Just a Charla ..

‘Hi Linda, its long time since we had met..’
“Oh yeah, Tarun, it’s been quite a while ...So how are things on your side?”
‘Quite well, lot of new assignments and the heat is on.’
“That’s great, even I had a hectic schedule full of last month.. Ok Tarun , what’s hot in the Quality circuit..”
‘Everything is hot in Quality ...Recently ISO has released ISO 9000:2005, Quality management systems – Fundamentals and vocabulary.’
“Is it a new standard?”
‘No no ..its the updated version for the ISO 9000:2000 series vocabulary, which gives the descriptions of the fundamentals of quality management systems (QMS) .Now the standards, vocabulary has been enriched with new terms .Its just to bring in clarity among the community on what exactly certain key words in ISO 9001:2000 standards mean .’
“Ok..I also heard that a new standard for Information security is going to be released “
‘That’s true, the existing BS 7799-2:2002 has been relaunched as a new ISO 27001:2005 standard with few upgrades.’
“Oh.Its already released! What are the changes from the existing BS7799-2:2002 standard?”
‘Not much, the core sections remain the same. I have not really noted the changes yet. But it’s said it is more aligned toward other ISO standards – ISO 9001, ISO 14001.
“Will organizations have to get certified to ISO 27001:2005?”
‘Ya..From now on new certifications will be against ISO 27001:2005 and for organizations already certified to BS 7799-2:2002, there shall be a transition period ‘.
“Really everything looks hot in Quality. Everyday new things come up.”
‘Very true.You need to be constantly learning and upgrading your knowledge to keep on par with these changes…Ok tell me something why don’t I find many women in Information security area .Is it that women feel its too complex to handle netsystems,firewalls and LAN !’
“ Oh not really, we women handle more complex things than LAN – we handle MAN, a complex system which needs a lot more skill set than what it needs for managing your networks and firewalls …“
‘mm m that’s a good one..”
……
“It’s time .I am on my way to attend a seminar on BPM “
‘Business Process Management. That’s quite a substance in the business arena ‘
“Very much ..as a knowledge worker you need to be constantly learning and upgrading knowledge !!!.Ok Tarun , Catch up with you soon “
‘Oh sure. Take care ..’

Q FUNDA -001

ACROSS

1 Want to translate Customer needs to product specifications. Try this out (3)
5 Yes!!...got the vital few from trivial many.. Thanks to this tool (6)
7 One of the principles of ISO 9001:2000 means this. Together, lets find out (8)
8 Implementing ISO 9001, CMMi, BS7799 - nothing happens without this.. (8)
9 Business is on because of this King (8)
11 Continuous improvement is part of our culture. We do it the Japanese way (6)

DOWN

2 Want to find all possible ways of product failure. This technique may come handy (4)
3 'Chance causes, assignable causes.....'Oops..let me see the........... chart first (7)
4 Oh! Shop floor is a complete chaos.” Better find a place for everything and put everything in its place" .Get help from '5S' Inc.!(5)
6 No more detection failures .Lets do some mistake proofing (8)
10 ISO: ISO 9001:2000 :: __ : CMMi v1.1 (3)

For answers check out the Comments section!

Relax !!!

Prerequisite : Basic knowledge of Indian epic Ramayana

Security Management cues in Ramayana !

Not many had days passed since the grandiloquent inaugural ceremony, when Dasaratha , CEO of Ayodhya Inc unveiled the ambitious plans for its strategic startup, Ram Sita Interactive Technologies(RSIT ). When the CEO was sitting back and relaxing the prosperous growth of RSIT, things turned haywire . Political infighting had RSIT in troubled waters .

Due to pressure from various quarters, CEO was forced to demerge RSIT from its conglomerate .The key personnel in RSIT , Ram and Sita were asked to step out of Ayodhya Inc. They soon moved into a completely different business domain , full of trees and animals .They were bound by the separation agreement drafted by the Ayodha Inc, which stated the separation tenure to be 14 years . Lakshman, the trusted deputy of Ram, joined them in their pursuit .

Once they started of their operations , RSIT hardly realized the importance of Security Management system(SeMS) as they believed the individual prowess of Ram and Lakshman were good enough to tackle any attack from outsiders . However as time passed by , they were made to regret for their negligence over non implementation of a effective SeMS .

The Chief attacker , Ravan, of Lanka Pvt Ltd , had a clear goal in mind with his well crafted attack strategy . Ram , fell victim of identity theft , when Maricha masquerading his identity as a deer, grabbed Sita’s attention .As Ram set out to catch the deer , Ravan’s plan worked .Soon he had Lakshman parting away from Sita . When he moved in to abduct Sita , the effectiveness of Intrusion detection system , code named ‘Lakshman Rekha’ proved to be a shot in arm to Ravan .


But that did not deter Ravan , as he had his Plan B working for him. Being a virtuoso in social engineering attacks , he duped Sita , impersonating as a hermit . Once she had come out off the powerful line of defense protected by ‘Lakshman Rekha ‘Ravan had his task accomplished.
Jatayu came to Sita’s rescue but was overpowered by Ravan; however it had the tenacity and courage to report the security incident to Ram, Lakshman brothers.



It was disaster for RSIT, as the brand image of the company went for a toss. They were very badly in need of a Service provider who could take care of their SeMS and have them recover from the disaster.

Soon they found an effective Service provider in Vanara Sena (VS) headed by Sugriva. The mighty team had highly talented Hanuman in its line up. The two parties entered into an agreement -VS deciding to provide complete security solutions to RSIT and inturn wanted to utilize Ram’s skills to get rid of Vaali, business rivalry between Vaali and Sugriva being cited as reason.

Ram agreed to the ‘Terms and Conditions’ and the contract was signed. Sugriva donned the role of Security Officer and Hanuman was nominated as the Security Task force leader . A Security policy clearly spelling out the objectives of the alliance with RSIT was formulated . Other supporting policies were also put in place.

VS made a inventory of all its human assets and also entered into partnerships with smaller service providers in the VS community. They had their first taste of success when Hanuman traced the whereabouts of Sita in Lanka and made use of RXAP technique ( Ring Exchange Authentication protocol) for message authentication .

In due course, they also won over the support of Vibishan who provided them with critical information on Lanka Pvt.Ltd. Lakshman, however was opposed to the idea of Vibishan joining the RSIT-VS alliance; Ram was quick to react and pacified Lakshman, stating that, personnel screening was not required to verify the track record of Vibishan, as he felt Vibishan was a man of true conscience.. With their initial bout of success, VS-RSIT combine, drafted out their Disaster recovery plan.

The stage was set for the execution of Disaster recovery with all the critical resources drawn into fight the mighty force of the Lanka Pvt Ltd. The meticulous planning of the RSIT- VS combine brought them success and soon they had recovered from the awesome disaster .RSIT rolled back continuity in business to complete the 14 years tenure.

With RSIT, complying with its regulatory requirements of 14 years isolation from Ayodhya Inc., the time was ripe to merge the RSIT with its parent company. Everyone unanimously accepted the candidature of Ram for the post of CEO of Ayodhya Inc.
VS bagged the contract for maintaining the SeMS and Hanuman was dedicated as a full time resource to RSIT .

Ayodhya Inc was soon back into its profit making days, with the Confidentiality, Integrity and Availability of the organizational assets, protected by an effective security management system.

Information Security

Read article on 'Security in Software applications' published in http://www.securitydocs.com/library/3314