Aardvarks to Zorillas - Anything goes

Was reading an interesting article, now that I have lost the link, I may not have it here, though I would fill that in once I get hands on it. This article was how the fingers knows what you are typing even though your eyes reading the content says you typed in wrong. This was done in a research that talks about how they introduced typos, some of the typos were introduced even when it was typed proper and some typos were corrected randomly. The conclusion of the study was that, the finger paused a second, when it typed fine, but the eyes looking at the screen, saying you got it wrong. The pause is because of the auto recognition of the fact by the fingers when you make a typo or that you are sure that you got the correspondence between the eyes and the fingers. Reading the article, made me wonder, have we not always remembered our passwords for different sites. Many a times I have had the opportunity to go to a website and even without thinking for a moment, the fingers go and hav

Am asked many a times , hey, we need to get ISO 27001 certified and then asked to make themselves compliant within a few weeks. I go through the long process of explaining the steps required and the terminology that is often used as part of the compliance exercise. In this ramble, I will try to capture the salient requirements as to what constitutes the process and the time lines generally applicable (I am generalizing here) to get compliant or to go for certification. Before taking it further, I will say this " YOU CANNOT GET ISO 27002 certified" ISO 27001 is the management standard that details on the processes - THE ISMS - and you certify against this standard. The Annexure to the standard details the controls that are recommended to achieve the objective. These are brief details as to the nature of controls required. However, a detailed version of the controls in the ISO 27001 annexure is found in ISO 27002. ISO 27002 can help the organization to achieve ISO 27001 certif

Many a times there are arguments about the best way to go ahead with a plan as to the contents of Policies, Standards and Procedures. The major factor in the successful roll out of such an exercise has been debated and is more cultural and is a product of the person at the helm. However, a good evolution has to have elements that are integral to the success of the endeavour. Let us look at some of the elements of a policy. The policy is at the highest level and is a statement of the intent from the top management, agreeing to have a clear direction as to the need to protect information assets. Enforcing the policies are the standards, these are directions to achieve the goals enunciated in the policies. Many a times , once the policies are derived, it is that much more difficult to evolve a set of standards in line with what is in vogue in the organization. This is because of the fact that there are processes that have been evolved ad hoc, addressing issues over time and have become