Thursday, January 14, 2010

Google Tasks - Manage To-Do and sync online

Google Task works across platforms and syncs with mobile or custom clients. The desktop popup can be invoked from the gmail login. Individual or Group level list can be setup.  This auto-syncs with Google Calendar. Alerts can be sent in the form of email, pop-up and SMS. 

If using Google apps on your mobile, all your device data will be auto-synced to your Google account. This will use configured 3G/Edge, GPRS or wireless network. So there is no need to take explicit backup of your data. In event of a device crash, simple connect to your account and all your data will be downloaded back. This includes calendar, tasks, contacts, emails, notes, docs etc .etc. This feature is readily available on Android phones, but can be configured with some effort on others.


Friday, January 8, 2010

Types of Controls in IT environment

Per ISACA (www.isaca.org), multiple level of controls can defined and implemented in an Information system environment. Most organizations will have to plan for such controls and put them in place based on what should be achievable. Below is a list of different types of controls that can be implemented -

 
Preventive : Prevent the problem from occurring.
E.g: Anti-virus, contracts, organization charts, training, SLA/SLO, backups, firewall, encryption, fences, locks, CCTV, guards, access controls, username/password, separate test and production environments etc.

Detective : Identify a problem and raise alert.
E.g.: Auditing, intrusion Detection system, system logs, checksum, biometrics, forensic, digital signatures, alarm system, fingerprints, inventory count, stock take, burglar alarm, system audits, file integrity checker, motion detection, monitoring software etc.

Corrective : Rectify the problem after detection.
E.g.: data patch, data recovery/restoration, BCP, DRP, outsourcing, fire control sprinklers, humidity control, procedures, rollback transactions etc.

Compensating : Used to reduce the impact of an error or omission. These controls are used as alternative to normal controls that cannot be implemented due to some reason. These controls are used whenever there is lack of segregation of duties.
E.g.:- job rotation, reconciliation, supervisor review, transaction log, exception reports, audit trails etc.

Deterrent : Controls that reduce the likelihood of a deliberate act to cause a loss or an error. These are aimed at reducing security violations and warn in advance of danger that could occur.
E.g.: warning signs, barriers

Directive : These are the equivalent of administrative controls and direct that proper action be taken to protect sensitive organization information.
E.g.:- Policies, procedures, guidelines etc.