Naavi.org

CNN IBN carried a program on 6th April 2013 on Cyber Crimes and issues on National Security etc in a half hour program based on interviews across different parts of the country.

In particular it highlighted the issue of Bank frauds and carried the interviews of the undersigned alogn with some Bank fraud victims. Additionally the program also highlighted the non functioning of the Cyber Appellate Tribunal.

The program will be repeated on Sunday the 7th April 2013 at 12.00 pm and 2130 pm.

Program can be viewed here online

Naavi

The undersigned has been pursuing a series of complaints with the Government of Karnataka on the denial of Adjudication facility in the state of Karnataka.

Such complaints have been sent int he past to the Chief Ministers as well as the law Minister, the Chief Secretary etc. The last complaint made in this regard, a copy of which is available here.

Even this letter has not evoked any response from the Government.

In the meantime, by a letter dated 21/3/2013, I am informed that the Karnataka Human Rights Commission has taken note of the complaint and has issued a notice to the IT Secretary to send his reply by 30th May 2013. If nothing else, it will at least make the new IT Secretary to read the complaint and understand the issue
Netizens of Karnataka await postive developments regarding the same.

The undersigned has also submitted a “Charter of Demand” to some of the political parties seeking election in Karnataka including Loksatta Party and BJP which also includes a demand for action for setting up a functional Adjudication system in Karnataka.

The Charter of demand includes the following.

1. Digital ID for all (like Aadhar number)
2.Internet access for all at affordable cost
3.Cyber Security policy for the State
4. Adjudication facility to be made functional
5. Netizen Rights Commission for the State
6. E Consumer Protection
7. Centralized Cyber Teaching upto X standard

More details are available at www.aifon.org.in
Attempts are being made to reach the Charter of demand to the candidates wherever the e-mail addresses are available. Readers may send the available email addresses of prominent candidates who are seeking election in Karnataka.

After a long time UIDAI has realized what was evident all along that that it had an option to issue digitally signed letters to confirm aadhar numbers electronically.  UIDAI has now announced that e aadhar numbers will now be issued with digital signatures.

Amongst other thins this will enable a greater recognition to “Digital Signatures” as a means of authentication and ensure that other institutions such as Banks who have been resisting its use will now have weaker excuses.

More information

Naavi

Cyber Crime observers are well aware of “Nigerian Frauds” where people from Nigeria cheat persons globally on false allurements. Exporters to Nigeria are aware from times immemorial that remittances from Nigeria are unreliable. Bankers refuse to finance exporters for exports to Nigeria.

Now it appears that Hong Kong is also becoming a country like Nigeria where criminals are opening bank accounts to commit frauds on the global netizens.

In one of the cases reported in India, an importer has been lured to transfer money due to the Chinese Company to an account in Hong Kong which happenned to be a fraudulent account.

It is also reported that Hong Kong is trying to develop “Secret Banking” on the Swiss Banking model so that tax evaders and criminals in the world can now switch their Swiss Bank accounts to Hong Kong.

In view of the above if any remittance is sent to a bank in Hong Kong, the remitter may find it very difficult to recover the money through normal legal course.

I therefore urge Reserve Bank of India to send an advisory to all Banks that any remittances to a Bank in Hong Kong should be subjected to a check on the authenticity of the recipient. The receiving Bank must give an undertaking that any customer recipient of a remittance from India is not a criminal and the remittance is not part of money laundering.

Naavi

I refer to my earlier article on “Risk Appetite” where I had highlighted the fact that many managements are unaware of risks and hence keep on consuming the risks until one day it is too late to correct.

CISO s by virtue of their exposure to threat environments may try to keep their managements informed from time to time the need to undertake “Risk Assessments” and initiate “Risk Mitigation” efforts. But often in organizations which have a low Information Security awareness, CISO even if one such designation exists may not have adequate authority to reach out to the top management. In many organizations there will be only an IT Manager and no CISO. Only if the IT manager has adequate security exposure, he tries to bring it to the notice of the management the need for a risk assessment and initiate some action leading to Risk assessment.

In this context when the need for Information Security is presented as a “Legal Compliance” mandate, the possibilities of the top managements understanding the implications are higher. If the Chairman is made aware that he may personally go to jail if adequate security is not in place, then only the Board of Directors will call for a presentation from the IT head on the need for creating a Information Security department and proceed further.

The path to Information Security implementation is therefore through the fear of legal consequences. This needs to be communicated to the top management through various means to kink off the IS process.

Even after this, before the top management can agree to an Information Security program, they need to be aware of the compliance requirements and consequences of non compliance. Hence building the “Awareness about Legal aspects of Information Security” often becomes the starting point for Information Security in an organization.

It is for this reason that the undersigned often recommends that the IT department may organize an “Awareness Workshop” for top management before even discussing the details of what is the Risk assessment program, how much it may cost, how long it may take and what benefits that the organization may expect.

This “Information Security/Assurance Feasibility Workshop” is one of the services that the undersigned has proposed to help the CISOs break the barriers of communication.

I hope more and more companies will opt for such a workshop which is a low cost investment before they take the decision to proceed further.

Naavi