Monthly Archives: April 2015

Compliance Hiccups and Cure

IT, security and compliance officers discuss the issues relating companies these days and what steps organizations can take to reduce potential regulatory compliance risks and security threats.

“Failure to meet rules and guidelines set by compliance standards could mean fines, penalties and loss of trust.” Andrew Hodes

 

IT departments are not only to be entangled by the security risks these days but also have to comply with the various industry and federal regulations to keep sensitive customer data safe and to uphold the trust levels of the potential customers. With the ongoing notion of BYOD

(Bring Your Own Device) it’s an up keeping task for the organizations to comply to the industry and federal regulation standards. Its very vital for the organizations to tap these potential compliance vulnerabilities to function and deliver in alignment to the industry and federal regulations. Some of the biggest hiccups to the organizations to keep complaint are

  1. Employees: Employees play a vital role in compliance .Adherence to industry and federal standards are purely employee oriented and controls to tap this leakage is very essential for an organization. To overcome this threat, it’s important to educate all employees on different ways information can be acquired through very low-tech methods and give them tools they can use.
  2. Cloud Service Providers.To ensure that sensitive data is being properly protected in the cloud, choose a trusted service provider. Cloud services present significant benefits in of cost savings, scalability, flexibility, however, to ensure that your or your customer’s data is properly protected and in compliance with all relevant regulations, the vendor/service provider should meet the underlying regulatory requirements, whether the cloud is engineered to be HIPAA-ready or to comply with PCI or FISMA standards.
  3. To avoid the potential theft of data from mobile workers, provide travel laptops to employees and create specific information security policies to protect the network from cyber penetration.
  4. Third-Party Apps (S hadow IT).The biggest compliance-related issue facing CIOs today is shadow IT, a threat caused by the use of unseen third-party solutions including devices and apps, the flow of data and information in an unregulated unchecked manner causes a potential compliance threat to the stakeholders.  Educate end users; give CIOs the controlled power to constantly assess services for suitability; and deploy modern enterprise cloud solutions to solve overall compliance problems.

ASHUTOSH JOSHI
MBA (IT) 4th SEM

Wake up — it’s time to be aware about Information Technology Act

With the vast expansion of Internet services and their necessities in the digital world, awareness about Internet regulation is must. The great majority of Internet users are not aware that they access a regulated version of World Wide Web where doing something to anything may result to a very dangerous transgression for the future. A lot of discussion and debate has taken place about privacy and IT act, whether with regard to freedom of speech, citizens’ rights, state surveillance or the Internet licensing stand. However, the most critical aspect that gives way to all these discussions and debates is, what should the citizens’ in India must know about Internet laws? How Internet users can make themselves more secure and safe by ensuring better protection of personal data?

Often laws are defined in a manner that it lay down all the substantive rights of the citizens. But it is due to lack of awareness of beneficiaries that most of the time they fail to respect and realize rights, demand justice, accountability and effective remedies at all levels. Recently, after hearing batch of public interest litigation on ambit, Honorable Supreme Court finally quashed down section 66(A) which allowed arrests for “inconvenient, abusive, and annoying messages on any online media, including ones involving freedom of expression”. The government also admit that section 66(A) of the Information and Technology Act had certain “aberrations amounting to abuse”. It means from now on section 66(A) atleast doesn’t have any legal standing.

Indians would have rejoice this decision, but wait how many of us know, that by striking down section 66(A), the Supreme Court of India paved the path for other challenges in cyber space for citizens’. Until the issue of further amendments in IT Act, every citizen must be aware about his/her privacy and cyber laws which will be helpful to exercise their rights. There are certain sections and articles which must be understood by every Indians in cyber space. These are discussed below:

  1. Article 19 of the Constitution of India states:
  2. Article 19(1)(a): grants every citizens with the right to freedom of speech and expression.
  3. Article 19(2): states, that nothing in sub-clause (a) of clause (1) shall affect the operation of any existing law, or prevent the State from making any law, in so far as such law imposes reasonable restrictions on the exercise of the right conferred by the said sub-clause in the interests of the sovereignty and integrity of India, the security of the State, friendly relations with foreign States, public order, decency or morality or in relation to contempt of court, defamation or incitement to an offence.

Thus there is distinct contradiction between section 66(A) and article 19(2) of the Indian Constitution, which provides government to issue another amendment to exercise powers under Article 19(2).

Section 69(A) ” Power to block any content ” of Information Technology Act states:

Section 69(A) allows the Indian government the power to block/censor any website or internet service, without giving the creator or provider of the content a chance to defend the material or even to get it unblocked. Within this, any information generated, transmitted, received, stored or hosted on any computer resource, if found offending or annoying can be blocked for access by the public.

Section 79 “Punishment for platforms like YouTube, ISP, etc.” of Information Technology Act states:

The intermediary such as ISP, YouTube, Twitter, Facebook, etc. can be punished if they does not actively censor material that the government or any person complains about, without giving intermediary any chance to defend the content. This section provides a dangerous tool to disrupt the business of an intermediary by flooding it with baseless complains and notices.

Section 84(B)”Punishment for abetment of offences” and Section 84(C) “Punishment for attempt to commit offences” of Information Technology Act states:

This gives the powers to police officers of the rank of an Inspector to arrest any person without a warrant in case of any instigation or attempt of committing any offense under IT Act. There is no defined objective guidelines, which could help police officer in arresting any person in a public place who is about to commit a cyber crime.

Section 118(D)”Punishment for causing annoyance by sending mails” of Kerala Police Act states:

Like section 66(A), it is illegal to cause annoyance to anyone in an “indecent manner” by sending messages or mails by any means. This was meant to be a safeguard against stalkers and spammers, but unfortunately becomes a way of suppressing certain kinds of speech as “online illegal speech” is not defined under this act.

Section 43(A) “Compensation for failure to protect data” and Section 72(A) “Punishment for disclosure of information in breach of lawful contract” of Information Technology Act states:

These sections provide the concept of data privacy and its protection. Section 43(A) helps in getting compensations from any corporate body for the negligence in implementing or maintaining reasonable security practices and procedures by complying with the best standards like ISO 27001, etc. for safeguarding the sensitive personal data or information (SPDI). Here SPDI includes:

  1. Passwords
  2. Financial information such as bank account or credit card or debit card or other payment instrument details
  3. Biometric information
  4. Deoxyribonucleic acid data
  5. Sexual preferences and practices
  6. Medical history and health
  7. Political affiliation
  8. Commission, or alleged commission, of any offence and
  9. Ethnicity, religion, race or caste

Further section 72(A) also deals with personal sensitive information and provides punishment for disclosure of information without the information provider’s consent or in breach of lawful contract. Both of these sections are at a nascent stage which needs to be stringent.

Apart from urgent amendments in IT Act, a special attention must be paid to the data privacy rights in India which is an essential part of civil liberties protection in cyberspace. A right to privacy bill, 2014 is in draft phase, which will help individuals to protect against misuse of data by government or private agencies. Until then each one of us must be careful while accessing, downloading or uploading different contents and stuffs on internet.

Akansha Pandey
MS- Cyber Law Information Security
IIITA

Bring Your Own Cloud

“Bring Your Own Device” (BYOD) has been popular for quite some time now. It is driven mainly by workers desire to use their own devices like phones, tablets, laptops etc. This practice has got its own benefits like flexibility, round the clock access to data, higher productivity and lesser dependency on central IT Hub. But, BOYD can easily cause disruptions to IT compliances and IT processes of an organization.

A new trends has emerged on the lines of BOYD called “Bring Your Own Cloud” or BYOC, which allows workers to utilize public or private third-party cloud services to complete their job tasks.

What is “Bring Your Own Cloud”?

In BYOC, workgroups or individual employees of the organization uses low cost, fast and efficient public or private third-party cloud services to get the work done. An organization might encourage its employees to use public or third-party cloud services in order to reduce capital and operational costs related to IT. This is prevalent in large organization that can’t spare resources or people to keep with changes in IT.

What are the advantages of BYOC?

  1. Less utilization of the organization’s resources.
  2. Less expensive
  3. Faster and efficient
  4. Agile and easy access

What are the disadvantages of BYOC?

BYOC is also referred to as “shadow IT” due its pervasiveness. The implications of BYOC are as follows:

1) Lack or loss of overall control: The organization doesn’t know who’s using what, and so, it has no control on the data access, its management and resource planning.

2) Inconsistency of System: With disparate systems in use, inconsistencies creeps into the IT environment.

3) Increase Risk of Data loss: with the use of third-party cloud services there is always a threat of data loss.

4) Greater risk of errors: This is due to non IT-professionals managing the infrastructure.

What are the controls or best practices for BYOC?

To mitigate the possible risks, the following could be consider as best practices or controls to be incorporated in the organization’s IT process.

1) The employees should be encouraged to use a single cloud storage for any work related activity and no personal data should be stored in that particular storage.

2) Use version-control sign-out process to ensure that multiple copies don’t exist and there is a record of everyone who has a personal copy.

3) Programs like word processor, spreadsheet, presentation-programs etc. should be standardized on a file format which is widely supported, and employees should be encouraged to only use the prescribed format.

4) Detailed BYOD policies wrapped up with BYOC policies should be adopted by the organizations.

5) Collaboration should be supported by sharing access to an organization-controlled cloud storage service and apps having same source.

Conclusion:

For today’s organizations it is wiser to accept that employees will rely on the tools they know best, and to accommodate employee choices and apply governance practices that offer an adequate level of protection.

 

 RAHUL KUMAR
MBA (IT) 4th SEM

Information insecurity due to data leakage by Chinese smart phone companies

Smart phones have become a necessity of one’s life. Now a days more than a trend or symbol of aristocracy they have become a need. A customer wants a smart phone with a reasonable price and high end features. Most of the companies have emerged with brilliant marketing strategies but Chinese smartphones seems to be taking off in the Indian market because they are a great combination of off modern features and low price but then the question arises how does the Chinese smart phone companies like Xiaomi, Gionee and Oppo fare off so well in the Indian market even after having a security leakage issue. Although these companies seems to satisfy the customer in every aspect but they have a major security leakage issue.
According to report in a national daily Chinese smartphones are leaking some major information which are sent back to the the servers in China. The IAF has also alerted its people to avoid using these smartphones and an initial testing was also done by F-Secure on August 7, 2014 on a Redmi 1S, which had the issue of data automatically being transmitted while Xiaomi claims that their smartphones are safe and the Indian Air Force had issues a notice based on a two-month-old report by F-Secure.
Although after an update of the OS, they tested the handset again on August 14, to confirm that the issue is no longer present. The Note states that F-Secure, a security firm, carried out tests on the Redmi 1S, only to find that the phone was forwarding the carrier name, phone number, IMEI, address book records and SMS to the Chinese servers in Beijing. The report also mentioned about a user in Hong Kong, reporting that the Redmi Note automatically connected to a particular IP address hosted in China. The IP address belongs to the CNNIC, which is the administrative agency for Internet affairs operating under the Ministry of Information Industry of China.
Although there are laws against the leakage of privacy but the user must himself take care about the security of his data.
Some important sections have been substituted and inserted by the IT Amendment Act, 2008 in which Section 66E, Section 66B and Section 69B provide strict laws for information security.
However actions takes time to take place but the Chinese companies have firmly rooted in the Indian market and that is why they thriving it so well.
Although at user level there are lots of ways for to ensure the security of data. There are applications available for android and iOS to by the name OS monitor and viaProtect to provide the user information about the data being sent by different applications without his knowledge.
So, somehow we ourselves can put a step forward to avoid the insecurity of our data.

Source: Deccan Chronicle and Intellectual Property & Information Technology Laws Division

Varun Kumar
IIIT Allahabad

Science Conclave Detail

IIIT Allahabad hosted the Science Conclave (8-12 Dec 2014) – a programme under “Vision 2020” by Government of India for generating and using new knowledge for economic development, and social and scientific progress in a research and innovation-driven culture. Campus witnessed the presence of over 20 eminent scientists and Nobel laureates like Robert Curl, Joseph Sifakis, Anish Arora, Lina Nilsson, Kuniharu Takei and others from the disciplines of Mathematics, Physics, Chemistry, Biology and IT from across the globe.

5

There were academic sessions held during the day where professors delivered lectures on a variety of topics ranging from Astronomy to Nanotechnology, from Bioinformatics and Genomics to Wireless communication and Ubiquitous computing. Thereafter interaction sessions, addressed by about three scientists were held separately for students, giving them a chance to explore the current areas of research and development as well as share views on science and technology.
Evenings were graced by the mesmerizing performances of renowned classical dancers and musicians like Bimbawati Devi – the acclaimed Manipuri dancer, Srijan Chatterjee – the young and vibrant Hindustani vocalist and Sanskrit research scholar, Shovana Narayan – the Kathak Guru (Padamshree & Central Sangeet Natak Akademi awardee), Guru Aruna Mohanty – a distinguished Odissi dancer, and others.

6

Asmita- Annual Track and Field event 2015

“Just play. Have fun. Enjoy the game.”

‘Asmita- Annual Track and Field event’ the 3 day annual sports meet of IIIT Allahabad became the life of these lines from 13-15 feb 2015. The function started with mashal run and lightining of flame.

3

This was followed by exciting sports events such as team wise march past, tug of war and triple jump (100m). Other sports events carried out in the three days span were shot put(1600m), long jump, discuss throw, biscuit race, spoon-marble race, sack race, walking race, relay race and many more thrilling events. The events recorded very high participation.

4

Aparoksha 2015

This year IIIT Allahabad introduced its first TechFest ‘Aparoksha’ which was organized from 20-22 march 2015. It aimed at providing a platform for the innovative and imaginative minds to show their talents in technical fields. There were various events organized from different technological fields such as electronics, networking, coding, robotics, development & design and many more. From quizzes to coding contests to making robotic models, it had everything.

Not just some mind boggling techs, the fest also hosted some cool LAN gaming contests consisting of fifa-15, counter strike, dota-2 and split seconds. Featuring both single and team game it was a major attraction for gaming junkies. The contests went on for various rounds with elimination making it all the more exciting.
2

Some grand events were organized namely hackathon, techtalks and exhibition. Hackathon was an on the spot event in which participants had to impress the judges showing their creativity on the topics given to them by the judges themselves. Techtalks was to motivate and inspire young minds by connecting them with the pioneers in various fields. Exhibition had the participants to present their innovative ideas along with a working model to earn the judges’ appreciation.

Among other fun activities some workshops were arranged to feed the brain with knowledge about new and latest technologies. The workshops were on Android Application Development, Big Data Analysis & Hadoop, Cisco Networking & Linux Red Hat, Hooker Botz v1.1 and Augmented reality.

Witnessing a lot of participation and excitement of the students the technical fest was a raging success and was ended with the techtalks giving a platform for the learners and the learned to interact.

1
 

Strategic Plan On Revival Of Tea Industry In India with special reference to Assam

 

The great Mark Twain once said that in India there is no time for tea since all time is for tea only, which certainly was a comment on the lazy behaviour of Indians , doing nothing but drinking tea only. Tea was once considered as a drink of royal clan , tea was especially prepared on special occasions and was considered something special drink. In China today also it’s a custom, then change prevail and tea lost its touch, now it has become a poor man’s drink. If you generally ask for tea some people may just reject that because its below there standard, but this below standard drink has employed more than 20,000 inhabitants of Assam alone. The state which cannot produce anything but tourism and tea. Majority of tea leaves are properly look after due to lack of storing space and logistics. The tea boards are just filling there pockets with the government sanction money. They must synchronize the order of production and must pay a higher wages to labour also

 

Tea industry is going through its worst phase- environment degradation, land deforestation, herbal tea, green tea, cold drinks, market price fluctuations, no proper cultivation techniques etc.

Revival of the Industry hence should be prime importance to the state government. In its 166 year old history, The Tea Industry of Assam for the first time is going through one of its worst phases. There has been decline in export, stagnation domestic production and marketing in the Indian Tea Industry .price fluctuation, production cost, no exports, old techniques, unskilled labour, unavailability of labour are some of the major concerns in this field.

The industry should be much exposed like gambling industry in USA, the strengths of tea must be projected in such a manner that coffee lovers should go for tea. Weaknesses , threats must be eliminated and state and central government should look over the whole scenario by themselves.

 

Bhartihari Pandiya
RS178
Department of management studies
Rs178@iiita.ac.in

Tips for effective Email Marketing

Market Identification

 Email marketing is consider to be the most economical way of creating the first touch among the potential customers ,Its time saving also as bulk impressions can be created using this approach. Before starting this practice the marketer should be clear about their list of potential customers if possible should segment them on the basis of business type ( i.e B2B or B2C), Location, Demographics etc.

 Content Preparation

 A template should be maintained, having all the useful information and eye catching, attractive yet simple and downloadable landing website navigators. It should not be too heavy and descriptive, heavy images, attachments and javascripts should be avoided. Instead map images, rich text and relative hyperlinks should be used. Aweber can be used for the same.

 Data Driven Analysis

 Analysing the trends and potential customer’s preferences, prediction can be made on whom to serve what. Marketer should keep the track of conversion rate, customer life cycle, clicks etc. in exact data clusters format.

 Re-Marketing Practices

 Email marketing runs on 80-20 rule, means only 20% of the loyal customer base handles the 80% profit share of the businesses, So Email should be designed such that it should reflect more care, facilitation and awareness than just selling, Once potential customer becomes customer.

 Subscription Management

 There should be a team to keep the track of all the users want to unsubscribe from the offered services and maintain a feedback mechanism for the same.

 Testing

 Before launching any campaign it should be tested on different email providers like gmail,yahoo mail,outbox,rediffmail etc , Also on different browsers to check the cross platform compatibility. There is a tool named Litmus that tests and provides screen shots of dozens of different email providers present in market. Mobile compatibility should also be tested as nowadays most the people prefer checking their mail on their smart phones.

 Policy Maintenance

 Content should not be such that it get blocked as a Spam, marketer should be aware about the CAN-SPAM Act. DMARC policy should be taken into account if sending email newsletters from public domains private domains without authentication.

Priyanka Malik
MBA, IIIT Allahabad
IMB2013017@iiita.ac.in

Changing Indian Consumers & their appetite for premiumization

Just two decades back, the people were happy with Parle-G as a biscuit,Nirma as a washing powder and a tooth-powder or even daatun, for cleaning their teeth. But with every passing day, their needs and aspirations are changing. The anthropologist’s may say this is normal because as species evolve, consumer tastes also evolve, but the catch here is that along with their tastes, their buying pattern and point of purchases, is also changing. Now, they are no longer, interested in buying the same brand their ancestors were using and neither want to stick around with one brand.

The new India is young and dynamic and is willing to experiment. Perhaps that’s the reason, why you see, that today in every category, at least 5 brands are available. Also, now every brand is moving towards premiumisation. If we talk of biscuits category, gone are the days of glucose biscuits and now, we have players like Britannia coming up with a super-premium cookie ‘Chunkie’s’, which costs Rs.500/- per kg, a price quite high for Indian audience. But the market offtake data shows, that consumers are buying this. ITC Foods, has come up with its Dark Fantasy range of cookies, which is targeted at an equally premium segment. If we take of health segment, global brands working in the niche biscuit segment like McVitie’s, is working aggressively in ‘Digestive’range and Oats segment, through their ‘Hobnobs’ range of cookies and the health conscious Indian consumer, is responding by buying its products regularly. Even, innovation is being done in traditional biscuit range like Marie/Rich Tea, where newer varieties are being introduced by all players.

But hey, there’s a catch here!!! These are not aimed at the rich and elite class, which still has a craving for imported biscuits. These companies are targeting these new products at middle & lower income groups, as their price points are between Rs.20-Rs.50/-, which can be afforded. And as the products are really good, the chance of repeat purchase is pretty strong. This analogy becomes even true in organized/modern trade, where consumers can feel the product and are often tempted to buy these new products, thanks to its mouth-watering packaging.

Also, the traditional purchase points are also changing. Earlier, we used to be happy to go to the uncle-ki-dukaan(Kirana/General trade outlet) as it was close and gave us some petty discount, but now people are willing to take a cab and visit the super-markets like Big Bazaar & D Marts, shop in an AC environment and most importantly feel the products and not be influenced by the kirana retailer’s advice. Moreover, these super-markets will give customers a better deal in bulk buying and many customers can also redeem their Sodexo coupons, along with free parking. All in all, a happy deal, for a happy customer.

This new disruptive trend has forced the general trade (Kirana stores), to change the ways it used to function. Now, they are changing rapidly into self-service or standalone outlets in cities like Hyderabad & Bangalore, where customers can choose products and they are also giving new services like home delivery. The Big Bazaar is also working on a pilot project of home-delivery in small towns, to get an edge over such outlets.

This is just the beginning; keep your hunger alive for bigger things about to come. Bon appetite…

ABHISHEK DE
Management Trainee, United Biscuits
Email id-ade11@rediffmail.com