Identification of risks related to external parties • Risks to the organization’s information and information processing facilities from business processes involving external parties should be identified and appropriate controls implemented before granting access. User registration • Formal user registration and de-registration procedures should be implemented, for granting and revoking access to all information systems and services. Confidentiality agreements • Requirements for confidentiality and non-disclosure agreements (NDA) should reflect the organization’s needs for protection of information. Addressing security when dealing with customers • All identified security requirements should be addressed before giving customers access to the organization’s information or assets. Allocation of information security responsibilities • All information security responsibilities should be clearly defined. Limitation of connection time • Restrictions on connection times should be used to provide additional security for high-risk applications or remote communications capabilities. User authentication for external connections • Appropriate authentication methods should be used to control remote access to the network.

User access token management • Allocation of access tokens, such as key-cards, should be controlled through a formal management process. User password management • Allocation of passwords should be controlled through a formal management process. Password use • Users should follow good security practices in the selection and use of passwords. Password management system • Systems for managing passwords should ensure the quality of this authentication method. The camera quality is what makes a difference where the image captured is of concern and nothing more than that. Access token management system • Systems for managing access tokens should ensure the quality of this authentication method. Privilege management • Allocation and use of access privileges should be restricted and controlled. Use of system utilities • Use of system utilities that are capable of overriding other controls should be restricted, and appropriately monitored (e.g., by special event logging processes). Controls should apply to laptop, notebook, and palmtop computers; mobile phones and “smart” phone-PDAs; and portable storage devices and media. • Photocopiers, fax machines and other office equipment should be kept cleared of papers and any storage media when unattended. • Users should ensure that desks and other work areas are kept cleared of papers and any storage media when unattended.

Access control policy • An access control policy should be established, documented and periodically reviewed, based on business needs and external requirements. Secure log-on procedures • Access to data systems should be controlled by secure log-on procedures. Encryption of data: your data is always encrypted and is out of any unwanted eyes. Encrypted sites will have a small padlock sign next to their address for encrypted emails. The senior company officer, FSO and other key management employees will be processed for a security clearance. Authorization process for information processing facilities • A management authorization process for new information processing facilities and capabilities should be defined and implemented. Management commitment to information security • Management at all levels should actively support security within the organization with clear direction, demonstrated commitment, and explicit acknowledgement of information security responsibilities. Segregation in networks • Where appropriate and technically feasible, groups of information services, users and services should be segregated on networks.

Contact with special interest groups • Appropriate contacts with special interest groups or other specialist security forums and professional associations should be maintained. Contact with authorities • Appropriate contacts with relevant external authorities should be maintained. This category aims to maintain the security of the organization’s information and information processing facilities that are accessed, processed, communicated to or managed by external parties. Independent review of information security • The organization’s approach to managing information security and its implementation should be reviewed independently at planned intervals, and when there are significant changes to internal structure or the external environment. Information security coordination • Information security activities should be coordinated by representatives from different parts of the organization with relevant roles and job functions. Access token use • Users should follow good security practices in the use of tokens. Policy on use of network services • Users should only be provided with access to the services that they have been specifically authorized to use. 1. Provide users access on a need to know and need to do basis. Testers must understand the business reason, the number of users accessing the application, and the application’s workflow to be capable to identify the specific tests for each and every scenario.

The results of this programme will very much be location specific. “The radar system is a much more advanced desi version of the Israeli TECSAR 1 system. The government has also sent a notice to Israeli technology firm NSO Group, which had created the Pegasus spyware that is believed to have hacked the WhatsApp details of 1,400 users globally, including 121 Indians. In addition, on March 22, 2006, MIC held the open conference on the “Market Definition of Fixed Telephone Segment” for exchanging opinions with stakeholders, including telecommunications carriers and specialists. In terms of applications, a reasonable amount of software is available including MS Office for Mac. Note also that even if the P2P software you are using is “clean”, a large percentage of the files served on the P2P network are likely to be infected. If you are a property manager or acquire realty in some other part of the world, the process can be even more laborious and intimidating. Review of user access rights • Each user’s access rights should be periodically reviewed using a formal process. Network connection control • Capabilities of users to connect to the network should be appropriately restricted, consistent with access control policies and applications requirements.