Author Archive Jayanthi


Physical security

Reading Time: 2 minutes

‘Physical security’ is an often overlooked aspect of the security. It is often ‘taken for granted’ and most organizations do not take it seriously. Danny Thakkar from defines physical security as “… a set of security measures taken to ensure that only authorized personnel have access to equipment, resources and other assets in a facility, these measures are laid out for” (Thakkar)

“Physical security” is ensuring the data centers, servers, printers, workstations and all other devices are secured from both man-made and natural disasters. How do we achieve this? By erecting defenses, in the path of thieves and hackers and anybody else who wants to get their way in. These physical defenses are “physical security”. While absolute security can never be achieved, we can plug in the holes in defenses and hope to keep the critical resources safe from external and internal factors. In this article, we will look at the broad steps that are needed to seal the vulnerabilities and ensure ‘physical security’.

How do we establish physical security?

Physical security can be established by enforcing appropriate access control, surveillance and testing . Physical security will have multiple layers to make sure that critical resources are never compromised. How do we implement physical security?  A few points are listed below:


  1. The simplest and most effective way of implementing physical security is secure the place by means of old-fashioned locks. In addition, the appropriate zones can be sealed by means of biometric systems.
  2. At the outermost layer, the organization should be fenced properly and all entry points should have good locking systems and appropriate entry authentication mechanisms
  3. The entire facility should also be well lit
  4. The organization should be well guarded by adequate security personnel at all entry points’
  5. ‘Surveillance’ can be implemented by installing CCTV cameras within various points in an organization
  6. All employees should have appropriate security badges and this must be authenticated at the entry door by swiping. Ex-employees should be removed from the company’s database to make sure that they do not have the authorization to enter the company.

These are some steps to thwart direct physical attacks. 

So, the next time you see CCTV cameras, security badges and fingerprint authentication – remember it is one of the simplest Information security concepts doing its hard work…. 🙂

We saw the concept of ‘physical security’ in this post. Join me as I uncover more Information security concepts in future posts….


Thakkar, D. (n.d.). Best Practices in Physical Security Management: Safeguard your Organization against Threats. Retrieved from


What is it that America cannot give and India can?

Reading Time: 2 minutes

I saw this question on Quora and as usual couldn’t resist writing about it… 🙂  This question is obviously aimed only at Indians wishing to move abroad or for the Indian population that is already abroad for a considerable time…So,what is it? what is it? 🙂 Read on… 

Most of us move to the US when we are young in our 20s to pursue higher education or career aspirations. Once all that has been accomplished and we have our dream education, dream lifestyle, dream house, dream car and finally understand what “America” is – we suddenly feel something is missing…what is that you may wonder? Those are family and relationships…

For most of the Indians in the USA, they might be the only member of their family who are there(with occasional extended families on the other coast)  After living in the US for 14 years and now living in India for the past 8 years – I can confidently say that not having your family close by is quite an interesting experience. 


Most Indian families in US, talk about their life’s ups and downs only on phone or Skype or Whatsapp or other technological advancements to their parents and occasionally their siblings. Most visit India only once in 2-3 years time to see their parents and families (though if you are in your 30s and beyond – you may visit every year)

Personal experiences:

From my personal experience, I realized we had missed a dozen family engagements, weddings and the next generation was here! Initially, it was alright to miss a wedding, but if we continuously have to miss all the weddings for 14 consecutive years – you definitely know we are living in another planet! We had missed the family outings and the fun conversations and the current family relationships! 🙂  Many people had passed away too and it was a pity to know about it just on the phone…. 

We missed our nieces/nephews/all our cousins and safe to say all of them knew only one thing about us – “That Uncle/Aunty is in America” 🙂

Maybe the most important thing that we miss is the change that time brings about in all of us… which cannot be expressed and which can only be seen and understood…What do you say?


Proud InfoSec mom!

Reading Time: 2 minutes

I am sure you have heard of InfoSec professional, InfoSec geeks and InfoSec ninjas – but InfoSec mom? yeah – that is me 🙂 As I keep typing my Information security posts on my blog, there are two regular guests who read them and rate them diligently! 🙂 (there are many other diligent readers and I appreciate all your loyalty) – can you guess who the sincere readers are? – they are as you might have guessed – my kids! 🙂 

I am not sure how much they understand about the technical parts of my posts(my son can definitely understand but my daughter might still not be able to) but they do understand some ground rules of Information security.  She for example, always knows that I will not be sharing her pics on social media(except, very very rarely) and keeping the settings to the right level.  It is nice to see them understanding the fine rules of sharing on social media in this oversharing world!

Cyber security

While the son is old enough to have his own social media presence but has refrained from having one(either because of my InfoSec thoughts or it is his own online personality) He is on only one social media platform and is least interested in even having a profile pic for the same! He keeps all his online communication to a low level currently(so proud of him! :))

The daughter steps in diligently and comments “What anti-virus software do you use”  and “I know you will not be sharing pictures of me on social media”. These comments  just keep me smiling and happy! With the husband having this personality, the son staying aloof from social media for now and the daughter understanding the ground rules of Information security, it seems that I am the weakest link in the family perimeter with my constant blogging! 🙂 (but unfortunately, that seems to be my job! )

But still, there is a feeling of a “job well done”, when the house follows and echoes your thoughts…



Reading Time: 2 minutes

As our dependence on electronic devices increases, from ordering food to paying bills and hailing cab services and making use of online maps to travel to different destinations,  the unseeing eyes are also following us everywhere tracking our every move.

We all know of GPS tracking when hailing a cab but did you know that you are being tracked at all times? By having the smartphone with you at all times, with the ‘Location’ being turned ‘on’, every move is being tracked. Some might not worry about this constant tracking by strange individuals, but I do think that it is necessary  to know all the possibilities that are present before forming our own conclusions about them.

It is quite a possibility that you will be using ‘Google maps’ for taking you to different places and you might be signed onto multiple devices using the same ‘gmail’ account. While, it looks perfectly harmless and seems that your life is getting simplified in every way in this electronic era – the reverse is unfortunately true.

How you are being tracked:

As an example, sign into your Google account and click on ‘Maps’ in the right hand corner. Once inside Google Maps, click on the menu and pick ‘Your timeline’. Now, you can see all the places you have visited in the last couple of years! You can also see the time of visit, the duration of visit,the latitude and longitude of the places that you visited! In addition, all these details are visible for a prolonged period of time too! 

You might have visited 100 places over a period of 5 years and chances are all of them might be listed right there on the screen! You may have forgotten where you went in October of 2017, but your device and ‘Location history’ does not forget!

So, what can be done?

If you would like to delete all of your location data and prevent your  location from being saved in the future, follow the steps below:

  1. After clicking on ‘Timeline’, click ‘Manage Location History’, disable ‘Location History’ under ‘Activity controls’. This makes sure that future Location tracking is disabled. 
  2. In order to delete previous ‘Locations’ go to ‘Timeline’ and under the settings tab click on ‘Delete all Location history’
Disabling Location history

Once this is completed, your Location history will neither be visible to you or anybody else(at,least for some time!) In today’s age, with so much information and power in our hands, it is up to us to do all the homework and control the data that is exposed to the outside world by disabling the various settings.


Can Blockchain prevent another economic crash?

Reading Time: 5 minutes

Like any other system, the global economy is susceptible to failure at many different points. Unfortunately, due to the interconnectedness of the world, an economic crisis in one country could have disastrous consequences for other countries. This was the case during the United States economic crisis of 2008 in which the stock market crashed.

Economic collapse on any scale usually happens as a result of disparities in the system that can easily be overlooked in the absence of clarity. However, blockchain technology could help avoid a financial crisis due to its transparency, security and decentralized mechanism. Cryptocurrencies such as Bitcoin are powered by this same technology which acts as a ledger for all transactions carried out on a network.

The endless benefits of the technology have attracted countless investors over the years. Now, it is fast becoming an addition to every major corporation, from IBM and Mastercard to Nasdaq. Its properties are also attractive to financial institutions which constitute the industry that is most in need of the benefits it provides.

The financial crisis of 2008 caused by a lack of transparency, greatly impacted various significant financial institutions and economies on a global scale. Blockchain technology affords banks full transparency, allowing them to spot such a crisis from a mile away. This way, they can take the appropriate preventive measures to ensure that it does not happen again. Banking authorities must make an effort to study the technology and better understand how it can be a force for the prevention of the next financial crisis.

What was the 2008 economic crash?

The economic crash of 2008 was the worst economic disaster in the U.S. and the world since the 1929 Great Depression. The crisis caused a great recession after the cost of housing fell by 31.8%, even lower than that of the Great Depression. Although the crash occurred in 2008, the first signs were observed in 2007 when the prices of homes were too high.


As a result, homeowners began to default on mortgage payments, leading to a downward economic turn which spread to the U.S. financial sector and eventually affected other countries. At the time, houses became extremely cheap, and homeowners were given loans worth up to 100% of the value of their new homes. Taking advantage of the profitable real estate sector, banks also made investments in subprime areas.

The affected institutions stretched from investment banking corporations to commercial banks, insurance companies, and lenders. The situation was so bad that financial institutions had to lay off their staff. Apart from financial institutions, the crisis affected individuals and businesses that were reliant on credit payments at the time. The economic disaster led to massive suffering on the part of businesses because banks stopped giving loans out. They did not trust anyone to pay back the loans due to the state of the economy.

Shortly after the crisis began, the American auto industry was on the edge of destruction and pleaded for a federal bailout. Unfortunately, banks were in the middle of damage control and bailouts were nearly impossible to get. Globally, share prices plunged, and the recession trickled down to other countries.

By the end of the year, most countries in the world including Germany, Japan, and China had gone into an economic recession as well. According to the National Bureau of Economic Research, the great recession had begun in December 2007, making it the third longest recession in the country since World War II.

In Europe, investors who had been involved with real estate securities in the U.S. took a hard hit. The same could be said for investors in smaller countries. However, China and Japan were able to escape that situation but registered huge losses where export was concerned. Their American and European markets were experiencing a fall in demand due to the recession.

Developing countries that depended on foreign investments for growth capital also lost their markets and investments. Since the largest countries were in a recession, the situation became a hopeless one with no chance of an easy recovery. Two years after the end of the recession, the unemployment failed to fall below 9 percent.

Why are banks looking to use this technology?

Banks are looking to use blockchain technology because its transparency can reduce the issue of financial losses that stem from a lack of it. There are three major ways in which the banks hope to achieve this:

1. Maintaining financial security

When banks have a bird’s eye view of all the financial transactions within an economy, it is easier to find discrepancies and adjust them. Due to the immutability and append-only function of a blockchain, it is easy for banks to keep open records of transactions that can be tracked easily.

Tracking cash flow can help institutions find and mitigate economic threats that may arise due to bad policy and bank operations. Using this technology, the banks can determine whether a financial institution, including shadow banks, requires support or control.

Another way that blockchain technology promotes financial security as a way to prevent an economic crisis is by providing access to information. With this information, these institutions can determine risks and potential points of failure within the system. It can also clarify the effects of various monetary policies and help out in the gathering of statistics for research purposes. Generally, if the banks have more information, then they can perform better and cut the costs associated with running separate systems as opposed to a single blockchain.

2. Preventing fraud

Banks can prevent fraud and bad debtors using smart contracts and digital cryptographic identities. Each institution can create smart contracts between the customers and banks, as well as between the banks and the central bank. This creates an immutable record of the exact terms of the contract and will only execute when the terms are fulfilled. Banks can also avoid loan fraud by using digital identities to find out the loan history of each customer, drastically lowering the chances of bad debt in the process.

The use of a cryptographic ledger ensures that stored information can only be accessed using cryptographic keys which are usually in possession of the owner of that information. A hacker would have to compromise every single system on a network to break such a system. This makes blockchain a secure way to store information.  

3. Eliminating shadow banking

According to the People’s Bank of China, shadow banking falls into three main asset classes–  entrusted loans, trust lending, and banks’ acceptances — which saw a $555 million increase in 2017. Using blockchain technology, banks can eliminate shadow banking since all transactions will be recorded.

Final thoughts:

The financial crisis of 2008 left many nations utterly devastated. The trickle-down affected various sectors even outside the financial sector, resulting in a near collapse of the economy. However, the world moved on from the effects of that event, and most countries have been able to pull themselves out of recession. However, it is essential to take measures that ensure that the crisis is not repeated.

For banks, the best bet may be the use of blockchain technology to securely store data, access information and ensure transparency in the system. Used properly, it can serve as an open system in which all transactions within the economy are recorded. With a clearer view of all banking processes, banks and other financial institutions can successfully prevent another economic crisis.

This article originally appeared on


Halloween in India?

Reading Time: 2 minutes

When I first got married and moved to the US(several years ago! :)) I hardly knew what ‘Halloween’ was. All I knew was kids were dressed up as ghosts and goblins and asked for treats(and that is all I know today, too! ;)) Fast forward, to today – Oct 31st, 2018 and we are celebrating Halloween in Bangalore, India too! I thought I was done celebrating Halloween for my kids once we moved out of US! But no – we celebrated it from the very first year we moved to Bangalore, India and no one was unhappy! 🙂

And so, to answer my title question, yes, Halloween is celebrated in India! – with the usual tricks and treats! 🙂 But of course, not all of India celebrates it  – only the bigger cities of India which are the melting point of different customs and cultures celebrate it.

How do we celebrate it here?

It is a similar celebration as in the US. There are stores that start selling Halloween costumes and masks well in advance of the Halloween day. The entire Halloween preparation is exciting for the kids. While we don’t have explicit pumpkin patch visits and pumpkin carvings – we  still do the other fun things! 🙂

Kids deciding the costumes, picking them up, buying candy  are all the same fun things as in the US. The marked difference is the weather in Bangalore, India is not that chilly as in Detroit for this time of year.


The kids go trick or treating in their respective communities and some communities like ours have close to 400+ flats and one can imagine the amount of treats from all the houses! 

The city of Bangalore boasts of Halloween parties for adults too. There are ‘Spooky Halloween Hip Hop night’ and ‘Halloween Vibes’ as you can eat and dance the night away! 

Did I ever feel I left the US?! 🙂


Access control

Reading Time: 3 minutes

It is a reality that the cyber security landscape is rapidly changing everyday. New threats emerge constantly and what was true 5 years ago might not be true today. In this reality, it is important to re-skill ourselves constantly.

Living in a hyper connected world, we are constantly signing into systems to access different types of information. Unauthorized individuals should never be able to access our resources.  How can this be done? By the very basic and fundamental concept in Information security – ‘access control’. 

What is Access control and what are the different types?

Access control ensures that only authorized individuals can access appropriate resources. Physical access control ensures that physical resources like specific rooms, buildings are accessed by appropriate people.Logical access control ensures that resources like networks, files are accessed by appropriate people. 

We observe the principles of ‘access control’ all around us unknowingly. When we share a post on social media platform, we set the permission to ‘public’ or ‘private’ or ‘Friends’ as the case may be. This makes sure that the post is visible only to necessary people and not all.

The simple example of checking email can also be mentioned here.  The correct combination of username and password authenticates the user to access his resources (email, in this case).

The different stages of access control are:


2. Authentication

3. Authorization

4. Accountability

‘Identification’ is done by providing the user with a unique id number, username or account number. ‘Authentication’ is done by providing the password or personal identification number. This correct combination of username and password reiterates the fact that the user is in fact “who he claims to be”. Once the user has been authenticated, the user next has to be authorized to access the resource. The ‘access control matrix’ is checked to make sure that if the user is the “person” authorized to access the requested resource. This is “authorization”. Finally the user is “accountable” for all the actions taken. To ensure accountability, user’s login information and subsequent actions are noted. 

Now that we have seen what is meant by ‘access control’ – we see the different access control models. There are three main types of access control models and they are discretionary access control, mandatory access control and role based access control. Every organization has different business objectives. The type of access control to be implemented is entirely dependent on its objectives as well the culture of the organization.

Discretionary access control:

Before we discuss the different access controls, we see what is meant by a “subject” and “object”. The “subject” is the one that is making the request for the resource and the “object” is the resource itself. In discretionary access control model, he who creates the information is the “owner”. The “owner” can decide who can access which data. Recall, that this is authorization. This is normally implemented by “access control lists” or ACLs. ACLs are specified by the system administrator and enforced by the operating system. The majority of the operating systems such as Windows, Linux and Macintosh systems are DAC based.

Mandatory Access Control:

The ‘mandatory access control’ is much more structured and organized than the DAC. In this type of access control, the operating system has the final say on who can access which resource. Users have security clearance (secret, top secret, confidential) and data is also classified in a similar way. The clearance and classification are stored as ‘security labels’.  When a user makes a request for a resource, it is dependent on the clearance of the individual, the classification of the data and the security policy of the system. This is enforced by the security officer and implemented by the operating system. This type of access control is used where security is of utmost importance. Normal DAC systems will not be suitable when the need is to classify data of special security clearance. We need MAC systems with special operating systems to enforce the rules.

Role based Access Control:

Role based access control or RBAC is also known as ‘non-discretionary access control’. In Role based access control, access to a particular resource is governed by the “role” an employee is mapped to. This type of access control is tougher to configure as the organizational policies have to be translated to roles. For example, an employee in “HR” does not need access to resources in “payroll”. RBAC is easy to configure when the employee turnover is high. When “Sam” from “Finance” leaves the organization and “Wendy” joins, “Wendy” is just mapped to “Finance” and she takes the same roles and responsibilities as the previous employee. There is no additional configuration needed here.

Access control is the basis of many topics and the RBAC model forms the basis of many identity management solutions.

We saw a very small portion of a fundamental concept in Information security. Join me as I uncover more!


Harris, S. All in one CISSP. In S. Harris.


Night owls vs Early birds

Reading Time: 2 minutes

She could never get her eyes open in the morning. Try as she might, once the sun shined, her eyes wanted to keep shut. In her childhood, her mom would wake her up in the morning and she would doze right back to sleep savoring those extra special moments of happiness. Who would really get up so early at 6:00 a.m. was her greatest thought! She could sit all through the night along with her father and they would have great fun watching television together. She was the typical “night owl” who was extra productive at nights too. 

College/work years/marriage:

Years rolled by and she had to change her ways for sometime at least. Obviously, college and work will change any person. And a night owl could not be a “night owl” forever. She soon got married and life was running smoothly.

Amazon Today’s deals!!

After marriage:

Few months into the marriage, she figured that her husband was an “early riser” and was amusedly shocked! 😉 He could get up by 4:00  in the morning and go about his chores happily…:) Going to gym, responding to emails, calls in the morning, anything and everything before the sun was up was his policy. She shuddered at the thought of getting up at 4:00 a.m. or the “middle of the night”, as she called it.


Slowly, she felt her nocturnal habits returning and both the husband and wife were working at the opposite sides of a day… A ‘night owl’ vs a ‘early bird’ – they were a match made in heaven!! 🙂


In all the years that they have been married, there has been one thing that has puzzling her all along though. She really wasn’t sure what exact time, he got up … was it 3:30 a.m. , 4:00 a.m. or 4:30 a.m. Sometimes, he stated a later time to keep her early rising queries at bay(otherwise, she would gasp with “You have got up so early?!!!!! and spread the good news all around to families and friends!!) 

She always thought “I wish an alarm would ring loud and notify me whenever my husband gets up”!! 🙂

This post is a part of Write Over the Weekend, an initiative for Indian Bloggers by BlogAdda.

If you liked this post, rate it! 🙂


H4 visa woes

Reading Time: 2 minutes

It has been a while since I wrote about my US-India stories, right? 😉 The US is always a dream country for many from India. The ‘H1B’ visa is the highly sought after visa and is one of the most popular work visas to the US. It is primarily used by companies to fill positions by employing skilled foreign labor. 

Every foreign worker(eg. Satya Nadella, Sundar Pichai) in the US would have gone through the H1 visa grind.  Most individuals who come to work in the US, start off with the H1 visa and if all goes well, move onto apply for the Green card or permanent residency. Five years after one has acquired the GC, one can apply for US citizenship.

So, where does H4 visa fit in now? H4 visa is the dependent visa to H1 visa issued by the US immigration service.  The spouse and the children of H1 visa holders are issued H4 visas.


H4 visa:

During my entire stay for 14 years in the US, I have noticed it is mostly the wives who are on the H4 visa. I am sure you are thinking what is the “woe” related to this visa… it is just that individuals on this  visa do not have work privileges and that might be bummer for many…(there is a reason behind it)

While many are excited to just join their husbands on their American journey, the H4 visa women’s career comes to a grinding halt. Most(if not all) are very well educated and highly experienced women who cannot work because of their visa status. The H4 visa wives unfortunately go from active workplace leaders to waiting- to- work professionals. It is a frustrating experience for many as they try and polish their resume with new skills. They also learn to drive on American roadways all along thinking that they will work some day.  


So, what happens next?

Many like me find work sponsorships. Others, wait till their husbands get their green card(after which both husband and wife can work) which used to be a good 5 years when we were there(but not sure how long it takes now)

Some even seek  US higher education and manage to get a work visa after that. All in all, it is quite a game of visas and waiting for the woman who moves in behind her husband. While many adjust to the waiting game there are others who think their career would have been better in India after all…


Single sign on

Reading Time: 2 minutes

In the wake of the Facebook data breach that supposedly compromised 50 million accounts and other personal data last week,  it is but imperative to look at yet another aspect of ‘Information security’ – ‘Single sign on’.

What is ‘Single sign on’?

Remember, the time when you discovered a new website or app ? You had to register to get into the site. You were presented with these options:

                ‘Continue with Google’

                 ‘Continue with Facebook’

in addition to a lengthy sign up process. In a hurry to understand what the new craze was, you just signed in with your ‘Facebook’ or Google account information instead of going through the whole signing up rigmarole. This is ‘Single sign on’ wherein by just signing into Facebook or Google, you can access many other apps and sites with ease.

data breach

What is the downside of ‘Single sign on’?

It seems to be such an easy thing to do – just sign in with one account and we can access so many other sites with ease. So, what is exactly the problem? If you have signed into multiple accounts using Facebook or Google, when the main ‘sign on’  site gets hacked, it is quite a possibility that the other apps that use ‘Single sign’ on method of being authenticated would have their data breached too. 

So in essence, you are exposing the data related to all other apps to the hackers too!

How do we ensure the safety of our data in the wake of the breach?

Since there is nothing that is simple and easy in this world, single sign on comes with its own troubles. In case of the Facebook data breach, you would have definitely received appropriate messages and notifications if, your account was indeed hacked. In addition,it is  good to always:

  1. Check ‘Settings’  in ‘Facebook’ and check the devices and locations where you are logged in from. Logout from all of them and re-login with a new password.
  2. It is also good to login to each site/app with a separate login and password henceforth and give your memory a good workout! 🙂 (Seriously though, a password manager might be a good option to consider since it is difficult to remember multiple logins and passwords)
  3. It is better to try two factor authentication to prevent further data loss.

These security tips will hold good for some time before the next breach occurs!