.......................

Every organization, risk auditor or analyst, security pro or individual may come up with a different definition of IT risks. While all definitions would most probably fit in the IT risks universe, it is very important that there is a common understanding and terminology within an organization. In fact, we find structures or better frameworks that help organizations manage IT risks.

Frameworks help organizations build an underlying structure that deals with the strategy, the tactical and the operational aspects of security and risks. No single framework is a perfect match and hence, a better approach would be to review a couple of frameworks such as, Cobit, ISO or ITIL and use parts where appropriate.  It is recommended to mix, match and personalize frameworks as to create your own structure. Common sense within a framework is necessary and will drive consistency.

Read more »

Every solution has its two sides of the coin. We come across various marketing techniques that somehow define cloud computing in relation to the services they provide! In order to jump on to the cloud bandwagon and attract customers, some companies advertise their services as cloud services when in fact these are not! Therefore, what is cloud computing? – We define cloud computing as anything that involves delivering hosted services over the Internet. Cloud services are categorized as, Infrastructure as a Service, Platform as a Service or Software as a Service (IaaS, PaaS, SaaS). While, the name cloud, is the symbol used to represent the Internet in various technical and non-technical drawings.

Read more »

One of the concerns of many people who consider performing online backups is the matter of security. You are uploading sensitive stuff to a foreign site. Can anyone from within read this stuff? And what if the site is hacked and white collar thieves living in some foreign country get hold of the data? What would happen?

One solution is to protect each and every document using a password. Many programs have such a capability built in.  For many one, two or three person organisations this solution could work; the people would password protect every file using a phrase that is shared amongst colleagues. As the number of employees increase, guaranteeing that everyone is obeying the rules makes this solution one that is too problematic. Besides certain file types cannot be password protected.

The script I am sharing is one that addresses this problem. It makes use of the commercial product WinRar to archive an entire directory (including subdirectories) into a RAR file. The RAR file name is user definable and is placed in a folder under C:\RSB. The RAR archive is password protected using a password passed to the script. The script is called rsb.cmd.

Read more »