Threat intelligence in enterprises

A threat intelligence is a fairly new concept still evolving as product / service where the concept is to gather raw data about existing or emerging threats and threat actors from several sources, and then analyzes and filters that data to produce usable information in the form of management reports and data feeds for automated security control systems. Its primary purpose is to help organizations understand the risks of and better protect against major threats specifically zero-day threats. We can tune the service to deal with advanced persistent threats and exploits, especially those most likely to affect their specific environments.

Learning about relevant threats as soon as possible gives organizations the best chance to proactively block security holes and take other actions to prevent data losses, breaches or system failures.

Threat intelligence service models

Threat intelligence service companies like ITS, we are relative newcomers to this section of security industry, so there are still a lot of differences among the types of services each vendor delivers.

Some such services simply provide data feeds that have been cleansed of most false positives. The most common for-a-fee services provide aggregated and correlated data feeds (usually two or more), as well as customized alerts and warnings specific to a customer's risk landscape. Another type of threat intelligence service handles data aggregation and correlation; incorporates information automatically into security devices (firewalls, security information and event management, etc.); and provides industry-specific threat assessments and security consulting.

Many types of threat intelligence platforms are sold on a subscription basis, usually at two or three capability levels, and is delivered via a cloud platform. We at India Training Services offer managed services for delivery across on-premises systems. This comprises of training and a solution installed on cloud platform for the enterprise as one Threat Management solution.  

Threat intelligence platforms can dramatically improve the efficiency of security staff in proactively blocking security incidents, because subscription costs tend to run moderately high to very expensive, and because of the equipment needed for on-premises deployment, threat intelligence platforms are currently geared mainly toward larger midmarket organizations and enterprises. As the cloud continues to move down market, however, threat intelligence tools are bound to do likewise.

The history of threat intelligence

Threat intelligence solutions or platforms came into being mainly because of the plethora of data available, whether generated internally or acquired from external feeds, on current and emerging IT security threats. It takes considerable time, effort and expertise to sift through the data and transform it into information that's pertinent to an organization, however.

Security companies, such as Symantec, that make it their business to track threats and provide frequent updates to their antivirus products, have maintained global threat databases for years,  populated from software agents running on millions of client computers and other devices. Such data, along with feeds from other sources, is the foundation for the information provided by developed threat intelligence tools.

Understanding threat intelligence service data

Data from various threat intelligence sources differs in quality and structure, and must be validated. Validating data involves human and machine analysis for processing, sorting and interpreting.

Apparent threats are also correlated against the entire pool of threat data to identify patterns that indicate suspicious or malicious activity, and are also linked to technical indicators for categorization purposes. Finally, the data is converted into contextual information that provides insights about the tactics and behavior patterns of emerging or advanced threats and threat actors.

In the end, the threat information that's usable and actionable must be accurate, timely, relevant to the customer, align with the customer's security strategies and be easily incorporated into existing security systems.

Characteristic features of threat intelligence solutions

Now that we've understood the purposes and benefits of threat intelligence, let's look at the most common features found in these kinds of services.

• Data feeds: Many types of data feeds are available through threat intelligence platforms. Examples include IP addresses, malicious domains/URLs, phishing URLs, malware hashes and many more. A vendor's threat intelligence feeds should draw data from its own global database, as well as from open source data, information from industry groups and so on, to produce a pool of data that is both broad and deep.
• Alerts and reports: Most services provide real-time alerts, along with daily, weekly, monthly and quarterly threat reports. Intelligence may include information about specific types of malware, emerging threats, and threat actors and their motives.

Security analysts or IT security staff members are needed to manage data feed information. The data is either incorporated into proprietary equipment (typically from the same vendor that provides the feed), or the information may be available in standard file formats, such as XML, CSV, STIX or JSON, for use in a variety of security management tools and platforms.

Depending on the level of information in the data feeds, staff might need specialized or specific training from the vendor.

Some companies offer managed security services that offload most of the administrative burden associated with a proactive security approach. A managed service may include experts that provide threat intelligence reports, monitor an organization's assets 24/7 and provide threat mitigation and incident response.

The cost of threat intelligence platforms varies as much as the services themselves. Data feeds alone can cost thousands of dollars per month, and related expenses include the costs of maintaining a 24/7 security operations center staffed with technicians and analysts. By way of comparison, managed security services are typically tens of thousands of dollars per month, easily running into six or seven figures per year for larger environments.

As with most things in business, the least expensive services require more human time and effort on the customer side.

Because threat intelligence services vary widely, a key challenge in selecting such a service is knowing what the organization needs on what is the most critical information to maintain, how the information will be distributed / used and having the right staff in place to use that service appropriately.

There a large number of threat intelligence services out there, and they all deliver and collect data about emerging threats in different ways. Some are better at providing detailed global threat reports, while others are capable of drilling down and delivering reports to customers that are highly industry- or (even) company-specific. In addition, there are some services that better serve an organization with existing defense equipment, while others provide threat intelligence that's easily integrated into an organization's existing security controls -- no matter the equipment in place.

We deliver a range of training courses carefully designed to help people and organizations protect themselves against crippling data attacks. We can tailor a specific training module to meet your needs, or you can contact me at ravindrapande@gmail.com.

Also we have pre-developed modules on Threat Intelligence planning

·         Developer Security Training

·         QA Security Test Testing Training

·         Mobile Penetration Testing Training

·         Wireless Penetration Testing Training

·         Security Awareness Training

·         Web Application Penetration Testing Training

·         Infrastructure Penetration Testing Training

Visit us at www.indiatrainingservices.com

Smartness Progress IoT

Our smartphone is about to get smarter, thanks to artificial intelligence (AI) and machine learning (ML). And that has huge implications for enterprise support for mobility. We at India Training Services were analyzing the inherent risks & educate the enterprise as well as individuals to address security laps in such smart adoption. This is just a summery of our finding in last few months.

Enterprise mobility has long promised to allow workers to be productive wherever they are, to speed up business processes and to improve accuracy and efficiency by putting the most up-to-date data in the hands of workers in the field, says Kevin Burden, vice president of mobility research and data strategy at 451 Research. The addition of AI will help deliver on those promises.

The ways it will do that are multifaceted, with the effects seen in the areas of device management, user experience, security, applications and the very devices themselves. At the same time, new concerns about privacy are sure to arise as AI and ML become ever more efficient at gathering data points.

AI is going to mean new applications and even possibly new device types, primarily because AI will alter and improve the business logic within apps. Applications will be able to take advantage of advanced user interfaces with speech and visual gesture recognition. One element of enterprise mobility that will clearly benefit from AI is the organizational challenges that were created by having a disparate and mobile workforce. Application providers will apply ML to user activity streams, giving organizations insight into how end users spend their time, he says. As patterns of behavior are identified, organizations will be able to improve processes and the user experience.

Easier authentication is one example. Pattern recognition is an AI strength. Because AI can gather huge amounts of such data and recognize anomalies with ease, it can make authentication much more transparent for users..

Some of the more advanced algorithms detect how a user enters text and analyze their gait. Pair those distinctive patterns with information on the user’s active connections and GPS data. The number of layers of multi-factor authentication or constant requirements to enter passwords could be greatly reduced. Take this mobile device management course from India Training Services and learn how to secure devices in your company/ group/ homes without degrading the user experience.

Another AI/ML important improvement will be in speech-to-text capabilities, allowing that technology to replace smartphone data input in some situations. Verticals such as medical and others will use speech for data input for basic tasks such as records and workflow updates on regular basis.  The applications will become intuitive in whole new ways: ML will also be integrated more into mobile applications to enable quicker & intelligent decisions, responses and inputs to anticipate user actions, as opposed to requiring users to look for options in windows and drop downs.

It's not just IT will benefit from AI’s and ML’s assistance with device management. The technology can be used to scan all of the devices in an organization and proactively notify the administrator of issues, such as the discovery that 25% of the organization’s Android devices are two versions out of date. Even more helpful for IT organizations that are short of personnel is the potential to automate actions based on the information discovered by AI/ML. The technology will really pay off for IT once the systems can use AI to detect and remediate issues on the fly.

IT is also likely to appreciate many of the AI-fueled user-experience enhancements that are coming to email, contact and calendar tools as vendors add personal-assistant technology. It’s fairly common already for calendars to use AI to tell users when they should leave for an appointment. This is already started in many event management programs.

The advantage to IT isn’t direct, but many IT departments want users to stick to their company-provided email, contact and calendar tools when working, as a way to protect and segregate work data from personal and other needs. The new user-facing convenience features could make using those tools more appealing to users.

While it’s still getting clear day by day that how AI will impact the overall mobility market on a long-term basis, it is certain that the enterprise mobility management space is very crowded, without any real significant differentiation, so vendors will look to AI for new ways to innovate build more cost effective & time saving ways to to get results out of this technologies.

AI and security, perhaps the area with the greatest potential to get a boost from AI, and particularly its pattern-recognition chops, is security. Certainly many vendors are already incorporating AI/ML in their security offerings as a way to boost performance.

One area where vendors already have offerings is ML-based mobile threat detection. For example, major strategic game uses ML in its new immature Threat Defense mechanisms, which employs usage and behavioral analysis to detect suspicious behaviors in mobile apps or networks and then learns from the information it gathers to continuously improve its ability to detect malware and rogue networks.

Many new Mobile developers have integrated deep learning into its endpoint security products that provide what it calls “predictive security.” The company aims to extend this deep learning layer to all endpoints, including  mobile ones. It has also introduced an email protection tool that uses the same technology to intercept more threats before they can make it onto the endpoints.

Other vendors see an opportunity to use AI to help IT departments that are stretched thin to make sense of all the data that is gathered by their existing endpoint management tools. Among them is Citrix, whose unified endpoint management offering also manages all devices that enter the workplace, including laptops, mobile phones, tablets and wearable. The Citrix security analytics application monitors those devices and helps IT to apply security policies and ensure that the network remains secure.


Citrix Analytics also performs user-behavior analytics, applying machine learning to categorize users as high, medium or low risks and then adjusting the risk scores as more data comes into the system.
IBM, meanwhile, has developed MaaS360 with Watson, a cloud-based application designed to help IT administrators make sense of the massive amounts of data generated by endpoints and their users, apps and content. It applies cognitive technologies to security, end-user productivity, mobile app management and administration.

Enterprise mobility management users are inundated with more information than they can absorb about apps, configuration/policy best practices, productivity tools, and emerging threats and vulnerabilities, IBM explains. IBM MaaS360 delivers cognitive insights, embedded in the platform, to help organizations wade through the information they’re gathering and distill it into insights and recommendations that are relevant to their business. The core of MaaS360 is IBM Watson technology, which can index and annotate huge volumes of datasets to look for relevant data that applies contextually to each individual client deployment of MaaS360.

A privacy backlash? One dark cloud on the AI/ML front is data privacy.

Users have become more aware of the perils of their personal information ending up in the hands of companies such as Facebook and Google, etc. So the idea of an employer or other company retaining the outputs of their mobile devices, apps and data usage which some calls workplace analytics is sure to meet opposition from some users.

These concerns can’t be ignored, especially given the emergence of strict regulations such as the European Union’s General Data Protection Regulation (GDPR) and the California Consumer Privacy Act of 2018. These regulatory concerns could strip the utility from mobile offerings dependent on AI/ML. While user push back on data will not negate the value of AI/ML in mobile offerings, it could impede the collection of data for some or all users and without any data the results will be deteriorated. That, in turn, could make the data less useful for some groups of users or some regions, while still providing value to others.

To improve this, organizations must forthright in discussing what data they collect and how it will be used. May big IT players advises clients to illustrate the outcome and its benefit to users and take pains to note what won’t be collected or done with data. The list of what IT does not do with data should almost always be longer than the list of what it does or can do with data.

Feel free to contact me at ravindrapande@gmail.com in case need any further details.

Startup Failures

I have observed / worked with say few startups now and some are failures as far as planned business goals achievement concerned. Are they in  business yes only one moved away from software development.  I  am just trying to collect my thoughts on these failures. Don’t want to blame anyone in particular but try to review as a third party PMO stand point. PMO as I am a manager & leader tried my best to go and educate the CEO and other founders without much impact yes this is my short coming. This is my personal analysis so please don’t escalate to anyone or any business.

There is a clear difference between leadership and management. Leadership is of the spirit, management is of the mind. Managers are necessary, but leaders are essential. We must find managers who are not only skilled organizers, but inspired and inspiring leaders.

I’ve often said real leaders refuse to take the credit for success, but they will always accept responsibility for failures.  Yes; but it goes with the territory.  In this  blog I’m going to toss out the politically correct story-lines and reveal the top reasons that leaders fail

In the points listed below I’ll examine some of the more common reasons attributed to business failure, and I’ll likewise assess the roles and responsibilities of leadership as they pertain to said reasons being leadership failures:

 Lack of Vision: It is the role of the CEO to clearly define and communicate the corporate vision. If there is no vision, a flawed vision, or a poorly communicated vision, the responsibility falls squarely in the lap of executive leadership. Moreover, if the vision is not in alignment with the corporate values there will also be troubled waters ahead.

 Poor Branding: A poor brand generally means leadership has failed. Brands fall into decline for only one reason – leaders have abdicated their responsibility. They have allowed their brand equity to erode, and failed to deliver on the brand promise. Leaders who don’t steward their brand as one of the greatest corporate assets deserve the fate that awaits them. Branding is an inline activity you can’t wait for I will build then start bending, in my understanding branding start with vision, with idea inception.

Lack of Character: It doesn’t matter what your title is, if you don’t do the right things for the right reasons you will fail. Leaders who don’t display character won’t attract it or retain it in others. Leaders, who fail to demonstrate a constancy of character won’t create trust, won’t engender confidence and won’t create loyalty. Vision understanding builds a responsibility of execution so if the CEO is with visionary in most of the cases but if acts as external observer things start going in ”this was/ is his responsibility “ way & so the blame game and rectifications killing the schedules &  deliveries.

Lack of Execution: Everything boils down to execution, and ensuring a certainty of execution is job number one for executive leadership. Entrepreneurs or CEO s who don’t focus on deploying the necessary talent and resources to ensure that the largest risks are adequately managed, or that the biggest opportunities are exploited have a leadership team destined for failure. Or many CEO builds team stating this is not I will do but just observe for example initial sales left to technocrats which cripple everything. Sales is the art where mostly technocrats fail as they are more in love with the produce as creator than business angle understanding

 Flawed Strategy: A flawed strategy simply reveals weak leadership. While there are exceptions to every rule, companies tend to succeed by design and fail by default. Show me a company with a flawed strategy and I’ll show you an inept leader.  This is major killing point and there is no fixed formula only business augmentation understanding will take you to end.

Capital Shortages : I have witnessed well capitalized ventures fail miserably, and severely under-capitalized ventures eventually grow into category dominant brands. A lack of capital can provide a socially acceptable excuse for business failure, but it is not the reason businesses fail. Raising, deploying, and managing capital is ultimately the responsibility of leadership. The amount of capital required to run a business is based upon how the business is operated. Therefore if leadership operates the business without consideration for capital constraints, or irrespective of capital formation issues, then the blame should fall squarely on the shoulders of leadership. Moreover, if executive leadership squanders capital through irresponsible acts, there will also be severe consequences.  This is major issue with Indian executions but still

Poor Management: It is the job of leadership to recruit, mentor, deploy, and retain management talent. If the management team is not getting the job done, it’s not a management problem, it’s the fault of executive leadership. Show me a leader that blames his management team for failure to execute and I’ll show you a poor leader. 8. Lack of Sales: A lack of sales is ultimately attributable to a lack of leadership. Strategy, pricing, positioning, branding, distribution, compensation, or any number of other metrics tied to sales force productivity all rest with executive leadership. A lack of revenue is not someone else’s problem, it’s a leadership problem.

Toxic Culture: The truth is nothing stifles productivity and creates conflict like a toxic culture. That said, a toxic culture simply cannot exist where good leadership is present and engaged. If the lunatics have gained control over the asylum be sure to fit leadership for a straight-jacket as well.

No Innovation: Leaders create a culture of innovation or they kill it. Leaders who can’t stay in front of the market tend to get run over by it. Great leaders have a strong bias to action. They don’t rest upon past accomplishments, and are always seeking to improve through change and innovation. Those leaders who don’t openly embrace change will be doomed by their antiquated outlook.

Market Target miss: Good leadership pursues sound market opportunities. Pursuing the wrong market, or pursuing the right market improperly is also the fault of executive leadership. Scaling a business too fast, too slow, or worse yet, not designing a scalable business to begin with is a leadership issue. No market equals no leadership…

Poor Professional Association: Nobody has cornered the market on knowledge and wisdom. If leadership doesn’t seek out the best quality advice available to them, then they will likely not make the best decisions. All CEO s and entrepreneurs need top quality professional advisers. There is no excuse for C-level leaders to have blind spots.  When a leader has a “miss” or a blind-spot, he or she is simply showing the arrogance of operating within the limitations of their own thinking.

The Inability to Attract and Retain Talent: Great leaders surround themselves with great talent. They understand that talent be gets more talent. If your company doesn’t possess the talent it needs to achieve its business objectives no one is to blame but leadership.

Competitive Awareness: A business does not need to be the category dominant player to avoid failure. That being said, it is the leadership’s responsibility to understand the competitive landscape and navigate it successfully. If a company isn’t consistently winning, it’s not what the competition is doing, but rather poor leadership that creates the inability to compete.

Obsolescence or Market Changes: If executive leadership is in touch with the market it will be difficult to be caught by surprise. It is the responsibility of executive leadership to make sure that the proper attention is given to innovation, business intelligence and market research to manage the risk of obsolescence and market changes.

A few words on leaders & Team chemistry, Leaders develop guidelines with their team - they constantly enlarge the guidelines as the team becomes willing to accept more responsibility. This can be as a simple as coding standards or security guidelines at work.  Leaders change their role according to the demands of the team - for example they become more of a coach or facilitator. Leaders involve team members as working together or owning together - in finding new ways to achieve agreed-upon goals.  Leaders create the opportunity - for group participation and recognize that only team members can make the choice to participate. This need to happen otherwise we are moving towards doom.

Bottom line…businesses don’t fail – leaders do. The talent that it takes to operate at the C level is matched only by the amount of responsibility that goes with the territory. If it was an easy job everyone would be a CEO or entrepreneur. Thoughts ? wire me at ravindrapande@gmail.com happy to learn and grow @ India Training Services

Data Breach to GDPR

This the most basic breach that can be discussed and prevented up to great extent by simple measures like 80-20 rule so if you address 20% of prevention religiously you could stop 80% of these leaks.

Let’s define data breach, "A data breach is a security incident in which sensitive, protected or confidential data is copied, transmitted, viewed, stolen or used by an individual unauthorized to do so." Data breaches may involve financial information such as credit card or bank details, personal health information (PHI), Personally identifiable information (PII), trade secrets of corporations or intellectual property. Most data breaches involve overexposed and vulnerable unstructured data – files, documents, and sensitive information, it is the intentional or unintentional release of secure or private/confidential information to an untrusted environment. Other terms for this phenomenon include unintentional information disclosure, data leak and also data spill (source Wikipedia).

There are various Data Protection Regulation has been implanted worldwide but I personally believe the overall ignorance of users feeds the 99% of these Data Breach overall, so this is my humble effort to address such shortfalls.

Let’s consider simple data breach by an employee by wrong attachment, dissemination of wrong information by mistake can lead to major issue for the individual or cooperates. This can be prevented by checking the email before sending them. We could just queue the emails while composing and send them later to prevent any such nightmares.

Then there are

Then there are Malwares, a short for malicious software programs which is any software intentionally designed to cause damage to a computer, server or computer network. Malware does the damage after it is implanted or introduced in some way into a target's computer and can take the form of executable code, scripts, active content, and other software.

Now even, File-less malware is a huge security challenge for organizations today, and traditional email security controls aren't sufficient to meet the challenge.

Believe me, it’s really easy to do 100 variants of the same [malicious] document even if we are using the same code, the same document, but you're putting 100 different random characters that aren't even visible in the document. It's super easy to create these, and if you're relying on signatures, you're going to have to wait for every one of the 100 to catch a signature. the points to consider here are

•     How malicious attachments are infecting organizations;
•     Why traditional defenses fail to detect these payloads;
•     How to respond when infections do penetrate defenses.

Information management is critically important to all of us as employees, business and consumers. For that reason, various institutions has been tracking security breaches, looking for patterns, new trends and any information that may better help us to educate consumers and businesses on the need for understanding the value of protecting personal identifying information and business critical data.

To understand various data loss methods consider following points

1. Insider Theft
2. Unauthorized Access
3. Hacking / Computer Intrusion (includes Phishing, Ransomware/Malware and Skimming)
4. Data on the Move 
5. Physical Theft 
6. Employee Error / Negligence / Improper Disposal / Lost 
7. Accidental Web/Internet Exposure  
8. Stalking on social network

Let’s take a breath and understand how we could reduce these seven risks factors.

Insider theft is the act of stealing information stored on computers, servers, or other devices from an unknowing victim with the intent to compromise privacy or obtain confidential information. Data theft is a growing problem for individual computer users as well as large corporations and organizations.

Prevention for data breach are

1. Train yourself, employees, customers
2. Segregate & Secure sensitive information.
3. Build strong security policies
4. Periodically & Properly dispose of sensitive data.
5. Protect against malware
6. Control physical access to your business computers
7. Encrypt data communication
8. Build & plan  incident response teams
9. Review / update all account sittings once a week

1. Train your employees.

 According to the various reports, employees are the top cause of data breaches in small and mid-size businesses, accounting for 48 percent of all incidents. It’s usually due to an innocent mistake; employees often lack basic awareness of data security and how hackers work. Employee education is one of the most important things you can do to lower the potential of data theft.

Offer mandatory awareness training on the security risks employees face every day. Social engineering is a growing threat for small businesses whereby hackers pose as a trusted source in need of confidential data. Through phishing, employees are invited to click on a link that installs a virus on their computer without their knowledge. Ransomware will hold a computer hostage until the required ransom is paid.

To prevent employees from falling into these traps, advise them to:

•     Confirm the legitimacy of the source before giving out confidential information
•     Never open attachments from people they don’t know
•     Avoid suspicious links in emails, websites and online ads

2. Secure sensitive information.

 Sensitive data is the valued commodity that criminals seek to exploit for profit. It includes personally identifiable information (PII) for employees, customers and patients as well as business trade secrets, financial data and other company-confidential information. In the wrong hands, this information can damage your business, customers and reputation.

Limit access to online files based on an employee’s need to know. Store paper files and removable storage devices containing sensitive information in a locked drawer, cabinet, safe or other secure container when not in use.

3. Properly dispose of sensitive data.

Be equally vigilant when disposing of sensitive data. Shred documents containing confidential information prior to recycling. Remove all data from electronic devices—whether computers, tablets, smartphones or storage hardware—before disposing of them.

4. Use strong password protection.

Passwords are under constant attack and hackers use a number of different means to crack their code. To deter their efforts, password-protect your business computers, laptops and smartphones as well as access to your network and accounts. Require employees to change default passwords and set a strong, complex password with a variety of characters that must be changed at least quarterly.

5. Protect against malware.

Malware refers to “malicious” software, such as viruses and spyware, that is installed on a computer with the intent to access sensitive information or cause damage. Malware can be installed when an unsuspecting employee uses a malware-laden USB device or clicks on an infected link in an email or on a website.

To prevent a malware attack, install and use antivirus and anti-spyware software on all company devices and be sure your employees are on the lookout for suspicious links.

6. Control physical access to your business computers. 

Create user accounts for each employee to prevent unauthorized users from gaining access to your business computers. Laptops can be stolen easily; make sure they’re locked in place when unattended. Also limit network access on computers located in or around public spaces, such as the reception area.

7. Encrypt data.

Encryption encodes information, whether it is stored on a device, in the cloud or being transmitted over the Internet, and only the person or computer with the proper key can decode it. Encryption is highly recommended for all devices containing sensitive information, including laptops, mobile devices, USB drives, backup drives and email.

Most operating systems and many software applications have a built-in encryption option which you simply need to activate (instructions vary). You may also purchase encryption programs tailored to the needs of your business—whether for an entire drive or one or more files or folders. Secure Sockets Layer (SSL) certificates are the standard way for businesses to encrypt sensitive information, such as those containing credit card details, before it is transmitted over the Internet.

8. Keep your software and operating systems up to date.

Malware continuously evolves and software vendors continuously update or “patch” their programs in order to address new security vulnerabilities. For this reason, it’s vital to install updates to security, web browser, operating system and antivirus software as soon as they are released. They’re your first line of defense against online threats.

9. Secure access to your network. 

To prevent outsiders from gaining access to private information on your network, enable your operating system’s firewall or purchase reputable firewall software. Configure a Virtual Private Network (VPN) to provide workers with a secure means of accessing your network while working remotely. If you have a Wi-Fi network for your workplace, make sure it is secure and encrypted, and that your SSID (service set identifier) is hidden so that it can’t be picked up by the public. Also require a password for access.

10. Verify the security controls of third parties. 

Most businesses rely on third-party vendors for some aspect of their operation, whether for payroll, credit card processing or to manage their security functions. But there are security risks in doing so. If a breach occurs on the vendor’s watch, your data may be compromised and you could still be held responsible for the loss.

Before engaging the services of a third-party vendor, evaluate their security standards and best practices to ensure they meet your minimum requirements. Look for vendors that:

• Have strong security policies and procedures
• Regularly backup their data on a hard drive as well as the cloud
• Perform routine internal security audits
• Run background checks on employees with access to your data
• Require employees to complete data security training
• Keep up-to-date with the latest security patches and security software

    Have a comprehensive incident response plan for responding to and managing the effects of a security attack

Once you’ve vetted and selected a third-party service provider, put a service level agreement (SLA) in place that details your security expectations and give you the right to audit the vendor to confirm compliance with your policies.

Let me also include my take on General Data Protection Regulation (GDPR) universal guidelines (these address almost 80-87% of breaches by guiding users on what is critical )

                                                                                                                                                                                

Individuals have the right to:

• Access their personal data
• Correct errors in their personal data
• Erase their personal data
• Object to processing of their personal data
•  Export personal data

Online portals, companies will need to:

• Protect personal data using appropriate security
• Notify authorities of personal data breaches
• Obtain appropriate consents for processing data
• Keep records detailing data processing
• Provide clear notice of data collection
• Outline processing purposes and use cases
• Define data retention and deletion policies
• Train privacy personnel and employees
• Audit and update data policies periodically
• Employ a Data Protection Officer who can address grievances or queries
• Create, publish and manage compliant & non-compliant vendor contracts

Me and my group (India Training Services, ITS) already adopted GDPR guidelines and a big supporter from long time, now its enforced by law I would also recommend India government to completely support this great move.

Enhance your capabilities to support the privacy rights of individuals with tools and documents that help you respond to data subject requests (DSRs) and personal data breaches, as well as the information you need to create your own data protection impact assessments (DPIAs) , We at ITS can help you in this as we are committed to protect all user & companies rights for privacy. Feel free to contact me at rrpande@indiatrainingservices.in

Best Home Computer

Looking for a computer at home with least payout choose Raspberry PI3. A computer for kids, home & normal day to day  work including documentation. You can use this with your LCD/LED TV with best Full HD resolution True 4K with wireless connection  read this. Need help reach me at ravindrapande@gmail.com


Creating amazing projects is easy with a Raspberry Pi, but first you need to plug it in and set up Raspbian, the default operating system.

This guide will get you up and running in no time.

The Raspberry Pi is a wonderful microcomputer that brims with potential. With a Raspberry Pi you can build robots, learn to code, and create all kinds of weird and wonderful projects.

Hackers and enthusiasts have turned Raspberry Pi boards into fully automated weather stations, internet-connected beehives, motorised skateboards, and much more. The only limit is your imagination.

But first, you need to start at the beginning. Upon picking up your Raspberry Pi for the first time, you’re faced with a small green board of chips and sockets and may have no idea what to do with it. Before you can start building the project of your dreams, you’ll need to get the basics sorted: keyboard, mouse, display, and operating system.

Creating projects with a Raspberry Pi is fun once you’ve mastered the basics. So in this guide, we’re going to take you from newbie zero to Raspberry Pi hero. Grab your Raspberry Pi and let’s get started.

Get to know the Raspberry Pi 3
The Raspberry Pi 3 is the latest model, and the version with the most features. It’s the fastest board, and has the most connections (four USB sockets, Ethernet and wireless networking, and so on).

Featuring the latest 1.2GHz quad-core ARM CPU (central processing unit), the Raspberry Pi 3 is faster than many smartphones, and powerful enough to be used as a desktop computer.

What you need to set up a Raspberry Pi 3 or Pi Zero W
You don’t require much to get your Raspberry Pi started (no matter which model you have): a smartphone charger, a recycled HDMI cable, and a keyboard and mouse are all you need.

Most items can be sourced from computer hardware around the house, or begged and borrowed from friends and family. If you’re looking for the ultimate in low‑cost computing; the Raspberry Pi is it.

You should be able to source, salvage, and scavenge most equipment you need to get a Raspberry Pi up and running. To get the most out of your Raspberry Pi in the long term, though, you should use high-quality components.

Any equipment you can’t recycle can be picked up from the Raspberry Pi Shop or from distributors like Element14, Allied Electronics, and RS Components.

Power your Raspberry Pi
The Raspberry Pi is powered using a micro USB cable, the same type used by many smartphones. You can also buy an official power supply, which supplies a regular amount of power.

Not all USB power adapters are born equal. A reliable branded adapter will provide a steady stream of power, even when you attach multiple devices to the Pi.

A good 2 A or 2.5 A power supply provides you with enough power to run your Pi Zero. Many people use an Android or iPhone adaptor and micro USB cable. Or you can buy an official Universal Power Supply.

A micro SD Card and the Raspbian operating System
The operating system, ‘Raspbian’, is loaded onto a microSD card and plugged into the Raspberry Pi. The official SD Card is pre-loaded with software called NOOBS (New Out Of Box Software) which helps you install Raspbian. You can also download the NOOBS software and copy it to an old SD Card and use it to run your Raspberry Pi.

Use a HDMI monitor
An HDMI socket enables you to connect the Raspberry Pi to a monitor or a modern television set.

An HDMI cable is the easiest way to connect your Raspberry Pi to a computer monitor or television. You don’t need an expensive one, and most people recycle one from an old games console or DVD player.

To keep the size down, the Pi Zero features a smaller-than-normal mini HDMI socket. You’ll almost certainly need a mini HDMI-to-HDMI adapter or cable to connect the Raspberry Pi to a television or monitor. Most Pi Zero W devices are sold with the mini HDMI-to-HDMI adaptor.

Attach a keyboard and mouse

A keyboard and mouse are connected via standard USB sockets. An Ethernet cable can be plugged directly into a router to provide network access (or you can connect to a wireless network).

What keyboard to use
Any standard USB keyboard can be used to enter commands to your Raspberry Pi. You can use a Bluetooth keyboard with the Raspberry Pi 3, or any other Pi with a Bluetooth dongle attached. A wired keyboard is easier to use when setting up your Raspberry Pi.

I prefer wireless mouse & keyboard so that I can have 55" full HD ultra tru  colours screen operating from with 10 mtrs distance.

Attach a mouse to your Raspberry Pi
Any standard mouse will work with the Raspberry Pi, although ones with two buttons (non-Apple mice) work better. If your wired keyboard lacks a USB socket, then you’ll need a USB hub to connect a mouse and keyboard. A Bluetooth mouse will work once it’s paired.

Insert the micro SD card and power up
On the underside of the Raspberry Pi 3 board is the SD card slot. If you have an official micro SD card it will boot into NOOBS. Follow the on screen instructions to install Raspbian, the official operating system.

If you’re using your own micro SD card you need to download NOOBS from the Raspberry Pi website, format the SD card, and copy the files across. This preloads the operating system onto a micro SD card, and you then use it to boot up the Raspberry Pi.

Sounds complex? Don’t worry, this guide to installing NOOBS has everything you need to know.

The micro SD card in your kit acts as the hard drive for your Raspberry Pi. You install the Raspbian operating system onto the card, then all your documents, files, and projects are saved to it as you work.

If you want to use a larger card, and are wondering which brand and type to get, take a look at the results from benchmark tests done by Raspberry Pi fan Jeff Geerling. Some cards run up to four times as fast as others.

Connect to a wireless network
Raspbian boots into a familiar GUI-style display (like you’ll see on Windows and macOS).

The Pi 3 and Pi Zero W both feature built-in wireless LAN and Bluetooth. This enables you to connect to a wireless router and get online without using a WiFi dongle (which was required on older Raspberry Pi).

Click on the wireless networking icon in the top right of the screen and choose your wireless network. Enter the wireless password and you’ll now be online. You’re now ready to start using your Raspberry Pi to learn computing and create amazing projects

I hope this guide has helped you get started with the Raspberry Pi. Enjoy your new single board computer (SBC). Now get thinking about all the great projects you can make with it.

GET STARTED WITH YOUR NEW RASPBERRY PI
reating amazing projects is easy with a Raspberry Pi, but first you need to plug it in and set up Raspbian, the default operating system.

This guide will get you up and running in no time.

The Raspberry Pi is a wonderful microcomputer that brims with potential. With a Raspberry Pi you can build robots, learn to code, and create all kinds of weird and wonderful projects.

Hackers and enthusiasts have turned Raspberry Pi boards into fully automated weather stations, internet-connected beehives, motorised skateboards, and much more. The only limit is your imagination.

But first, you need to start at the beginning. Upon picking up your Raspberry Pi for the first time, you’re faced with a small green board of chips and sockets and may have no idea what to do with it. Before you can start building the project of your dreams, you’ll need to get the basics sorted: keyboard, mouse, display, and operating system.

Creating projects with a Raspberry Pi is fun once you’ve mastered the basics. So in this guide, we’re going to take you from newbie zero to Raspberry Pi hero. Grab your Raspberry Pi and let’s get started.

IoT Updates22018

Internet of Things (IoT) is an ecosystem of connected physical objects that are accessible through the internet. The ‘thing’ in IoT could be a person with a heart monitor or an automobile with built-in-sensors, i.e. objects that have been assigned an IP address and have the ability to collect and transfer data over a network without manual assistance or intervention. The embedded technology in the objects helps them to interact with internal states or the external environment, which in turn affects the decisions taken.
Internet of Things can connect devices embedded in various systems to the internet. When devices/objects can represent themselves digitally, they can be controlled from anywhere. The connectivity then helps us capture more data from more places, ensuring more ways of increasing efficiency and improving safety and IoT security.
IoT is a transformational force that can help companies improve performance through IoT analytics and IoT Security to deliver better results. Businesses in the utilities, oil & gas, insurance, manufacturing, transportation, infrastructure and retail sectors can reap the benefits of IoT by making more informed decisions, aided by the torrent of interactional and transactional data at their disposal.
IoT improving at phenominal rate in industry as the IT leaders helping various big non-IT setups to improve the effciencies & tracking with IoT implimentations.
IBM will be working to turn the Port of Rotterdam—Europe's largest shipping port—into the model smart shipping port of the future, the port announced Wednesday.
In the long-term effort, the port will use Internet of Things (IoT) sensors, artificial intelligence (AI), and big data to become more efficient and cost-effective, the press release said. The project may show how emerging technologies can be used to alter workplaces and industries, and its success may drive other ports to do the same.
The IoT sensors are a key feature of the smart port, as they will measure weather, water, and communications data. The data will provide insights into the port's activities, and may be able to help employees reduce wait times and select the best entry and exit times for the cargo ships.
The data, along with real-time information from ship captains and other officials, will be available in a dashboard, granting all parties the necessary information to fully use the port, according to the release.
The efforts are part of preparing the port for connected and autonomous cargo transportation, the release said. Aside from prepping for the shipping of the future, the sensors and data may provide a better understanding of the port, leading to more cost-effective procedures and efficiency in shipping.
Shipping companies and the port could save up to $80,000 an hour with the fully implemented changes, the release said.
Additional tech will be used in the port's greater digital transformation strategy, including sensor-equipped buoys to determine the best time for ships to dock and 3D metal printing to create ship parts.
here are other ventures to digitize and connect the shipping industry. In March, IBM and Maersk announced a partnership to speed up the shipping industry through blockchain technology.
Other technologies have been used to push other segments of the shipping industry towards greater digital transformation. Tesla's autonomous semi-truck could aid the trucking sector, with Uber Freight on-demand trucking service offering similar impacts.
Let’s understand great dream projectcts like Self Driving cars, not every self-driving car has to be able to move passengers from point A to point B. Take, for example, Nuro: The startup just revealed their unique autonomous vehicle platform, which is more of a mobile small logistics platform than a self-driving car.
The company, which has been working away in stealth mode in Mountain View until now, has raised a $92 million Series A round led by Banyan Capital and Greylock Partners to help make its unique vision of autonomous transport take shape.
Nuro’s vehicle is a small, narrow box on wheels, which is about half the width of a regular car, and which is designed to be a lightweight way to get goods from a local business to a customer, or from one person to another within a neighborhood or city. The platform is just one example of what Nuro wants to do, however; the startup bills itself as a product company focused on bringing “the benefits of robotics” to everyday use and ordinary people.
Nuro’s AV also operates completely autonomously, and looks like something you’d see on a Moon base in a retro-futuristic sci-fi show. There’s a pin pad for user interaction, so that only the right customer can access the contents stored within, and a top-mounted sensor array that includes LiDAR, optical cameras and radar (other sensors are located around the vehicle to enable its autonomous driving).
The young startup’s goal is to partner with businesses to set up transportation services. You can easily imagine this slotting in nicely to something like Uber Eats, and bringing food from the local lunch spot to offices around where people are hungry but can’t make the trip out to their usual places in person. Or, these could support Amazon’s last mile needs for in-city delivery, for example. Nuro isn’t yet talking about specific partnerships, however.
This fit-for-purpose vehicle and dedicated focus could help Nuro accomplish some of the vision that Ford has for its AV program, for instance, with potentially fewer barriers to deployment in limited markets and specifically bounded environments. It’s still early days for the startup, however, and it’s also competing in some ways with more established young companies like Starship Robotics. Still, it’s a neat first product and an interesting vision.
With $18 million in funding from Defy Ventures, Khosla Ventures, Menlo Ventures, Sherpa Capital and others, Owl has launched its always-connected, LTE security camera for your car. Co-founded by Andy Hodge, a former product lead at Apple and executive at Dropcam, and Microsoft HoloLens development lead Nathan Ackerman, Owl is designed to give drivers peace of mind with an always-on dashboard camera for their cars.
“There’s a bunch of people mucking around in the home already,” Hodge told TechCrunch. “It’s not the place to do something really dramatic and amazing because you’d mostly be doing what they’re doing but better. With the car, there’s nobody doing anything.”
The two-way camera plugs into your car’s on-board diagnostics port (Every car built after 1996 has one), and takes just a few minutes to set up. Once it’s hooked up, you can access your car’s camera anytime via the Owl mobile app.
Owl is always on, which means it’s able to capture car crashes, break-ins and people dinging your car in the parking lot. If Owl detects a car accident, it automatically saves the video to your phone, including the 10 seconds before and after the accident.

To conclude summerise this thoughts lets dwell on the IoT & applications / implimentations again, IoT platforms can help organizations reduce cost through improved process efficiency, asset utilization and productivity. With improved tracking of devices/objects using sensors and connectivity, they can benefit from real-time insights and analytics, which would help them make smarter decisions. The growth and convergence of data, processes and things on the internet would make such connections more relevant and important, creating more opportunities for people, businesses and industries. Feel free to contact me at ravindrapande@gmail.com for any further assistance or details required. We are developing many IoT based products like Smart Swithches for Indian markets to get the Indian end customer benifit for IoT locally than just keep dicussing on topics.