Page 17 of 24

English in India

July 27, 2012 / / 0 Comments

Great quora post about the idiosyncrasies of English as spoken in India. When I first started working with an offshore Indian team, the phrase “please do the needful” confused the hell out of me. They also seem to use Mr. First Name a lot.

I remember looking it up at some point. There was a theory that this all stems from the time of East India Company. Apparently that’s how English was spoken at the time and after the British left, a lot of schools and textbooks remained the same. So while English evolved into the modern day version, a lot of Indians continue to learn and speak the version that was brought to them by the British a few centuries back.

Securing users

July 27, 2012 / / 0 Comments

I was reading an edition of PenTest Magazine (attached here for convenience). They’ve had a few decent articles in there, but one was talking specifically about securing your users. That’s an interesting topic. An attack against your company is very likely to come through the “meatware” vector. It’s often much easier then trying to find the latest 0-day or buffer overflow. Of course you have your security policies and user training, but even the security pros fall for a well crafted phishing attack. Your expectation of the extent that you’ll be able to harden and train your userbase should be limited. You need to be prepared for a breach to come through that direction.

A lot of defenses should be focused on isolating the user population from critical systems, so that when a breach does occur, the impact is limited. Of course users do need some access in order to perform their jobs and that’s where it’s critical to focus on granular access controls, specifically RBAC. You also need to have the capacity to detect and respond to any anomalies in user behavior. That’s what ultimately will allow you to contain the threat and limit it’s impact.