Skip to main content

Could this be the greatest news for Earth and mankind 2023 beyond?

A scientific assessment of ozone depletion 2022 conducted by international organizations and government agencies says the ozone is healing.  The document's executive summary identifies the highlights including -Major achievement of the Montreal Protocol, -Current scientific and policy changes, -Future policy considerations.

How do we see security and privacy in the enterprise

Enterprise system, infrastructure, data, services, distinct roles, operating functions and management controls have built in basic security and privacy capabilities. Whether or not it is a mandate, which is usually assured and backed by business conduct and applicable policies, security and privacy have to be utilized and configured correctly to suit the needs of the entire organization not just a particular scope or business unit.

Security and privacy attack vectors and velocity have never been so dynamic and logistical opportunity is not a burden at all nowadays.

There has to be an unwavering disposition on security and privacy initiative.

Regardless of industry setting, security and privacy must remain a foothold mechanism by the technology at large.

Security can be designed and deployed to prevent incidents and malicious intents toward technology and data.

Technology and data are complementary on purpose and they can be tightened, not restricted, not only by making sure their built-in controls are properly applied but by scaling such mechanisms with specific security that is fitting to the requirements of the entire system. Enterprises must be distinct and not generalize an effective application of security in an enterprise setting.

We can start with our own idea, knowing what must be done but we don’t necessarily need to be a practitioner, by considering a technology initiative for a small business. Here we can say, they have computer systems, network and business applications that are all obvious to their setup. In their context, security can be made sure that it is working due to built in controls that were applied including operating systems update, firewall which permits only services, access to business applications and data that needs to be enabled and opened to end-users using a different computer that is authorized within the network. We can imagine how this has been described. It has no server, no dedicated storage device and it’s just some computers purely connected to a hub or unmanaged network switch. They may have a network with workstations’ sharing enabled which connects every computers and end-users to connect to their business applications and data. There’s not much to protect in this setting and there is no need to acquire additional security solution. Their systems are being protected by their workstations firewall, anti-virus and the immediate or regular application of available software update. Their data privacy is protected by their ability to apply least privilege and restrict computers and end-users access to human resource and financial data regardless if registration for compliance purposes is mandatory or optional. The restriction and authorization are key here since they don’t have specific technology to manage this. With a minimum of twenty computers up to 30 or a little more, this can be done with the people’s wits, using eyes and notifications or placard, by doing self-regulation and make themselves aware that anything that is not necessary in their network must not be allowed.

In an enterprise setting, the same idea as mentioned above can be applied. With servers, dedicated storage and managed-capable network devices we should be able protect systems further by enabling network-based authenticated access to resources and subject workstations to technical security controls. The question is if they have public-facing services hosted on-premise in which case the enterprise may need email, web and few other dedicated security technologies. The same idea can be applied if they have more than the usual workstation-based or an ad-hoc business and web applications being accessed publicly. With this setting there is much more that can be done on authorizing and automating the administration of enterprise technology and data and even connect to the cloud if they have assets there already. A growing interest and the convenience it provides to businesses with their move to cloud-based applications for email, web and business applications have made this truly practical for security and privacy considerations, while they are not enabled by default, a subscriber-stakeholder should be able to do it with or without specialized training just by simply reading a provided manual or just contract it with a quick setup to be done by a third-party without interest in selling products but their superb services with a sincere warranty provisions. With on-premise and the cloud, resources are now straddled, and the enterprise system as a whole can be coalesced by connecting these two or more geographically separated networks in a private manner.

With the cloud as part of the enterprise system, security and privacy are easier to be acquired, implement and managed and the best of it is no more capex, major upgrade activities, migration issues, compliance to regulatory regimes and international standards. Everything just gets to be improved without the subscriber having to do anything at all.

And there is the cyberspace whose resource and capacity requires a considerable protection of critical infrastructures statewide, if not universally, which may or may not completely alter the text above. 


Popular posts from this blog

[TW] IT documents, audit and leaders

IT documents comes with different names such as the following: - Manual or handbook, - Policies and procedures, - Management systems, - Project plans. In the real world we have various names with unique descriptions and purposes when in fact they could be made to do a uniform direction for which actions are based for the entire IT initiatives, probably the longest in IT lifecycle is operation. The problem is our inclination on something else which is wrong. IT remains an IT area. Business remains a business area. The same problem is carried out when we conduct IT audit. Most audit are missing the gists in which IT is being used by businesses. We once said that an effective IT audit is conducted by IT people themselves but there is something wrong with that even. Business and accounting people have been doing it with a different bias and preconceived notions which doesn't make the cut for IT direction and audit respectively. Leaders play the same game and so the problem continues an

iPhone 6s devices, longest to receive operating system updates

The recent release of iOS 15.5 to iPhone 6s is not a surprise to owners as they may have known it from last year when it was announced that iOS 15 will still be available for these devices. Indeed, the longest software update , according to The Verge, for a smartphone. If you are one of those who still hold dear such device, kept and taken care of with the same shiny look when it was bought, not a mat and scratch allowed on the surface, you would know that there had been one single major issue as you are about to run the update. Not enough storage.  In order to get past storage limit, you'd delete apps and data until it already has the minimum space to continue the update. A factory reset is inevitable to others, due to the fact that even after deleting all data including big multimedia files, it is still deficient of storage space.  Don't forget to backup your most treasured data though, before deleting all content or resetting the entire system, to other devices such as your