Home > Information Security, Security > Information Security Consultant (Pappu!)

Information Security Consultant (Pappu!)

As a disclaimer, I hereby declare that all the ideas put forth in this article solely belong to Pappu (i.e. author’s virtual character), not of author’s.

PAPPU has been in the industry of information security, consulting and providing various solutions to his clients for the past 6 years. Recently he realizes that the market in information security is growing, more and more companies are proactive towards security to ensure the threats/risks from external hackers and internal disgruntled employees is minimal, and few companies want to gain confidence of their customers through security certifications. Whatever might be the reason, he’s excited with the market trend and with the increase in number of calls from the customers.

For next few months he gets too busy with customer calls, new assignments, new problems, and building new team…almost after 3 months, he gets time to breath. With all the experience gained, Pappu thinks he should utilize this break to do something which he never did before. After filtering multiple options, he lands at one options i.e Writing His First Article. Confused with what to write he finally thinks of sharing, the commonly identified GAPs in most of the organizations, as an article.

Following are few GAPs indentified by Pappu in most of the smaller organization, during his consulting tenure:

  1. Most of the customers don’t understand what VA and PT stand for
  2. Network is already compromised and the customer isn’t aware of it. It’s just a matter of checking logs regularly, which network admins fail to do so as a part of their job
  3. Many companies don’t have basic hardware firewall at place, and few think just a software firewall would safeguard their network
  4. No network intrusion detection system at place
  5. Employees representing as Network Admins of an organization have zero or too limited knowledge to understand how important their role is
  6. Most of the time Admins are too busy picking up calls and solving silly issues in the network and they tend to forget to check the logs for any malicious activities
  7. In few companies, most of the desktops have admin privileges. Literally anybody can download and install anything on the net. Lack of basic level policies and procedures
  8. No back up strategy at all No physical security at place
  9. No camera surveillance

Many more such issues upset Pappu a lot…
Companies small or big should realize that in this dangerous world it is not so tough a task to intrude into any system without user’s notice. It is important to have basic infrastructure at place to safeguard the intellectual property lest companies might quite easily lose their competitive advantage.

Quite happy with the way his first article took the shape and about to publish his article, Pappu receives a call from a premier customer, not enough time to publish his article asks his dumb friend to publish on his behalf. But his friend mean and shrewd finds the article interesting, publishes it removes the name of Pappu and adds his name instead! Now exactly that is what is happening these days… Pappu’s little negligence has allowed the intruder (dumb friend) to royally take away his intellectual property.

  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: