Skip to main content

Jobs we observed in a system performance

They are made either any of the following- - Tech job, - Business job, - Nut job, or - Enterprise job. What's yours? Can you do it better from your existing drive? Whatever you do, your output should facilitate not just your organization's goal but a little more than what you originally planned. Leaders usually kept them in the mind, so subtle only them knows it, but with some useful and delicate strategies employed people really are doing a good job, and working to improve them, too. That's the beginning why corporate social responsibility, or even the consequential environmental, social and governance initiatives can be a potent move to do something, if pertinent or weighty is even the right word. That doesn't need an ostentatious resources but the effect is meaningful for stakeholders, everyone we meant.

How do we see security and privacy in the enterprise

Enterprise system, infrastructure, data, services, distinct roles, operating functions and management controls have built in basic security and privacy capabilities. Whether or not it is a mandate, which is usually assured and backed by business conduct and applicable policies, security and privacy have to be utilized and configured correctly to suit the needs of the entire organization not just a particular scope or business unit.

Security and privacy attack vectors and velocity have never been so dynamic and logistical opportunity is not a burden at all nowadays.

There has to be an unwavering disposition on security and privacy initiative.

Regardless of industry setting, security and privacy must remain a foothold mechanism by the technology at large.

Security can be designed and deployed to prevent incidents and malicious intents toward technology and data.

Technology and data are complementary on purpose and they can be tightened, not restricted, not only by making sure their built-in controls are properly applied but by scaling such mechanisms with specific security that is fitting to the requirements of the entire system. Enterprises must be distinct and not generalize an effective application of security in an enterprise setting.

We can start with our own idea, knowing what must be done but we don’t necessarily need to be a practitioner, by considering a technology initiative for a small business. Here we can say, they have computer systems, network and business applications that are all obvious to their setup. In their context, security can be made sure that it is working due to built in controls that were applied including operating systems update, firewall which permits only services, access to business applications and data that needs to be enabled and opened to end-users using a different computer that is authorized within the network. We can imagine how this has been described. It has no server, no dedicated storage device and it’s just some computers purely connected to a hub or unmanaged network switch. They may have a network with workstations’ sharing enabled which connects every computers and end-users to connect to their business applications and data. There’s not much to protect in this setting and there is no need to acquire additional security solution. Their systems are being protected by their workstations firewall, anti-virus and the immediate or regular application of available software update. Their data privacy is protected by their ability to apply least privilege and restrict computers and end-users access to human resource and financial data regardless if registration for compliance purposes is mandatory or optional. The restriction and authorization are key here since they don’t have specific technology to manage this. With a minimum of twenty computers up to 30 or a little more, this can be done with the people’s wits, using eyes and notifications or placard, by doing self-regulation and make themselves aware that anything that is not necessary in their network must not be allowed.

In an enterprise setting, the same idea as mentioned above can be applied. With servers, dedicated storage and managed-capable network devices we should be able protect systems further by enabling network-based authenticated access to resources and subject workstations to technical security controls. The question is if they have public-facing services hosted on-premise in which case the enterprise may need email, web and few other dedicated security technologies. The same idea can be applied if they have more than the usual workstation-based or an ad-hoc business and web applications being accessed publicly. With this setting there is much more that can be done on authorizing and automating the administration of enterprise technology and data and even connect to the cloud if they have assets there already. A growing interest and the convenience it provides to businesses with their move to cloud-based applications for email, web and business applications have made this truly practical for security and privacy considerations, while they are not enabled by default, a subscriber-stakeholder should be able to do it with or without specialized training just by simply reading a provided manual or just contract it with a quick setup to be done by a third-party without interest in selling products but their superb services with a sincere warranty provisions. With on-premise and the cloud, resources are now straddled, and the enterprise system as a whole can be coalesced by connecting these two or more geographically separated networks in a private manner.

With the cloud as part of the enterprise system, security and privacy are easier to be acquired, implement and managed and the best of it is no more capex, major upgrade activities, migration issues, compliance to regulatory regimes and international standards. Everything just gets to be improved without the subscriber having to do anything at all.

And there is the cyberspace whose resource and capacity requires a considerable protection of critical infrastructures statewide, if not universally, which may or may not completely alter the text above. 

Comments

Popular posts from this blog

Philippine telcos blocking entire SMS text with internet addresses in it

If you are sending SMS texts to your friends, family or colleagues and they contain internet or web address including IP and email addresses, and even a period or dot separating, regardless of, your words and numbers, they are automatically blocked and not going to be received by your waiting recipient. Cooler heads must prevail here especially if an important message is urgently being expected. IP version 6 address is fine. However, an IPv4 including localhost address (given automatically to every computers and network interfaces as their own alone designed for troubleshooting purposes), and your money in the billion figure using dot as separators would be blocked.  If you send "local.business, naman.naman etcetera" or any words that made you use dot in between them, as part of the text, they will be blocked. There are some, that isn't blocked in this category. Like check.iclassed, some.ent, whatever.local etcetera, that is because they do not form any domain name at all

Online information provided for stakeholders' consumption

It must relay the true meaning and real application necessary in the physical world. We have probably all experience how to learn first thing about our plans before we go ahead and act. Like for instance, when we order something online, attend to some responsibilities for our organizations, communicate with people via video, chat and email including but not limited to asking stakeholders, very politely and sincerely, if there's anything else we can do to help further. This online environment must make us work to facilitate and relay exactly what we expect and do in the physical world. What the online information is telling us should be enough to readily make a decision and act accordingly. This is especially true when people have to do it themselves, read relevant information and will go there, say store, or anywhere else, to perform the chores required.  We cannot provide information online, when customers expect them to be a guideline or instruction to do something, that we know

Philippine cyber campaign

Are Philippine institutions being targeted or simply being probed? We don't know for certain. It could be either or both. Whichever comes first? What we can understand, with the success of such attacks, is that they have found their way. Really.   How hard or easy? The attacker knows, but probably, also, those being attacked. Inclination should be there no matter how sophisticated our security systems are. In cybersecurity, we do a very focused job. Making sure we disappoint whoever is trying to gain access to any resource without permission and authority regardless of the environment we are in. What happened is that every asset deemed to have every variant of resource built-in, operating, that makes up the entire system working whatever it is trying to employ, in that case the primary purpose. Meaning, we have to know if we are running our system in a manner that is really secure, provisioned properly during design stage and managed continuously afterwards, post-implementation. No