$user = $this->Session->read('Auth.User');
//find the group of logged user
$groupId = $user['Group']['id'];
$viewFile = '/var/www/html/newbusinessage.com/app/View/Articles/view.ctp'
$dataForView = array(
'article' => array(
'Article' => array(
'id' => '654',
'article_category_id' => '31',
'title' => '‘A Number Of Nepali Banks Are Interested In IS Audits’',
'sub_title' => '',
'summary' => null,
'content' => '<p>
<br />
<img alt="visiting business People" border="1" hspace="5" src="http://newbusinessage.com/ckfinder/userfiles/Images/julyvisitingbusinesspeople(1).jpg" style="width: 195px; height: 273px;" vspace="5" /><br />
<strong><br />
Rajesh Deo is a Security Analyst in the Technical Assessment Team at NII Consulting, a well-established provider of information security services and products, based in Mumbai, India. <br />
</strong><br />
<br />
He specialises on conducting Security Audits, Vulnerability Assessment and Penetration Testing for NII’s premier clients. Deo holds Certified Professional Hacker (CPH), Certified Professional Forensic Analyst (CPFA) and Certified Information Security Professional (CISP) certificates from the Institute of Information Security, the training wing of Network Intelligence India Pvt Ltd. He was recently in Kathmandu to participate in a security awareness workshop. The workshop was focused on general properties of information security, its nitty-gritty, demonstrations of security network tools and Information Security Auditing. In an interview with New Business Age, Deo talked about various issues related to security audits. Excerpts: <br />
<br />
<strong><br />
What brings you to Nepal this time? <br />
</strong><br />
<br />
I am here to participate in the security awareness workshop. We will be conducting general introduction to information security and IT security. I hope this will be beneficial to the business community at large in Nepal because almost all sorts of businesses today require computing system in one way or another. So, it becomes important to have a security system so that there is no infiltration into the computer system that will misuse valuable data and stored information. <br />
<br />
<strong><br />
What is the difference between IT security and information security? </strong><br />
<br />
<br />
IT security is a specific area that targets computer system whereas information security encompasses everything. Information could be a regular paper, or data or any other product a company may develop and all of that becomes part of information security. So, when you talk of information security audits, it also audits business growth. <br />
<br />
<strong><br />
What are the products and services NII is currently offering? </strong><br />
<br />
<br />
NII is primarily into information security consultancy. We also have a product business with our sister concern called Institute of Information Security through which we do a lot of trainings. On the product side, we provide product support for products such as antivirus, anti-spam solutions, firewall products, data leakage prevention solutions and source code auditing – a unique area we specialise on. We are starting a new area where we are going to analyse mobile applications. We are planning to analyse java applications on an android platform. <br />
<strong><br />
<br />
Is there any difference in the extent of vulnerabilities faced by the corporate sector in the South Asia region when compared to that of western developed countries? </strong><br />
<br />
<br />
I don’t think there are any specific differences. We face the same challenges that our western counterparts are going to face or have already faced. The difference is in the sense that the western counterparts already have information system for a longer period of time. So, their approach to audit system is more matured. Having said that, we actually have the benefit of having that knowledge ahead of it and there could be specific challenges in terms of the process because our process is different than their processes. Auditing the security system and making sure that they are fraud proof and security around them is well built, is the important part. <br />
<br />
<strong><br />
With the invention of new technology and security systems, newer forms of threats are coming along. How challenging has it been to maintain security in the present situation? <br />
<br />
</strong><br />
Mobile threats are becoming a major arena. There is significant penetration of mobile computing that is going on currently in the South Asia region. A lot of people want to operate their bank accounts through their mobile phones so it becomes an attractive target for frauds. It is important to consider that area as the emerging factor. Basically, all mobile devices – android based devices, iOS based devices and tablets – are coming into extensive use not just on a personal level but also in business. Companies allow you to bring your own device but they want to make sure that the company’s data you put on that device is protected as well. That is bringing new challenges on separating personal data from work data and about how to protect work data while also allowing you to maintain your personal data. Therefore, the security of these mobile devices is becoming a crucial factor. <br />
<br />
<strong><br />
How do you compare the trend of maintaining security in Nepal and India? </strong><br />
<br />
<br />
The challenges are more or less the same everywhere. Even in India, we are facing similar challenges you might be facing here. In some areas, threats may be more advanced than in other places. As NII, our core plans have been in the banking and we are well versed with the processes that take place in banks. That factor will be a beneficial one when we start our operations here. We are well aware of analysing security and performing audits, doing the measurements for different purposes and allowing that to have impact on your actual business so that the posture of your organisation with each audit becomes better. Security audits should not only try to make the process but also the overall way of working better. <br />
<br />
<strong><br />
Security auditing seems to be the important need at present. How aware is the corporate sector in this region about it? </strong><br />
<br />
<br />
IS (Information Security) audit is one of the most important pillars of a good organisation. The reason is that computers are mostly used ubiquitously in all operations. So, all your important records are kept on computer. IS audit analyses your system and try to understand the threats that exist to your business. Based on threats, we will assess the controls you have in place and given the current control, we will suggest you the ways to improve. All of these is documented and audited by checking the evidence. While doing this repeatedly through one or two audits, the overall security for sure becomes better for the risks one is facing as every organisation faces some risks to their respective business. It could be as simple as the theft or it could be as complex as somebody doing a financial fraud. At the end of the day, the goal of IS audit is to minimise the risk in different areas of the business so that it continues to function unimpeded. <br />
<br />
<br />
<strong>How affordable is such system for small to medium sized businesses? </strong><br />
<br />
<br />
It is difficult to comment on their affordability, however, an IS audit can be customised as per the needs of an organisation. For example, an organisation may say that it only wants one of its departments to be certified for a certain certification. In that case, it can cut away pieces and then take the piece that it so needs. Therefore, it is affordable to many organisations and actually getting a certification like ISO 27001 is quite feasible for medium to large businesses. Even small businesses can afford the same if they are working in a very niche area and are the market leader in that <br />
<strong><br />
<br />
What are the prospects you see in Nepal when you would want to work here? </strong><br />
<br />
<br />
There are a lot of prospects. For example, a number of banks here are interested in IS audits so it’s my guess that we will tackle that shortly. They are interested in data centres so we will also look into that. Both these areas are our core business so we would be very happy to have customers in these areas. If there are clients who want us to do specific kinds of engagements, we would be able to do that provided such requirements are under the purview of law. Banking, energy and industrial sectors are areas we are currently looking at right now. <br />
<br />
</p>',
'published' => true,
'created' => '2012-08-10',
'modified' => '2012-08-15',
'keywords' => '',
'description' => 'Rajesh Deo is a Security Analyst in the Technical Assessment Team at NII Consulting, a well-established provider of information security services and products, based in Mumbai, India.',
'sortorder' => '553',
'image' => null,
'article_date' => '0000-00-00 00:00:00',
'homepage' => false,
'breaking_news' => false,
'main_news' => false,
'in_scroller' => false,
'user_id' => '0'
),
'ArticleCategory' => array(
'id' => '31',
'name' => 'Visiting Business People',
'parentOf' => '208',
'published' => true,
'registered' => '2015-07-20 00:00:00',
'sortorder' => '2',
'del_flag' => '0',
'homepage' => false,
'display_in_menu' => false,
'user_id' => '1',
'created' => '0000-00-00 00:00:00',
'modified' => '0000-00-00 00:00:00'
),
'User' => array(
'password' => '*****',
'id' => null,
'user_detail_id' => null,
'group_id' => null,
'username' => null,
'name' => null,
'email' => null,
'address' => null,
'gender' => null,
'access' => null,
'phone' => null,
'access_type' => null,
'activated' => null,
'sortorder' => null,
'published' => null,
'created' => null,
'last_login' => null,
'ip' => null
),
'ArticleComment' => array(),
'ArticleFeature' => array(),
'ArticleHasAuthor' => array(),
'ArticleHasTag' => array(),
'ArticleView' => array(
(int) 0 => array(
[maximum depth reached]
)
),
'Slider' => array()
),
'current_user' => null,
'logged_in' => false
)
$article = array(
'Article' => array(
'id' => '654',
'article_category_id' => '31',
'title' => '‘A Number Of Nepali Banks Are Interested In IS Audits’',
'sub_title' => '',
'summary' => null,
'content' => '<p>
<br />
<img alt="visiting business People" border="1" hspace="5" src="http://newbusinessage.com/ckfinder/userfiles/Images/julyvisitingbusinesspeople(1).jpg" style="width: 195px; height: 273px;" vspace="5" /><br />
<strong><br />
Rajesh Deo is a Security Analyst in the Technical Assessment Team at NII Consulting, a well-established provider of information security services and products, based in Mumbai, India. <br />
</strong><br />
<br />
He specialises on conducting Security Audits, Vulnerability Assessment and Penetration Testing for NII’s premier clients. Deo holds Certified Professional Hacker (CPH), Certified Professional Forensic Analyst (CPFA) and Certified Information Security Professional (CISP) certificates from the Institute of Information Security, the training wing of Network Intelligence India Pvt Ltd. He was recently in Kathmandu to participate in a security awareness workshop. The workshop was focused on general properties of information security, its nitty-gritty, demonstrations of security network tools and Information Security Auditing. In an interview with New Business Age, Deo talked about various issues related to security audits. Excerpts: <br />
<br />
<strong><br />
What brings you to Nepal this time? <br />
</strong><br />
<br />
I am here to participate in the security awareness workshop. We will be conducting general introduction to information security and IT security. I hope this will be beneficial to the business community at large in Nepal because almost all sorts of businesses today require computing system in one way or another. So, it becomes important to have a security system so that there is no infiltration into the computer system that will misuse valuable data and stored information. <br />
<br />
<strong><br />
What is the difference between IT security and information security? </strong><br />
<br />
<br />
IT security is a specific area that targets computer system whereas information security encompasses everything. Information could be a regular paper, or data or any other product a company may develop and all of that becomes part of information security. So, when you talk of information security audits, it also audits business growth. <br />
<br />
<strong><br />
What are the products and services NII is currently offering? </strong><br />
<br />
<br />
NII is primarily into information security consultancy. We also have a product business with our sister concern called Institute of Information Security through which we do a lot of trainings. On the product side, we provide product support for products such as antivirus, anti-spam solutions, firewall products, data leakage prevention solutions and source code auditing – a unique area we specialise on. We are starting a new area where we are going to analyse mobile applications. We are planning to analyse java applications on an android platform. <br />
<strong><br />
<br />
Is there any difference in the extent of vulnerabilities faced by the corporate sector in the South Asia region when compared to that of western developed countries? </strong><br />
<br />
<br />
I don’t think there are any specific differences. We face the same challenges that our western counterparts are going to face or have already faced. The difference is in the sense that the western counterparts already have information system for a longer period of time. So, their approach to audit system is more matured. Having said that, we actually have the benefit of having that knowledge ahead of it and there could be specific challenges in terms of the process because our process is different than their processes. Auditing the security system and making sure that they are fraud proof and security around them is well built, is the important part. <br />
<br />
<strong><br />
With the invention of new technology and security systems, newer forms of threats are coming along. How challenging has it been to maintain security in the present situation? <br />
<br />
</strong><br />
Mobile threats are becoming a major arena. There is significant penetration of mobile computing that is going on currently in the South Asia region. A lot of people want to operate their bank accounts through their mobile phones so it becomes an attractive target for frauds. It is important to consider that area as the emerging factor. Basically, all mobile devices – android based devices, iOS based devices and tablets – are coming into extensive use not just on a personal level but also in business. Companies allow you to bring your own device but they want to make sure that the company’s data you put on that device is protected as well. That is bringing new challenges on separating personal data from work data and about how to protect work data while also allowing you to maintain your personal data. Therefore, the security of these mobile devices is becoming a crucial factor. <br />
<br />
<strong><br />
How do you compare the trend of maintaining security in Nepal and India? </strong><br />
<br />
<br />
The challenges are more or less the same everywhere. Even in India, we are facing similar challenges you might be facing here. In some areas, threats may be more advanced than in other places. As NII, our core plans have been in the banking and we are well versed with the processes that take place in banks. That factor will be a beneficial one when we start our operations here. We are well aware of analysing security and performing audits, doing the measurements for different purposes and allowing that to have impact on your actual business so that the posture of your organisation with each audit becomes better. Security audits should not only try to make the process but also the overall way of working better. <br />
<br />
<strong><br />
Security auditing seems to be the important need at present. How aware is the corporate sector in this region about it? </strong><br />
<br />
<br />
IS (Information Security) audit is one of the most important pillars of a good organisation. The reason is that computers are mostly used ubiquitously in all operations. So, all your important records are kept on computer. IS audit analyses your system and try to understand the threats that exist to your business. Based on threats, we will assess the controls you have in place and given the current control, we will suggest you the ways to improve. All of these is documented and audited by checking the evidence. While doing this repeatedly through one or two audits, the overall security for sure becomes better for the risks one is facing as every organisation faces some risks to their respective business. It could be as simple as the theft or it could be as complex as somebody doing a financial fraud. At the end of the day, the goal of IS audit is to minimise the risk in different areas of the business so that it continues to function unimpeded. <br />
<br />
<br />
<strong>How affordable is such system for small to medium sized businesses? </strong><br />
<br />
<br />
It is difficult to comment on their affordability, however, an IS audit can be customised as per the needs of an organisation. For example, an organisation may say that it only wants one of its departments to be certified for a certain certification. In that case, it can cut away pieces and then take the piece that it so needs. Therefore, it is affordable to many organisations and actually getting a certification like ISO 27001 is quite feasible for medium to large businesses. Even small businesses can afford the same if they are working in a very niche area and are the market leader in that <br />
<strong><br />
<br />
What are the prospects you see in Nepal when you would want to work here? </strong><br />
<br />
<br />
There are a lot of prospects. For example, a number of banks here are interested in IS audits so it’s my guess that we will tackle that shortly. They are interested in data centres so we will also look into that. Both these areas are our core business so we would be very happy to have customers in these areas. If there are clients who want us to do specific kinds of engagements, we would be able to do that provided such requirements are under the purview of law. Banking, energy and industrial sectors are areas we are currently looking at right now. <br />
<br />
</p>',
'published' => true,
'created' => '2012-08-10',
'modified' => '2012-08-15',
'keywords' => '',
'description' => 'Rajesh Deo is a Security Analyst in the Technical Assessment Team at NII Consulting, a well-established provider of information security services and products, based in Mumbai, India.',
'sortorder' => '553',
'image' => null,
'article_date' => '0000-00-00 00:00:00',
'homepage' => false,
'breaking_news' => false,
'main_news' => false,
'in_scroller' => false,
'user_id' => '0'
),
'ArticleCategory' => array(
'id' => '31',
'name' => 'Visiting Business People',
'parentOf' => '208',
'published' => true,
'registered' => '2015-07-20 00:00:00',
'sortorder' => '2',
'del_flag' => '0',
'homepage' => false,
'display_in_menu' => false,
'user_id' => '1',
'created' => '0000-00-00 00:00:00',
'modified' => '0000-00-00 00:00:00'
),
'User' => array(
'password' => '*****',
'id' => null,
'user_detail_id' => null,
'group_id' => null,
'username' => null,
'name' => null,
'email' => null,
'address' => null,
'gender' => null,
'access' => null,
'phone' => null,
'access_type' => null,
'activated' => null,
'sortorder' => null,
'published' => null,
'created' => null,
'last_login' => null,
'ip' => null
),
'ArticleComment' => array(),
'ArticleFeature' => array(),
'ArticleHasAuthor' => array(),
'ArticleHasTag' => array(),
'ArticleView' => array(
(int) 0 => array(
'article_id' => '654',
'hit' => '397'
)
),
'Slider' => array()
)
$current_user = null
$logged_in = false
$image = 'https://www.old.newbusinessage.com/app/webroot/img/news/'
$user = null
include - APP/View/Articles/view.ctp, line 115
View::_evaluate() - CORE/Cake/View/View.php, line 971
View::_render() - CORE/Cake/View/View.php, line 933
View::render() - CORE/Cake/View/View.php, line 473
Controller::render() - CORE/Cake/Controller/Controller.php, line 968
Dispatcher::_invoke() - CORE/Cake/Routing/Dispatcher.php, line 200
Dispatcher::dispatch() - CORE/Cake/Routing/Dispatcher.php, line 167
[main] - APP/webroot/index.php, line 117
Notice (8): Trying to access array offset on value of type null [APP/View/Articles/view.ctp, line 115]
$user = $this->Session->read('Auth.User');
//find the group of logged user
$groupId = $user['Group']['id'];
$viewFile = '/var/www/html/newbusinessage.com/app/View/Articles/view.ctp'
$dataForView = array(
'article' => array(
'Article' => array(
'id' => '654',
'article_category_id' => '31',
'title' => '‘A Number Of Nepali Banks Are Interested In IS Audits’',
'sub_title' => '',
'summary' => null,
'content' => '<p>
<br />
<img alt="visiting business People" border="1" hspace="5" src="http://newbusinessage.com/ckfinder/userfiles/Images/julyvisitingbusinesspeople(1).jpg" style="width: 195px; height: 273px;" vspace="5" /><br />
<strong><br />
Rajesh Deo is a Security Analyst in the Technical Assessment Team at NII Consulting, a well-established provider of information security services and products, based in Mumbai, India. <br />
</strong><br />
<br />
He specialises on conducting Security Audits, Vulnerability Assessment and Penetration Testing for NII’s premier clients. Deo holds Certified Professional Hacker (CPH), Certified Professional Forensic Analyst (CPFA) and Certified Information Security Professional (CISP) certificates from the Institute of Information Security, the training wing of Network Intelligence India Pvt Ltd. He was recently in Kathmandu to participate in a security awareness workshop. The workshop was focused on general properties of information security, its nitty-gritty, demonstrations of security network tools and Information Security Auditing. In an interview with New Business Age, Deo talked about various issues related to security audits. Excerpts: <br />
<br />
<strong><br />
What brings you to Nepal this time? <br />
</strong><br />
<br />
I am here to participate in the security awareness workshop. We will be conducting general introduction to information security and IT security. I hope this will be beneficial to the business community at large in Nepal because almost all sorts of businesses today require computing system in one way or another. So, it becomes important to have a security system so that there is no infiltration into the computer system that will misuse valuable data and stored information. <br />
<br />
<strong><br />
What is the difference between IT security and information security? </strong><br />
<br />
<br />
IT security is a specific area that targets computer system whereas information security encompasses everything. Information could be a regular paper, or data or any other product a company may develop and all of that becomes part of information security. So, when you talk of information security audits, it also audits business growth. <br />
<br />
<strong><br />
What are the products and services NII is currently offering? </strong><br />
<br />
<br />
NII is primarily into information security consultancy. We also have a product business with our sister concern called Institute of Information Security through which we do a lot of trainings. On the product side, we provide product support for products such as antivirus, anti-spam solutions, firewall products, data leakage prevention solutions and source code auditing – a unique area we specialise on. We are starting a new area where we are going to analyse mobile applications. We are planning to analyse java applications on an android platform. <br />
<strong><br />
<br />
Is there any difference in the extent of vulnerabilities faced by the corporate sector in the South Asia region when compared to that of western developed countries? </strong><br />
<br />
<br />
I don’t think there are any specific differences. We face the same challenges that our western counterparts are going to face or have already faced. The difference is in the sense that the western counterparts already have information system for a longer period of time. So, their approach to audit system is more matured. Having said that, we actually have the benefit of having that knowledge ahead of it and there could be specific challenges in terms of the process because our process is different than their processes. Auditing the security system and making sure that they are fraud proof and security around them is well built, is the important part. <br />
<br />
<strong><br />
With the invention of new technology and security systems, newer forms of threats are coming along. How challenging has it been to maintain security in the present situation? <br />
<br />
</strong><br />
Mobile threats are becoming a major arena. There is significant penetration of mobile computing that is going on currently in the South Asia region. A lot of people want to operate their bank accounts through their mobile phones so it becomes an attractive target for frauds. It is important to consider that area as the emerging factor. Basically, all mobile devices – android based devices, iOS based devices and tablets – are coming into extensive use not just on a personal level but also in business. Companies allow you to bring your own device but they want to make sure that the company’s data you put on that device is protected as well. That is bringing new challenges on separating personal data from work data and about how to protect work data while also allowing you to maintain your personal data. Therefore, the security of these mobile devices is becoming a crucial factor. <br />
<br />
<strong><br />
How do you compare the trend of maintaining security in Nepal and India? </strong><br />
<br />
<br />
The challenges are more or less the same everywhere. Even in India, we are facing similar challenges you might be facing here. In some areas, threats may be more advanced than in other places. As NII, our core plans have been in the banking and we are well versed with the processes that take place in banks. That factor will be a beneficial one when we start our operations here. We are well aware of analysing security and performing audits, doing the measurements for different purposes and allowing that to have impact on your actual business so that the posture of your organisation with each audit becomes better. Security audits should not only try to make the process but also the overall way of working better. <br />
<br />
<strong><br />
Security auditing seems to be the important need at present. How aware is the corporate sector in this region about it? </strong><br />
<br />
<br />
IS (Information Security) audit is one of the most important pillars of a good organisation. The reason is that computers are mostly used ubiquitously in all operations. So, all your important records are kept on computer. IS audit analyses your system and try to understand the threats that exist to your business. Based on threats, we will assess the controls you have in place and given the current control, we will suggest you the ways to improve. All of these is documented and audited by checking the evidence. While doing this repeatedly through one or two audits, the overall security for sure becomes better for the risks one is facing as every organisation faces some risks to their respective business. It could be as simple as the theft or it could be as complex as somebody doing a financial fraud. At the end of the day, the goal of IS audit is to minimise the risk in different areas of the business so that it continues to function unimpeded. <br />
<br />
<br />
<strong>How affordable is such system for small to medium sized businesses? </strong><br />
<br />
<br />
It is difficult to comment on their affordability, however, an IS audit can be customised as per the needs of an organisation. For example, an organisation may say that it only wants one of its departments to be certified for a certain certification. In that case, it can cut away pieces and then take the piece that it so needs. Therefore, it is affordable to many organisations and actually getting a certification like ISO 27001 is quite feasible for medium to large businesses. Even small businesses can afford the same if they are working in a very niche area and are the market leader in that <br />
<strong><br />
<br />
What are the prospects you see in Nepal when you would want to work here? </strong><br />
<br />
<br />
There are a lot of prospects. For example, a number of banks here are interested in IS audits so it’s my guess that we will tackle that shortly. They are interested in data centres so we will also look into that. Both these areas are our core business so we would be very happy to have customers in these areas. If there are clients who want us to do specific kinds of engagements, we would be able to do that provided such requirements are under the purview of law. Banking, energy and industrial sectors are areas we are currently looking at right now. <br />
<br />
</p>',
'published' => true,
'created' => '2012-08-10',
'modified' => '2012-08-15',
'keywords' => '',
'description' => 'Rajesh Deo is a Security Analyst in the Technical Assessment Team at NII Consulting, a well-established provider of information security services and products, based in Mumbai, India.',
'sortorder' => '553',
'image' => null,
'article_date' => '0000-00-00 00:00:00',
'homepage' => false,
'breaking_news' => false,
'main_news' => false,
'in_scroller' => false,
'user_id' => '0'
),
'ArticleCategory' => array(
'id' => '31',
'name' => 'Visiting Business People',
'parentOf' => '208',
'published' => true,
'registered' => '2015-07-20 00:00:00',
'sortorder' => '2',
'del_flag' => '0',
'homepage' => false,
'display_in_menu' => false,
'user_id' => '1',
'created' => '0000-00-00 00:00:00',
'modified' => '0000-00-00 00:00:00'
),
'User' => array(
'password' => '*****',
'id' => null,
'user_detail_id' => null,
'group_id' => null,
'username' => null,
'name' => null,
'email' => null,
'address' => null,
'gender' => null,
'access' => null,
'phone' => null,
'access_type' => null,
'activated' => null,
'sortorder' => null,
'published' => null,
'created' => null,
'last_login' => null,
'ip' => null
),
'ArticleComment' => array(),
'ArticleFeature' => array(),
'ArticleHasAuthor' => array(),
'ArticleHasTag' => array(),
'ArticleView' => array(
(int) 0 => array(
[maximum depth reached]
)
),
'Slider' => array()
),
'current_user' => null,
'logged_in' => false
)
$article = array(
'Article' => array(
'id' => '654',
'article_category_id' => '31',
'title' => '‘A Number Of Nepali Banks Are Interested In IS Audits’',
'sub_title' => '',
'summary' => null,
'content' => '<p>
<br />
<img alt="visiting business People" border="1" hspace="5" src="http://newbusinessage.com/ckfinder/userfiles/Images/julyvisitingbusinesspeople(1).jpg" style="width: 195px; height: 273px;" vspace="5" /><br />
<strong><br />
Rajesh Deo is a Security Analyst in the Technical Assessment Team at NII Consulting, a well-established provider of information security services and products, based in Mumbai, India. <br />
</strong><br />
<br />
He specialises on conducting Security Audits, Vulnerability Assessment and Penetration Testing for NII’s premier clients. Deo holds Certified Professional Hacker (CPH), Certified Professional Forensic Analyst (CPFA) and Certified Information Security Professional (CISP) certificates from the Institute of Information Security, the training wing of Network Intelligence India Pvt Ltd. He was recently in Kathmandu to participate in a security awareness workshop. The workshop was focused on general properties of information security, its nitty-gritty, demonstrations of security network tools and Information Security Auditing. In an interview with New Business Age, Deo talked about various issues related to security audits. Excerpts: <br />
<br />
<strong><br />
What brings you to Nepal this time? <br />
</strong><br />
<br />
I am here to participate in the security awareness workshop. We will be conducting general introduction to information security and IT security. I hope this will be beneficial to the business community at large in Nepal because almost all sorts of businesses today require computing system in one way or another. So, it becomes important to have a security system so that there is no infiltration into the computer system that will misuse valuable data and stored information. <br />
<br />
<strong><br />
What is the difference between IT security and information security? </strong><br />
<br />
<br />
IT security is a specific area that targets computer system whereas information security encompasses everything. Information could be a regular paper, or data or any other product a company may develop and all of that becomes part of information security. So, when you talk of information security audits, it also audits business growth. <br />
<br />
<strong><br />
What are the products and services NII is currently offering? </strong><br />
<br />
<br />
NII is primarily into information security consultancy. We also have a product business with our sister concern called Institute of Information Security through which we do a lot of trainings. On the product side, we provide product support for products such as antivirus, anti-spam solutions, firewall products, data leakage prevention solutions and source code auditing – a unique area we specialise on. We are starting a new area where we are going to analyse mobile applications. We are planning to analyse java applications on an android platform. <br />
<strong><br />
<br />
Is there any difference in the extent of vulnerabilities faced by the corporate sector in the South Asia region when compared to that of western developed countries? </strong><br />
<br />
<br />
I don’t think there are any specific differences. We face the same challenges that our western counterparts are going to face or have already faced. The difference is in the sense that the western counterparts already have information system for a longer period of time. So, their approach to audit system is more matured. Having said that, we actually have the benefit of having that knowledge ahead of it and there could be specific challenges in terms of the process because our process is different than their processes. Auditing the security system and making sure that they are fraud proof and security around them is well built, is the important part. <br />
<br />
<strong><br />
With the invention of new technology and security systems, newer forms of threats are coming along. How challenging has it been to maintain security in the present situation? <br />
<br />
</strong><br />
Mobile threats are becoming a major arena. There is significant penetration of mobile computing that is going on currently in the South Asia region. A lot of people want to operate their bank accounts through their mobile phones so it becomes an attractive target for frauds. It is important to consider that area as the emerging factor. Basically, all mobile devices – android based devices, iOS based devices and tablets – are coming into extensive use not just on a personal level but also in business. Companies allow you to bring your own device but they want to make sure that the company’s data you put on that device is protected as well. That is bringing new challenges on separating personal data from work data and about how to protect work data while also allowing you to maintain your personal data. Therefore, the security of these mobile devices is becoming a crucial factor. <br />
<br />
<strong><br />
How do you compare the trend of maintaining security in Nepal and India? </strong><br />
<br />
<br />
The challenges are more or less the same everywhere. Even in India, we are facing similar challenges you might be facing here. In some areas, threats may be more advanced than in other places. As NII, our core plans have been in the banking and we are well versed with the processes that take place in banks. That factor will be a beneficial one when we start our operations here. We are well aware of analysing security and performing audits, doing the measurements for different purposes and allowing that to have impact on your actual business so that the posture of your organisation with each audit becomes better. Security audits should not only try to make the process but also the overall way of working better. <br />
<br />
<strong><br />
Security auditing seems to be the important need at present. How aware is the corporate sector in this region about it? </strong><br />
<br />
<br />
IS (Information Security) audit is one of the most important pillars of a good organisation. The reason is that computers are mostly used ubiquitously in all operations. So, all your important records are kept on computer. IS audit analyses your system and try to understand the threats that exist to your business. Based on threats, we will assess the controls you have in place and given the current control, we will suggest you the ways to improve. All of these is documented and audited by checking the evidence. While doing this repeatedly through one or two audits, the overall security for sure becomes better for the risks one is facing as every organisation faces some risks to their respective business. It could be as simple as the theft or it could be as complex as somebody doing a financial fraud. At the end of the day, the goal of IS audit is to minimise the risk in different areas of the business so that it continues to function unimpeded. <br />
<br />
<br />
<strong>How affordable is such system for small to medium sized businesses? </strong><br />
<br />
<br />
It is difficult to comment on their affordability, however, an IS audit can be customised as per the needs of an organisation. For example, an organisation may say that it only wants one of its departments to be certified for a certain certification. In that case, it can cut away pieces and then take the piece that it so needs. Therefore, it is affordable to many organisations and actually getting a certification like ISO 27001 is quite feasible for medium to large businesses. Even small businesses can afford the same if they are working in a very niche area and are the market leader in that <br />
<strong><br />
<br />
What are the prospects you see in Nepal when you would want to work here? </strong><br />
<br />
<br />
There are a lot of prospects. For example, a number of banks here are interested in IS audits so it’s my guess that we will tackle that shortly. They are interested in data centres so we will also look into that. Both these areas are our core business so we would be very happy to have customers in these areas. If there are clients who want us to do specific kinds of engagements, we would be able to do that provided such requirements are under the purview of law. Banking, energy and industrial sectors are areas we are currently looking at right now. <br />
<br />
</p>',
'published' => true,
'created' => '2012-08-10',
'modified' => '2012-08-15',
'keywords' => '',
'description' => 'Rajesh Deo is a Security Analyst in the Technical Assessment Team at NII Consulting, a well-established provider of information security services and products, based in Mumbai, India.',
'sortorder' => '553',
'image' => null,
'article_date' => '0000-00-00 00:00:00',
'homepage' => false,
'breaking_news' => false,
'main_news' => false,
'in_scroller' => false,
'user_id' => '0'
),
'ArticleCategory' => array(
'id' => '31',
'name' => 'Visiting Business People',
'parentOf' => '208',
'published' => true,
'registered' => '2015-07-20 00:00:00',
'sortorder' => '2',
'del_flag' => '0',
'homepage' => false,
'display_in_menu' => false,
'user_id' => '1',
'created' => '0000-00-00 00:00:00',
'modified' => '0000-00-00 00:00:00'
),
'User' => array(
'password' => '*****',
'id' => null,
'user_detail_id' => null,
'group_id' => null,
'username' => null,
'name' => null,
'email' => null,
'address' => null,
'gender' => null,
'access' => null,
'phone' => null,
'access_type' => null,
'activated' => null,
'sortorder' => null,
'published' => null,
'created' => null,
'last_login' => null,
'ip' => null
),
'ArticleComment' => array(),
'ArticleFeature' => array(),
'ArticleHasAuthor' => array(),
'ArticleHasTag' => array(),
'ArticleView' => array(
(int) 0 => array(
'article_id' => '654',
'hit' => '397'
)
),
'Slider' => array()
)
$current_user = null
$logged_in = false
$image = 'https://www.old.newbusinessage.com/app/webroot/img/news/'
$user = null
include - APP/View/Articles/view.ctp, line 115
View::_evaluate() - CORE/Cake/View/View.php, line 971
View::_render() - CORE/Cake/View/View.php, line 933
View::render() - CORE/Cake/View/View.php, line 473
Controller::render() - CORE/Cake/Controller/Controller.php, line 968
Dispatcher::_invoke() - CORE/Cake/Routing/Dispatcher.php, line 200
Dispatcher::dispatch() - CORE/Cake/Routing/Dispatcher.php, line 167
[main] - APP/webroot/index.php, line 117
Notice (8): Trying to access array offset on value of type null [APP/View/Articles/view.ctp, line 116]
//find the group of logged user
$groupId = $user['Group']['id'];
$user_id=$user["id"];
$viewFile = '/var/www/html/newbusinessage.com/app/View/Articles/view.ctp'
$dataForView = array(
'article' => array(
'Article' => array(
'id' => '654',
'article_category_id' => '31',
'title' => '‘A Number Of Nepali Banks Are Interested In IS Audits’',
'sub_title' => '',
'summary' => null,
'content' => '<p>
<br />
<img alt="visiting business People" border="1" hspace="5" src="http://newbusinessage.com/ckfinder/userfiles/Images/julyvisitingbusinesspeople(1).jpg" style="width: 195px; height: 273px;" vspace="5" /><br />
<strong><br />
Rajesh Deo is a Security Analyst in the Technical Assessment Team at NII Consulting, a well-established provider of information security services and products, based in Mumbai, India. <br />
</strong><br />
<br />
He specialises on conducting Security Audits, Vulnerability Assessment and Penetration Testing for NII’s premier clients. Deo holds Certified Professional Hacker (CPH), Certified Professional Forensic Analyst (CPFA) and Certified Information Security Professional (CISP) certificates from the Institute of Information Security, the training wing of Network Intelligence India Pvt Ltd. He was recently in Kathmandu to participate in a security awareness workshop. The workshop was focused on general properties of information security, its nitty-gritty, demonstrations of security network tools and Information Security Auditing. In an interview with New Business Age, Deo talked about various issues related to security audits. Excerpts: <br />
<br />
<strong><br />
What brings you to Nepal this time? <br />
</strong><br />
<br />
I am here to participate in the security awareness workshop. We will be conducting general introduction to information security and IT security. I hope this will be beneficial to the business community at large in Nepal because almost all sorts of businesses today require computing system in one way or another. So, it becomes important to have a security system so that there is no infiltration into the computer system that will misuse valuable data and stored information. <br />
<br />
<strong><br />
What is the difference between IT security and information security? </strong><br />
<br />
<br />
IT security is a specific area that targets computer system whereas information security encompasses everything. Information could be a regular paper, or data or any other product a company may develop and all of that becomes part of information security. So, when you talk of information security audits, it also audits business growth. <br />
<br />
<strong><br />
What are the products and services NII is currently offering? </strong><br />
<br />
<br />
NII is primarily into information security consultancy. We also have a product business with our sister concern called Institute of Information Security through which we do a lot of trainings. On the product side, we provide product support for products such as antivirus, anti-spam solutions, firewall products, data leakage prevention solutions and source code auditing – a unique area we specialise on. We are starting a new area where we are going to analyse mobile applications. We are planning to analyse java applications on an android platform. <br />
<strong><br />
<br />
Is there any difference in the extent of vulnerabilities faced by the corporate sector in the South Asia region when compared to that of western developed countries? </strong><br />
<br />
<br />
I don’t think there are any specific differences. We face the same challenges that our western counterparts are going to face or have already faced. The difference is in the sense that the western counterparts already have information system for a longer period of time. So, their approach to audit system is more matured. Having said that, we actually have the benefit of having that knowledge ahead of it and there could be specific challenges in terms of the process because our process is different than their processes. Auditing the security system and making sure that they are fraud proof and security around them is well built, is the important part. <br />
<br />
<strong><br />
With the invention of new technology and security systems, newer forms of threats are coming along. How challenging has it been to maintain security in the present situation? <br />
<br />
</strong><br />
Mobile threats are becoming a major arena. There is significant penetration of mobile computing that is going on currently in the South Asia region. A lot of people want to operate their bank accounts through their mobile phones so it becomes an attractive target for frauds. It is important to consider that area as the emerging factor. Basically, all mobile devices – android based devices, iOS based devices and tablets – are coming into extensive use not just on a personal level but also in business. Companies allow you to bring your own device but they want to make sure that the company’s data you put on that device is protected as well. That is bringing new challenges on separating personal data from work data and about how to protect work data while also allowing you to maintain your personal data. Therefore, the security of these mobile devices is becoming a crucial factor. <br />
<br />
<strong><br />
How do you compare the trend of maintaining security in Nepal and India? </strong><br />
<br />
<br />
The challenges are more or less the same everywhere. Even in India, we are facing similar challenges you might be facing here. In some areas, threats may be more advanced than in other places. As NII, our core plans have been in the banking and we are well versed with the processes that take place in banks. That factor will be a beneficial one when we start our operations here. We are well aware of analysing security and performing audits, doing the measurements for different purposes and allowing that to have impact on your actual business so that the posture of your organisation with each audit becomes better. Security audits should not only try to make the process but also the overall way of working better. <br />
<br />
<strong><br />
Security auditing seems to be the important need at present. How aware is the corporate sector in this region about it? </strong><br />
<br />
<br />
IS (Information Security) audit is one of the most important pillars of a good organisation. The reason is that computers are mostly used ubiquitously in all operations. So, all your important records are kept on computer. IS audit analyses your system and try to understand the threats that exist to your business. Based on threats, we will assess the controls you have in place and given the current control, we will suggest you the ways to improve. All of these is documented and audited by checking the evidence. While doing this repeatedly through one or two audits, the overall security for sure becomes better for the risks one is facing as every organisation faces some risks to their respective business. It could be as simple as the theft or it could be as complex as somebody doing a financial fraud. At the end of the day, the goal of IS audit is to minimise the risk in different areas of the business so that it continues to function unimpeded. <br />
<br />
<br />
<strong>How affordable is such system for small to medium sized businesses? </strong><br />
<br />
<br />
It is difficult to comment on their affordability, however, an IS audit can be customised as per the needs of an organisation. For example, an organisation may say that it only wants one of its departments to be certified for a certain certification. In that case, it can cut away pieces and then take the piece that it so needs. Therefore, it is affordable to many organisations and actually getting a certification like ISO 27001 is quite feasible for medium to large businesses. Even small businesses can afford the same if they are working in a very niche area and are the market leader in that <br />
<strong><br />
<br />
What are the prospects you see in Nepal when you would want to work here? </strong><br />
<br />
<br />
There are a lot of prospects. For example, a number of banks here are interested in IS audits so it’s my guess that we will tackle that shortly. They are interested in data centres so we will also look into that. Both these areas are our core business so we would be very happy to have customers in these areas. If there are clients who want us to do specific kinds of engagements, we would be able to do that provided such requirements are under the purview of law. Banking, energy and industrial sectors are areas we are currently looking at right now. <br />
<br />
</p>',
'published' => true,
'created' => '2012-08-10',
'modified' => '2012-08-15',
'keywords' => '',
'description' => 'Rajesh Deo is a Security Analyst in the Technical Assessment Team at NII Consulting, a well-established provider of information security services and products, based in Mumbai, India.',
'sortorder' => '553',
'image' => null,
'article_date' => '0000-00-00 00:00:00',
'homepage' => false,
'breaking_news' => false,
'main_news' => false,
'in_scroller' => false,
'user_id' => '0'
),
'ArticleCategory' => array(
'id' => '31',
'name' => 'Visiting Business People',
'parentOf' => '208',
'published' => true,
'registered' => '2015-07-20 00:00:00',
'sortorder' => '2',
'del_flag' => '0',
'homepage' => false,
'display_in_menu' => false,
'user_id' => '1',
'created' => '0000-00-00 00:00:00',
'modified' => '0000-00-00 00:00:00'
),
'User' => array(
'password' => '*****',
'id' => null,
'user_detail_id' => null,
'group_id' => null,
'username' => null,
'name' => null,
'email' => null,
'address' => null,
'gender' => null,
'access' => null,
'phone' => null,
'access_type' => null,
'activated' => null,
'sortorder' => null,
'published' => null,
'created' => null,
'last_login' => null,
'ip' => null
),
'ArticleComment' => array(),
'ArticleFeature' => array(),
'ArticleHasAuthor' => array(),
'ArticleHasTag' => array(),
'ArticleView' => array(
(int) 0 => array(
[maximum depth reached]
)
),
'Slider' => array()
),
'current_user' => null,
'logged_in' => false
)
$article = array(
'Article' => array(
'id' => '654',
'article_category_id' => '31',
'title' => '‘A Number Of Nepali Banks Are Interested In IS Audits’',
'sub_title' => '',
'summary' => null,
'content' => '<p>
<br />
<img alt="visiting business People" border="1" hspace="5" src="http://newbusinessage.com/ckfinder/userfiles/Images/julyvisitingbusinesspeople(1).jpg" style="width: 195px; height: 273px;" vspace="5" /><br />
<strong><br />
Rajesh Deo is a Security Analyst in the Technical Assessment Team at NII Consulting, a well-established provider of information security services and products, based in Mumbai, India. <br />
</strong><br />
<br />
He specialises on conducting Security Audits, Vulnerability Assessment and Penetration Testing for NII’s premier clients. Deo holds Certified Professional Hacker (CPH), Certified Professional Forensic Analyst (CPFA) and Certified Information Security Professional (CISP) certificates from the Institute of Information Security, the training wing of Network Intelligence India Pvt Ltd. He was recently in Kathmandu to participate in a security awareness workshop. The workshop was focused on general properties of information security, its nitty-gritty, demonstrations of security network tools and Information Security Auditing. In an interview with New Business Age, Deo talked about various issues related to security audits. Excerpts: <br />
<br />
<strong><br />
What brings you to Nepal this time? <br />
</strong><br />
<br />
I am here to participate in the security awareness workshop. We will be conducting general introduction to information security and IT security. I hope this will be beneficial to the business community at large in Nepal because almost all sorts of businesses today require computing system in one way or another. So, it becomes important to have a security system so that there is no infiltration into the computer system that will misuse valuable data and stored information. <br />
<br />
<strong><br />
What is the difference between IT security and information security? </strong><br />
<br />
<br />
IT security is a specific area that targets computer system whereas information security encompasses everything. Information could be a regular paper, or data or any other product a company may develop and all of that becomes part of information security. So, when you talk of information security audits, it also audits business growth. <br />
<br />
<strong><br />
What are the products and services NII is currently offering? </strong><br />
<br />
<br />
NII is primarily into information security consultancy. We also have a product business with our sister concern called Institute of Information Security through which we do a lot of trainings. On the product side, we provide product support for products such as antivirus, anti-spam solutions, firewall products, data leakage prevention solutions and source code auditing – a unique area we specialise on. We are starting a new area where we are going to analyse mobile applications. We are planning to analyse java applications on an android platform. <br />
<strong><br />
<br />
Is there any difference in the extent of vulnerabilities faced by the corporate sector in the South Asia region when compared to that of western developed countries? </strong><br />
<br />
<br />
I don’t think there are any specific differences. We face the same challenges that our western counterparts are going to face or have already faced. The difference is in the sense that the western counterparts already have information system for a longer period of time. So, their approach to audit system is more matured. Having said that, we actually have the benefit of having that knowledge ahead of it and there could be specific challenges in terms of the process because our process is different than their processes. Auditing the security system and making sure that they are fraud proof and security around them is well built, is the important part. <br />
<br />
<strong><br />
With the invention of new technology and security systems, newer forms of threats are coming along. How challenging has it been to maintain security in the present situation? <br />
<br />
</strong><br />
Mobile threats are becoming a major arena. There is significant penetration of mobile computing that is going on currently in the South Asia region. A lot of people want to operate their bank accounts through their mobile phones so it becomes an attractive target for frauds. It is important to consider that area as the emerging factor. Basically, all mobile devices – android based devices, iOS based devices and tablets – are coming into extensive use not just on a personal level but also in business. Companies allow you to bring your own device but they want to make sure that the company’s data you put on that device is protected as well. That is bringing new challenges on separating personal data from work data and about how to protect work data while also allowing you to maintain your personal data. Therefore, the security of these mobile devices is becoming a crucial factor. <br />
<br />
<strong><br />
How do you compare the trend of maintaining security in Nepal and India? </strong><br />
<br />
<br />
The challenges are more or less the same everywhere. Even in India, we are facing similar challenges you might be facing here. In some areas, threats may be more advanced than in other places. As NII, our core plans have been in the banking and we are well versed with the processes that take place in banks. That factor will be a beneficial one when we start our operations here. We are well aware of analysing security and performing audits, doing the measurements for different purposes and allowing that to have impact on your actual business so that the posture of your organisation with each audit becomes better. Security audits should not only try to make the process but also the overall way of working better. <br />
<br />
<strong><br />
Security auditing seems to be the important need at present. How aware is the corporate sector in this region about it? </strong><br />
<br />
<br />
IS (Information Security) audit is one of the most important pillars of a good organisation. The reason is that computers are mostly used ubiquitously in all operations. So, all your important records are kept on computer. IS audit analyses your system and try to understand the threats that exist to your business. Based on threats, we will assess the controls you have in place and given the current control, we will suggest you the ways to improve. All of these is documented and audited by checking the evidence. While doing this repeatedly through one or two audits, the overall security for sure becomes better for the risks one is facing as every organisation faces some risks to their respective business. It could be as simple as the theft or it could be as complex as somebody doing a financial fraud. At the end of the day, the goal of IS audit is to minimise the risk in different areas of the business so that it continues to function unimpeded. <br />
<br />
<br />
<strong>How affordable is such system for small to medium sized businesses? </strong><br />
<br />
<br />
It is difficult to comment on their affordability, however, an IS audit can be customised as per the needs of an organisation. For example, an organisation may say that it only wants one of its departments to be certified for a certain certification. In that case, it can cut away pieces and then take the piece that it so needs. Therefore, it is affordable to many organisations and actually getting a certification like ISO 27001 is quite feasible for medium to large businesses. Even small businesses can afford the same if they are working in a very niche area and are the market leader in that <br />
<strong><br />
<br />
What are the prospects you see in Nepal when you would want to work here? </strong><br />
<br />
<br />
There are a lot of prospects. For example, a number of banks here are interested in IS audits so it’s my guess that we will tackle that shortly. They are interested in data centres so we will also look into that. Both these areas are our core business so we would be very happy to have customers in these areas. If there are clients who want us to do specific kinds of engagements, we would be able to do that provided such requirements are under the purview of law. Banking, energy and industrial sectors are areas we are currently looking at right now. <br />
<br />
</p>',
'published' => true,
'created' => '2012-08-10',
'modified' => '2012-08-15',
'keywords' => '',
'description' => 'Rajesh Deo is a Security Analyst in the Technical Assessment Team at NII Consulting, a well-established provider of information security services and products, based in Mumbai, India.',
'sortorder' => '553',
'image' => null,
'article_date' => '0000-00-00 00:00:00',
'homepage' => false,
'breaking_news' => false,
'main_news' => false,
'in_scroller' => false,
'user_id' => '0'
),
'ArticleCategory' => array(
'id' => '31',
'name' => 'Visiting Business People',
'parentOf' => '208',
'published' => true,
'registered' => '2015-07-20 00:00:00',
'sortorder' => '2',
'del_flag' => '0',
'homepage' => false,
'display_in_menu' => false,
'user_id' => '1',
'created' => '0000-00-00 00:00:00',
'modified' => '0000-00-00 00:00:00'
),
'User' => array(
'password' => '*****',
'id' => null,
'user_detail_id' => null,
'group_id' => null,
'username' => null,
'name' => null,
'email' => null,
'address' => null,
'gender' => null,
'access' => null,
'phone' => null,
'access_type' => null,
'activated' => null,
'sortorder' => null,
'published' => null,
'created' => null,
'last_login' => null,
'ip' => null
),
'ArticleComment' => array(),
'ArticleFeature' => array(),
'ArticleHasAuthor' => array(),
'ArticleHasTag' => array(),
'ArticleView' => array(
(int) 0 => array(
'article_id' => '654',
'hit' => '397'
)
),
'Slider' => array()
)
$current_user = null
$logged_in = false
$image = 'https://www.old.newbusinessage.com/app/webroot/img/news/'
$user = null
$groupId = null
include - APP/View/Articles/view.ctp, line 116
View::_evaluate() - CORE/Cake/View/View.php, line 971
View::_render() - CORE/Cake/View/View.php, line 933
View::render() - CORE/Cake/View/View.php, line 473
Controller::render() - CORE/Cake/Controller/Controller.php, line 968
Dispatcher::_invoke() - CORE/Cake/Routing/Dispatcher.php, line 200
Dispatcher::dispatch() - CORE/Cake/Routing/Dispatcher.php, line 167
[main] - APP/webroot/index.php, line 117
‘A Number Of Nepali Banks Are Interested In IS Audits’
6 min 48 sec to read
Rajesh Deo is a Security Analyst in the Technical Assessment Team at NII Consulting, a well-established provider of information security services and products, based in Mumbai, India.
He specialises on conducting Security Audits, Vulnerability Assessment and Penetration Testing for NII’s premier clients. Deo holds Certified Professional Hacker (CPH), Certified Professional Forensic Analyst (CPFA) and Certified Information Security Professional (CISP) certificates from the Institute of Information Security, the training wing of Network Intelligence India Pvt Ltd. He was recently in Kathmandu to participate in a security awareness workshop. The workshop was focused on general properties of information security, its nitty-gritty, demonstrations of security network tools and Information Security Auditing. In an interview with New Business Age, Deo talked about various issues related to security audits. Excerpts:
What brings you to Nepal this time?
I am here to participate in the security awareness workshop. We will be conducting general introduction to information security and IT security. I hope this will be beneficial to the business community at large in Nepal because almost all sorts of businesses today require computing system in one way or another. So, it becomes important to have a security system so that there is no infiltration into the computer system that will misuse valuable data and stored information.
What is the difference between IT security and information security?
IT security is a specific area that targets computer system whereas information security encompasses everything. Information could be a regular paper, or data or any other product a company may develop and all of that becomes part of information security. So, when you talk of information security audits, it also audits business growth.
What are the products and services NII is currently offering?
NII is primarily into information security consultancy. We also have a product business with our sister concern called Institute of Information Security through which we do a lot of trainings. On the product side, we provide product support for products such as antivirus, anti-spam solutions, firewall products, data leakage prevention solutions and source code auditing – a unique area we specialise on. We are starting a new area where we are going to analyse mobile applications. We are planning to analyse java applications on an android platform.
Is there any difference in the extent of vulnerabilities faced by the corporate sector in the South Asia region when compared to that of western developed countries?
I don’t think there are any specific differences. We face the same challenges that our western counterparts are going to face or have already faced. The difference is in the sense that the western counterparts already have information system for a longer period of time. So, their approach to audit system is more matured. Having said that, we actually have the benefit of having that knowledge ahead of it and there could be specific challenges in terms of the process because our process is different than their processes. Auditing the security system and making sure that they are fraud proof and security around them is well built, is the important part.
With the invention of new technology and security systems, newer forms of threats are coming along. How challenging has it been to maintain security in the present situation?
Mobile threats are becoming a major arena. There is significant penetration of mobile computing that is going on currently in the South Asia region. A lot of people want to operate their bank accounts through their mobile phones so it becomes an attractive target for frauds. It is important to consider that area as the emerging factor. Basically, all mobile devices – android based devices, iOS based devices and tablets – are coming into extensive use not just on a personal level but also in business. Companies allow you to bring your own device but they want to make sure that the company’s data you put on that device is protected as well. That is bringing new challenges on separating personal data from work data and about how to protect work data while also allowing you to maintain your personal data. Therefore, the security of these mobile devices is becoming a crucial factor.
How do you compare the trend of maintaining security in Nepal and India?
The challenges are more or less the same everywhere. Even in India, we are facing similar challenges you might be facing here. In some areas, threats may be more advanced than in other places. As NII, our core plans have been in the banking and we are well versed with the processes that take place in banks. That factor will be a beneficial one when we start our operations here. We are well aware of analysing security and performing audits, doing the measurements for different purposes and allowing that to have impact on your actual business so that the posture of your organisation with each audit becomes better. Security audits should not only try to make the process but also the overall way of working better.
Security auditing seems to be the important need at present. How aware is the corporate sector in this region about it?
IS (Information Security) audit is one of the most important pillars of a good organisation. The reason is that computers are mostly used ubiquitously in all operations. So, all your important records are kept on computer. IS audit analyses your system and try to understand the threats that exist to your business. Based on threats, we will assess the controls you have in place and given the current control, we will suggest you the ways to improve. All of these is documented and audited by checking the evidence. While doing this repeatedly through one or two audits, the overall security for sure becomes better for the risks one is facing as every organisation faces some risks to their respective business. It could be as simple as the theft or it could be as complex as somebody doing a financial fraud. At the end of the day, the goal of IS audit is to minimise the risk in different areas of the business so that it continues to function unimpeded.
How affordable is such system for small to medium sized businesses?
It is difficult to comment on their affordability, however, an IS audit can be customised as per the needs of an organisation. For example, an organisation may say that it only wants one of its departments to be certified for a certain certification. In that case, it can cut away pieces and then take the piece that it so needs. Therefore, it is affordable to many organisations and actually getting a certification like ISO 27001 is quite feasible for medium to large businesses. Even small businesses can afford the same if they are working in a very niche area and are the market leader in that
What are the prospects you see in Nepal when you would want to work here?
There are a lot of prospects. For example, a number of banks here are interested in IS audits so it’s my guess that we will tackle that shortly. They are interested in data centres so we will also look into that. Both these areas are our core business so we would be very happy to have customers in these areas. If there are clients who want us to do specific kinds of engagements, we would be able to do that provided such requirements are under the purview of law. Banking, energy and industrial sectors are areas we are currently looking at right now.
FormHelper::create() - CORE/Cake/View/Helper/FormHelper.php, line 383
include - APP/View/Articles/view.ctp, line 273
View::_evaluate() - CORE/Cake/View/View.php, line 971
View::_render() - CORE/Cake/View/View.php, line 933
View::render() - CORE/Cake/View/View.php, line 473
Controller::render() - CORE/Cake/Controller/Controller.php, line 968
Dispatcher::_invoke() - CORE/Cake/Routing/Dispatcher.php, line 200
Dispatcher::dispatch() - CORE/Cake/Routing/Dispatcher.php, line 167
[main] - APP/webroot/index.php, line 117
$viewFile = '/var/www/html/newbusinessage.com/app/View/Elements/side_bar.ctp'
$dataForView = array(
'article' => array(
'Article' => array(
'id' => '654',
'article_category_id' => '31',
'title' => '‘A Number Of Nepali Banks Are Interested In IS Audits’',
'sub_title' => '',
'summary' => null,
'content' => '<p>
<br />
<img alt="visiting business People" border="1" hspace="5" src="http://newbusinessage.com/ckfinder/userfiles/Images/julyvisitingbusinesspeople(1).jpg" style="width: 195px; height: 273px;" vspace="5" /><br />
<strong><br />
Rajesh Deo is a Security Analyst in the Technical Assessment Team at NII Consulting, a well-established provider of information security services and products, based in Mumbai, India. <br />
</strong><br />
<br />
He specialises on conducting Security Audits, Vulnerability Assessment and Penetration Testing for NII’s premier clients. Deo holds Certified Professional Hacker (CPH), Certified Professional Forensic Analyst (CPFA) and Certified Information Security Professional (CISP) certificates from the Institute of Information Security, the training wing of Network Intelligence India Pvt Ltd. He was recently in Kathmandu to participate in a security awareness workshop. The workshop was focused on general properties of information security, its nitty-gritty, demonstrations of security network tools and Information Security Auditing. In an interview with New Business Age, Deo talked about various issues related to security audits. Excerpts: <br />
<br />
<strong><br />
What brings you to Nepal this time? <br />
</strong><br />
<br />
I am here to participate in the security awareness workshop. We will be conducting general introduction to information security and IT security. I hope this will be beneficial to the business community at large in Nepal because almost all sorts of businesses today require computing system in one way or another. So, it becomes important to have a security system so that there is no infiltration into the computer system that will misuse valuable data and stored information. <br />
<br />
<strong><br />
What is the difference between IT security and information security? </strong><br />
<br />
<br />
IT security is a specific area that targets computer system whereas information security encompasses everything. Information could be a regular paper, or data or any other product a company may develop and all of that becomes part of information security. So, when you talk of information security audits, it also audits business growth. <br />
<br />
<strong><br />
What are the products and services NII is currently offering? </strong><br />
<br />
<br />
NII is primarily into information security consultancy. We also have a product business with our sister concern called Institute of Information Security through which we do a lot of trainings. On the product side, we provide product support for products such as antivirus, anti-spam solutions, firewall products, data leakage prevention solutions and source code auditing – a unique area we specialise on. We are starting a new area where we are going to analyse mobile applications. We are planning to analyse java applications on an android platform. <br />
<strong><br />
<br />
Is there any difference in the extent of vulnerabilities faced by the corporate sector in the South Asia region when compared to that of western developed countries? </strong><br />
<br />
<br />
I don’t think there are any specific differences. We face the same challenges that our western counterparts are going to face or have already faced. The difference is in the sense that the western counterparts already have information system for a longer period of time. So, their approach to audit system is more matured. Having said that, we actually have the benefit of having that knowledge ahead of it and there could be specific challenges in terms of the process because our process is different than their processes. Auditing the security system and making sure that they are fraud proof and security around them is well built, is the important part. <br />
<br />
<strong><br />
With the invention of new technology and security systems, newer forms of threats are coming along. How challenging has it been to maintain security in the present situation? <br />
<br />
</strong><br />
Mobile threats are becoming a major arena. There is significant penetration of mobile computing that is going on currently in the South Asia region. A lot of people want to operate their bank accounts through their mobile phones so it becomes an attractive target for frauds. It is important to consider that area as the emerging factor. Basically, all mobile devices – android based devices, iOS based devices and tablets – are coming into extensive use not just on a personal level but also in business. Companies allow you to bring your own device but they want to make sure that the company’s data you put on that device is protected as well. That is bringing new challenges on separating personal data from work data and about how to protect work data while also allowing you to maintain your personal data. Therefore, the security of these mobile devices is becoming a crucial factor. <br />
<br />
<strong><br />
How do you compare the trend of maintaining security in Nepal and India? </strong><br />
<br />
<br />
The challenges are more or less the same everywhere. Even in India, we are facing similar challenges you might be facing here. In some areas, threats may be more advanced than in other places. As NII, our core plans have been in the banking and we are well versed with the processes that take place in banks. That factor will be a beneficial one when we start our operations here. We are well aware of analysing security and performing audits, doing the measurements for different purposes and allowing that to have impact on your actual business so that the posture of your organisation with each audit becomes better. Security audits should not only try to make the process but also the overall way of working better. <br />
<br />
<strong><br />
Security auditing seems to be the important need at present. How aware is the corporate sector in this region about it? </strong><br />
<br />
<br />
IS (Information Security) audit is one of the most important pillars of a good organisation. The reason is that computers are mostly used ubiquitously in all operations. So, all your important records are kept on computer. IS audit analyses your system and try to understand the threats that exist to your business. Based on threats, we will assess the controls you have in place and given the current control, we will suggest you the ways to improve. All of these is documented and audited by checking the evidence. While doing this repeatedly through one or two audits, the overall security for sure becomes better for the risks one is facing as every organisation faces some risks to their respective business. It could be as simple as the theft or it could be as complex as somebody doing a financial fraud. At the end of the day, the goal of IS audit is to minimise the risk in different areas of the business so that it continues to function unimpeded. <br />
<br />
<br />
<strong>How affordable is such system for small to medium sized businesses? </strong><br />
<br />
<br />
It is difficult to comment on their affordability, however, an IS audit can be customised as per the needs of an organisation. For example, an organisation may say that it only wants one of its departments to be certified for a certain certification. In that case, it can cut away pieces and then take the piece that it so needs. Therefore, it is affordable to many organisations and actually getting a certification like ISO 27001 is quite feasible for medium to large businesses. Even small businesses can afford the same if they are working in a very niche area and are the market leader in that <br />
<strong><br />
<br />
What are the prospects you see in Nepal when you would want to work here? </strong><br />
<br />
<br />
There are a lot of prospects. For example, a number of banks here are interested in IS audits so it’s my guess that we will tackle that shortly. They are interested in data centres so we will also look into that. Both these areas are our core business so we would be very happy to have customers in these areas. If there are clients who want us to do specific kinds of engagements, we would be able to do that provided such requirements are under the purview of law. Banking, energy and industrial sectors are areas we are currently looking at right now. <br />
<br />
</p>',
'published' => true,
'created' => '2012-08-10',
'modified' => '2012-08-15',
'keywords' => '',
'description' => 'Rajesh Deo is a Security Analyst in the Technical Assessment Team at NII Consulting, a well-established provider of information security services and products, based in Mumbai, India.',
'sortorder' => '553',
'image' => null,
'article_date' => '0000-00-00 00:00:00',
'homepage' => false,
'breaking_news' => false,
'main_news' => false,
'in_scroller' => false,
'user_id' => '0'
),
'ArticleCategory' => array(
'id' => '31',
'name' => 'Visiting Business People',
'parentOf' => '208',
'published' => true,
'registered' => '2015-07-20 00:00:00',
'sortorder' => '2',
'del_flag' => '0',
'homepage' => false,
'display_in_menu' => false,
'user_id' => '1',
'created' => '0000-00-00 00:00:00',
'modified' => '0000-00-00 00:00:00'
),
'User' => array(
'password' => '*****',
'id' => null,
'user_detail_id' => null,
'group_id' => null,
'username' => null,
'name' => null,
'email' => null,
'address' => null,
'gender' => null,
'access' => null,
'phone' => null,
'access_type' => null,
'activated' => null,
'sortorder' => null,
'published' => null,
'created' => null,
'last_login' => null,
'ip' => null
),
'ArticleComment' => array(),
'ArticleFeature' => array(),
'ArticleHasAuthor' => array(),
'ArticleHasTag' => array(),
'ArticleView' => array(
(int) 0 => array(
[maximum depth reached]
)
),
'Slider' => array()
),
'current_user' => null,
'logged_in' => false
)
$article = array(
'Article' => array(
'id' => '654',
'article_category_id' => '31',
'title' => '‘A Number Of Nepali Banks Are Interested In IS Audits’',
'sub_title' => '',
'summary' => null,
'content' => '<p>
<br />
<img alt="visiting business People" border="1" hspace="5" src="http://newbusinessage.com/ckfinder/userfiles/Images/julyvisitingbusinesspeople(1).jpg" style="width: 195px; height: 273px;" vspace="5" /><br />
<strong><br />
Rajesh Deo is a Security Analyst in the Technical Assessment Team at NII Consulting, a well-established provider of information security services and products, based in Mumbai, India. <br />
</strong><br />
<br />
He specialises on conducting Security Audits, Vulnerability Assessment and Penetration Testing for NII’s premier clients. Deo holds Certified Professional Hacker (CPH), Certified Professional Forensic Analyst (CPFA) and Certified Information Security Professional (CISP) certificates from the Institute of Information Security, the training wing of Network Intelligence India Pvt Ltd. He was recently in Kathmandu to participate in a security awareness workshop. The workshop was focused on general properties of information security, its nitty-gritty, demonstrations of security network tools and Information Security Auditing. In an interview with New Business Age, Deo talked about various issues related to security audits. Excerpts: <br />
<br />
<strong><br />
What brings you to Nepal this time? <br />
</strong><br />
<br />
I am here to participate in the security awareness workshop. We will be conducting general introduction to information security and IT security. I hope this will be beneficial to the business community at large in Nepal because almost all sorts of businesses today require computing system in one way or another. So, it becomes important to have a security system so that there is no infiltration into the computer system that will misuse valuable data and stored information. <br />
<br />
<strong><br />
What is the difference between IT security and information security? </strong><br />
<br />
<br />
IT security is a specific area that targets computer system whereas information security encompasses everything. Information could be a regular paper, or data or any other product a company may develop and all of that becomes part of information security. So, when you talk of information security audits, it also audits business growth. <br />
<br />
<strong><br />
What are the products and services NII is currently offering? </strong><br />
<br />
<br />
NII is primarily into information security consultancy. We also have a product business with our sister concern called Institute of Information Security through which we do a lot of trainings. On the product side, we provide product support for products such as antivirus, anti-spam solutions, firewall products, data leakage prevention solutions and source code auditing – a unique area we specialise on. We are starting a new area where we are going to analyse mobile applications. We are planning to analyse java applications on an android platform. <br />
<strong><br />
<br />
Is there any difference in the extent of vulnerabilities faced by the corporate sector in the South Asia region when compared to that of western developed countries? </strong><br />
<br />
<br />
I don’t think there are any specific differences. We face the same challenges that our western counterparts are going to face or have already faced. The difference is in the sense that the western counterparts already have information system for a longer period of time. So, their approach to audit system is more matured. Having said that, we actually have the benefit of having that knowledge ahead of it and there could be specific challenges in terms of the process because our process is different than their processes. Auditing the security system and making sure that they are fraud proof and security around them is well built, is the important part. <br />
<br />
<strong><br />
With the invention of new technology and security systems, newer forms of threats are coming along. How challenging has it been to maintain security in the present situation? <br />
<br />
</strong><br />
Mobile threats are becoming a major arena. There is significant penetration of mobile computing that is going on currently in the South Asia region. A lot of people want to operate their bank accounts through their mobile phones so it becomes an attractive target for frauds. It is important to consider that area as the emerging factor. Basically, all mobile devices – android based devices, iOS based devices and tablets – are coming into extensive use not just on a personal level but also in business. Companies allow you to bring your own device but they want to make sure that the company’s data you put on that device is protected as well. That is bringing new challenges on separating personal data from work data and about how to protect work data while also allowing you to maintain your personal data. Therefore, the security of these mobile devices is becoming a crucial factor. <br />
<br />
<strong><br />
How do you compare the trend of maintaining security in Nepal and India? </strong><br />
<br />
<br />
The challenges are more or less the same everywhere. Even in India, we are facing similar challenges you might be facing here. In some areas, threats may be more advanced than in other places. As NII, our core plans have been in the banking and we are well versed with the processes that take place in banks. That factor will be a beneficial one when we start our operations here. We are well aware of analysing security and performing audits, doing the measurements for different purposes and allowing that to have impact on your actual business so that the posture of your organisation with each audit becomes better. Security audits should not only try to make the process but also the overall way of working better. <br />
<br />
<strong><br />
Security auditing seems to be the important need at present. How aware is the corporate sector in this region about it? </strong><br />
<br />
<br />
IS (Information Security) audit is one of the most important pillars of a good organisation. The reason is that computers are mostly used ubiquitously in all operations. So, all your important records are kept on computer. IS audit analyses your system and try to understand the threats that exist to your business. Based on threats, we will assess the controls you have in place and given the current control, we will suggest you the ways to improve. All of these is documented and audited by checking the evidence. While doing this repeatedly through one or two audits, the overall security for sure becomes better for the risks one is facing as every organisation faces some risks to their respective business. It could be as simple as the theft or it could be as complex as somebody doing a financial fraud. At the end of the day, the goal of IS audit is to minimise the risk in different areas of the business so that it continues to function unimpeded. <br />
<br />
<br />
<strong>How affordable is such system for small to medium sized businesses? </strong><br />
<br />
<br />
It is difficult to comment on their affordability, however, an IS audit can be customised as per the needs of an organisation. For example, an organisation may say that it only wants one of its departments to be certified for a certain certification. In that case, it can cut away pieces and then take the piece that it so needs. Therefore, it is affordable to many organisations and actually getting a certification like ISO 27001 is quite feasible for medium to large businesses. Even small businesses can afford the same if they are working in a very niche area and are the market leader in that <br />
<strong><br />
<br />
What are the prospects you see in Nepal when you would want to work here? </strong><br />
<br />
<br />
There are a lot of prospects. For example, a number of banks here are interested in IS audits so it’s my guess that we will tackle that shortly. They are interested in data centres so we will also look into that. Both these areas are our core business so we would be very happy to have customers in these areas. If there are clients who want us to do specific kinds of engagements, we would be able to do that provided such requirements are under the purview of law. Banking, energy and industrial sectors are areas we are currently looking at right now. <br />
<br />
</p>',
'published' => true,
'created' => '2012-08-10',
'modified' => '2012-08-15',
'keywords' => '',
'description' => 'Rajesh Deo is a Security Analyst in the Technical Assessment Team at NII Consulting, a well-established provider of information security services and products, based in Mumbai, India.',
'sortorder' => '553',
'image' => null,
'article_date' => '0000-00-00 00:00:00',
'homepage' => false,
'breaking_news' => false,
'main_news' => false,
'in_scroller' => false,
'user_id' => '0'
),
'ArticleCategory' => array(
'id' => '31',
'name' => 'Visiting Business People',
'parentOf' => '208',
'published' => true,
'registered' => '2015-07-20 00:00:00',
'sortorder' => '2',
'del_flag' => '0',
'homepage' => false,
'display_in_menu' => false,
'user_id' => '1',
'created' => '0000-00-00 00:00:00',
'modified' => '0000-00-00 00:00:00'
),
'User' => array(
'password' => '*****',
'id' => null,
'user_detail_id' => null,
'group_id' => null,
'username' => null,
'name' => null,
'email' => null,
'address' => null,
'gender' => null,
'access' => null,
'phone' => null,
'access_type' => null,
'activated' => null,
'sortorder' => null,
'published' => null,
'created' => null,
'last_login' => null,
'ip' => null
),
'ArticleComment' => array(),
'ArticleFeature' => array(),
'ArticleHasAuthor' => array(),
'ArticleHasTag' => array(),
'ArticleView' => array(
(int) 0 => array(
'article_id' => '654',
'hit' => '397'
)
),
'Slider' => array()
)
$current_user = null
$logged_in = false
include - APP/View/Elements/side_bar.ctp, line 60
View::_evaluate() - CORE/Cake/View/View.php, line 971
View::_render() - CORE/Cake/View/View.php, line 933
View::_renderElement() - CORE/Cake/View/View.php, line 1224
View::element() - CORE/Cake/View/View.php, line 418
include - APP/View/Articles/view.ctp, line 391
View::_evaluate() - CORE/Cake/View/View.php, line 971
View::_render() - CORE/Cake/View/View.php, line 933
View::render() - CORE/Cake/View/View.php, line 473
Controller::render() - CORE/Cake/Controller/Controller.php, line 968
Dispatcher::_invoke() - CORE/Cake/Routing/Dispatcher.php, line 200
Dispatcher::dispatch() - CORE/Cake/Routing/Dispatcher.php, line 167
[main] - APP/webroot/index.php, line 117
Warning (2): simplexml_load_file() [<a href='http://php.net/function.simplexml-load-file'>function.simplexml-load-file</a>]: I/O warning : failed to load external entity "" [APP/View/Elements/side_bar.ctp, line 60]
$viewFile = '/var/www/html/newbusinessage.com/app/View/Elements/side_bar.ctp'
$dataForView = array(
'article' => array(
'Article' => array(
'id' => '654',
'article_category_id' => '31',
'title' => '‘A Number Of Nepali Banks Are Interested In IS Audits’',
'sub_title' => '',
'summary' => null,
'content' => '<p>
<br />
<img alt="visiting business People" border="1" hspace="5" src="http://newbusinessage.com/ckfinder/userfiles/Images/julyvisitingbusinesspeople(1).jpg" style="width: 195px; height: 273px;" vspace="5" /><br />
<strong><br />
Rajesh Deo is a Security Analyst in the Technical Assessment Team at NII Consulting, a well-established provider of information security services and products, based in Mumbai, India. <br />
</strong><br />
<br />
He specialises on conducting Security Audits, Vulnerability Assessment and Penetration Testing for NII’s premier clients. Deo holds Certified Professional Hacker (CPH), Certified Professional Forensic Analyst (CPFA) and Certified Information Security Professional (CISP) certificates from the Institute of Information Security, the training wing of Network Intelligence India Pvt Ltd. He was recently in Kathmandu to participate in a security awareness workshop. The workshop was focused on general properties of information security, its nitty-gritty, demonstrations of security network tools and Information Security Auditing. In an interview with New Business Age, Deo talked about various issues related to security audits. Excerpts: <br />
<br />
<strong><br />
What brings you to Nepal this time? <br />
</strong><br />
<br />
I am here to participate in the security awareness workshop. We will be conducting general introduction to information security and IT security. I hope this will be beneficial to the business community at large in Nepal because almost all sorts of businesses today require computing system in one way or another. So, it becomes important to have a security system so that there is no infiltration into the computer system that will misuse valuable data and stored information. <br />
<br />
<strong><br />
What is the difference between IT security and information security? </strong><br />
<br />
<br />
IT security is a specific area that targets computer system whereas information security encompasses everything. Information could be a regular paper, or data or any other product a company may develop and all of that becomes part of information security. So, when you talk of information security audits, it also audits business growth. <br />
<br />
<strong><br />
What are the products and services NII is currently offering? </strong><br />
<br />
<br />
NII is primarily into information security consultancy. We also have a product business with our sister concern called Institute of Information Security through which we do a lot of trainings. On the product side, we provide product support for products such as antivirus, anti-spam solutions, firewall products, data leakage prevention solutions and source code auditing – a unique area we specialise on. We are starting a new area where we are going to analyse mobile applications. We are planning to analyse java applications on an android platform. <br />
<strong><br />
<br />
Is there any difference in the extent of vulnerabilities faced by the corporate sector in the South Asia region when compared to that of western developed countries? </strong><br />
<br />
<br />
I don’t think there are any specific differences. We face the same challenges that our western counterparts are going to face or have already faced. The difference is in the sense that the western counterparts already have information system for a longer period of time. So, their approach to audit system is more matured. Having said that, we actually have the benefit of having that knowledge ahead of it and there could be specific challenges in terms of the process because our process is different than their processes. Auditing the security system and making sure that they are fraud proof and security around them is well built, is the important part. <br />
<br />
<strong><br />
With the invention of new technology and security systems, newer forms of threats are coming along. How challenging has it been to maintain security in the present situation? <br />
<br />
</strong><br />
Mobile threats are becoming a major arena. There is significant penetration of mobile computing that is going on currently in the South Asia region. A lot of people want to operate their bank accounts through their mobile phones so it becomes an attractive target for frauds. It is important to consider that area as the emerging factor. Basically, all mobile devices – android based devices, iOS based devices and tablets – are coming into extensive use not just on a personal level but also in business. Companies allow you to bring your own device but they want to make sure that the company’s data you put on that device is protected as well. That is bringing new challenges on separating personal data from work data and about how to protect work data while also allowing you to maintain your personal data. Therefore, the security of these mobile devices is becoming a crucial factor. <br />
<br />
<strong><br />
How do you compare the trend of maintaining security in Nepal and India? </strong><br />
<br />
<br />
The challenges are more or less the same everywhere. Even in India, we are facing similar challenges you might be facing here. In some areas, threats may be more advanced than in other places. As NII, our core plans have been in the banking and we are well versed with the processes that take place in banks. That factor will be a beneficial one when we start our operations here. We are well aware of analysing security and performing audits, doing the measurements for different purposes and allowing that to have impact on your actual business so that the posture of your organisation with each audit becomes better. Security audits should not only try to make the process but also the overall way of working better. <br />
<br />
<strong><br />
Security auditing seems to be the important need at present. How aware is the corporate sector in this region about it? </strong><br />
<br />
<br />
IS (Information Security) audit is one of the most important pillars of a good organisation. The reason is that computers are mostly used ubiquitously in all operations. So, all your important records are kept on computer. IS audit analyses your system and try to understand the threats that exist to your business. Based on threats, we will assess the controls you have in place and given the current control, we will suggest you the ways to improve. All of these is documented and audited by checking the evidence. While doing this repeatedly through one or two audits, the overall security for sure becomes better for the risks one is facing as every organisation faces some risks to their respective business. It could be as simple as the theft or it could be as complex as somebody doing a financial fraud. At the end of the day, the goal of IS audit is to minimise the risk in different areas of the business so that it continues to function unimpeded. <br />
<br />
<br />
<strong>How affordable is such system for small to medium sized businesses? </strong><br />
<br />
<br />
It is difficult to comment on their affordability, however, an IS audit can be customised as per the needs of an organisation. For example, an organisation may say that it only wants one of its departments to be certified for a certain certification. In that case, it can cut away pieces and then take the piece that it so needs. Therefore, it is affordable to many organisations and actually getting a certification like ISO 27001 is quite feasible for medium to large businesses. Even small businesses can afford the same if they are working in a very niche area and are the market leader in that <br />
<strong><br />
<br />
What are the prospects you see in Nepal when you would want to work here? </strong><br />
<br />
<br />
There are a lot of prospects. For example, a number of banks here are interested in IS audits so it’s my guess that we will tackle that shortly. They are interested in data centres so we will also look into that. Both these areas are our core business so we would be very happy to have customers in these areas. If there are clients who want us to do specific kinds of engagements, we would be able to do that provided such requirements are under the purview of law. Banking, energy and industrial sectors are areas we are currently looking at right now. <br />
<br />
</p>',
'published' => true,
'created' => '2012-08-10',
'modified' => '2012-08-15',
'keywords' => '',
'description' => 'Rajesh Deo is a Security Analyst in the Technical Assessment Team at NII Consulting, a well-established provider of information security services and products, based in Mumbai, India.',
'sortorder' => '553',
'image' => null,
'article_date' => '0000-00-00 00:00:00',
'homepage' => false,
'breaking_news' => false,
'main_news' => false,
'in_scroller' => false,
'user_id' => '0'
),
'ArticleCategory' => array(
'id' => '31',
'name' => 'Visiting Business People',
'parentOf' => '208',
'published' => true,
'registered' => '2015-07-20 00:00:00',
'sortorder' => '2',
'del_flag' => '0',
'homepage' => false,
'display_in_menu' => false,
'user_id' => '1',
'created' => '0000-00-00 00:00:00',
'modified' => '0000-00-00 00:00:00'
),
'User' => array(
'password' => '*****',
'id' => null,
'user_detail_id' => null,
'group_id' => null,
'username' => null,
'name' => null,
'email' => null,
'address' => null,
'gender' => null,
'access' => null,
'phone' => null,
'access_type' => null,
'activated' => null,
'sortorder' => null,
'published' => null,
'created' => null,
'last_login' => null,
'ip' => null
),
'ArticleComment' => array(),
'ArticleFeature' => array(),
'ArticleHasAuthor' => array(),
'ArticleHasTag' => array(),
'ArticleView' => array(
(int) 0 => array(
[maximum depth reached]
)
),
'Slider' => array()
),
'current_user' => null,
'logged_in' => false
)
$article = array(
'Article' => array(
'id' => '654',
'article_category_id' => '31',
'title' => '‘A Number Of Nepali Banks Are Interested In IS Audits’',
'sub_title' => '',
'summary' => null,
'content' => '<p>
<br />
<img alt="visiting business People" border="1" hspace="5" src="http://newbusinessage.com/ckfinder/userfiles/Images/julyvisitingbusinesspeople(1).jpg" style="width: 195px; height: 273px;" vspace="5" /><br />
<strong><br />
Rajesh Deo is a Security Analyst in the Technical Assessment Team at NII Consulting, a well-established provider of information security services and products, based in Mumbai, India. <br />
</strong><br />
<br />
He specialises on conducting Security Audits, Vulnerability Assessment and Penetration Testing for NII’s premier clients. Deo holds Certified Professional Hacker (CPH), Certified Professional Forensic Analyst (CPFA) and Certified Information Security Professional (CISP) certificates from the Institute of Information Security, the training wing of Network Intelligence India Pvt Ltd. He was recently in Kathmandu to participate in a security awareness workshop. The workshop was focused on general properties of information security, its nitty-gritty, demonstrations of security network tools and Information Security Auditing. In an interview with New Business Age, Deo talked about various issues related to security audits. Excerpts: <br />
<br />
<strong><br />
What brings you to Nepal this time? <br />
</strong><br />
<br />
I am here to participate in the security awareness workshop. We will be conducting general introduction to information security and IT security. I hope this will be beneficial to the business community at large in Nepal because almost all sorts of businesses today require computing system in one way or another. So, it becomes important to have a security system so that there is no infiltration into the computer system that will misuse valuable data and stored information. <br />
<br />
<strong><br />
What is the difference between IT security and information security? </strong><br />
<br />
<br />
IT security is a specific area that targets computer system whereas information security encompasses everything. Information could be a regular paper, or data or any other product a company may develop and all of that becomes part of information security. So, when you talk of information security audits, it also audits business growth. <br />
<br />
<strong><br />
What are the products and services NII is currently offering? </strong><br />
<br />
<br />
NII is primarily into information security consultancy. We also have a product business with our sister concern called Institute of Information Security through which we do a lot of trainings. On the product side, we provide product support for products such as antivirus, anti-spam solutions, firewall products, data leakage prevention solutions and source code auditing – a unique area we specialise on. We are starting a new area where we are going to analyse mobile applications. We are planning to analyse java applications on an android platform. <br />
<strong><br />
<br />
Is there any difference in the extent of vulnerabilities faced by the corporate sector in the South Asia region when compared to that of western developed countries? </strong><br />
<br />
<br />
I don’t think there are any specific differences. We face the same challenges that our western counterparts are going to face or have already faced. The difference is in the sense that the western counterparts already have information system for a longer period of time. So, their approach to audit system is more matured. Having said that, we actually have the benefit of having that knowledge ahead of it and there could be specific challenges in terms of the process because our process is different than their processes. Auditing the security system and making sure that they are fraud proof and security around them is well built, is the important part. <br />
<br />
<strong><br />
With the invention of new technology and security systems, newer forms of threats are coming along. How challenging has it been to maintain security in the present situation? <br />
<br />
</strong><br />
Mobile threats are becoming a major arena. There is significant penetration of mobile computing that is going on currently in the South Asia region. A lot of people want to operate their bank accounts through their mobile phones so it becomes an attractive target for frauds. It is important to consider that area as the emerging factor. Basically, all mobile devices – android based devices, iOS based devices and tablets – are coming into extensive use not just on a personal level but also in business. Companies allow you to bring your own device but they want to make sure that the company’s data you put on that device is protected as well. That is bringing new challenges on separating personal data from work data and about how to protect work data while also allowing you to maintain your personal data. Therefore, the security of these mobile devices is becoming a crucial factor. <br />
<br />
<strong><br />
How do you compare the trend of maintaining security in Nepal and India? </strong><br />
<br />
<br />
The challenges are more or less the same everywhere. Even in India, we are facing similar challenges you might be facing here. In some areas, threats may be more advanced than in other places. As NII, our core plans have been in the banking and we are well versed with the processes that take place in banks. That factor will be a beneficial one when we start our operations here. We are well aware of analysing security and performing audits, doing the measurements for different purposes and allowing that to have impact on your actual business so that the posture of your organisation with each audit becomes better. Security audits should not only try to make the process but also the overall way of working better. <br />
<br />
<strong><br />
Security auditing seems to be the important need at present. How aware is the corporate sector in this region about it? </strong><br />
<br />
<br />
IS (Information Security) audit is one of the most important pillars of a good organisation. The reason is that computers are mostly used ubiquitously in all operations. So, all your important records are kept on computer. IS audit analyses your system and try to understand the threats that exist to your business. Based on threats, we will assess the controls you have in place and given the current control, we will suggest you the ways to improve. All of these is documented and audited by checking the evidence. While doing this repeatedly through one or two audits, the overall security for sure becomes better for the risks one is facing as every organisation faces some risks to their respective business. It could be as simple as the theft or it could be as complex as somebody doing a financial fraud. At the end of the day, the goal of IS audit is to minimise the risk in different areas of the business so that it continues to function unimpeded. <br />
<br />
<br />
<strong>How affordable is such system for small to medium sized businesses? </strong><br />
<br />
<br />
It is difficult to comment on their affordability, however, an IS audit can be customised as per the needs of an organisation. For example, an organisation may say that it only wants one of its departments to be certified for a certain certification. In that case, it can cut away pieces and then take the piece that it so needs. Therefore, it is affordable to many organisations and actually getting a certification like ISO 27001 is quite feasible for medium to large businesses. Even small businesses can afford the same if they are working in a very niche area and are the market leader in that <br />
<strong><br />
<br />
What are the prospects you see in Nepal when you would want to work here? </strong><br />
<br />
<br />
There are a lot of prospects. For example, a number of banks here are interested in IS audits so it’s my guess that we will tackle that shortly. They are interested in data centres so we will also look into that. Both these areas are our core business so we would be very happy to have customers in these areas. If there are clients who want us to do specific kinds of engagements, we would be able to do that provided such requirements are under the purview of law. Banking, energy and industrial sectors are areas we are currently looking at right now. <br />
<br />
</p>',
'published' => true,
'created' => '2012-08-10',
'modified' => '2012-08-15',
'keywords' => '',
'description' => 'Rajesh Deo is a Security Analyst in the Technical Assessment Team at NII Consulting, a well-established provider of information security services and products, based in Mumbai, India.',
'sortorder' => '553',
'image' => null,
'article_date' => '0000-00-00 00:00:00',
'homepage' => false,
'breaking_news' => false,
'main_news' => false,
'in_scroller' => false,
'user_id' => '0'
),
'ArticleCategory' => array(
'id' => '31',
'name' => 'Visiting Business People',
'parentOf' => '208',
'published' => true,
'registered' => '2015-07-20 00:00:00',
'sortorder' => '2',
'del_flag' => '0',
'homepage' => false,
'display_in_menu' => false,
'user_id' => '1',
'created' => '0000-00-00 00:00:00',
'modified' => '0000-00-00 00:00:00'
),
'User' => array(
'password' => '*****',
'id' => null,
'user_detail_id' => null,
'group_id' => null,
'username' => null,
'name' => null,
'email' => null,
'address' => null,
'gender' => null,
'access' => null,
'phone' => null,
'access_type' => null,
'activated' => null,
'sortorder' => null,
'published' => null,
'created' => null,
'last_login' => null,
'ip' => null
),
'ArticleComment' => array(),
'ArticleFeature' => array(),
'ArticleHasAuthor' => array(),
'ArticleHasTag' => array(),
'ArticleView' => array(
(int) 0 => array(
'article_id' => '654',
'hit' => '397'
)
),
'Slider' => array()
)
$current_user = null
$logged_in = false
simplexml_load_file - [internal], line ??
include - APP/View/Elements/side_bar.ctp, line 60
View::_evaluate() - CORE/Cake/View/View.php, line 971
View::_render() - CORE/Cake/View/View.php, line 933
View::_renderElement() - CORE/Cake/View/View.php, line 1224
View::element() - CORE/Cake/View/View.php, line 418
include - APP/View/Articles/view.ctp, line 391
View::_evaluate() - CORE/Cake/View/View.php, line 971
View::_render() - CORE/Cake/View/View.php, line 933
View::render() - CORE/Cake/View/View.php, line 473
Controller::render() - CORE/Cake/Controller/Controller.php, line 968
Dispatcher::_invoke() - CORE/Cake/Routing/Dispatcher.php, line 200
Dispatcher::dispatch() - CORE/Cake/Routing/Dispatcher.php, line 167
[main] - APP/webroot/index.php, line 117
file not found!
Notice (8): Undefined variable: file [APP/View/Elements/side_bar.ctp, line 133]
$viewFile = '/var/www/html/newbusinessage.com/app/View/Elements/side_bar.ctp'
$dataForView = array(
'article' => array(
'Article' => array(
'id' => '654',
'article_category_id' => '31',
'title' => '‘A Number Of Nepali Banks Are Interested In IS Audits’',
'sub_title' => '',
'summary' => null,
'content' => '<p>
<br />
<img alt="visiting business People" border="1" hspace="5" src="http://newbusinessage.com/ckfinder/userfiles/Images/julyvisitingbusinesspeople(1).jpg" style="width: 195px; height: 273px;" vspace="5" /><br />
<strong><br />
Rajesh Deo is a Security Analyst in the Technical Assessment Team at NII Consulting, a well-established provider of information security services and products, based in Mumbai, India. <br />
</strong><br />
<br />
He specialises on conducting Security Audits, Vulnerability Assessment and Penetration Testing for NII’s premier clients. Deo holds Certified Professional Hacker (CPH), Certified Professional Forensic Analyst (CPFA) and Certified Information Security Professional (CISP) certificates from the Institute of Information Security, the training wing of Network Intelligence India Pvt Ltd. He was recently in Kathmandu to participate in a security awareness workshop. The workshop was focused on general properties of information security, its nitty-gritty, demonstrations of security network tools and Information Security Auditing. In an interview with New Business Age, Deo talked about various issues related to security audits. Excerpts: <br />
<br />
<strong><br />
What brings you to Nepal this time? <br />
</strong><br />
<br />
I am here to participate in the security awareness workshop. We will be conducting general introduction to information security and IT security. I hope this will be beneficial to the business community at large in Nepal because almost all sorts of businesses today require computing system in one way or another. So, it becomes important to have a security system so that there is no infiltration into the computer system that will misuse valuable data and stored information. <br />
<br />
<strong><br />
What is the difference between IT security and information security? </strong><br />
<br />
<br />
IT security is a specific area that targets computer system whereas information security encompasses everything. Information could be a regular paper, or data or any other product a company may develop and all of that becomes part of information security. So, when you talk of information security audits, it also audits business growth. <br />
<br />
<strong><br />
What are the products and services NII is currently offering? </strong><br />
<br />
<br />
NII is primarily into information security consultancy. We also have a product business with our sister concern called Institute of Information Security through which we do a lot of trainings. On the product side, we provide product support for products such as antivirus, anti-spam solutions, firewall products, data leakage prevention solutions and source code auditing – a unique area we specialise on. We are starting a new area where we are going to analyse mobile applications. We are planning to analyse java applications on an android platform. <br />
<strong><br />
<br />
Is there any difference in the extent of vulnerabilities faced by the corporate sector in the South Asia region when compared to that of western developed countries? </strong><br />
<br />
<br />
I don’t think there are any specific differences. We face the same challenges that our western counterparts are going to face or have already faced. The difference is in the sense that the western counterparts already have information system for a longer period of time. So, their approach to audit system is more matured. Having said that, we actually have the benefit of having that knowledge ahead of it and there could be specific challenges in terms of the process because our process is different than their processes. Auditing the security system and making sure that they are fraud proof and security around them is well built, is the important part. <br />
<br />
<strong><br />
With the invention of new technology and security systems, newer forms of threats are coming along. How challenging has it been to maintain security in the present situation? <br />
<br />
</strong><br />
Mobile threats are becoming a major arena. There is significant penetration of mobile computing that is going on currently in the South Asia region. A lot of people want to operate their bank accounts through their mobile phones so it becomes an attractive target for frauds. It is important to consider that area as the emerging factor. Basically, all mobile devices – android based devices, iOS based devices and tablets – are coming into extensive use not just on a personal level but also in business. Companies allow you to bring your own device but they want to make sure that the company’s data you put on that device is protected as well. That is bringing new challenges on separating personal data from work data and about how to protect work data while also allowing you to maintain your personal data. Therefore, the security of these mobile devices is becoming a crucial factor. <br />
<br />
<strong><br />
How do you compare the trend of maintaining security in Nepal and India? </strong><br />
<br />
<br />
The challenges are more or less the same everywhere. Even in India, we are facing similar challenges you might be facing here. In some areas, threats may be more advanced than in other places. As NII, our core plans have been in the banking and we are well versed with the processes that take place in banks. That factor will be a beneficial one when we start our operations here. We are well aware of analysing security and performing audits, doing the measurements for different purposes and allowing that to have impact on your actual business so that the posture of your organisation with each audit becomes better. Security audits should not only try to make the process but also the overall way of working better. <br />
<br />
<strong><br />
Security auditing seems to be the important need at present. How aware is the corporate sector in this region about it? </strong><br />
<br />
<br />
IS (Information Security) audit is one of the most important pillars of a good organisation. The reason is that computers are mostly used ubiquitously in all operations. So, all your important records are kept on computer. IS audit analyses your system and try to understand the threats that exist to your business. Based on threats, we will assess the controls you have in place and given the current control, we will suggest you the ways to improve. All of these is documented and audited by checking the evidence. While doing this repeatedly through one or two audits, the overall security for sure becomes better for the risks one is facing as every organisation faces some risks to their respective business. It could be as simple as the theft or it could be as complex as somebody doing a financial fraud. At the end of the day, the goal of IS audit is to minimise the risk in different areas of the business so that it continues to function unimpeded. <br />
<br />
<br />
<strong>How affordable is such system for small to medium sized businesses? </strong><br />
<br />
<br />
It is difficult to comment on their affordability, however, an IS audit can be customised as per the needs of an organisation. For example, an organisation may say that it only wants one of its departments to be certified for a certain certification. In that case, it can cut away pieces and then take the piece that it so needs. Therefore, it is affordable to many organisations and actually getting a certification like ISO 27001 is quite feasible for medium to large businesses. Even small businesses can afford the same if they are working in a very niche area and are the market leader in that <br />
<strong><br />
<br />
What are the prospects you see in Nepal when you would want to work here? </strong><br />
<br />
<br />
There are a lot of prospects. For example, a number of banks here are interested in IS audits so it’s my guess that we will tackle that shortly. They are interested in data centres so we will also look into that. Both these areas are our core business so we would be very happy to have customers in these areas. If there are clients who want us to do specific kinds of engagements, we would be able to do that provided such requirements are under the purview of law. Banking, energy and industrial sectors are areas we are currently looking at right now. <br />
<br />
</p>',
'published' => true,
'created' => '2012-08-10',
'modified' => '2012-08-15',
'keywords' => '',
'description' => 'Rajesh Deo is a Security Analyst in the Technical Assessment Team at NII Consulting, a well-established provider of information security services and products, based in Mumbai, India.',
'sortorder' => '553',
'image' => null,
'article_date' => '0000-00-00 00:00:00',
'homepage' => false,
'breaking_news' => false,
'main_news' => false,
'in_scroller' => false,
'user_id' => '0'
),
'ArticleCategory' => array(
'id' => '31',
'name' => 'Visiting Business People',
'parentOf' => '208',
'published' => true,
'registered' => '2015-07-20 00:00:00',
'sortorder' => '2',
'del_flag' => '0',
'homepage' => false,
'display_in_menu' => false,
'user_id' => '1',
'created' => '0000-00-00 00:00:00',
'modified' => '0000-00-00 00:00:00'
),
'User' => array(
'password' => '*****',
'id' => null,
'user_detail_id' => null,
'group_id' => null,
'username' => null,
'name' => null,
'email' => null,
'address' => null,
'gender' => null,
'access' => null,
'phone' => null,
'access_type' => null,
'activated' => null,
'sortorder' => null,
'published' => null,
'created' => null,
'last_login' => null,
'ip' => null
),
'ArticleComment' => array(),
'ArticleFeature' => array(),
'ArticleHasAuthor' => array(),
'ArticleHasTag' => array(),
'ArticleView' => array(
(int) 0 => array(
[maximum depth reached]
)
),
'Slider' => array()
),
'current_user' => null,
'logged_in' => false
)
$article = array(
'Article' => array(
'id' => '654',
'article_category_id' => '31',
'title' => '‘A Number Of Nepali Banks Are Interested In IS Audits’',
'sub_title' => '',
'summary' => null,
'content' => '<p>
<br />
<img alt="visiting business People" border="1" hspace="5" src="http://newbusinessage.com/ckfinder/userfiles/Images/julyvisitingbusinesspeople(1).jpg" style="width: 195px; height: 273px;" vspace="5" /><br />
<strong><br />
Rajesh Deo is a Security Analyst in the Technical Assessment Team at NII Consulting, a well-established provider of information security services and products, based in Mumbai, India. <br />
</strong><br />
<br />
He specialises on conducting Security Audits, Vulnerability Assessment and Penetration Testing for NII’s premier clients. Deo holds Certified Professional Hacker (CPH), Certified Professional Forensic Analyst (CPFA) and Certified Information Security Professional (CISP) certificates from the Institute of Information Security, the training wing of Network Intelligence India Pvt Ltd. He was recently in Kathmandu to participate in a security awareness workshop. The workshop was focused on general properties of information security, its nitty-gritty, demonstrations of security network tools and Information Security Auditing. In an interview with New Business Age, Deo talked about various issues related to security audits. Excerpts: <br />
<br />
<strong><br />
What brings you to Nepal this time? <br />
</strong><br />
<br />
I am here to participate in the security awareness workshop. We will be conducting general introduction to information security and IT security. I hope this will be beneficial to the business community at large in Nepal because almost all sorts of businesses today require computing system in one way or another. So, it becomes important to have a security system so that there is no infiltration into the computer system that will misuse valuable data and stored information. <br />
<br />
<strong><br />
What is the difference between IT security and information security? </strong><br />
<br />
<br />
IT security is a specific area that targets computer system whereas information security encompasses everything. Information could be a regular paper, or data or any other product a company may develop and all of that becomes part of information security. So, when you talk of information security audits, it also audits business growth. <br />
<br />
<strong><br />
What are the products and services NII is currently offering? </strong><br />
<br />
<br />
NII is primarily into information security consultancy. We also have a product business with our sister concern called Institute of Information Security through which we do a lot of trainings. On the product side, we provide product support for products such as antivirus, anti-spam solutions, firewall products, data leakage prevention solutions and source code auditing – a unique area we specialise on. We are starting a new area where we are going to analyse mobile applications. We are planning to analyse java applications on an android platform. <br />
<strong><br />
<br />
Is there any difference in the extent of vulnerabilities faced by the corporate sector in the South Asia region when compared to that of western developed countries? </strong><br />
<br />
<br />
I don’t think there are any specific differences. We face the same challenges that our western counterparts are going to face or have already faced. The difference is in the sense that the western counterparts already have information system for a longer period of time. So, their approach to audit system is more matured. Having said that, we actually have the benefit of having that knowledge ahead of it and there could be specific challenges in terms of the process because our process is different than their processes. Auditing the security system and making sure that they are fraud proof and security around them is well built, is the important part. <br />
<br />
<strong><br />
With the invention of new technology and security systems, newer forms of threats are coming along. How challenging has it been to maintain security in the present situation? <br />
<br />
</strong><br />
Mobile threats are becoming a major arena. There is significant penetration of mobile computing that is going on currently in the South Asia region. A lot of people want to operate their bank accounts through their mobile phones so it becomes an attractive target for frauds. It is important to consider that area as the emerging factor. Basically, all mobile devices – android based devices, iOS based devices and tablets – are coming into extensive use not just on a personal level but also in business. Companies allow you to bring your own device but they want to make sure that the company’s data you put on that device is protected as well. That is bringing new challenges on separating personal data from work data and about how to protect work data while also allowing you to maintain your personal data. Therefore, the security of these mobile devices is becoming a crucial factor. <br />
<br />
<strong><br />
How do you compare the trend of maintaining security in Nepal and India? </strong><br />
<br />
<br />
The challenges are more or less the same everywhere. Even in India, we are facing similar challenges you might be facing here. In some areas, threats may be more advanced than in other places. As NII, our core plans have been in the banking and we are well versed with the processes that take place in banks. That factor will be a beneficial one when we start our operations here. We are well aware of analysing security and performing audits, doing the measurements for different purposes and allowing that to have impact on your actual business so that the posture of your organisation with each audit becomes better. Security audits should not only try to make the process but also the overall way of working better. <br />
<br />
<strong><br />
Security auditing seems to be the important need at present. How aware is the corporate sector in this region about it? </strong><br />
<br />
<br />
IS (Information Security) audit is one of the most important pillars of a good organisation. The reason is that computers are mostly used ubiquitously in all operations. So, all your important records are kept on computer. IS audit analyses your system and try to understand the threats that exist to your business. Based on threats, we will assess the controls you have in place and given the current control, we will suggest you the ways to improve. All of these is documented and audited by checking the evidence. While doing this repeatedly through one or two audits, the overall security for sure becomes better for the risks one is facing as every organisation faces some risks to their respective business. It could be as simple as the theft or it could be as complex as somebody doing a financial fraud. At the end of the day, the goal of IS audit is to minimise the risk in different areas of the business so that it continues to function unimpeded. <br />
<br />
<br />
<strong>How affordable is such system for small to medium sized businesses? </strong><br />
<br />
<br />
It is difficult to comment on their affordability, however, an IS audit can be customised as per the needs of an organisation. For example, an organisation may say that it only wants one of its departments to be certified for a certain certification. In that case, it can cut away pieces and then take the piece that it so needs. Therefore, it is affordable to many organisations and actually getting a certification like ISO 27001 is quite feasible for medium to large businesses. Even small businesses can afford the same if they are working in a very niche area and are the market leader in that <br />
<strong><br />
<br />
What are the prospects you see in Nepal when you would want to work here? </strong><br />
<br />
<br />
There are a lot of prospects. For example, a number of banks here are interested in IS audits so it’s my guess that we will tackle that shortly. They are interested in data centres so we will also look into that. Both these areas are our core business so we would be very happy to have customers in these areas. If there are clients who want us to do specific kinds of engagements, we would be able to do that provided such requirements are under the purview of law. Banking, energy and industrial sectors are areas we are currently looking at right now. <br />
<br />
</p>',
'published' => true,
'created' => '2012-08-10',
'modified' => '2012-08-15',
'keywords' => '',
'description' => 'Rajesh Deo is a Security Analyst in the Technical Assessment Team at NII Consulting, a well-established provider of information security services and products, based in Mumbai, India.',
'sortorder' => '553',
'image' => null,
'article_date' => '0000-00-00 00:00:00',
'homepage' => false,
'breaking_news' => false,
'main_news' => false,
'in_scroller' => false,
'user_id' => '0'
),
'ArticleCategory' => array(
'id' => '31',
'name' => 'Visiting Business People',
'parentOf' => '208',
'published' => true,
'registered' => '2015-07-20 00:00:00',
'sortorder' => '2',
'del_flag' => '0',
'homepage' => false,
'display_in_menu' => false,
'user_id' => '1',
'created' => '0000-00-00 00:00:00',
'modified' => '0000-00-00 00:00:00'
),
'User' => array(
'password' => '*****',
'id' => null,
'user_detail_id' => null,
'group_id' => null,
'username' => null,
'name' => null,
'email' => null,
'address' => null,
'gender' => null,
'access' => null,
'phone' => null,
'access_type' => null,
'activated' => null,
'sortorder' => null,
'published' => null,
'created' => null,
'last_login' => null,
'ip' => null
),
'ArticleComment' => array(),
'ArticleFeature' => array(),
'ArticleHasAuthor' => array(),
'ArticleHasTag' => array(),
'ArticleView' => array(
(int) 0 => array(
'article_id' => '654',
'hit' => '397'
)
),
'Slider' => array()
)
$current_user = null
$logged_in = false
$xml = false
include - APP/View/Elements/side_bar.ctp, line 133
View::_evaluate() - CORE/Cake/View/View.php, line 971
View::_render() - CORE/Cake/View/View.php, line 933
View::_renderElement() - CORE/Cake/View/View.php, line 1224
View::element() - CORE/Cake/View/View.php, line 418
include - APP/View/Articles/view.ctp, line 391
View::_evaluate() - CORE/Cake/View/View.php, line 971
View::_render() - CORE/Cake/View/View.php, line 933
View::render() - CORE/Cake/View/View.php, line 473
Controller::render() - CORE/Cake/Controller/Controller.php, line 968
Dispatcher::_invoke() - CORE/Cake/Routing/Dispatcher.php, line 200
Dispatcher::dispatch() - CORE/Cake/Routing/Dispatcher.php, line 167
[main] - APP/webroot/index.php, line 117
Warning (2): simplexml_load_file() [<a href='http://php.net/function.simplexml-load-file'>function.simplexml-load-file</a>]: I/O warning : failed to load external entity "" [APP/View/Elements/side_bar.ctp, line 133]
$viewFile = '/var/www/html/newbusinessage.com/app/View/Elements/side_bar.ctp'
$dataForView = array(
'article' => array(
'Article' => array(
'id' => '654',
'article_category_id' => '31',
'title' => '‘A Number Of Nepali Banks Are Interested In IS Audits’',
'sub_title' => '',
'summary' => null,
'content' => '<p>
<br />
<img alt="visiting business People" border="1" hspace="5" src="http://newbusinessage.com/ckfinder/userfiles/Images/julyvisitingbusinesspeople(1).jpg" style="width: 195px; height: 273px;" vspace="5" /><br />
<strong><br />
Rajesh Deo is a Security Analyst in the Technical Assessment Team at NII Consulting, a well-established provider of information security services and products, based in Mumbai, India. <br />
</strong><br />
<br />
He specialises on conducting Security Audits, Vulnerability Assessment and Penetration Testing for NII’s premier clients. Deo holds Certified Professional Hacker (CPH), Certified Professional Forensic Analyst (CPFA) and Certified Information Security Professional (CISP) certificates from the Institute of Information Security, the training wing of Network Intelligence India Pvt Ltd. He was recently in Kathmandu to participate in a security awareness workshop. The workshop was focused on general properties of information security, its nitty-gritty, demonstrations of security network tools and Information Security Auditing. In an interview with New Business Age, Deo talked about various issues related to security audits. Excerpts: <br />
<br />
<strong><br />
What brings you to Nepal this time? <br />
</strong><br />
<br />
I am here to participate in the security awareness workshop. We will be conducting general introduction to information security and IT security. I hope this will be beneficial to the business community at large in Nepal because almost all sorts of businesses today require computing system in one way or another. So, it becomes important to have a security system so that there is no infiltration into the computer system that will misuse valuable data and stored information. <br />
<br />
<strong><br />
What is the difference between IT security and information security? </strong><br />
<br />
<br />
IT security is a specific area that targets computer system whereas information security encompasses everything. Information could be a regular paper, or data or any other product a company may develop and all of that becomes part of information security. So, when you talk of information security audits, it also audits business growth. <br />
<br />
<strong><br />
What are the products and services NII is currently offering? </strong><br />
<br />
<br />
NII is primarily into information security consultancy. We also have a product business with our sister concern called Institute of Information Security through which we do a lot of trainings. On the product side, we provide product support for products such as antivirus, anti-spam solutions, firewall products, data leakage prevention solutions and source code auditing – a unique area we specialise on. We are starting a new area where we are going to analyse mobile applications. We are planning to analyse java applications on an android platform. <br />
<strong><br />
<br />
Is there any difference in the extent of vulnerabilities faced by the corporate sector in the South Asia region when compared to that of western developed countries? </strong><br />
<br />
<br />
I don’t think there are any specific differences. We face the same challenges that our western counterparts are going to face or have already faced. The difference is in the sense that the western counterparts already have information system for a longer period of time. So, their approach to audit system is more matured. Having said that, we actually have the benefit of having that knowledge ahead of it and there could be specific challenges in terms of the process because our process is different than their processes. Auditing the security system and making sure that they are fraud proof and security around them is well built, is the important part. <br />
<br />
<strong><br />
With the invention of new technology and security systems, newer forms of threats are coming along. How challenging has it been to maintain security in the present situation? <br />
<br />
</strong><br />
Mobile threats are becoming a major arena. There is significant penetration of mobile computing that is going on currently in the South Asia region. A lot of people want to operate their bank accounts through their mobile phones so it becomes an attractive target for frauds. It is important to consider that area as the emerging factor. Basically, all mobile devices – android based devices, iOS based devices and tablets – are coming into extensive use not just on a personal level but also in business. Companies allow you to bring your own device but they want to make sure that the company’s data you put on that device is protected as well. That is bringing new challenges on separating personal data from work data and about how to protect work data while also allowing you to maintain your personal data. Therefore, the security of these mobile devices is becoming a crucial factor. <br />
<br />
<strong><br />
How do you compare the trend of maintaining security in Nepal and India? </strong><br />
<br />
<br />
The challenges are more or less the same everywhere. Even in India, we are facing similar challenges you might be facing here. In some areas, threats may be more advanced than in other places. As NII, our core plans have been in the banking and we are well versed with the processes that take place in banks. That factor will be a beneficial one when we start our operations here. We are well aware of analysing security and performing audits, doing the measurements for different purposes and allowing that to have impact on your actual business so that the posture of your organisation with each audit becomes better. Security audits should not only try to make the process but also the overall way of working better. <br />
<br />
<strong><br />
Security auditing seems to be the important need at present. How aware is the corporate sector in this region about it? </strong><br />
<br />
<br />
IS (Information Security) audit is one of the most important pillars of a good organisation. The reason is that computers are mostly used ubiquitously in all operations. So, all your important records are kept on computer. IS audit analyses your system and try to understand the threats that exist to your business. Based on threats, we will assess the controls you have in place and given the current control, we will suggest you the ways to improve. All of these is documented and audited by checking the evidence. While doing this repeatedly through one or two audits, the overall security for sure becomes better for the risks one is facing as every organisation faces some risks to their respective business. It could be as simple as the theft or it could be as complex as somebody doing a financial fraud. At the end of the day, the goal of IS audit is to minimise the risk in different areas of the business so that it continues to function unimpeded. <br />
<br />
<br />
<strong>How affordable is such system for small to medium sized businesses? </strong><br />
<br />
<br />
It is difficult to comment on their affordability, however, an IS audit can be customised as per the needs of an organisation. For example, an organisation may say that it only wants one of its departments to be certified for a certain certification. In that case, it can cut away pieces and then take the piece that it so needs. Therefore, it is affordable to many organisations and actually getting a certification like ISO 27001 is quite feasible for medium to large businesses. Even small businesses can afford the same if they are working in a very niche area and are the market leader in that <br />
<strong><br />
<br />
What are the prospects you see in Nepal when you would want to work here? </strong><br />
<br />
<br />
There are a lot of prospects. For example, a number of banks here are interested in IS audits so it’s my guess that we will tackle that shortly. They are interested in data centres so we will also look into that. Both these areas are our core business so we would be very happy to have customers in these areas. If there are clients who want us to do specific kinds of engagements, we would be able to do that provided such requirements are under the purview of law. Banking, energy and industrial sectors are areas we are currently looking at right now. <br />
<br />
</p>',
'published' => true,
'created' => '2012-08-10',
'modified' => '2012-08-15',
'keywords' => '',
'description' => 'Rajesh Deo is a Security Analyst in the Technical Assessment Team at NII Consulting, a well-established provider of information security services and products, based in Mumbai, India.',
'sortorder' => '553',
'image' => null,
'article_date' => '0000-00-00 00:00:00',
'homepage' => false,
'breaking_news' => false,
'main_news' => false,
'in_scroller' => false,
'user_id' => '0'
),
'ArticleCategory' => array(
'id' => '31',
'name' => 'Visiting Business People',
'parentOf' => '208',
'published' => true,
'registered' => '2015-07-20 00:00:00',
'sortorder' => '2',
'del_flag' => '0',
'homepage' => false,
'display_in_menu' => false,
'user_id' => '1',
'created' => '0000-00-00 00:00:00',
'modified' => '0000-00-00 00:00:00'
),
'User' => array(
'password' => '*****',
'id' => null,
'user_detail_id' => null,
'group_id' => null,
'username' => null,
'name' => null,
'email' => null,
'address' => null,
'gender' => null,
'access' => null,
'phone' => null,
'access_type' => null,
'activated' => null,
'sortorder' => null,
'published' => null,
'created' => null,
'last_login' => null,
'ip' => null
),
'ArticleComment' => array(),
'ArticleFeature' => array(),
'ArticleHasAuthor' => array(),
'ArticleHasTag' => array(),
'ArticleView' => array(
(int) 0 => array(
[maximum depth reached]
)
),
'Slider' => array()
),
'current_user' => null,
'logged_in' => false
)
$article = array(
'Article' => array(
'id' => '654',
'article_category_id' => '31',
'title' => '‘A Number Of Nepali Banks Are Interested In IS Audits’',
'sub_title' => '',
'summary' => null,
'content' => '<p>
<br />
<img alt="visiting business People" border="1" hspace="5" src="http://newbusinessage.com/ckfinder/userfiles/Images/julyvisitingbusinesspeople(1).jpg" style="width: 195px; height: 273px;" vspace="5" /><br />
<strong><br />
Rajesh Deo is a Security Analyst in the Technical Assessment Team at NII Consulting, a well-established provider of information security services and products, based in Mumbai, India. <br />
</strong><br />
<br />
He specialises on conducting Security Audits, Vulnerability Assessment and Penetration Testing for NII’s premier clients. Deo holds Certified Professional Hacker (CPH), Certified Professional Forensic Analyst (CPFA) and Certified Information Security Professional (CISP) certificates from the Institute of Information Security, the training wing of Network Intelligence India Pvt Ltd. He was recently in Kathmandu to participate in a security awareness workshop. The workshop was focused on general properties of information security, its nitty-gritty, demonstrations of security network tools and Information Security Auditing. In an interview with New Business Age, Deo talked about various issues related to security audits. Excerpts: <br />
<br />
<strong><br />
What brings you to Nepal this time? <br />
</strong><br />
<br />
I am here to participate in the security awareness workshop. We will be conducting general introduction to information security and IT security. I hope this will be beneficial to the business community at large in Nepal because almost all sorts of businesses today require computing system in one way or another. So, it becomes important to have a security system so that there is no infiltration into the computer system that will misuse valuable data and stored information. <br />
<br />
<strong><br />
What is the difference between IT security and information security? </strong><br />
<br />
<br />
IT security is a specific area that targets computer system whereas information security encompasses everything. Information could be a regular paper, or data or any other product a company may develop and all of that becomes part of information security. So, when you talk of information security audits, it also audits business growth. <br />
<br />
<strong><br />
What are the products and services NII is currently offering? </strong><br />
<br />
<br />
NII is primarily into information security consultancy. We also have a product business with our sister concern called Institute of Information Security through which we do a lot of trainings. On the product side, we provide product support for products such as antivirus, anti-spam solutions, firewall products, data leakage prevention solutions and source code auditing – a unique area we specialise on. We are starting a new area where we are going to analyse mobile applications. We are planning to analyse java applications on an android platform. <br />
<strong><br />
<br />
Is there any difference in the extent of vulnerabilities faced by the corporate sector in the South Asia region when compared to that of western developed countries? </strong><br />
<br />
<br />
I don’t think there are any specific differences. We face the same challenges that our western counterparts are going to face or have already faced. The difference is in the sense that the western counterparts already have information system for a longer period of time. So, their approach to audit system is more matured. Having said that, we actually have the benefit of having that knowledge ahead of it and there could be specific challenges in terms of the process because our process is different than their processes. Auditing the security system and making sure that they are fraud proof and security around them is well built, is the important part. <br />
<br />
<strong><br />
With the invention of new technology and security systems, newer forms of threats are coming along. How challenging has it been to maintain security in the present situation? <br />
<br />
</strong><br />
Mobile threats are becoming a major arena. There is significant penetration of mobile computing that is going on currently in the South Asia region. A lot of people want to operate their bank accounts through their mobile phones so it becomes an attractive target for frauds. It is important to consider that area as the emerging factor. Basically, all mobile devices – android based devices, iOS based devices and tablets – are coming into extensive use not just on a personal level but also in business. Companies allow you to bring your own device but they want to make sure that the company’s data you put on that device is protected as well. That is bringing new challenges on separating personal data from work data and about how to protect work data while also allowing you to maintain your personal data. Therefore, the security of these mobile devices is becoming a crucial factor. <br />
<br />
<strong><br />
How do you compare the trend of maintaining security in Nepal and India? </strong><br />
<br />
<br />
The challenges are more or less the same everywhere. Even in India, we are facing similar challenges you might be facing here. In some areas, threats may be more advanced than in other places. As NII, our core plans have been in the banking and we are well versed with the processes that take place in banks. That factor will be a beneficial one when we start our operations here. We are well aware of analysing security and performing audits, doing the measurements for different purposes and allowing that to have impact on your actual business so that the posture of your organisation with each audit becomes better. Security audits should not only try to make the process but also the overall way of working better. <br />
<br />
<strong><br />
Security auditing seems to be the important need at present. How aware is the corporate sector in this region about it? </strong><br />
<br />
<br />
IS (Information Security) audit is one of the most important pillars of a good organisation. The reason is that computers are mostly used ubiquitously in all operations. So, all your important records are kept on computer. IS audit analyses your system and try to understand the threats that exist to your business. Based on threats, we will assess the controls you have in place and given the current control, we will suggest you the ways to improve. All of these is documented and audited by checking the evidence. While doing this repeatedly through one or two audits, the overall security for sure becomes better for the risks one is facing as every organisation faces some risks to their respective business. It could be as simple as the theft or it could be as complex as somebody doing a financial fraud. At the end of the day, the goal of IS audit is to minimise the risk in different areas of the business so that it continues to function unimpeded. <br />
<br />
<br />
<strong>How affordable is such system for small to medium sized businesses? </strong><br />
<br />
<br />
It is difficult to comment on their affordability, however, an IS audit can be customised as per the needs of an organisation. For example, an organisation may say that it only wants one of its departments to be certified for a certain certification. In that case, it can cut away pieces and then take the piece that it so needs. Therefore, it is affordable to many organisations and actually getting a certification like ISO 27001 is quite feasible for medium to large businesses. Even small businesses can afford the same if they are working in a very niche area and are the market leader in that <br />
<strong><br />
<br />
What are the prospects you see in Nepal when you would want to work here? </strong><br />
<br />
<br />
There are a lot of prospects. For example, a number of banks here are interested in IS audits so it’s my guess that we will tackle that shortly. They are interested in data centres so we will also look into that. Both these areas are our core business so we would be very happy to have customers in these areas. If there are clients who want us to do specific kinds of engagements, we would be able to do that provided such requirements are under the purview of law. Banking, energy and industrial sectors are areas we are currently looking at right now. <br />
<br />
</p>',
'published' => true,
'created' => '2012-08-10',
'modified' => '2012-08-15',
'keywords' => '',
'description' => 'Rajesh Deo is a Security Analyst in the Technical Assessment Team at NII Consulting, a well-established provider of information security services and products, based in Mumbai, India.',
'sortorder' => '553',
'image' => null,
'article_date' => '0000-00-00 00:00:00',
'homepage' => false,
'breaking_news' => false,
'main_news' => false,
'in_scroller' => false,
'user_id' => '0'
),
'ArticleCategory' => array(
'id' => '31',
'name' => 'Visiting Business People',
'parentOf' => '208',
'published' => true,
'registered' => '2015-07-20 00:00:00',
'sortorder' => '2',
'del_flag' => '0',
'homepage' => false,
'display_in_menu' => false,
'user_id' => '1',
'created' => '0000-00-00 00:00:00',
'modified' => '0000-00-00 00:00:00'
),
'User' => array(
'password' => '*****',
'id' => null,
'user_detail_id' => null,
'group_id' => null,
'username' => null,
'name' => null,
'email' => null,
'address' => null,
'gender' => null,
'access' => null,
'phone' => null,
'access_type' => null,
'activated' => null,
'sortorder' => null,
'published' => null,
'created' => null,
'last_login' => null,
'ip' => null
),
'ArticleComment' => array(),
'ArticleFeature' => array(),
'ArticleHasAuthor' => array(),
'ArticleHasTag' => array(),
'ArticleView' => array(
(int) 0 => array(
'article_id' => '654',
'hit' => '397'
)
),
'Slider' => array()
)
$current_user = null
$logged_in = false
$xml = false
simplexml_load_file - [internal], line ??
include - APP/View/Elements/side_bar.ctp, line 133
View::_evaluate() - CORE/Cake/View/View.php, line 971
View::_render() - CORE/Cake/View/View.php, line 933
View::_renderElement() - CORE/Cake/View/View.php, line 1224
View::element() - CORE/Cake/View/View.php, line 418
include - APP/View/Articles/view.ctp, line 391
View::_evaluate() - CORE/Cake/View/View.php, line 971
View::_render() - CORE/Cake/View/View.php, line 933
View::render() - CORE/Cake/View/View.php, line 473
Controller::render() - CORE/Cake/Controller/Controller.php, line 968
Dispatcher::_invoke() - CORE/Cake/Routing/Dispatcher.php, line 200
Dispatcher::dispatch() - CORE/Cake/Routing/Dispatcher.php, line 167
[main] - APP/webroot/index.php, line 117
.jpg)
