Sushobhan Mukherjee


Leave a comment

Sweater, A Sunday Refresher by Infosec Foundation

Sweater is not just a warm cloth to protect us in winter. It is not just a piece of apparel, which can be purchased from any shop. It is not just an output of some knitting techniques.

Hope you are wondering why suddenly in a hot and humid April of Kolkata, I have started talking on Sweater. Yes, you guessed right. This is the after effects of watching the latest Bengali Movie “Sweater”.

Last Sunday afternoon we had a premier and special screening with cast and crews in Carnival Cinema, Salt lake dedicated for Infosec Foundation Patrons and Members.

I am sure, again it has instigated your mind what is the linkage of a movie with cyber security, which is the core genome of Infosec Foundation. Wait, I will come to that point.

Before that, let us walk through the context of the movie. The story-line revolves around a Bengali middle class family from a class c city. The crisis for the elder daughter’s marriage has created the prelude of the movie. Younger daughter is extremely skilled with music, dancing and other extra-curricular Activities along with general smartness and good academic background. On the contrary, elder daughter is having almost no skills and always gets compared with her sister. In effect she keeps on growing down in morale and she gets rejected almost every sphere of life including marriage proposals. Her boyfriend also declines to marry in order to have bindings. Instead, he stresses on freedom, enjoyment of life and shows his reluctance on owning responsible. In this juncture, a twist comes into the story-line with an interesting marriage proposal where the mother in law from an elite family puts a clause of weaving skills of sweater as selection criteria for her would be daughter in law. Yes, everyone thinks this is not only wired, but also insulting for the girl as well. However, the lady is having his own justifications on it. As per her thought process, In modern times parents keep on grooming girls with singing, dancing, painting etc , but neglects an old family legacy like knitting. This tradition is not only an art, but flows with generations. Hence, if the girl knows knitting sweater, the same can create a comfort space between Mother in law and daughter in law.

Anyways, under this compulsive pressure, the girl starts being trained with her aunt on knitting. However, the aunt could not find the fire in her to learn knitting sweater for her own career, rather she was more focused towards passing the marriage exam. Her aunt tries to motivate her, boost her morale in order to ignite her underlying spirit of bouncing back for win for her own self. In the class, lot of different Activities get planned apart from knitting, like music , wrestling, outdoor activities and most students always think these are useless. Nevertheless, the teacher was adamant and she illustrates through live situations that knitting or any activities in life are linked with human mind situations. Moreover, that mind game decides the outcome quality of work.

With the series of excise, situations in life, the heroine could connect with her soul and objective of life. In effect, she learns knitting sweater with passion, gives exam with her would be mother in law, but rejects the outcome result. By this time, she got the spirit to accumulate strength, courage and enough wisdom to define her own path of life towards victory. In effect the Girl who was always got rejected by everyone in life sofar, could ignite her spirit to reject others like marriage proposal, mother in law terms and even the irresponsible boyfriend Pablo.

Overall, a wonderful family movie with fabulous location in hills with greenery, clouds and fog. Story movement little slow, however flow is good with excellent cast, great music, fantastic cinematography. This is the first production by the promoter house with a new director and new heroine. Sreelekha Mitra and Kharaj Mukherjee were two renowned cast in side roles, but they did excellent justice to their characters and in effect made the roles pivotal instead of just a side role. Sidhu (Siddhartha of Cactus) was a surprise package to me as I was not aware of these acting capabilities other than musical skills. Isha Saha played wonderful as “Tuki” and her Sister “Sree” was great as well. More precisely, both of them did justice to characters and made it realistic.

There was no family melodrama, overdoing of music, dance etc. Overall a fat-free simple movie with good to watch scenes with peace of mind. More precisely a first production from the production house with such an organized efforts with a distinct message to the audience is truly appreciable.

Now why suddenly a movie screening for Infosec Foundation. Hope by now with our many Activities last three years, you are well aware of Infosec Foundation vision and mission. Infosec Foundation and it’s global trustees believe any organized and sophisticated crimes cannot be only defended by tools-technology-processes, rather it needs inclusive efforts from people from all levels in the social hierarchy. In effect, we believe the basic defense is a common sense, more human like behavior than robotic actions. Hence igniting human mind is extremely essential so that they can start thinking before just sharing OTP over phone, just clicking on phishing link or responding to a provoking SMS. More precisely the cyber issues are propagated to the youth or elderly people instead of middle-aged little IT aware people. Too much of digital attractions of social media, digital content, streaming etc make everyone more screensavers and detached from family , relatives and society. In effect no friends, no adds, no family mixing programs, rather always addiction towards virtual world. In effect youth sometimes gets more adventurous and get trapped and elderly people gets compromised on no awareness on the usage of it.

Hence building cyber aware eco system needs an inclusiveness instead just tech workshop, seminars, event. And same thought process resulted a cause which can aggregate several families on a holiday for just fun and then mix, engage and get connected with each other under community building exercise.

With the same motive, we intend to organize Musical Evenings, Theater Festival, Picnic, Outbound Activities and soon. In effect, gradually cyber awareness best practices will get injected slowly and steadily through an organized process

As you know this is a voluntary non-profit activity, need everyone from audience to join, contribute, collaborate and build the eco system together.

Stay Tuned for future endeavors of Infosec Foundation.

 

Advertisements


Leave a comment

Trip to Sundarban – a forest journey in Bengal

Preface

This story is of last December. Due to time constraints, work pressure and of course lazyness, I always get delayed to have a timely post. Never mind, better late than never. Interestingly, last few travels I was writing in Bengali and suddenly realized it has been long time I have not written something interesting in English. Off late, I have made a habit of having leisure twice a year – summer and winter aligned with kids school vacation. Last summer we went to Digha. The moment, Winter vacation was nearby, we were exploring a quick short trip.  Finally thought of exploring jungle and found Sundarban to be the nearest destination.

My parents visited way back to Sundarban through Wandervogel. The owner of that travel agency, Mr.Sumit Batabyal is a good friend of mine and we had taken many tour services through him. This time also we planned for a Two Nights and Three Days (28th December to 30th December, 2018) package through him in “Sundarban Tiger Camp“, Dayapur. We were super excited to explore this forest delta.

Introduction

Sundarban is world’s largest delta and named from the Sundari trees and abounded with deadly snakes, crocodiles, and Royal Bengal tiger.. This mangrove forest is listed as a world heritage site by UNESCO and the same is formed by the confluence of the Brahmaputra, Ganges and Meghana rivers. Life here is governed by the low and high tides.

The amazing wonderland is sprawl over 10,000 Sq. Kms spread across India and Bangladesh. The Park gained the status National Park on 1984 and become the designated kingdom of the famous Royal Bengal Tigers.

It used to host maximum number of tigers (as per an unofficial record, 270 were counted in 2004).However present claim is only about 100-120 tigers to be available there.

These forests are home to a variety of wildlife including variety of chirping birds, reptiles, and numerous of invertebrate including crocodiles. Our visit was to learn about their habitat, prey base, and adaptations for survival in these mangrove forests.

The excursion was a perfect fusion of wildlife, deep forest, birds watching and most importantly learning about  the varied custom and culture of the local people.

DAY 1 (28th December, 2018)

·         Journey from Kolkata to Sundarban

Sundarban is not reachable directly by train or bus. Nature has protected this dense forest from human invasion by separating it by series of rivers and tributaries.

The last rail station is Canning to approach further to reach the magical land. There are plenty of buses from Kolkata to Gosaba. Boat services can be availed either from Gosaba or Gadkhali.

We had taken Uber ride from Birati early morning to reach Priya Cinema Hall, Deshapriya Park by 7am. By 7.30, many other groups, co-passengers, families got assembled to ride the scheduled Bus Ride towards Gadkhali, our boat riding point. It was an AC luxury coach with 40seats capacity and the journey kicked off by 8am. We had been served a packed breakfast (sandwich, khasta kochuri, sweets) with mineral water immediately after our ride started. The bus took Basanti highway and reached the destination by four hours. There was a midway break for 30mins due to nature’s call and tea refreshments. We took a brisk walk towards launch ghat while the luggage were transported by rikshwa van.

We boarded in a Boat from Gadkhali Jettey for a spectacular ride through the amazing forest, islands and narrow creeks of the river. The boat captain and the lovely ornithologist was continuously guiding about the journey, places, history, geography and ofcourse mythology to make the journey memorable. We cruise through rivers Gomor, Durgadhwani to enter river Pitchkhali on banks to reach Dayapur Island where Sunderban Tiger Camp was situated.

The overall boat ride was around 2 hours and was fun filled with mild winter waves and refreshments.

We landed to Dayapur Island at around 2pm and we were greeted with local rituals at the entrance of the resort before checking into our rooms.

There are many different categories of rooms and facilities in this resort starting from AC/Non-AC Cottage, Rooms upto huts. We were allocated executive AC Cottages 3&4 as per pre-booking and packages. We rushed for hot lunch after a quick shower. We had been told to report at Launch Ghat by 4pm to cruise for Sajnekhali.

·         Sajnekhali

We cruise through the creeks and canals of the Sunderban Tiger Reserve forest and endemic and migratory birds and wildlife to Sajnekhali watchtower and Mangrove Interpretation Centre. Our guide obtained pass for all members beforehand and in effect immediately, we could venture into the jungle. The famous Sajnekhali tourist lodge located here. No one lives on this island outside this protected area except wild beasts. Inside the forest office, we have seen Mangrove Interpretation center. Crocodile pond, Bonobibi temple, and wild lizard’s pond.

As the sun sets in the distant horizon we returned to the resort to refresh and join for Hi-Tea with Snacks. Mouthwatering momo along with hot tea and coffee were served and the same was followed by bonfire and Tribal Dance to make our evening more memorable. The folklore depicted their century old cultural in its true native form. They showcased happiness and hardships in their lives through dance and recitals of their folklore.

A warm dinner cooked with farm fresh vegetables and was served at the Fishermans Wharf dining hall . The Dinner had soup, chowmin, fried rice, prawn, chilli-chicken along with desserts.

DAY 2 (29TH December, 2018)

·         Dobanki Camp

We woke up early to the chirping of birds and morning wake up bell. A hot cup of tea alongwith biscuits were served in our balcony. We refreshed quickly and boarded by 7am for a thrilling cruise towards Dobanke Watch Tower through creeks and dense forest and numerous rivers.

Breakfast was served on the deck with Idly, egg scramble, bread toast, butter, jam, fruits along with hot coffee and tea. We continued to search for wild animals both sides of the river while cruising through river creeks. Different birds, dear, crocodile and tiger pug marks were evidenced with great charm and enthusiasm.

Once we boarded at the jetty at Dobanki, the major excitement was the canopy walk to experience live animals from Dobanke Watch Tower with a 360-degree view the forest. The canopy walk was through a 20 feet elevated path (covered with iron mesh) through the deep mangroves forests.

On the return path our boat took more narrow path of a tributary and our exploration continued for the search of beasts on the river bank. This forest area was really dreadful dense and uncanny silence.

In sunderban, there is a popular saying, you might not find tiger while searching in the river bank or in jungle, but the tiger is surely watching you from deep jungle.

On the both sides, we found various types of mangroves sharing the riverbank and water was covering the base of dense mangroves forests.

We cruise back through Matla Sea Face (the point from where Bay of Bengal can be seen) to Sunderban Tiger Camp for lunch.

The Tiger Camp hosts various kind of trees alongwith different kind of Birds. Visitors can easily go to the watchtower to observe the birdlife. There are approx. 64 species of birds at the Tiger Camp.

In the afternoon we went for a village walk of Dayapur. The walk was to learn about the lifestyle, local crafts, cuisines, and way of life of the local villagers. We observed their indigenous farming methods and how their houses are completely mud made with small entrances.

On return to  the resort there was a wildlife movie along with tea, coffee and pakoda. The same was followed by banabibi pala.

The folklore of Bono Bibi is known to the people of Sundarbans like every Christian knowing about Christ, the incarnation of God. The Bono Bibi puja celebrated every year during January, when the text of the Bonobibir Jahurnana, composed in 1877 by the Muslim Poet Munsi Byanuddin Saheb is sung, narrating the life and mirades of Bonobibir and other related characters Dakshin Rai, Sha Jungli and Gazi Saheb.

The miracles of Bonobibir and her brother Sha Jungli had a tremendous influence upon the people of Sundarbans because both of them perform miracles to come to the rescue of the people of Sundarbans when in distress.

In distant past, there was one Dhana Mouli (Mouli Class of people collect Honey i.e Madhu) who was suffering from terrible financial problems. One day tired and distressed Dhona Mouli was asleep when he had a vision from Dakshin Rai, son of the king of Jungle, Dandakashya a Hermit by nature. Dakshin Rai, in fact was a sorcerer and incarnation of Tiger.

Dakshin Rai advised Shona (in his sleep) to sail towards Sundarban for collection of Honey.While sailing for Sundarbans, he should take along with him a little bay named Dhuki 8 years of age. Dhona sailed for Sundarban accordingly with his village boatmen and Dhukhi.

In the meantime, the cruel sorcerer, Dakshin Rai sucked all the honey in Sundarban in his custody. naturally worried Dhona since he could not find honey had gone to fast sleep. Dakshin Rai finally appeared in his original tiger form and asked Dhona to handover Dhulhi to him and in lieu Dakshin Rai promised boatful of Wax and Honey to Dhona. Realising the evil intention of Dakshin Rai, Dhona requested in vain to spare the life of little innocent Dukhi. However, Dakshin Rai was not moved. Dhona had no other option but to have a little Dukhi in the hand of Dakshin Rai. Dhona on arriving his native village informed Dukhi’s mother losing the life of Dukhi by a tiger.

As soon as Dhona left, Dakshin Rai lost no time in attempting to devour little Dukhi.The helpless boy in utter distress facing certain death, appealed to Bono Bibi, the saviour oof Jungle and her brother. Sha Jungli to come to his rescue.A fierce battle took place between Shah Jungli and the wily Dakshin Rai. Shah Jungli was the ultimate winner and dukhi was rescued from the clutch of Dakshin Rai and was sent back to his mother by riding on the back of a crocodile, who happened to be a career of Godess Bono Bibi.

Dukhi, introduced the Puja of Bono Bibi by collecting alms from village to village. since then, Bono Bibi is worshipped by the people of Sundarban irrespective of Caste, Creed and Religion.

Bono Bibi Temple always hosts Bono Bibi, Dakhin Rai, Dhona, Ghazi  sahib manily and these are the perfect example of harmony beyond religion.

This was the last night at the resort the dinner was served at open air garden with kebabs and off course bonfire.

DAY 3 (30th December, 2018)

·         Sudhanyakhali


Day 3 was also scheduled for early morning waking up with bed tea. We had to get ready by 7am as usual to report at the boat. Today’s plan was to visit Sudhanyakhali Watchtower. Breakfast was served at the boat as usual.

We could see different types of mangroves on the left bank. We now can see many infamous creeks entering into the deep forest. Entry paths of those creeks are covered with nets so that fishing boats cannot enter into deep jungle for crabs and honeys. If lucks favors, we can see the glimpse of tigers at the swampy river bank.

Breakfast was served on the deck with Sandwich, Boiled egg, Rajma Curry, Bread toast, butter, jam, fruits along with hot coffee and tea.

We could see many types of mangroves both side. Notably golapata, sundhari, Goran all covered both river banks. We observed many big fruits are hanging from trees. We had to walk through the caged walkways after disembarking towards the watchtower, searching for the wild animals. We could see lizard in the pond as well as monkeys surrounded.

·         Return

We returned resort by 11am from Sudhanyakhali. After having lunch at the resort , we checked out and boarded for returning to kolkata via Gadkhali. By this all fellow trvellers had become like a team or an extended family. We kept of enjoying by “Antakshari” for around 2 hours for celebration of this wonderful tour.

Important Places left out

Pakhiralaya, Jharkhali , Netidhopani, Buni Camp, Kalas Watch Tower etc was not covered during this short trip. Look forward exploring these areas while visiting through some other route.

Sunderban travel tips:

Sundarban tour guide: Some important information for travelers:

  • Best time to visit Sundarban: From September to March every year. In winter, there are greater chance of seeing tiger, crocodile and other animal on river bank.
  • How to reach Sundarban ?

Sunderban can be reached through various routes. We have reached Sunderban via Godkhali. Dhamakhali. But, it is better to reach core jungle via launch thorough Gosaba or Dhamakhali as well.

  • Where to stay in Sunderban ?

There are many places in different ilands starting from resorts to budget hotels. We had chosen for Sunderban Tiger Camp in Dayapur through pre-defined packages. However, if you are looking at choosing hotels directly on reaching the spot in order to have better negotiations instead of pre-booking, then pakhiralaya will be the best place to have night halt. There are about 35+ different budget hotels in that location.


Leave a comment

Security Symposium & Awards – Bangladesh 17th Feb, 2019

Preface

Without last year’s grand success of multi-city “Security Symposium & Awards”, (Kolkata-Bangalore-Delhi-Mumbai) and the International Infosec Summit (Infosec Global 2018) in Kolkata, we planned for surging ahead to conduct Security Symposiums in Three international Cities (Dhaka-Dubai and Colombo) for the confluence of Global CISO’s to brainstorm on the future and impending challenges to conclusively emerge as Cyber Security Game Changer across the Globe.

Security Symposium and Awards Dhaka – 2019 was the first event as a part of a multi-city Event organized by Infosec Foundation and Enterprise IT World.

The Topic of the event will cover Cyber Security Road-map for Financial Sector/ Industry 4.0 / AI & Blockchain / Startups in IT Security ecosystem, Agility and Flexibility in adopting Cyber Security for Telecom/ Cloud/ Infra Providers, etc.

In the era of hyper-growth, and digital-driven economy, the enterprise risk management has reached to a whole new level. Cyber security has gone through a tremendous change and reinforcing India’s Cyber Security Framework is one of the burning issues in delivering high performance solutions. Only few countries have a cyber-security strategy or are in the process of developing one to protect against cyber-crime. While the overall cyber security posture of India is satisfactory, the mission is still far from being accomplished.

This is a platform that aims to bring together the MD/CEOs/CIOs/CDOs/CISOs in Global CISO’s with an agenda to interact and discuss the latest trends in Information Security and share their key experiences and learning. It will be an excellent opportunity for the attendee companies to showcase their services, credibility and product related to Information Security.

Event Brief:

The theme of the event is to create awareness on the roles and responsibilities of officers and persons protecting critical infrastructure. The Symposium will also witness awarding CISO (Chief Information Security Officers) of the country in recognition of their exceptional contribution to the industry.

Date & Venue:

The Westin, Dhaka, 17th February 12 Noon to 9pm 

Delegate Profiles:

Around 200+ in numbers, 70% mostly CIOs from Large Enterprises Level Corporate, Bank & Financial Institutions, CEO & IT Heads of mid-sized organizations, 15% Key Govt. Officials, police, CID, Cyber Security Experts, Cyber Law Experts, Policy Makers, 15% Start-ups & Academia.   

Event Highlights

The event was graced by Chief Guest Mr.M.A. Mannan, Honorable Minister, Ministry of Planning, Republic of Bangladesh alongwith Mr.K.A.M. Majedur Rahman (Managing Director, Dhaka Stock Exchange).

Besides few eminent key speakers like Mr. Mohammad Arfe Elahi (Chief Technology Officer, Access to Information Programme), Dr Muhammad Abdul Mazid (Adviser – A K Khan and Company Limited), Mr.Kapil Awasthi (Regional Director, North & East , Check Point Software Technologies), Mr. Ahmed Rokibur Rahman (Wooribank), Mr. Syed Moinuddin Ahmed, (Additional Managing Director & Company Secretary, Green Delta Insurance), Mr. Tapan Sarkar (Founder President CTO Forum, Managing Director ADN Edu Services Ltd.), Mr. Md.Jasim Uddin (Former First Vice President, FBCCI), Mr. Pallab Ganguly (Chairman – IEEE Comsoc Kolkata Section, CISO-Gen Calcutta Electric Supply Corporation), Mr.B. M. Zahid-ul Haque (Head of Information Security, BRAC Bank Limited), Mr. Syed Almas Kabir, President (BASIS),   Mr.Shaerul Haque Joarder ( VP & Head of IT, Bangladesh), Cyber Security for the critical Infrastructure in a Power Utility, Mr. Jaspreet Singh (Partner – Cyber Security – Africa, India & Middle East (AIM), Advisory Services, Ernst & Young LLP),  Mr.Greesh Behal, Regional Head – West (Klassify), Mr.Espen Haagenrud, (CISO, Grameen Phone), Mr.Azim U. Hoque (Co-Founder at Cyber Security Forum, Founder and President at University IT Forum), Mr.Tanveer Ehsanur Rahman (CTO, Novo Telecom) etc has also confirmed their gracious presence as speakers.

Detailed Coverage:

Risk and its mitigation is an integral part of any strategic planning. Risks are associated with core strategic assets and these assets have to be protected.  In our times, many of our assets are highly dependent on IT infrastructure associated to run and manage them. For example, national power grid, power grid, logistics, dams, aviation, transport, capital markets, communication. These assets can be attacked and there are evidences of attack where IT infrastructure is used as the route of attack. Cyber security includes all kind of manifested and potential attack on these systems and in turn damaging the core assets behind these.  Policy makers in macro-economic planning must take into account the short term and long term risks that stem from this. Next, ways and means to mitigate these risks and investment needed – both financial and non-financial must be articulated. Today, various non-state actors and proxies wage offensive action against sovereign nations, public and private nations and some are targeted to cause profound economic and psychological damage. Thus, many commentators argue that future wars will be mostly cyber-wars. Strategic Planning is now obligated, both in policy level and in working level to acknowledge the risk of cyber threats and also an inter-disciplinary approach to mitigate it.

The inaugural session was focusing on the same area since the chief guest was the planning minister of Bangladesh and the linkage of Cyber Security with the Digital Bangladesh Strategies were discussed in details.

After the inaugural session of Mr.Mohammad Arfe Elahi, Chief Technology Officer, Access to Information Programme (a2i), Bangladesh extended his keynote address Cybersecurity Initiatives by Bangladesh Government.

Next one was by Mr. Pallab Ganguly, Chairman – IEEE Comsoc Kolkata Section, CISO-Gen Calcutta Electric Supply Corporation (CESC) on Cyber Security for the critical Infrastructure in a Power Utility.

Advanced Persistent Threat Landscape and Remediation Roadmap was illustrated by Mr.Mohit Puri, Director – Presales, India/SAARC, Sophos in the next session.

Mr.Kapil Awasthi (Regional Director, North & East, Check Point Software Technologies) was instrumental delivering his Theme Session on Industry 4.0 Trends, Strategy & Best Practices.

There after the 1st Panel of the day took place with an interesting topic “Industry 4.0: Beyond Man and Machine“.

It was human muscle power that moved early phases of civilization. Man tamed animals and animal-muscle was put to use, especially for agriculture. Then men invented early stone tools, machine version 1.0. For last 10,000 years, man created machines of such power and sophistication that we no longer talk as how we learn as how to operate a machine but how machines learn from us. Internet of today is a great man-machine learning system where man is learning about machines and we machines are learning how human beings work. Thus a new dimension is now in the horizon where we are talking of Singularity where machines get a critical threshold of “intelligence” and rule us or machines become so smart that we humans, their creators find ourselves bench-marked against machines and companies may put their recruitment notice board with the frightening words – Humans need not apply.

Dr. Muhammad Abdul Mazid was the moderator for the session. Below was the core team architecture of the panel:

  • Moderator: Dr Muhammad Abdul Mazid, Adviser-AK Khan and Company Limited,
  • Ahmed Rokibur Rahman, Head of ICT, Woori Bank,
  • Syed Moinuddin Ahmed, Additional Managing Director & Company Secretary, Green Delta Insurance,
  • Tapan Sarkar, Founder President CTO Forum, Managing Director ADN Edu Services Ltd.
  • Md.Jasim Uddin, Former First Vice President, FBCCI.

Key deliberations of the panel was revolving around the below questions:

  1. With machines becoming so smart and productivity gains so high, will fundamental laws of business be valid and applicable?
  2. How will be companies of Industry 4.0 look like ?
  3. How shall we keep human beings employed or what will be the core competencies and skills of the future ?
  4. How shall we prevent a scenario where machines will be our masters rather than our slaves?

After the 1st Panel, Mr.Sajeev Sengupta from Checkpoint had taken a detailed session on Threat Intelligence and Response.

Next session was Panel 2 on Security Orchestration and Managed Security it look place in the evening just after the tea break

Historically, IT security was diagnostic and reporting based. A security system used to monitor and report and the framework was that of “incident” and “events being managed.”. An evolved framework is now needed for more integrated and comprehensive reporting plus “acting” automatically for a wide range of events. This is Security Orchestration and Automated Response. For managed security business, SLA deviation not only results in loss of business, in worst cases of breach, it can lead to criminal proceedings even. Enterprises not only need to take action but also to demonstrate that a synchronized, timely and effective actions were taken and in a well documented manner for the threats and vulnerabilities. On the other hand, some of the current and future security threats and vulnerabilities will be launched in a way that there is not enough time to “report and analyse and act”, rather the system needs to be smart enough to take action automatically. Thus in short, we are finding an evolution from “reporting” to “acting”.

Security automation and orchestration replaces slow, manual analyst intervention from conventional incident response processes with machine-speed decision making.

Manual incident response processes, insufficient workflows and difficulty hiring security personnel have left security operations teams struggling to keep up with the growing volume of alarms. SOAR combines comprehensive data gathering, standardization, workflow analysis and analytics to provide organizations the ability to easily implement sophisticated defense-in-depth capabilities based on internal and external data sources.

Mr.Shaerul Haque Joarder was the  moderator for the session.

Below are the architecture of the panel team:

  • Moderation: Mr.Shaerul Haque Joarder, VP & Head of IT, EPIC Group
  • Mr.Espen Haagenrud, CISO, Grameen Phone
  • Mr.Azim U. Hoque, Co-Founder at Cyber Security Forum, Founder and President at University IT Forum
  • Mr.B.M.Zahid-ul Haque, Head of Information Security, BRAC Bank Limited
  • Mr.Syed Almas Kabir, President – BASIS, CEO & shareholder of MetroNet Bangladesh Limited and Managing Director of AyAl Corp
  • Mr.Tanveer Ehsanur Rahman, CTO, Novo Telecom LTD

Key deliberations of the panel was revolving around the below questions:

  1. Importance of SOC (Security Operations Centre) and Incidence Detection and Response
  2. Awareness of Cybersecurity in the society in order to adopt proactive measures
  3. Potential Threats, Vulnerabilities and remediation measures in Financial Sector
  4. Govt. and Policy makers standpoint on managed security arena
  5. Impact of Cyber Attacks and adoption of 24×7 monitoring systems
  6. Placing Managed Defence and Security Orchestration Strategies to the management/board

InfoQuest, the sixth print journal of cyber security was launched in Dhaka as well. E-version of the same can be fetched from this link

The concluding part of the event was Cyber Awards for significant achievements in the domains

More detailed photographs can be visible from the Facebook Album.

Stay tuned for our future initiatives.


Leave a comment

“Infosec Global 2018”, 3rd International Infosec Summit in Kolkata

Preface

Last two years “InfoSec Global” had added a new feather in the cap for Kolkata. The worshiping of Cyber Wisdom is the major festival has become a critical milestone for the city of joy to welcome winter.

3rd Edition of International InfoSec Summit “InfoSec Global 2018”, took place at The Park, Kolkata on 16th November, 2018.

InfoSec Foundation is a non-profit Foundation dedicated for cyber awareness for citizens. This is being shaped as a platform to exchange ideas among different stakeholders like Govt., Banks, Police, Corporates, deciding best practice for industry, creating a road-map for Cyber Security, Information Security, Data Security in order to have cross pollination.

In the mission of spreading Citizen Awareness, we have already taken many steps pan India basis apart from our initiatives in Bangladesh, Africa and United Kingdom. Last two years we had organized international InfoSec Summit in Kolkata with all different stakeholders. Last July-August, we had concluded a 4 City CISO Symposium (Kolkata-Delhi-Bangalore-Mumbai) to connect the CISO community.

This year the event has grown larger with greater impact, reach, content and participation.

InfoSec Foundation is already working as voice of citizen where we bring in all stakeholders together to create a more aware and responsive ecosystem. Connect and extend initiatives that have not reached the targeted audiences, find gaps and demand raise the silent voice so that it reaches the ears of policy makers and functionaries.

Summits, CIO Roundtables, Print Journals, Cyber Security Help lines, Seminars, Training, Workshops, Product Development – these are few envisaged areas we have already started working in India, Bangladesh, UK and Africa.

InfoSec Global 2018 is the outcome of same vision driven by Infosec Foundation.

Infosec Global 2018, Kolkata

Infosec Foundation had taken the important responsibility through the International InfoSec Summit to ignite cyber security wisdoms among stake holders. Third edition of this International Summit took place on 16th November, 2016 followed by 2nd Edition on 3rd  November, 2017 And first edition on 18th November, 2018 in Kolkata. These event series has become integral part for the eastern Eco system to leverage the opportunity to connect the best Cyber Security Experts across the globe and get enriched with cyber knowledge.

This year the event was supported by West Bengal Government, NASSCOM, STPI and IEEE. Besides Prime Infoserv, Fortinet, FireEye, Kaspersky, IBM Security, Vehere, India Cyber Security Solutions, Global Insurance, Tata Teleservices, Hipla were the key sponsors who helped us to make it possible.

    

Theme of the Event

‘Cyber Resilience and Agility in your Digital Future” was the theme for the 3rd International Infosec Summit in Kolkata this year. The program was designed for the leaders from the field of IT Infrastructure, Data Security, and Information Security across verticals. With the spread of Digital Assets and connectivity, the flexibility and agility is most important parameters to have proactive Defense. The strategies, action plans, learning, case studies, technology and process benchmarking etc. were highlighted during the summit in order to have greater wisdom for the audience.

Speakers and Topics

The event was graced with Chief Guest Dr.Gulshan Rai (Chief Cyber Security, PMO, Govt. of India). Mr. Shyamal Datta (IPS Retd., Former Director – IB, Former Governor of Nagaland), Mr. Debasish Sen ( IAS, Additional Chief Secretary, Information Technology & Electronics, Govt. of West Bengal), Mr.HariKusumakar (IPS, Secy Co-ordination, Home & Hill Affairs and Satet Cyber Crime Co-ordinator, West Bengal), Mr. Sanjay Mahapatra (Editor, Enterprise IT World) and Mr.Sushobhan Mukherjee (Chairman, Infosec FOundation and CEO , Prime Infoserv) was part of the inaugural panel.

 

Besides, the event had witnesses array of speakers across industry with the gracious presence of the global thought leaders. Eminent personalities like Dr.Ajeet Bajpai (Director General, NCIIPC), Ms.Vaishali Bhagwat (Partner VP -Shintre & Associates), Mr. Michael Joseph (Director, Systems Engineering, Fortinet),Mr.Nabankur Sen (Bandhan Bank), Mr.Shrikant SHitole (Country Hed, FireEye), Mr.Akshay Verma (Global Insurance), Mr.Gautam Kapoor (Partner, Risk Advisory, Deloitte India), Mr.Ahmed Rokibur Rahman (AVP, Head of ICT, Woori Bank, Bangladesh),  Mr.Debasish Ghosh (Chief Internal Auditor – Srei Group, President – Institute of Internal Auditors), Mr.Vishak Raman (Director, Security Business, Cisco India & SAARC),Mr. Anup Deb (IBM Resilient, Singapore), Dr. Amar Prasad Reddy (Director General, National Cyber Safety and Security Standards), Mr. Gant Redmon (IBM, United States), Mr.Sanjay Das (Deputy Secretary, Information Technology & Electronics, Govt. of West Bengal), Mr. Debasish Dey (Professor and Director, Maulana Abul Kalam Azad University of Technology), Mr.Ashok Sharma (Co-founder, and CTO, QOS Technology), Dr. Amlan Chakraborti (Professor & Director. AK Choudhury School of IT, University of Calcutta), Mr. Ishtiyaq Ahmad Shah(Security Consultant, FireEye), Mr. Dinesh O Bareja (COO – Open Security Alliance), Mr. Arijit Samanta (Regional Head, East India & Bangladesh, Kaspersky), Mr. Ritesh Bhatia (Director – Cybercrime Investigations, V4WEB Cybersecurity), Mr. Partha Sengupta (Vice President, ITC Infotech), Mr. Gigi Joseph (CISO, Bhabha Atomic Research Centre), Mr. Michael Joseph (Director, Systems Engineering, Fortinet), Mr. Arnab Bhattacharyya (Partner, Ernest & Young), Mr. Mohammad Zahinul Islam (Managing Director, lnter Exchange Solutions Limited, Bangladesh), Mr. Rana Sircar (Ericsson) etc. had graced the audience with their deep insight.

    

There were many interesting topics like Evolution of Cyber Resilience in Digital India, Cyber Crime, Cyber warfare, International Cyber Law, Digital Transformation is demanding “Tear down These Walls”,

Beyond Compliance- Security Challenges For Financial Services Industry, Integrated Architecture Approach to Securing your Enterprise, Security Orchestration and Managed Defense, Paradigm Shift of Indian Cyber Security, Vulnerabilities around Blockchain, Cyber Security Capacity Building – Turning Knowledge Into Performance, Threat Hunting, Infrastructure Security, Building Next Generation Cyber Defence, Rising Threats of Darknet, Taking Cyber Security To The Board Room, 5G Security etc.

Audience

There were 250+ people attended the event with delegations from all leading corporates, enterprises, academia, government, law enforcement agencies, manufacturers, providers etc. not only from india, but also from Bangladesh, Singapore, United States and United Kingdom in order to have true global flavor.

The audience were mainly from senior management, decision makers in the stature of MD, CEO, CIO, CFO, COO, GM etc.

 

There were 30+ Media Houses from print, television, radio and web platforms who were keen to spread the buzz to the mass audience.

Take Aways

The event had great deliberations in exchanging thoughts, knowledge, ideas, and case studies on cyber security among the speakers, audience, attendees, participating stakeholders. The same had not only generated great enthusiasm over networking, but also generated direct business opportunity.

The event has raised several voices, concerns from the community, extended government / policy makers’ roadmap, articulated steps on synchronization between stakeholders and surely created platform for enriched knowledge in order to have better wisdom. It was indeed a great platform for students, cyber aspirants to learn, engage and contribute.

6th Edition of InfoQuest (the dedicated print journal of Information security) got unveiled during the summit. The print journal is working as a great tool as the mouthpiece of the industry in cyber security domain.

 

Infosec foundation had recognized several individuals and communities for their significant contribution in the domain.

  

Music was also not kept aside. Mr.Parijat played his solo songs ranging from Bob Dillon, RD Burman to his own Bengali Compositions whereas The Band Spectrum played the instrumental under the leadership of Arnab Bhattacharyya.

 

Infosec foundation is continuously working to connect human spirits beyond tools and technology and in effect, there was special attention on food apart from Music.

The lunch was consisting of Papri Chaat, Various Choices of Salads, Grilled Fish with Lemon Capers, Tandoori Chicken Butter Masala, Dhokar Dalna, Navratan Korma, Dal Makhni, Steamed Rice, Raita, Dahi Wada, Indian Bread, Kulcha, Hot Gulab Jamun and Ice Cream. Post Cocktail over snacs,  Dinner was of mix of Green Salad, Russian Salad, Fish Orly, Chicken Tikka Lababdar, Chhannar Dalna, Mixed Subzi Jhalfrezi, Rajma Masala, Peas and Corn Pulao, Anar Raita, Butter Naan, Assorted Sandesh, Angoori Rasmalai etc. The blend of traditional bengali cuisine with the nort indian delicacy had generated immense excitement in the audience.

The story does not end here. The journey will continue. Stay tuned for our upcoming movements.

More photographs can be fetched here.

Any queries can be directed to secretariat@infoconglobal.org


Leave a comment

Data Privacy, Facebook and Cambridge Analytica

Introduction

In the latest in the data leak controversy, Cambridge Analytica has been accused of breach of data with inappropriate usage of Facebook data, privacy breaches and psychological manipulation.

Cambridge Analytica systematically and knowingly ran campaigns based on psychological and personality profiles mined from the Facebook data in 2017. The firm has been accused of harvesting private information from the Facebook profiles of over 50 million users without their permission, making it the largest data breach in the history. This information was revealed by a former employee and founder Christopher Wylie to the Observer and the New York Times. Wylie explained how he worked with Aleksandr Kogan, an academic from Cambridge University, to obtain this data and exploit users.

The misuse of data may have allowed the company to build a psychological profile of a large proportion of the American electorate targeting them with specific marketing material and targeted ads, thereby swaying the results of 2016 presidential elections.

Criticality

Most people do not think about the data they share via social media, banking and other large corporate and government, as there is a general level of trust that there are adequate laws and protections, and that by and large there is nothing to worry about, as organizations are assumed to be ethical. While there are growing levels of distrust across the community, taking proper security measures is critical in slowing the decay.

This criticality of the context is not the data issue, but the way data was used. Cambridge used the data records of 50 Million Americans to have a premeditated psychological influence by false Facebook ‘advertising.’ Posts were targeted at potential voters precisely targeting their vulnerabilities.

A data breach is when someone who is not authorized to handle specific information obtains access to that information. It’s a non-trivial failure of the security measures a responsible company or reasonable individuals would have in place. It implies wrongdoing, it implies malice, it implies a victim/attacker relationship.

But when data is harvested and used with the unknowing opt-in of thousands of people, that’s not a breach. There are no hackers here; just people who knew how to use freely-given personal data to manipulate not very technically astute people to some political end.

Data breaches are being revealed for years now. Interestingly, no one hacked into Facebook’s servers exploiting a bug, like hackers stole the personal data of more than 140 million people from Equifax. No one tricked Facebook users into giving away their passwords and then stole their data, like Russian hackers broke into the email accounts through phishing emails.

Facebooks has become a massive data collection machine with 2.2 billion active users, but almost having no guardrails on how they are used. Facebook allowed a third-party to implement an application for the sole purpose of gathering user’s data. Furthermore, Facebook is aware about this issue for more than two years, and only now they acknowledging their mistakes once it has been made public.

The Facebook story rang a similar tune to a story from September about Tinder harvesting user data as well. Judith Duportail requested Tinder to send all of the personal data they have stored for her. They sent back 800 pages containing her deepest, darkest secrets, things she didn’t even know she preferred. It is another perfect example of how social media apps will harvest any personal data they can to sell and make a profit.

Big data breaches are unsettling given the power tech titans now exercise. How to rein them in is a huge challenge. A good example is Facebook, that offers its service free, but people then entrust it with every detail of their lives. It’s a myth that users own the data and content they post on Facebook, and control how it’s shared. The reality differs. Facebook will flog the data to enrich itself, which the Cambdrige Analytica case clearly demonstrates.

Road Ahead

In this context, the laws like GDPR may play a good role. The users can request any large service provider in the world (who has any connection with the EU whatsoever which is everyone) to obliterate your data forever and they must oblige. Or you can request your data to be handed to you in a “portable” format that you can take with you.

Beyond GDPR there is more that the consumer needs to take control of. In the case of Facebook, this is limiting what 3rd party apps have access to. And this can be confusing with apps constantly “complaining” that they will not work properly without access to body sensors, contacts or the camera. And the user needs to ultimately start with a point of zero-trust—turn off all access—and then test for themselves how the app behaves and then gradually turn on permissions as needed.

It is not in reality but hitting the easy button will have consequences of the “analytica” kind. And then we will act outraged when it happens.

We are in a journey where the privacy boundaries are going to be constantly tested. Expecting the platform vendors to suddenly start doing the “morally” right thing is too naïve. Consumers need to be savvier and assume extreme ownership of their own data. GDPR provides the framework, it is our duty to exercise it.

Stay safe, secure and do due diligence before making your personal data public through social media.


1 Comment

GDPR – The Essentials

Preface

Data Privacy and protection are gaining attention wordwide. In line of the same trend, the European Union, has introduces a new framework to safeguard data and privacy for its citizens.

The same is termed as General Data Protection Regulation (GDPR). It supersedes the UK Data Protection Act 1998 and will be applicable form 25th May, 2018. Hence the companies attached to EU need to prepare as soon as possible, taking into account some obligations may be expensive and the implementation will be time-consuming.

The new regulation introduces a set of rules, which require organizations to implement controls to protect personal data. The new law brings a 21st century approach to data protection. It expands the rights of individuals to control how their personal information is collected and processed, and places a range of new obligations on organizations to be more accountable for data protection.

GDPR compliance demands strong compliance with the data protection principles. This involves taking a risk-based approach to data protection, ensuring appropriate policies, procedures and Technology are in place to deal with the transparency, accountability and individuals’ rights provisions, as well as building a workplace culture of data privacy and security.

With the appropriate compliance framework in place, not only organizations be able to avoid significant fines and reputational damage, they will also be able to show customers that you are trustworthy and responsible, and derive added value from the data you hold.

What is personal data?

GDPR is designed to enable individuals to better control their personal data.

“Personal data” is defined in the GDPR as any information relating to a person who can be identified, directly or indirectly, by reference to an identifier such as a name, an identification number, location data, online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that person. In other words, any data or processes that can identify the subject comprise that individual’s personal data.

A piece of personal data that allows one to identify a specific person. That’s the shortest and most practical definition. Lets understand the context with use of few email addresses.

info@infoconglobal.org  is not a piece of personal data, as it isn’t assigned to a specific person at a company. It doesn’t imply who the owner of the address is. It points to a company, not a person.

sushobhan@infoconglobal.org  is a piece of personal data, as it is assigned to a specific person at a company. It does imply who the owner of the address is, or at least it gives you enough information to identify a specific person at a company.

sushobhanm@gmail.com  is a piece of personal data, as it is assigned to a specific person.

Whether we work within a B2B or a B2C domain, we administer or process some kind of personal data. It’s most probably the data of your clients, our prospects, our users, our email list subscribers, or our employees.

GDPR is not about regulating email sending. It’s about regulating the ways in which you administer and process personal data of EU citizens in general. Email address is just an example here. In various contexts data like telephone numbers, addresses, identification numbers etc. may be treated as personal data as well.

Requirements of GDPR 2018

The GDPR itself contains 11 chapters and 91 articles. The following are some of the chapters and articles that have the greatest potential impact on security operations:

  • Articles 17 & 18– Articles 17 and 18 of the GDPR give data subjects more control over personal data that is processed automatically. The result is that data subjects may transfer their personal data between service providers more easily (also called the “right to portability”), and they may direct a controller to erase their personal data under certain circumstances (also called the “right to erasure”).
  • Articles 23 & 30– Articles 23 and 30 require companies to implement reasonable data protection measures to protect consumers’ personal data and privacy against loss or exposure.
  • Articles 31 & 32– Data breach notifications play a large role in the GDPR text. Article 31 specifies requirements for single data breaches: controllers must notify SAs of a personal data breach within 72 hours of learning of the breach and must provide specific details of the breach such as the nature of it and the approximate number of data subjects affected. Article 32 requires data controllers to notify data subjects as quickly as possible of breaches when the breaches place their rights and freedoms at high risk.
  • Articles 33 & 33a– Articles 33 and 33a require companies to perform Data Protection Impact Assessments to identify risks to consumer data and Data Protection Compliance Reviews to ensure those risks are addressed.
  • Article 35– Article 35 requires that certain companies appoint data protection officers. Specifically, any company that processes data revealing a subject’s genetic data, health, racial or ethnic origin, religious beliefs, etc. must designate a data protection officer; these officers serve to advise companies about compliance with the regulation and act as a point of contact with Supervising Authorities (SAs). Some companies may be subjected to this aspect of the GDPR simply because they collect personal information about their employees as part of human resources processes.
  • Articles 36 & 37– Articles 36 and 37 outline the data protection officer position and its responsibilities in ensuring GDPR compliance as well as reporting to Supervisory Authorities and data subjects.
  • Article 45– Article 45 extends data protection requirements to international companies that collect or process EU citizens’ personal data, subjecting them to the same requirements and penalties as EU-based companies.
  • Article 79– Article 79 outlines the penalties for GDPR non-compliance, which can be up to 4% of the violating company’s global annual revenue depending on the nature of the violation.

GDPR Checklist

GDPR comprises a list of specifications on how businesses should process and handle personal data. In effect, this regulation is to ensure that private data is processed with transparency under the new law, for a clearly-stated purpose, with end-user’s consent. Once fulfilled, the data should be deleted, provided there are no legal-binding regulations in the country or business.

The GDPR allows users for more flexibility over what they have shared. Users have the right to access, modify, rectify, delete altogether their data, among other things. The regulation will also set the foundations for a uniform set of data protection policies throughout the European Union. In other words, where there used to be different sets of rules per country, now is. Dated as they were, this radical change in data protection rules was much needed.

Inline with the first step for compliance, mapping the data flow to enable us to assess our privacy risks. This includes understanding and documenting the following:

  • What kind of personal data is collected (e.g., name, email, address)?
  • How is it collected (e.g., form, online, call center)?
  • Where is it stored?
  • How is it processed?
  • Is the data encrypted?
  • Who is accountable for personal data?
  • What is the location of the systems/filing systems containing the data?
  • Who has access to the information?
  • Is the information disclosed/shared with anyone (e.g., suppliers, third parties)?
  • Does the system interface with or transfer information to other systems?
  • How long do we keep it?

GDPR impacts

The GDPR impacts many areas of an organization: legal and compliance, technology, and data

  • Legal & Compliance: The GPDR introduces new requirements and challenges for legal and compliance functions. Many organizations will require a Data Protection Officer (DPO) who will have a key role in ensuring compliance. If the GDPR is not complied with, organizations will face the heaviest fines yet –up to 4% of global turnover. A renewed emphasis on organizational accountability will require proactive, robust privacy governance, requiring organizations to review how they write privacy policies, to make these easier to understand.
  • Technology: New GDPR requirements will mean changes to the ways in which technologies are designed and managed. Documented privacy risk assessments will be required to deploy major new systems and technologies. Security breaches will have to be notified to regulators within 72 hours, meaning implementation of new or enhanced incident response procedures. The concept of ‘Privacy By Design has now become enshrined in law, with the Privacy Impact Assessment expected to become commonplace across organizations over the next few years. And organizations will be expected to look more into data masking, pseudo-anonymization and encryption.
  • Data: Individuals and teams tasked with information management will be challenged to provide clearer oversight on data storage, journeys, and lineage. Having a better grasp of what data is collected and where it is stored will make it easier to comply with new data subject rights –rights to have data deleted and to have it ported to other organizations.

Controller vs. processor

There are two types of responsibilities regarding the protection of personal data: data “controllers” and

data “processors.” Specifically, any business that determines the purposes and means of processing personal data is considered a “controller.” Any business that processes personal data on behalf of the controller is considered a “processor.” For example, a bank (controller) collects the data of its clients when they open an account, but it is another organization (processor) that stores, digitizes, and catalogs all the information produced in paper by the bank.

In fact, some organizations have no control over the data they store from their customers. The question is: within the EU GDPR, what are the responsibilities of these organizations if they store personal data? Are they covered by the new European regulations?

According to Article 4 of EU GDPR, different roles are identified as indicated below:

  • Controller – “means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data
  • Processor – “means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller

Both organizations are responsible for handling the personal data of these customers.

EU GDPR vs ISO 27001 and 27018

The ISO 27001 standard is a framework for information protection. If the implementation of ISO 27001 identifies personal data as an information security asset, and those that stores/processes personal data in the cloud follow ISO 27018 recommendations, most of the EU GDPR requirements will be covered.

The ISO 27000 series of standards provide the means to ensure this protection. There are many points where the ISO 27001 and ISO 27018 standards can help achieve compliance with this regulation. Here are just a few of the most relevant ones:

  • Risk assessment – Because of the high fines defined in EU GDPR and major financial impact on organizations, it will be natural that the risk found during risk assessment regarding personal data is too high not to be dealt with. On the other side, one of the new requirements of the EU GDPR is the implementation of Data Protection Impact Assessments, where companies will have to first analyze the risks to their privacy, the same as is required by ISO 27001. Of course, while implementing ISO 27001, personal data must be classified as high criticality, but according to the control A.8.2.1 (Classification of information), “Information should be classified in terms of legal requirements, value, criticality and sensitivity to unauthorized disclosure or modification.”
  • Compliance – By implementing ISO 27001, because of control A.18.1.1 (Identification of applicable legislation and contractual requirements), it is mandatory to have a list of relevant legislative, statutory, regulatory, and contractual requirements. If the organization needs to be compliant with EU GDPR (see section above), this regulation will have to be part of this list. In any case, even if the organization is not covered by the EU GDPR, control A.18.1.4 (Privacy and protection of personally identifiable information) of ISO 27001 guides organizations in the implementation of a data policy and protection of personally identifiable Information. For cloud services providers, ISO 27018 control A.11.1 (Geographical location of PII) recommends that contractual agreements for international transfer of data must be available to cloud service customers.
  • Breach notification – Companies will have to notify data authorities within 72 hours after a breach of personal data has been discovered. The implementation of ISO 27001 control A.16.1 (Management of information security incidents and improvements) will ensure “a consistent and effective approach to the management of information security incidents, including communication on security events.” For cloud service providers, ISO 27018 has control A.9.1 (Notification of a data breach involving PII), with specific recommendations for preparation and handling of data breach incidents. According to EU GDPR, data subjects (“a living individual to whom personal data relates”) will also have to be notified, but only if the data poses a “high risk to data subjects’ rights and freedom.” The implementation of incident management, which results in detection and reporting of personal data incidents, will bring an improvement to the organization wishing to conform to GDPR.
  • Asset management – The ISO 27001 control A.8 (Asset management) leads to inclusion of personal data as information security assets, and allows organizations to understand what personal data is involved and where to store it, how long, its origin, and who has access, which are all requirements of EU GDPR.
  • Privacy by Design – The adoption of Privacy by Design, an EU GDPR requirement, becomes mandatory in the development of products and systems. ISO 27001 control A.14 (System acquisitions, development and maintenance) ensures that “information security is an integral part of information systems across the entire lifecycle.” For cloud service providers, ISO 27018 control A.4.2 recommends that secure erasure of temporary files should be considered as a requirement for information systems development.
  • Supplier Relationships – The ISO 27001 control A.15.1 (Information security in supplier relationships) aims for the “protection of the organization’s assets that are accessible by suppliers.” For cloud service providers, ISO 27018 recommends explicit definition of responsibilities of cloud service provider, sub-contractors, and cloud service customers.

Way Forward

The implementation of ISO 27001 covers most of the requirements of the EU GDPR; however, some Controls should be adapted to include personal data within its Information Security Management System.

In addition to ISO 27001, some measures will have to be included in order for an organization, either controller or processor, to ensure compliance with EU GDPR, such as Procedures for ensuring the exercise of the rights of data subjects, Mechanisms for the transfer of data outside the EU, Minimum content of the impact assessment on data protection, and Procedures to be followed in case of violation of personal data. All these controls can be integrated into the Information Security Management System, allowing the guarantee of legal compliance and continuous improvement, even more so when the ISMS and EU GDPR are aligned.

The organizations covered by the EU GDPR have until May 2018 to implement a set of measures that may imply a drastic change in their way of operating. Not knowing where to start can make this whole process unnecessarily complex. Therefore, the implementation of an ISMS compliant with ISO 27001 is a sure step for an organization to achieve compliance with EU GDPR.

  • Gap analysis: Experienced data protection consultants can assess the exact standing of your current legal situation, security practices and operating procedures in relation to the Data Protection Act (DPA) or the GDPR.
  • Data flow audit: Data mapping involves plotting all of your data flows, drawing up an extensive inventory of the data to understand where the data flows from, within and to. This type of analysis is a key requirement of the GDPR.
  • DPO as a service: Outsourcing the DPO role can help your organization address the compliance demands of the GDPR while staying focused on its core business activities.
  • Implementing a personal information management system (PIMS) :Establishing a PIMS as part of your overall business management system will make sure that data protection management is placed within a robust framework, which will be looked upon favorably by the regulator when it comes to DPA compliance.
  • Implementing an ISMS compliant with ISO 27001
  • Cyber-Health Check: Combination of on-site and remote vulnerability assessments to assess your cyber-risk exposure.

GDPR compliance may be tough, but data security and privacy are worth for the extra effort. Any company that complies GDPR, spreads a message that they do care about customer data privacy.

Be proactive on Data Protection, Privacy , Confidentiality and Integrity. Enjoy the benefits of GDPR.


Leave a comment

Wordcon 2018 – Freelancer’s International Conference

“Wordcon 2018”, 3rd International Conference by Freelance Foundation took place last Friday (9th February, 2018) at the Park, Kolkata.

The first one was in Jameson Inn in 2015 followed by 2nd one in 2017 at Sonnet, Saltlake.

In these three years, the journey was not only exciting, but also evolved lot many opportunities, ideas and off course synergies across the globe. Freelance Foundation core philosophy revolves around harmony and collaboration. The activities were focussed towards handshaking between freelancers across the borders. Apart from two major conferences, it has taken many interesting and innovative steps like EPIC (entrepreneur’s picnic), Global Exchange Program at United Kingdom (Oxford, London, Birmingham and Glasgow), Outbound Programs (Hyderabad, Silk Route, Orissa, Silchar, Siatale, Dhaka), Musicals (Hammer and Violin / Spring – Summer) , Cricket Match (Fructus et Virtus) and many others.

The key dimensions for Freelance Foundation and Wordcon are as follows:

  • Uniqueness and Diversity of Audience: Wordcon is Eastern India’s only and perhaps the country’s only Platform of Freelancers. Since freelancers are everywhere in the economy, the audience is diverse and layered.
  • Solving the fundamental business problem: Every business would like to configure the right talent, the right price and the right timing to deliver value to the client. HR’s greatest problem is achieving this configuration consistently. Freelancing answers this problem, especially for smaller organizations and by building relationship with freelancers, you have local talents whom you may not get through the employee route and the additional advantage of cost flexibility and overhead reduction.
  • International Access: Our international sponsors are looking for Indian partners for access to Indian markets in segments. Wordcon is increasingly becoming a credible platform and it is wise to be associated with such a platform at an early stage.

In line with the same flow, this years’s conference was designed. The theme for this year’s conference was “Freelancing – a unique way to earn income, leisure and fame”.

Eminent personalities like Mr.Bruce Bucknell (British Dy.High Commissioner), Dr.Parthasarathi Bhattacharyya (Renowned Pulmonologist and Founder-Director IPCS), Swami Sarvalokananda Maharj (Secretary, Narendrapur Mission), Mr.Jawhar Sircar (ex-CEO, Prasar-Bharati ), Mr. Nirupam Sen (Regional Head, BSI), Mr.Gaurav Purkayastha (Advocate, Calcutta High Court), Mr. Mohammad Zahinul Islam (Managing Director, Inter Exchange Solutions Ltd, Bangladesh), Mr. Kashinath Bhattacharyya (Sports Journalist),  Mr.Gobinda Roy(Research Scientist, VGSOM, IIT-Kharagpur), Mr. Subhasish Chatterjee (CEO, Connect India), Mr.Sanjay Sen (Renowned Football Coach),  Mr. Saurabh Mukherjee (A certified Master Practitioner and International NLP Trainer with NFNLP, A certified Practitioner of Transactional Analysis), he is also a certified Past Life Regression Therapist) Mr. Goutam Choudhury(Founder of salilda.com and Music Researcher and Archivist, Rotterdam, Netherlands), Mr.Jigar Kantharia (Translator from Ahmedabad), Mr.Abu Sayed Ahmed (CA from Bangladesh), Mr.Joyshankar (Surma-Dohar Musical Group), Dr.Devasis Ghosh (Mental Health Professional and Holistic Healing Researcher) and other dignitaries had graced the occasion with their deep insight.

The Agenda, Speakers, Panels, Topics were designed in a fashion so that diversified domain experts starting from music, sports, accounts, healthcare, translation, Media etc. could open up areas of engagement for the audience.

Overall 120+ attendees, 30+speakers, 20+ Press People, 10+ Sponsors joined the program to make it a grand success. Great networking, sumptuous foods, Awards for Recognition, Music were few additional areas of attraction.

Pease kachuri, Peas and Corn Pulao, Chana Dal with Coconut, Dhokar Dalna, Matar Paneer, Grilled Fish with Lemon Capers, Chicken Rezala, Mixed Raita, Chanar Payesh, Gajar Ka Halwa were few gracious items in the lunch menu.

The event witnessed the launch of three books:

  • Bootstrapping Market Innovation – a book by two freelancers as how to build an effective and reality-tested marketing plan with virtually no financial cost.
  • Freespace – Freelancer’s Journal – 3rd Edition
  • অবকাশ সমগ্র (Collected works of Leisure) by Dr. Abakash Ranjan Kar

Wordcon will continue conducting small – local and hyper-local events with freelancers, followed by cultural, musical and literary showcasing.

The spirit of “Wordcon” is briefed through the small assemble of limericks:

ভাল্লাগে না বদ্ধ জীবন, রোজের চাকরী খাতায়,
মুক্ত স্বাধীন ভাবনাগুলো চড়কি কাটে মাথায়,

সম্মেলনের আসর ঘিরে,
পার্ক হোটেলে জমাট ভীড়ে,

ওয়ার্ড কনের মঞ্চে সকল ফ্রিল্যান্স সন্ধি পাতায় |

Last but not the least, Wordcon and Infocon both feel that there is an increasing conflict in our life and livelihood and we are missing quality leisure and healthy social mixing.

Stay tuned thorough our website (www.wordcon.in). Three cheers for “Wordcon”.