| |
|
 |
By The Numbers |
By 2007, Internet Penetration in India had reached upto 42 Million Users.
|
|
|
|
Exams alert |
| MAH-MBA/MMS-CET 2008 will be held on 17th February 2008 (Sunday). |
|
|
 |
Thus Spake |
The reasonable man adapts himself to the world; the unreasonable one persists in trying to adapt the world to himself. Therefore, all progress depends on the unreasonable man |
|
- George Bernard Shaw
|
|
|
| |
 |
|
| |
Interesting Facts |
|
|
| |
A crocodile can't move its tongue and cannot chew. Its digestive juices are so strong that it can digest a steel nail
The system of democracy was introduced 2500 years ago in Athens, Greece. The oldest existing governing body operates in Althing in Iceland. It was established in 930 AD.
Joseph Niepce developed the world's first photographic image in 1827. Thomas Edison and W K L Dickson introduced the film camera in 1894. But the first projection of an image on a screen was made by a German priest. In 1646, Athanasius Kircher used a candle or oil lamp to project hand-painted images onto a white screen. |
|
|
|
|
|
|
|
|
Information security |
|
|
|
Information security means protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction.The terms information security, computer security and information assurance are frequently used interchangeably. These fields are interrelated and share the common goals of protecting the confidentiality, integrity and availability of information; however, there are some subtle differences between them. |
|
|
|
|
|
| |
|
|
|
| |
|
|
|
Smile Please..! |
Bragging about Japan |
There was a Japanese man who went to America for sightseeing. On the last day, he hailed a cab and told the driver to drive to the airport. During the journey, a Honda drove past the taxi. Thereupon, the man leaned out of the window excitedly and yelled, "Honda, very fast! Made in Japan!"
After a while, a Toyota sped past the taxi. Again, the Japanese man leaned out of the window and yelled, "Toyota, very fast! Made in Japan!"
And then a Mitsubishi sped past the taxi. For the third time, the Japanese leaned out of the window and yelled, "Mitsubishi, very fast! Made in Japan!"
The driver was a little angry, but he kept quiet. And this went on for quite a number of cars. Finally, the taxi came to the airport. The fare was US$300.
The Japanese exclaimed, "Wah... so expensive!"
There upon, the driver yelled back, "Meter, very fast! Made in Japan!"
|
| |
|
---------------------------------------------- |
Unfamiliar with a term |
|
|
|
These four guys were walking down the street, a Saudi, a Russian, a North Korean, and a New Yorker.
A reporter comes running up and says, "Excuse me, what is your opinion about the meat shortage?"
The Saudi says, "What's a shortage?"
The Russian says, "What's meat?"
The North Korean says, "What's an opinion?"
The New Yorker, says, "Excuse me?? What's excuse me?"
|
|
|
| |
|
| |
|
|
|
|
|
From The Editors Desk |
| |
Heartiest Greetings!
In this issue of Youniverse, we have presented an Article on “Information security“, which provides an Introduction to this vast topic. With globalization and increasing penetration of ICT in today’s businesses, the organizations around the world are prone to threats, vulnerabilities and risks to a greater degree than ever before.
More >>
|
Complex Simplicities |
|
HTML - Hypertext Markup Language
|
|
|
HTML, an initialism of Hypertext Markup Language, is the predominant markup language for web pages. It provides a means to describe the structure of text-based information in a document by denoting certain text as headings, paragraphs, lists, and so on and to supplement that text with interactive forms, embedded images, and other objects. |
|
|
XML- Extensible Markup Language |
|
|
|
|
|
The Extensible Markup Language (XML) is a general-purpose markup language. It is classified as an extensible language because it allows its users to define their own tags. Its primary purpose is to facilitate the sharing of structured data across different information systems, particularly via the Internet.It is used both to encode documents and serialize data. In the latter context, it is comparable with other text-based serialization languages such as JSON and YAML. |
|
| |
| UML- Unified Modeling Language |
| |
|
In the field of software engineering, the Unified Modeling Language (UML) is a standardized specification language for object modeling. UML is a general-purpose modeling language that includes a graphical notation used to create an abstract model of a system, referred to as a UML model. UML is officially defined at the Object Management Group (OMG) by the UML metamodel, a Meta-Object Facility metamodel (MOF). |
|
|
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
|
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
|
|
| |
Interesting Facts |
| |
|
|
|
|
| |
|
A crocodile can't move its tongue and cannot chew. Its digestive juices are so strong that it can digest a steel nail |
|
|
| |
|
The system of democracy was introduced 2500 years ago in Athens, Greece. The oldest existing governing body operates in Althing in Iceland. It was established in 930 AD. |
|
|
| |
|
Joseph Niepce developed the world's first photographic image in 1827. Thomas Edison and W K L Dickson introduced the film camera in 1894. But the first projection of an image on a screen was made by a German priest. In 1646, Athanasius Kircher used a candle or oil lamp to project hand-painted images onto a white screen. |
|
|
| |
|
The brain of an average adult male weighs 1,375 gm (55 oz). The brain of Russian novelist Turgenev weighed 2021 gm (81 oz), Bismark's weighed 1807 gm (72 oz), while that of French statesman Gambetta was only 1294 gm (51 oz). Einstein's brain was of average size. |
|
|
| |
|
The first kind of Pencil was a bunch of Graphite sticks held together by string. Then someone decided it would be better to push the graphite into the inside of a hollow wooden stick. Joseph Rechendorfer was the first person to think of putting a piece of rubber onto the top of a pencil which makes it real easy to rub out mistakes. The average lead pencil can draw a line that is almost 35 miles long or you can write almost 50,000 words in English with just one pencil. |
|
|
| |
|
Karl Benz invented the first gas powered car. The car had only three wheels. The first car with four wheels was made in France in 1901 by Panhard et LeVassor. |
|
|
| |
|
The first steam powered train was invented by Robert Stephenson. It was called the Rocket. |
|
|
|
|
| |
|
| |
Information security |
| |
Information security means protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction.The terms information security, computer security and information assurance are frequently used interchangeably. These fields are interrelated and share the common goals of protecting the confidentiality, integrity and availability of information; however, there are some subtle differences between them. These differences lie primarily in the approach to the subject, the methodologies used, and the areas of concentration. Information security is concerned with the confidentiality, integrity and availability of data regardless of the form the data may take: electronic, print, or other forms. |
|
|
|
Governments, military, financial institutions, hospitals, and private businesses amass a great deal of confidential information about their employees, customers, products, research, and financial status. Most of this information is now collected, processed and stored on electronic computers and transmitted across networks to other computers. Should confidential information about a businesses customers or finances or new product line fall into the hands of a competitor, such a breach of security could lead to lost business, law suits or even bankruptcy of the business. Protecting confidential information is a business requirement, and in many cases also an ethical and legal requirement. For the individual, information security has a significant effect on Privacy, which is viewed very differently in different cultures. |
|
The field of information security has grown and evolved significantly in recent years. As a career choice there are many ways of gaining entry into the field. It offers many areas for specialization including Information Systems Auditing, Business Continuity Planning and Digital Forensics Science, to name a few. |
|
| History |
|
|
|
Since the early days of writing, heads of state and military commanders understood that it was necessary to provide some mechanism to protect the confidentiality of written correspondence and to have some means of detecting tampering. Persons desiring secure communications have used wax seals and other sealing devices since the early days of writing to signify the authenticity of documents, prevent tampering, and ensure confidentiality of correspondence. |
|
|
|
Julius Caesar is credited with the invention of the Caesar cipher c50 B.C. to prevent his secret messages from being read should a message fall into the wrong hands. |
|
World War II brought about many advancements in information security and marked the beginning of information security as a professional field. WWII saw advancements in the physical protection of information with barricades and armed guards controlling access into information centers. It also saw the introduction of formalized classification of data based upon the sensitivity of the information and who could have access to the information. During WWII background checks were also conducted before granting clearance to classified information. |
|
The end of the 20th century and early years of the 21st century saw rapid advancements in telecommunications, computing hardware and software, and data encryption. The availability of smaller, more powerful and less expensive computing equipment made electronic data processing within the reach of small business and the home user. These computers quickly became interconnected through a network generically called the Internet or World Wide Web. |
|
The rapid growth and wide spread use of electronic data processing and electronic business conducted through the Internet, along with numerous occurrences of international terrorism, fueled the need for better methods of protecting these computers and the information they store, process and transmit. The academic disciplines of computer security, information security and information assurance emerged along with numerous professional organizations - all sharing the common goals of insuring the security and reliability of information systems. |
| |
| Basic principles |
| |
| Key concepts |
| |
TFor over twenty years information security has held that three key concepts form the core principles of information security: confidentiality, integrity and availability. These are known as the CIA Triad. |
| |
| Confidentiality |
| |
It is virtually impossible to get a drivers license, rent an apartment, obtain medical care, or take out a loan without disclosing a great deal of very personal information about ourselves, such as our name, address, telephone number, date of birth, Social Security number, marital status, number of children, mother's maiden name, income, place of employment, medical history, etc. This is all very personal and private information, yet we are often required to provide such information in order to transact business. We generally take it on faith that the person, business, or institution to whom we disclose such personal information have taken measures to ensure that our information will be protected from unauthorized discloser, either accidental or intentional, and that our information will only be shared with other people, businesses or institutions who are authorized to have access to the information and who have a genuine need to know the information. |
|
Information that is considered to be confidential in nature must only be accessed, used, copied, or disclosed by persons who have been authorized to access, use, copy, or disclose the information, and then only when there is a genuine need to access, use, copy or disclose the information. A breach of confidentiality occurs when information that is considered to be confidential in nature has been, or may have been, accessed, used, copied, or disclosed to, or by, someone who was not authorized to have access to the information. Confidentiality is a requisite for maintaining the privacy of the people whose personal information the organization holds. |
| |
| Integrity |
| |
In information security, integrity means that data can not be created, changed, or deleted without authorization. It also means that data stored in one part of a database system is in agreement with other related data stored in another part of the database system (or another system). For example: a loss of integrity can occur when a database system is not properly shut down before maintenance is performed or the database server suddenly loses electrical power. A loss of integrity occurs when an employee accidentally, or with malicious intent, deletes important data files. A loss of integrity can occur if a computer virus is released onto the computer. A loss of integrity can also occur when an on-line shopper is able to change the price of the product they are purchasing. |
| |
| Availability |
| |
The concept of availability means that the information, the computing systems used to process the information, and the security controls used to protect the information are all available and functioning correctly when the information is needed. The opposite of availability is denial of service (DOS). |
| |
| Risk management |
| |
The CISA Review Manual 2006 provides the following definition of risk management: "Risk management is the process of identifying vulnerabilities and threats to the information resources used by an organization in achieving business objectives, and deciding what countermeasures, if any, to take in reducing risk to an acceptable level, based on the value of the information resource to the organization." |
|
There are two things in this definition that may need some clarification. First, the process of risk management is an ongoing iterative process. It must be repeated indefinitely. The business environment is constantly changing and new threats and vulnerabilities emerge every day. Second, the choice of countermeasures (controls) used to manage risks must strike a balance between productivity, cost, effectiveness of the countermeasure, and the value of the informational asset being protected. |
|
Risk is the likelihood that something bad will happen that causes harm to an informational asset (or the loss of the asset). A vulnerability is a weakness that could be used to endanger or cause harm to an informational asset. A threat is anything (man made or act of nature) that has the potential to cause harm. |
|
The likelihood that a threat will use a vulnerability to cause harm creates a risk. When a threat does use a vulnerability to inflict harm, it has an impact. In the context of information security, the impact is a loss of availability, integrity, and confidentiality, and possibly other losses (lost income, loss of life, loss of real property). It should be pointed out that it is not possible to identify all risks, nor is it possible to eliminate all risk. The remaining risk is called residual risk. |
|
A risk assessment is carried out by a team of people who have knowledge of specific areas of the business. Membership of the team may vary over time as different parts of the business are assessed. The assessment may use a subjective qualitative analysis based on informed opinion, or where reliable dollar figures and historical information is available, the analysis may use quantitative analysis. |
|
The ISO/IEC 27002:2005 Code of practice for information security management recommends the following be examined during a risk assesment: |
|
|
security policy |
|
|
|
organization of information security |
|
|
|
asset management, human resources security |
|
|
|
physical and environmental security |
|
|
|
communications and operations management |
|
|
|
access control |
|
|
|
information systems acquisition |
|
|
|
development and maintenance |
|
|
|
information security incident management |
|
|
|
business continuity management, and |
|
|
|
regulatory compliance |
|
|
| In broad terms the risk management process consists of: |
|
|
Identification of assets and estimating their value. Include: people, buildings, hardware, software, data (electronic, print, other), supplies |
|
|
|
Conduct a threat assessment. Include: Acts of nature, acts of war, accidents, malicious acts originating from inside or outside the organization |
|
|
|
Conduct a vulnerability assessment, and for each vulnerability, calculate the probability that it will be exploited. Evaluate policies, procedures, standards, training, physical security, quality control, technical security |
|
|
|
Calculate the impact that each threat would have on each asset. Use qualitative analysis or quantitative analysis |
|
|
|
Identify, select and implement appropriate controls. Provide a proportional response. Consider productivity, cost effectiveness, and value of the asset |
|
|
|
Evaluate the effectiveness of the control measures. Ensure the controls provide the required cost effective protection without discernable loss of productivity |
|
|
|
|
For any given risk, Executive Management can choose to accept the risk based upon the relative value of the asset, the relative frequency of occurrence, and the relative impact on the business. Or, leadership may choose to mitigate the risk by selecting and implementing appropriate control measures to reduce the risk. In some cases, the risk can be transferred to another business by buying insurance or out-sourcing to another business |
| |
| Conclusions |
| |
Information security is the ongoing process of exercising due care and due diligence to protect information, and information systems, from unauthorized access, use, disclosure, destruction, modification, or disruption. The never ending process of information security involves ongoing training, assessment, protection, monitoring & detection, incident response & repair, documentation, and review. |
| |
| |
|
|
| |
HTML - Hypertext Markup Language |
| |
|
|
HTML, an initialism of Hypertext Markup Language, is the predominant markup language for web pages. It provides a means to describe the structure of text-based information in a document by denoting certain text as headings, paragraphs, lists, and so on and to supplement that text with interactive forms, embedded images, and other objects. HTML is written in the form of labels (known as tags), surrounded by angle brackets. HTML can also describe, to some degree, the appearance and semantics of a document, and can include embedded scripting language code which can affect the behavior of web browsers and other HTML processors. |
|
|
|
|
|
HTML lacks some of the features found in earlier hypertext systems, such as typed links, transclusion, source tracking, fat links etc.Even some hypertext features that were in early versions of HTML have been ignored by most popular web browsers until recently, such as the link element and in-browser Web page editing. Any browser can display any HTML document |
| |
|
|
|
| |
XML- Extensible Markup Language |
| |
|
|
The Extensible Markup Language (XML) is a general-purpose markup language. It is classified as an extensible language because it allows its users to define their own tags. Its primary purpose is to facilitate the sharing of structured data across different information systems, particularly via the Internet.It is used both to encode documents and serialize data. In the latter context, it is comparable with other text-based serialization languages such as JSON and YAML. It started as a simplified subset of the Standard Generalized Markup Language (SGML), and is designed to be relatively human-legible. By adding semantic constraints, application languages can be implemented in XML. These include XHTML, RSS, Math ML, Graph ML, Scalable Vector Graphics, Music XML, and thousands of others. Moreover, XML is sometimes used as the specification language for such application languages. XML is recommended by the World Wide Web Consortium. It is a fee-free open standard. |
|
|
| |
|
|
|
|
| |
| |
UML- Unified Modeling Language
|
| |
|
|
| |
|
|
|
In the field of software engineering, the Unified Modeling Language (UML) is a standardized specification language for object modeling. UML is a general-purpose modeling language that includes a graphical notation used to create an abstract model of a system, referred to as a UML model. UML is officially defined at the Object Management Group (OMG) by the UML metamodel, a Meta-Object Facility metamodel (MOF). Like other MOF-based specifications, the UML metamodel and UML models may be serialized in XML. UML was designed to specify, visualize, construct, and document software-intensive systems. |
|
|
|
| UML is not restricted to modeling software. UML is also used for business process modeling, systems engineering modeling, and representing organizational structures. The Systems Modeling Language (SysML) is a Domain-Specific Modeling language for systems engineering that is defined as a UML 2.0 profile. |
|
UML has been a catalyst for the evolution of model-driven technologies, which include model-driven development (MDD), model-driven engineering (MDE), and model-driven architecture (MDA). By establishing an industry consensus on a graphic notation to represent common concepts like classes, components, generalization, aggregation, and behaviors, UML has allowed software developers to concentrate more on design and architecture. UML models may be automatically transformed to other representations (e.g. Java) by means of QVT-like transformation languages, supported by the OMG. |
|
|
|
|
|
| |
|
|
From The Editors Desk |
| |
|
| Kayalvizhi M.S |
| Email - kayal@mindlogicx.com |
| |
| Heartiest Greetings! |
|
|
|
In this issue of Youniverse, we have presented an Article on “Information security“, which provides an Introduction to this vast topic. With globalization and increasing penetration of ICT in today’s businesses, the organizations around the world are prone to threats, vulnerabilities and risks to a greater degree than ever before. The CIA Triad in the field of Information Security comprises of confidentiality, integrity and availability. The Triad governs the various practices to be followed to ensure that the business processes and assets are completely protected.
Our regular section on Examinations informs you of the exams alert in the coming month. Section on Complex simplicities attempts to provide you a detailed information on concepts like HTML, XML & UML which form the basis of any web development package.
|
|
|
We welcome your thought, views, comments & suggestions to share information as knowledge. |
| |
| Editor |
|
|
| |
Feedback |
|
|
 |
Please provide us with your feedback on how you feel about the Youniverse newsletter.You can also send us your queries on the VEDAS services. |
top |
|
|
| Email to info@vedaslive.com |
| |
| |
|
|
|
|
|
