- Do not openly display a cell/mobile phone: keep it out of sight in
a pocket or handbag
- Always use your phone's security lock code or pin number
- If possible, avoid using it in crowded areas
- Properly mark your phone with your zipcode/postcode
- If the phone is lost or stolen, report it straight away to the
police, your service provider, and your security officer
- Be aware of your surroundings and the people near to you
- Do not leave it unattended: keep it with you at all times
- Make a note of your phone's IMEI number

Now is an excellent time to review this section (11.7.1) with respect
to the Cell Phones / Mobile Phones within your own organization. Our
crystal ball tells us that losses due to security exposure in this
area are going to increase significantly over the coming months and
years. Hopefully, our subscribers will be sufficiently prepared to
avoid being one of the major victims.

Trials and Tribulations of a Part-Time Information Security Officer
(Part 1)
============ ========= ========= ========= ========= ========= ========= ========= =

A DIFFICULT DAY:
Thursday was certainly a challenging day. As the newly appointed
part-time Information Security Officer for Whithertech Associates I
now have responsibility for trying to hold together the Information
Security process. This is naturally in addition to all my normal duties.

On Friday I was a little late and was greeted in the corridor by my
Director shouting that our network was down and our website had been
hacked and defaced. He said I should get downstairs and help June to
sort it out and, by the way, I should make more effort to get to work
on time. I mumbled an apology and dashed off to see June, the acting
network administrator and webmaster, to try to find out what was
happening.

She was looking more than a little flustered when I arrived and said
that all hell seemed to be breaking loose. She had only been doing the
job for two weeks since our usual network administrator/ webmaster Jack
had gone off on long term sick leave, and although she understood most
the technical aspects of the job, a lot of it was still new to her.
Jack was good at controlling the network but never wrote anything
down, so there were few procedures to follow.

We decided that the network was the priority so we put up a temporary
holding page on the website and then got hold of the network logs and
started to work through them. It was a lengthy process as Wednesday
night included the month-end processing and there were literally
thousands of entries. With few written procedures to explain the
complexities of the coding it took over an hour to identify a couple
of unusual log events affecting the network access. It also took some
while to track down the cause, but with some additional technical
support, and to cut a long story short, it was eventually identified
that an IT operator who left the company last week had "allegedly"
left some malicious code in the network control system, which had
partially wiped out the network access directories. I went to advise
my Director that the network should be back up running shortly while
June called up the back-up access directories and restored them. I
left my director fuming, having told me to make sure we collected good
admissible evidence to support a possible legal case.

We then got on with sorting out the website problem. We had thought
that the website was pretty secure but someone had managed to place
some pretty heavy "Triple-X" links onto our "Welcome" page. The first
task was to change the passwords and get the website up and running
again, which we did from the back-ups that had now arrived from our
off-site storage. We then looked at the logs for the FTP server and
found that during the night the welcome page had been downloaded, the
additional content added, and then re-uploaded to the server.
Investigations into all this spurious activity are now ongoing
involving some of our auditing staff, but I have my own suspicions
that the same disgruntled IT operator may be involved.

Having lost most of Thursday on these incidents I needed to work
pretty late that night to catch up on my main job. I was also left
wondering if we could have managed the incidents better and got the
systems up and running more quickly than we did.

The main lessons I learned that day –
1) In future we must change all our passwords immediately when staff
with access permissions leave;
2) We need to consider purchasing some scanning software to help
detect malicious software and prevent it from causing future denial of
service incidents;
3) We must make sure we have MUCH better written procedures for
critical processes;
4) I will have to spend more time learning about my new duties from my
security manual; and finally,
5) I must go out and purchase a louder alarm clock before I end up
losing my job!

NOTE:
If any of the above sounds even remotely familiar.... you have work to
do! One resource which may greatly assist is the Information Security
Officer's Manual, which is designed to be a hands on reference for
anyone with any security responsibilities. For more information see:
http://www.security -manual.com

More ISO 17799/27001 Frequently Asked Questions
============ ========= ========= ========= ========

1) What is accreditation?
An accreditation body is an organization which grants third parties
the authority to issue 'certificates' (to certify) against standards.
This third party is the 'certification company', which actually
certifies against the standard. Examples include: BSI, SGS and SAI Global.

2) Why was ISO 17799 renamed to ISO 27002?
The rename was made with a view to ISO 27000 becoming a generic series
of standards related to information security (ISO 27001 was the first).

3) How should the organization' s information security REQUIREMENTS be
established?
ISO 27002 identifies 3 main sources:
- "Through risk assessment, threats to assets are identified,
vulnerability to and likelihood of occurrence is evaluated, and
potential impact is estimated"
- "The legal, statutory, regulatory and contractual requirements that
an organization, its trading partners, contractors and service
providers have to satisfy"
- "The particular set of principles, objectives and requirements for
information processing that an organization has developed to support
its operations".

4) Can I republish articles from the ISO27000 Newsletter (internally
or externally)?
Yes, subject to a link to our website (www.molemag. net).

5) Which controls are considered by the standard to be essential from
a legal perspective?
The following 3 areas of ISO 27002 are specifically highlighted in
this respect: data protection and privacy of personal information;
intellectual property rights; safeguarding of organizational records

6) What is ISO/IEC Guide 62?
This is intended for those bodies operating certification schemes,
rather than user organizations. It contains the general requirements
applicable to them.

7) What is FDIS?
Before ISO publish a standard it goes through a number of stages. FDIS
is one of these. The stages, in correct order, are:
NP: New Proposal (initial stage)
WD: Working Draft (development)
CD: Committee Draft (quality control)
FCD: Final Committee Draft (draft awaiting approval)
FDIS: Final Draft International Standard (almost ready)
IS: Published standard

Using COBIT: The Acquisition Process
============ ========= ========= ======

ISO 27001/2 are of course the major international standards for
information security. However, several wide spectrum governance
frameworks exist which compliment these, the most well known being
COBIT. This widely used framework provides comprehensive controls and
guidance covering each key stage of the IT process.

The supporting 'Control-IT COBIT Toolkit'
(http://citt. privacyresources .org) provides valuable implementation
support for the framework and simplifies the implementation process.
The following snapshot, which is based on the toolkit guidance, covers
the IT SYSTEM ACQUISITION PROCESS.

---
HIGH LEVEL POLICY FOR IT SYSTEM ACQUISITION
Procurement procedures in respect of the purchase, lease or rental of
all technology based products and services need to be developed.
Internal control procedures covering these processes are to be
developed and approved incorporating these requirements and providing
the means to verify that these procurement control policies are being
complied with on an ongoing basis.

The Key Performance Indicators are:
• Lower delays in meeting requests for new systems or IT equipment
• Higher percentage of procurement requests met on time
• Higher availability of comprehensive user and operations documentation

The Process Critical Success Factors are:
• Lower number of problems caused through poor acquisition procedures
• Lower cost of maintaining systems
• Lower cost of procuring systems

The IT Key Goal Indicator is:
• Higher level of business system owner satisfaction with systems and
equipment

The compliance level measurement criteria are as follows:
• NIL - No procedures exist to manage IT systems acquisition. The
only procedures available relate to general purchases or goods and
services
• POOR - Although the management is aware that IT systems acquisition
controls should be effectively controlled, there is no real
implementation of these ideals. There is very little integration or
liaison between business activities and systems acquisition
• INADEQUATE - There is recognition that IT systems acquisition
controls should be in place and some efforts have been made to
identify some basic level rules. The quality of the procedures remains
fairly poor
• BASIC - There is a defined process for controlling IT system
purchases but use of these procedures is inconsistent. Actual
procedural content lacks conformity with agreed standards and these
deficiencies are not addressed satisfactorily
• ACCEPTABLE - There is a reasonable degree of compliance with
approved IT system acquisition procedures and a defined framework for
review and approval. The approach covers all systems and
applications. Strategic management of the purchasing processes is
evolving and performance measurement and management is being
integrated into these processes
• FULL - A formalized and comprehensive process for purchasing new
systems and equipment is in place and is followed in all cases. The
organization has a high level of technical awareness and can relate
system acquisition requirements and system quality criteria to
improving business performance levels
---

Overall, the above outlines a robust, consistent, and proven framework
within which to operate a sound system acquisition process. It is a
very good example of the COBIT approach, in that it illustrates the
provision of measures and indicators, which are outside the scope of
ISO 27001/2.

NOTE: A previous issue of the ISO 27000 Newsletter provided a detailed
mapping between ISO 27002 and COBIT:

ISO 27002 Chapter No. 4 5 6 7 8 9 10 11 12 13 14 15
COBIT 4.0 DOMAINS
Plan and Organize (PO) L H L L H H H H L L M L
Acquire and implement (AI) H M M L M H L L L L L L
Deliver and support (DS) L H M H H L H M M M H M
Monitor and evaluate (ME) L M L M L L L L L L L L

Key to level of matching between COBIT 4.0 and ISO 17799:2005
H = Reasonably good match
M = Some matching
L = Low level or no matching

Information Security News
============ ========= ==

1) Lottery Scams Are Latest Spam Fad

According to Microsoft (http://www.microsof t.com), 50% of spam emails
are currently lottery scams (usually inviting the victim to claim
their "winnings" or similar). Surprisingly, their poll also revealed
that 16% of recipients actually opened them, indicating an almost
complete lack of security awareness.

2) University Fined For Security Breach

The University of California has agreed to pay the U.S. Department of
Energy a $2.8 million fine as a result of a security breach at its Los
Alamos National Laboratory. The fine stems from an incident in which a
subcontractor' s employee stole classified documents and stored others
on a USB drive in 2006.

3) Phishing Attack Increase

The Gartner (http://www.gartner. com) annual survey has revealed that
the number of people receiving phishing emails has more than doubled
in the last 3 years (now estimated to be 124 million per year).
Victims of phishing scams in the United States lost $3.2 billion
during a 12-month period ending in August.

4) Anti-botnet Charges

In the US, the FBI has announced that it has charged eight men with
using internet 'botnets' to perform fraud and to launch other
malicious attacks. The men are alleged to have profited by lifting
sensitive credentials off their victims' computers, releasing DDoS
attacks and leasing 'zombie computers' to other parties.

5) Vista Security Fixes

Microsoft has released a detailed list of more than 300 security
patches within the upcoming initial service pack (SP1) for its Windows
Vista operating system. The complete list of SP1 service pack items is
posted on Microsoft's website

6) Security Gap

Gap, the clothing retail outlet, have admitted that the unencrypted
Social Security numbers of 800,000 job applicants was stolen from a
third-party vendor. The vendor contacted law enforcement authorities
about the breach.

7) Software Piracy Settlement

Six US based companies have recently settle claims with the Business
Software Alliance (http://www.bsa. org) over use of unlicensed software
following self audits. The total settlement was for almost $700,000.

ISO 27000: The World Wide Phenomenon
============ ========= ========= ==

Our source list for recent purchases of the standards always proves to
be a popular talking point. The most recent thousand or two is as follows:

Argentina 7
Australia 29
Austria 8
Barbados 1
Belgium 14
Bermuda 1
Bosnia and Herzegovina 2
Brasil 24
Canada 139
Cayman Islands 1
Chile 5
China 22
Colombia 12
Costa Rica 1
Croatia 1
Cyprus 1
Denmark 15
Egypt 2
Estonia 1
France 14
Germany 67
Gibraltar 1
Greece 6
Hong Kong 19
Hungary 6
Iceland 1
India 48
Indonesia 7
Ireland 25
Israel 1
Italy 35
Jamaica 1
Japan 35
Jordan 1
Korea 4
Lebanon 1
Luxembourg 1
Malaysia 22
Malta 1
México 31
Netherlands 60
New Zealand 10
Norway 9
Panama 1
Peru 1
Philippines 10
Poland 15
Portugal 6
R.O.C. 1
Romania 3
Russia 15
Saudi Arabia 19
Singapore 24
Slovak Republic 1
Slovenia 1
South Africa 29
Spain 33
Sultanate of Oman 1
Sweden 19
Switzerland 69
Taiwan 3
Thailand 1
Tunisia 1
Turkey 12
UK 384
United Arab Emirates 16
USA 568
Venezuela 1

The usual health warnings apply: these are sales through an online
credit card facility, so those cultures that are less familiar with
this type of commerce will be under represented.

Business Continuity Management: Preparation and Risk
============ ========= ========= ========= ========= ====

ISO 27001 places a great deal of emphasis on implementing a business
continuity management regime (in fact it devotes a whole chapter to
this topic). The BCM objectives as defined within the standard are "to
counteract interruptions to business activities and to protect
processes from the effects of major failures of information systems or
disasters and to ensure timely resumption".

Usually, the better prepared you are, the more likely you will be to
meet this objective, and the more effective will be your recovery.
Unfortunately, many organizations do not properly embrace risk
assessment, and often start their business continuity project ill
prepared.

PREPARATION
It is important at the outset to have the full commitment of the Board
or Governing Body of the organization. Without this, problems
downstream are inevitable. An awareness campaign should follow, to
ensure that all staff are notified of that commitment.

The business continuity project can then be initiated (central to
which is the delivery of a business continuity plan). It is essential,
however, that this project is formal and structured.

Initial steps for the project itself will include defining scope, and
obtaining copies of all appropriate documents and information. A
formal risk assessment exercise must follow.

RISK ASSESSMENT
Initial emphasis on effective risk assessment will enable you to
predict different types of incidents with more accuracy. It will help
ensure that focus is applied to those areas to which it is most needed.

This aspect of BCM involves analyzing the business processes and
identifying vulnerabilities through risk assessment and probability
analysis. It includes the establishment of critical business
timeframes including recovery time objectives (RTO) and maximum
tolerable period of disruption (MTPD). The RTO will represent the
time interval between the incident occurring and the time when a
measurable negative impact will result on the business whereas the
MTPD will represent the time interval between the incident occurring
and the time when the impact from the incident will become extremely
serious for the business.

Following a detailed risk analysis of the business and its processes,
suitable levels of safeguards and controls should be implemented that
will protect the business processes and product delivery

It is important to understand that none of the above tasks can be
short cut. Proper planning and preparation may seem to be a burden,
but the pay back could well be the survival of the organization itself.

FURTHER INFORMATION
Fortunately, this is a well trodden path, and specialist portals like
the Disaster Recovery Planning Guide
(http://www.disaster -recovery- guide.com/ start.htm) provide sound
advice on how to take the initial steps described above.


ISO 27001/2: Common Mistakes Part 1
============ ========= ========= =====

David Watson was one of the earliest exponents of the standards, and
is one of the most well known industry figures. In this series of
articles for the ISO 27000 Newsletter he outlines some of the most
common errors and mistakes he has encountered over recent years:

RISK ASSESSMENT AND TREATMENT
Proper document control is often missing, not up to date or
inconsistent. It always amazes me how many people do not understand
how to use templates and styles in word processing packages;

Securing the boundaries of the scope and performing the risk
assessment on those assets defined within the scope is often a problem
area. Organizations often fail to look at the risks at the boundary of
the scope if they have offered a reduced scope (i.e. not the whole
organization, or stopping the scope at a boundary where a partner may
share a resource etc);

There is frequently a lack of traceability of the controls in the
Statement of Applicability (SoA) to the Risk Assessment and Treatment
Process (and back to the SoA);

Risk Assessments often just look at technical risks and forget that
the organization is a business with business risks;

Rarely do I see any formal acceptance of residual risk;

The SoA is often ill defined and diffiult to use. Typically this is
one of the main documents that the CB Auditor will work with during
the audit and it has to be clear, link to all the appropriate places
or documents, and be understandable;

Lack of management commitment is a serious problem. Only too often do
I hear that the barest minimum of staff have been put on the project
and these are not ring fenced so the project suffers resource leakage;

Sometimes the organization has no idea of how or what to expect. I
recently had a case of someone asking for a quote to roll out ISO
27001/2. I said I would `spec' it out for them after visiting them,
understanding their business and providing a full proposal. They
stated that they already had two proposals and just needed a third for
completeness. I asked if the others had visited and they said no, they
were local computer shops and had each quoted 5 days work and some
hardware to implement ISO 27002 on a scope of 200 self employed
associates, all using their own equipment with a common server and
network resources. The best thing about it was that it was to connect
to a UK government network. When I told them the Gap Analysis alone
could take that long, they said they were hoping for a fast
implementation and a half day seminar to implement the standard(s) was
suggested. As some (well actually most) of the associates could not
attend the half day – would that matter? I kid you not. I also guess
that they paid for their 5 days and that the IT Manager stated they
were compliant just so they could get connected.

COMMUNICATIONS AND OPERATIONS MANAGEMENT (Section 10)
There are often no standards and little or no documentation of the
Corporate Systems;

Rarely is there an effective and properly implemented change
management process. There are sometimes no formal change management
processes or records of change meetings available. Change management
meetings often have the wrong level staff attending, have whole
business areas that do not/will not get involved, and no minutes for
meetings to show changes successfully and unsuccessfully implemented;

There is often no management software for the network, or any form of
planning for the IT systems or capacity;

Rarely are Service Level Agreements in place and if they are they are
rarely monitored and used effectively. Sometimes the business has
unrealistic ideas of IT Service availability and the IT Department
cannot meet the requirements without serious investment, which the
business may not be willing to provide. This can lead to a breakdown
in relationships between business units and IT;

Often the Information Security Manager is not advised of new projects
or is so stretched that he cannot make the time to provide assistance;

I often find a backup process that does not provide full backup
integrity or recovery capability.

SECURITY POLICY (Section 5)
This can be an enormous can of worms, as policies are:
- Often missing (Some companies do not even have a set of policies!);
- Frequently out of date;
- Often unknown by staff especially third parties and most especially
IT Contractors and Consultants;
- Not enforced;

There are often no ecords to show who has received the policy with
supporting training, and there is rarely evidence of policy review.

Security Incident Response
============ ========= =====

Preparing to respond to security incidents and system malfunctions is
a key part of any security officer's duties. These potential incidents
should, of course, have been predicted through effective risk
assessment and probability analysis, and safeguards and controls
should have been put in place to reduce the impact of any such
incidents on the running of the business. However the unexpected will
always occur.

The following guidance is provided within ISO 27001:
• Advise relevant management and technical personnel about security
incidents promptly
• Identify and report security weaknesses or potential shortfalls to
appropriate security personnel
• Develop suitable procedures and responsibilities to ensure a fast
and orderly response to incidents.
• Maintain incident statistics and learn from an analysis of incident
causes and outcomes
• Collect admissible evidence where an incident may result in legal action

No matter how many safeguards and controls that you implement it is
almost inevitable that a disruptive incident will occur at some time.
It is then down to a matter of how well you cope with the emergency
and how well you manage the aftermath. This will depend upon either
your well prepared and documented incident response procedures or your
"seat of the pants" management skills, or perhaps more likely, some
combination of both. However, the objective is to minimize or limit
the damage from such incidents and to learn from the problem and
improve safeguards and controls to reduce the likelihood of further
occurrences.

Ironically, as with many key aspects of information security, this is
yet another issue for which a little planning and preparation can reap
enormous benefits when a worst case scenario occurs.

ISO 27000 Related Definitions and Terms
============ ========= ========= =========

In this edition of the ISO 27000 Newsletter we look at those
definitions and terms related to ISO 27001 and ISO 27002 that commence
with the letter "A".

Audit Trail
A record, or series of records, which allows the processing carried
out by a computer or clerical system to be accurately identified. It
can also allow verification of the authenticity of amendments,
including details of the users who created and authorized them.

Authentication
Authentication refers to the verification of the authenticity of
either a person or of data (e.g. a message may be authenticated to
have been originated by its claimed source). Authentication techniques
usually form the basis for all forms of access control to systems and
/ or data.

Authorization
The process whereby a person approves a specific event or action. In
companies with access right hierarchies it is important that audit
trails identify both the creator and the authorizer of new or amended
data. It is an unacceptably high risk situation for an individual to
have the power to create new entries and then to authorize those same
entries themselves.

Auto Dial-back
A security facility designed to ensure that `dial up' links to the
organization' s communications network may only be accessed from
approved/registered external communication links. The computer holds
a list/register of user IDs and passwords together with pre-assigned
communication contact numbers. When a remote call is received from
one of these users the computer checks that ID and password match and
then cuts off the connection and dials back to the `registered'
communication contact number held in the computer files. This system
works well with fixed locations such as remote branches but may be
inconvenient for staff who move around a lot. The drawbacks may be
overcome by using a mobile telephone (connected to a laptop computer)
as the registered dial-back - subject to the security requirements of
protecting such items against theft or eavesdropping.

Availability
Ensuring that information systems and the necessary data are available
for use when they are needed. Traditionally, computer systems were
made available for staff use by the IT department in the early
morning, and then closed down again by the IT staff before running
their `End of Day' routines. Availability was thus the poor relation
of Confidentiality and Integrity in security terms. However the
extension of the working day (for example because of trading with
different time zones) and the growth of 24x7 systems means that
availability has become a much more important element of Information
Security work.

It Couldn't Happen Here, Could It? True Stories:
============ ========= ========= ========= ========

1) User-Ids Count Too (True Story: case)

Organizations correctly stress the importance of password
confidentiality. They also urge users to choose sensible passwords,
which cannot be easily guessed.

Sometimes, however, this is not taken quite as seriously as it should
be. For example, selecting a password of March2008 may appear to be
adequate if a system only allows three invalid attempts (for instance)
before locking the account. Unfortunately, in the real world, security
exposure doesn't always work along such lines.

In one case, the format of an organization' s USER-ID's was discovered
by an external party. This was always six characters, comprising a
three character project-code followed immediately by the users
initials. He then attempted to logon using one common rotating
password (such as july2007) against a known project code (txy)
followed by every three character combination possible (txyaaa,
txyaab, txyaba, etc).

Because only one failed access attempt occurred against each user-id,
the attack was not noticed. He was thus able to continue until
eventually, over a period of time, he gained access. He then wreaked
havoc.

The moral of this story is two fold:
- password construct policies should be enforced rigorously
- user-ids are in fact company confidential data

2) Quotation Corner:

"He who laughs last has probably made a back-up".

"When you reach to the point at which you understand your computer,
it's probably obsolete."

"What is the difference between Windows and a virus? Viruses rarely
fail."

Sunday, January 20, 2008

gopu




web metrics

Saturday, January 19, 2008

India Wins

India Wins

The match between india and Australia in perth is one of the greatest match played in the cricket history.india beat austraila by 72 runs in the third test of the series. This victory has halted aussies from creating the world record of 17 Test wins in a row.This was the first loss to aussies since fourth Ashes match at Trent Bridge in August 2005.and this victory had broke out celebrations through out india.

India notched only its fifth victory in 36 Tests in Australia after entering the match as an 8-1 outsider and having threatened to return home over a racism ban handed to spin bowler Harbhajan Singh. The touring team can now tie the series 2-2 by winning the final Test in Adelaide

This victory was due to the overall effect of the Indian team. It has also marked the comeback of http://content-ind.cricinfo.com/inline/content/image/218072.htmlVirender Sehwag and Irfan Pathan.pathan performed so well that he was declared as the man of the match.he took 5 wkts and scored 74 runs. There was also good contribution from other players dravid 93, sachins 72 runs in the first innings, laxmans 79 odd runs in the second innings had helped india to set the target of 413 runs for aussies to win.

Anil Kumble’s captiency is anither important thing for india’s victory.
He has good motivation for the team. This match was very special for him as he took his 600 wkts. He his the third person who had taken 600 wkts after sharne warne and murali.

The result of the test match may marked the beginning of the end of the Australia dominance in cricket. Or the beginning of the indaian dominance