Wednesday, 19 April 2017

Risk Mitigation as a process


Software companies in India
Risk mitigation, another process of risk management, involves prioritizing, evaluating, and implementing the suitable risk-reducing controls suggested from the risk assessment process. Since the elimination of all risk is typically impractical or close to impossible, it is the obligation of senior management and functional and business managers of software companies in India to practice the least-cost approach and implement the most appropriate controls to shrink mission risk to an acceptable level, with minimal adverse impact on the organization’s resources and mission.

RISK MITIGATION OPTIONS
Risk mitigation is an organized methodology used by senior management to shrink mission risk. Risk mitigation can be accomplished via any of the following risk mitigation options:

Risk Assumption
To accept the probable risk and continue operating the IT system or to implement controls to lower the risk to an satisfactory level

Risk Avoidance
To avoid the risk by eradicating the risk cause and/or consequence (e.g., forgo specific functions of the system or shut down the system when risks are acknowledged)

Risk Limitation
To limit the risk by implementing controls that minimize the opposing impact of a threat’s working out a vulnerability (e.g., use of supporting, preventive, detective controls)

Risk Planning
To manage risk by developing a risk mitigation plan that ranks, implements, and maintains controls

Research and Acknowledgment
To lower the risk of loss by recognizing the vulnerability or defect and researching controls to correct the vulnerability

Risk Transference
To handover the risk by using other options to reimburse for the loss, such as purchasing insurance.


The goals and mission of an organization should be reflected in selecting any of these risk mitigation options. It may not be practical to tackle all identified risks, so importance should be given to the threat and vulnerability pairs that have the potential to source significant mission impact or harm. Also, in defending an organization’s mission and its IT systems, because of each organization’s distinctive environment and objectives, the alternative used to mitigate the risk and the methods used to implement controls may differ. The “best of breed” tactic is to use suitable technologies from among the several vendor security products, along with the suitable risk mitigation option and nontechnical, administrative measures.

Following are rules of thumb, which provide guidance on actions to mitigate risks from deliberate human threats:

When vulnerability (or defect, weakness) exists
 ➞ Implement assurance techniques to diminish the likelihood of a vulnerability’s being exercised.

When a vulnerability can be exercised
➞ put on layered protections, architectural designs, and administrative controls to reduce the risk of or prevent this incidence.

When the attacker’s cost is a smaller amount than the possible gain
➞ apply protections to decrease an attacker’s incentive by increasing the attacker’s cost (e.g., use of system controls such as restraining what a system user can access and do can considerably reduce an attacker’s gain).

When loss is too excessive
➞ apply design principles, architectural designs, and technical and nontechnical shields to limit the range of the attack, thereby reducing the likely for loss.

The strategy sketched above, with the exclusion of the third list item (“When the attacker’s cost is a smaller amount than the possible gain”), also applies to the mitigation of risks rising from environmental or unintended human threats (e.g., system or user errors). Because there is no “attacker,” no motivation or gain is involved. Software companies in India have started believing in risk mitigation process and it has proved to be a drastic risk reducing and controlling factor for them.

Friday, 10 March 2017

ITIL Service Design

software development company

The scope of Service Design covers the design of new IT services, as well as modification, changes and improvements made to the existing ones.

The activities included in Service design are :
  • To design the IT services to meet Business Objectives of a software development company.
  • To design Secure & flexible IT Infrastructure.
  • To analyze, identify and remove the risks associated with the IT services before they go live.
  • To create & maintain the IT plans, processes, policies and frameworks.
  • To design methods & metrics for the measurement of the effectiveness of processes.
  • Design Effective & efficient processes for design, transition & operation phases

The Service Design includes different phases, namely :
  1. Design Coordination
  2. Service Catalogue Management
  3. Service Level Management
  4. Availability Management
  5. Capacity Management
  6. Supplier Management
  7. Information Security Management
  8. Service Continuity Management
  9. Risk Management
  10. Compliance Management
  11. Architecture Management
DESIGN COORDINATION
Design Coordination handles all processes in the Design stage and acts as the center point of all the communication.
It governs all designing activities and make sure that the consistent design of IT services is aligned with the service strategy.

Five Sub processes of the Design Coordination includes :
  • Design Coordination Support
  • Service Design Planning
  • Service Design Coordination and Monitoring
  • Technical and Organizational Service Design
  • Service Design Review and RFC Submission
SERVICE CATALOGUE MANAGEMENT

Service Catalogue Management includes the IT Services which are ready to be used and implemented.

The objective of the Service Catalogue Management includes :
  • Creating and maintaining the Service Catalogue.
  • Keeping the Service Catalogue updated with the latest trends and information.
  • There has to be Continual Improvement in Management of Service Catalogue.
Service Catalogue :

The service catalogue is defined as the single source of information for all the offerings of IT services. It includes Operational & in Transition Services. Service catalogue is considered as a part of Service Portfolio. Service Catalogue emphasizes on what kind of IT service software development company would would like to offer to its customers based on the needs of the customers.

The different types of Service Catalogue are given as :
  • Business Service Catalogue
  • Technical Service Catalogue

AVAILABILITY MANAGEMENT


The Availability Management ensures that the IT services are working as agreed upon.

The objective of the Availability Management includes :
  • To ensure agreed Availability Level is continuously met or not and check whether it has exceeded the expected level or not.
  • To ensure that a defined level of IT services are accessible to customer in a cost effective way.
  • The availability management ensures Availability
  • The availability management ensures Reliability
  • The availability management ensures Maintainability
  • The availability management ensures Serviceability
  • The availability management ensures Fault Tolerance
Three sub-processes of Availability Management includes :
  • Design Services for Availability Process
  • Availability Testing Process
  • Availability Monitoring and Reporting.
SERVICE LEVEL MANAGEMENT

The Service Level Management covers the negotiation & service level agreement with the clients on the various IT service provided.

The objective of the Service Level Management includes :
  • It focuses on the negotiation, agreement and documentation of the agreed levels of the IT Services.
  • Maintaining the balance between expectation of the customers and the capabilities of an IT organization.
  • Emphasizes on continual improvement and maintaining of the agreed IT service levels
  • It looks onto managing the performance as per the agreed service level norms.
  • Maintain the customer relationship is given importance.

Four Service Level Management sub-processes includes :
  • Maintenance of the SLM Framework Objective
  • Identification of Service Requirements Objective
  • Agreements Sign-Off and Service Activation
Service Level Monitoring and Reporting Process

CAPACITY MANAGEMENT


The Capacity Management ensures IT services are sized in very cost effective manner and at the optimum level.

Mapping and ensuring that the capacity of IT services with the IT infrastructure is able to deliver the agreed service level targets in a cost effective and timely manner.
It ensures that the IT infrastructure is utilized to its optimum level.
Capacity plan should be regularly produced and updated.

Four Sub processes of the Capacity management includes :
  • Business Capacity Management
  • Service Capacity Management
  • Component Capacity Management
  • Capacity Management Reporting
SUPPLIER MANAGEMENT

The role of the Supplier Management in an IT organization is to manage Supplier Relationship & Performance and maintain it for the advantage of the organization on the ease of resource availability.

The objectives of the Supplier Management includes :
  • To enhance and maintain the supplier relationship & performance
  • To Ensure the relevant and correct contracts with the supplier of the IT services
  • To manage and maintain the contracts throughout the supplier management lifecycle
  • To create and maintain the database of Supplier Policy and Contracts
Six Sub Processes of Supplier management includes :
  • Providing the Supplier Management Framework
  • Evaluation of new Suppliers and Contracts
  • Establishing new Suppliers and Contracts
  • Processing of Standard Orders Process
  • Supplier and Contract Review Process
  • Renewal or Termination Process
INFORMATION SECURITY MANAGEMENT

Information Security Management is the way to protect the data and information of the IT organization against the vulnerabilities of the natural or environmental factors. 

The objectives of the Information Security Management includes :
  • To prevent  against the unauthorized access
  • To provide various effective security measures at different levels : Strategic, planned & Operational organizational Levels
  • To match and comply with the Information Security Requirements as per Service Level Agreement
Four Sub Processes of the Information Security Management includes :
  • Design of Security Controls
  • Security Testing
  • Management of Security Incidents
  • Security Review
SERVICE CONTINUITY MANAGEMENT

The Service Continuity Management process focuses on the continuation and the recovery  of the IT services even after the disaster and ensuring that they work in the same fashion as before as per the  agreed & applicable SLA

The objectives of the service continuity management includes :
  • To create & manage IT service continuity & recovery plans
  • To reduce potential disaster occurrence
  • Balance SLAs & Cost factors while planning for service continuity
Four sub processes of the service continuity management includes :
  • ITSCM Support Objective
  • Design Services for Continuity
  • ITSCM Training and Testing
  • ITSCM Review.
Conclusion: The service design helps to an IT organization to design new services and increasing the relationship with the IT service providers and the supplier along with maintaining the relationship with the customer thereby increasing the value of the IT organization. It helps to maintain the existing IT Services as well as implementing new services.

References :

http://wiki.en.it-processmaps.com/index.php/ITIL_Service_Design

Wednesday, 8 February 2017

Types of Network Security

Software development companiesNetwork scanning is a scanning used to define vulnerabilities in a network. A scan can be used by security experts to shield the security of a network from an external attack. Hackers may use a scan to find vulnerabilities. Different types of scanning are as under,



Three–Way Handshake

TCP is connection-oriented, which indicates connection establishment is principal prior to data transmission between applications. This connection is possible using the process of the three-way handshake. The three-way handshake is applied for establishing the connection between protocols.

The three-way handshake procedure goes as follows:
  • To launch a TCP link, the source sends a SYN packet to the destination (10.0.0.3:21).
  • The destination, on getting the SYN packet, i.e., sent by the source, responds by referring a SYN/ACK packet back to the source.
  • This ACK packet checks the arrival of the first SYN packet to the source.
  • The source sends an ACK packet for the ACK/SYN packet sent by the receiver.
  • This triggers an "OPEN" connection agreeing communication between the source and the destination, until any of them send a "FIN" packet or a "RST" packet to close the connection.
The TCP protocol keeps stateful connections for all connection-oriented protocols across
the Internet, and works the same as a normal telephone communication, in which one picks up a telephone receiver, hears a dial tone, and dials a number that generates ringing at the receiver end until a person picks up the receiver and tells, "Hello."

Stealth Scan(Half-Open Scan)

Stealth scan sends a single frame to a TCP port without any TCP handshaking or extra packet transfers. This is a scan type that leads a single frame with the expectation of a single response. The half-open scan partly opens a connection, but stops midway. This is also known as a SYN scan because it only directs the SYN packet. This stops the service from ever being reported of the incoming connection. The three-way handshake approach is also implemented by the stealth scan. The variation is that in the last stage, remote ports are recognized by examining the packets entering the interface and dismissing the connection before a new initialization was activated.

The process preludes the following:
  • To start initialization, the client forward a single "SYN" packet to the destination server on the matching port.
  • The server initiates the stealth scanning process, depending on the response sent.
  • If the server forwards a "SYN/ACK" response packet, then the port is in "OPEN" state.
  • If the response is advanced with an "RST" packet, then the port is in a "CLOSED" state.

NULL Scan

NULL scans direct TCP packets with all flags turned off. It is expected that closed ports will return a TCP RST. Packets received by open ports are rejected as invalid. It sets all flags of TCP headers, such as SYN, ACK, FIN, RST, URG and PSH, to NULL or unassigned. When any packets reach at the server, BSD networking code notifies the kernel to drop the incoming packet if a port is open, or sends an RST flag if a port is closed. This scan uses flags in the opposite fashion as the Xmas scan, but gives the similar output as FIN and Xmas tree scans. Many network codes of major operating systems can behave inversely in terms of responding to the packet, ex, Microsoft versus UNIX. This method does not helpful for Microsoft operating systems. Command line for null scanning with NMAP is " -sN"
Advantage:
It evades IDS and TCP three-way handshake.
Disadvantage:
It is helpful only for UNIX.

Network scanning scans networks for vulnerabilities in the security of that network. If there is a vulnerability with the safety of the network, it will give a report back to a hacker who may use this information to exploit that network bug to gain entry to the network or for other malicious actions.

Tuesday, 10 January 2017

Introduction to Project Management

Software development companies

What Is a Project?

A project is defined as a temporary attempt undertaken to make a unique product, service. The project achieves when its objectives are met or when the project has been terminated. The time taken to complete a particular project depends upon its size. It can be a large or small project. Software development companies define the project similarly except that the objectives are different and business oriented.

Project Attributes

The attributes of project includes a unique purpose for which the task is undertaken. To carry out a project different resources are required from different domain or areas.
Projects are temporary and they should have a sponsor or a primary customer. There is always an uncertainty attached with a project.

The project sponsor is the person who is responsible for providing the direction and funding for the project.

Project and Program Managers

Project managers work with the entire Project Team, Project Sponsors, and all the other people involved in a project to meet project goals and objectives whereas a Program is defined as group of related projects managed in a coordinated way to obtain benefits and control not available from managing them individually

What is Project Management?

Project management is the use of knowledge, skills, various tools and techniques to achieve goals and meet the requirements of the project. The triple constraints of project management are scope, time and cost.

The project stakeholders are part of project. They are the people involved and affected by the various activities carried out in the project. Stakeholders can be the project sponsor, project manager, project team, clients/customers, users and suppliers.

The key competencies required by project managers are described by the Knowledge areas.

The four core knowledge areas are scope, time, cost, and quality. They lead to some specific project objectives. The other four facilitating knowledge areas through which the project objectives are achieved are given as HR, communication, risk, and Procurement management.

To assist project manager, various Project management tools and techniques are used. Some specific tools and techniques include Project charter, Scope and Work Breakdown Structure, the Gantt charts, Network diagrams, Critical Path and chain scheduling. The knowledge are taking into cost are given as cost estimates and Earned Value Management (EVM).

As a part of Project management, Super tools have high use and potential for improving project success and achieve project goals such as Task scheduling software, Scope statements, various requirement analysis, and the report for the lessons learnt.

Tools, as suggested by some software development companies in India, which are extensively used and found to improve the importance of project includes the project progress reports, scheduled Kick-off meetings and Change requests.

The following points should be taken care for a successful project. They are given as:
  • Support from Executives
  • There should be continuous User involvement
  • Experienced project manager
  • Clearly defined Business objectives
  • Minimized and focused scope
  • Standard Software infrastructure
  • Formal Methodologies
  • Reliable cost and resource estimates
  • Other criteria such as milestones, proper project planning, competent and reliable staff.

Most Important Skills and Competencies for Project Managers for a successful projects :
  • People skills
  • Leadership skill to guide and lead all the people working in the project.
  • Listening skills to take better decisions to achieve project goals.
  • Should be strong at building trust
  • Verbal communication
  • Managing and Building project teams
  • Project manager should be an ideal decision taker to Conflict resolution, conflict management.
  • They should have a Critical thinking to carry out effective and unique project.
  • Project manager should have problem solving skills to manage the problems arising during the project development.

Monday, 5 December 2016

Handling Security Issues in SDLC

software development companies

ASP.NET software companies in India must take special care while developing internal web applications that are accessed from outside with the help of world wide web. Moreover the increase in personally-owned mobile devices (e.g., watch gear, smartphones, tablets, and laptops) as well as the vast variety of vulnerable mobile apps results into a higher risk of revealing highly confidential and business-related information in the workplace. This is possible when such information is stored on personally-owned devices. Cyber-attacks often exploit such vulnerabilities inherent in applications and operating systems. Hence The software code must be developed following a secure coding guidelines and frequent updates and patches to software are necessary.

Security is unquestionably mandatory and no-one can overlook that. It may take longer and including security into SDLC may result into a more complicated practice.  Nevertheless, the alternatives are not that satisfactory as there are always hackers only too eager to disrupt into systems.

The consequences of not including security within the SDLC process can be catastrophic and could cause distressing concerns for companies' status and earnings. By safeguarding SDLC, unnecessary & un-planned costs can be evaded and security matters can be tackled as there is no need to wait for threats to emerge and then having to spend money in fitting current or probable matters that could have been dodged.

Software companies in India  use secure-SDLC that focuses on enforcing security into the Software Development Life Cycle. Every phase of SDLC will emphasize the enforcement of security – over and above the present set of events. Incorporating S-SDLC into an organization’s structure has many benefits that guarantees a secure product.

The focus of asp .net software companies in India, with respect to security domain, is on phases of SDLC such as design, implementation, delivery, operation, maintenance, and retirement. Information security and privacy experts must be involved in all phases of SDLC so that the overall effectiveness of security controls with respect to privacy concerns are taken care of.

The subsequent list recognizes key security guidelines at each stage in the development life cycle for asp .net software companies in India:

  • System feasibility: Pinpoint security requirements, including governing requirements, in-house policies and standards that must be looked at.
  • Software plans and requirements: Recognize the vulnerabilities, threats, and risks to software. Outline the desired level of protection. Conduct a cost-benefit analysis.
  • Product design: Propose for the security criteria in product design (e.g., access controls or encryption).
  • Detailed design: Determine business requirements and legal obligations within the design of security controls in a product or system.
  • Coding: Develop the security-related software code, comments and citations.
  • Integration product: Investigate security measures and make alterations.
  • Implementation: Implement any additional safety dealings prior to go-live.
  • Operations and maintenance: Observe the software and system for variations in security controls. Assess current controls against newly-discovered threats and vulnerabilities. Implement proper updates and patches, when essential. Certify the complete effectiveness of application and system security.
  • Product retirement: Safeguard information that was used and warehoused (i.e., archived), relocated to another database or system, or sterilized (i.e., erased) from the system.

Thus asp .net software companies in India can identify, reduce, mitigate and eliminate various security threats and adverse impacts that could be present in each stage of SDLC. It ultimately results into reduction in overall cost, efforts and time of delivering the final product or service in IT industry.
.

Thursday, 3 November 2016

Legal steps you must take before outsourcing content creation

custom software development companies
With the growth of the Internet and the need to create steady content, outsourcing has become incredibly common. In fact, [ CITATION Pat16 \l 1033 ] cites research that shows 79 percent of software development companies are embracing content marketing, while [ CITATION Sta14 \l 1033 ] reported that the global market size of outsourced services in 2014 was $104.6 billion dollars.

Being at the top in your market with content is crucial, as the value of great content drives leads and results in more sales. But before you jump to the abysmal of outsourcing content creation, there are a few things you’ll want to ponder, so that you can not only approach it the correct way but also protect you and your business from any negative effects down the road.

Recognize your content needs

In order to recruit great content creators you have to first delineate what type of content you need.
For instance, you could include:
  • Weekly blog posts
  • Social media updates
  • Guest blogging
  • Email marketing
  • Pay-per-click ad copywriting

Finding the specific types of content needed may not appear to be a legal step. However, at the kickoff, these are extremely essential things to ponder, all of which will enable you to sketch both your job advertisement and various aspects of your binding agreement.

Assign copyright

The act of simply compensating someone does not automatically turn over copyright of that content to the end user. Unless you explicitly list the terms of use in your agreement, the content creator maintains ownership of that content. In this case, you only have an implicit license, therefore, you’ll need definite permission to re-purpose any of that content for other stuffs, such as turning a blog post into an e-book or social-media posts.

It’s also essential that you consider safeguarding against the indemnification for images or content that may be the property of others. At the end of the day, you will be accountable if the content published on your site or in your materials is found to break the copyright law.
For text-based copy, using a service such as Copyscape is standard practice. But with image attribution, this is particularly tough, since there’s no good way to test the copyright short of either buying the rights or waiting for an angry copyright act warning from the owner who feels intruded.
Be clever and understand copyright upfront so you can evade any negative consequences.

Explicitly sketch outsourcing requirements.

Be as specific as possible when delineating requirements so that freelancers know your expectations, including benchmarking and measuring triumph or disaster. You may also want to include a SLA that clearly outlines performance details, measurements and standards. 

Cogitate on legal liabilities in your content.

You may need to take further provisions if the content you’ll be outsourcing is subjected to any regulatory requirements. For example, if you’re publishing medical content or financial advice, you may need to include relevant disclaimers or ensure materials produced meet certain standards to protect yourself lawfully.

If the content you publish on your website is such that you could be held legally liable for, be sure your outsourced creators are able to meet any essential requirements.

Preparing in advance for closure.

Ideally, you’ll find in a freelancer a long-term association for your content creation needs. But since turnover is unavoidable, it’s far better to protect yourself from start. Your termination clause is immensely important, as it sets forth the conditions under which the customer may exit the outsourcing association.

The termination clause needs to state the common reasons that give rights to you and your software development company to exit the clause along with the rights of the contractor. It’s also advisable to include both party’s respective privileges upon termination with regards to ongoing privacy and protection here as well.

Put everything in the contract.

Now that you’ve enclosed all your legal bases, document them in a formal written contract that both you and your freelancers will agree on. In most cases, it’s advisable to consult with an actual lawyer to do this. However, you can get started by finding similar contract agreements to work from. 

Take out an insurance policy.

Last, but not the least -- and let’s keep it short and simple -- it’s definitely worth investing in an insurance policy when it comes to defending your legal rights as a content creator and purchaser. At the end of the day, you need to be prepared for any legal complications that could occur from the content you publish -- or, at the very least, be fully aware of who’s liable for anything that may happen.

Conclusion
Though the Internet has distorted the rules and lines of outsourcing somewhat, it’s advisable to stick to guidelines and follow the rules to protect yourself. If you have any doubts, consult a lawyer.

Bibliography
Robles, P. (2016). Patricio Robles. Patricio Robles. Patricio Robles.
Statistica. (2014). Statistica. Statistica.

Tuesday, 4 October 2016

Fitting enterprise systems into systems

Software development company in india

Enterprise systems, developed by software companies in India, are used by large companies and small- and medium-sized enterprises (SMEs) to reorganize and streamline their internal and external operations.

Enterprise systems are used to enable the seamless integration and exchange of information between the several departments within an organization. In order to accomplish this, strictly defined control mechanisms must be in place in the system, which protect the company's data and safeguard the company against unauthorized and unintentional uses of the system. This is perfect for total control; however, is only attainable to a certain degree. The outline of controls in the enterprise system may have unintended organizational consequences, due to organizational necessities. The introduction of an enterprise system increases power differentials, which help to increase control in the organization. This results in amplified rigidity, and a probable decrease in organizational flexibility and resilience. On the other hand, enterprise systems can also cause drift, resulting from the unforeseen consequences of these power differential, as well as from the role of insights of people in resolving a problem within the enterprise system. This decrease in control may serve in some situations as an enabler to organizational flexibility.

Software companies in India recommend workforces to have decreased or increased authority, as an outcome of assignments of dissimilar authorization levels to carry out jobs in the system. Moreover, people with better knowledge of the system seem to attain authority as more people bank on their proficiency in order to carry out their tasks. Monitoring is another source of influence, where the person carrying out the monitoring is realized to control what the subordinate is performing in the system. Monitoring in this case depends on the accurate assignment of authorization levels to the correct individuals.Thus creation of authorization level shapes in the system, together with the monitoring abilities of the system and the making of proficiency by several actors, leading to the creation of power differentials. These power differentials then delivered to escalate the control in the company.

An enterprise system can be segregated, based on local contexts of communication, and reform them across time space. This is attained with the widespread nature of the enterprise system, which is configured in a central site. The segregation process then outcomes in increased control, produced by the significance of the configuration of the enterprise system, and the concentration of power in the hands of nominated individuals. As control increases, stiff mechanisms are put,by software companies in India, into place to create the organization more inelastic and robust. As such, the processes and procedures in the company are frozen, and firm rules apply regarding access to and manipulation of company information. Depending on the degree of this stiffness in rules (imposed by the enterprise system), the company may convertinto too unbending to respond efficiently to circumstances of change and pressure, and consequently becomingless resilient. Manipulation or soothing of those rules may, still, lead to more elasticity (with the price of fractional loss of control), and hence resilience can trulyrise.

On the other hand, an enterprise system can also be understood to integrate. This is accomplished with the scattered nature of enterprise systems, which can be installedwith the help of software companies in India, in many locations across time space. As anoutcome of the integration, there may be drift because of the influence of unintentional consequences of the system and the role of ethics of people in cracking a problem. This decline in control may serve to increase the resilience of the company, because the workforces operate the system for their individual use and are, therefore, able to react more to change when this happens. On the other hand, when the workforces fully follow the processes and procedures uttered by the system, then there is less or no drift, and the control structures enforced by the system are rebuilt. In this case resilience may actually decrease.

Thus fitting enterprise system into enterprise systems can produce higher rigidity into an organization at the same time it can also increase flexibility depending upon the organization necessities.Software companies in India can configure enterprise systems and its authorization levels as it is asked for.