Friday, May 14, 2010

Advice to Govt. of India after the decision to develop their own version of OS & Software

Note: This advice is offered free with no obligations

The Indian government has set in motion an ambitious plan to develop its own software & operating systems after the spurt in cyber attacks on Indian establishments. I think this is a bad idea and being an Indian i thought of contributing.

The Problem is not with the OS or software, it is with the way IT is managed.

Indian government should look at addressing the management of IT; developing a OS (or software) is not the solution. I am sure existing players can do a better job because they have matured their processes over time and it is really a mammoth task.

If i were to address this problem, i would start with this to-do list:

  • Do a risk assessment and then develop a risk management system
  • Develop an security management system or adopt some existing system like ISMS
  • Create a security plan & include specific plans for departments/units
  • Develop security evangelists in government departments
  • Implement technical systems like standard hardening like US Fed's or have special a government build

Posted via email from Ramki's posterous

Thursday, May 13, 2010

Hacking "Time"

Who is not fascinated by traveling over time to future or past? this may be possible.

Reason: Time runs at different rates in different places in universe you just have to travel fast almost 186k miles/sec to endup in future

Good article from Stephen Hawking

Posted via email from Ramki's posterous

Sunday, January 24, 2010

Current high focus area for CISOs should be APT

These APTs has been getting lot of attention recently and reasons why CISOs should focus on this threat now are:

a)      These are essentially a type of targeted attack

b)      And if they miss they reload and fire again till they hit the target

c)       These are “Advanced” meaning  they use publicly available exploits as well as develop custom ones

Draw up action items like; more focus on log analysis and checking out the reason behind the traffic to that  xyz country IP(s) where your company has no business, more aggressive SPAM filtering, etc... And it helps to do things like network pruning and review of your IT policies & procedures

Posted via email from Ramki's posterous