Consultants’ Corner Volume 7 | Number 79 | Mar 2013 | Page 1– 12
3rd Place
Drawing by Gopal Agarwal in the Drawing competition held at NCRCL Bangalore
Doing things properly Page. 03
Information Security Management System (ISMS) - A closer Look (Part III Page. 04
NCR Consultants Limited www.ncrcl.com An Associate of
Our Mission is to apply our professional capabilities with a holistic approach for the happiness of clients, through values and social commitment.
Inside
Information Security Management System (ISMS) - A closer Look (Part III) A BIA report quantifies the importance of business components and suggests appropriate fund allocation for measures to protect them. The possibilities of failures are likely to be assessed in terms of their impacts on safety, finances, marketing, legal compliance, and quality assurance. .….… -read more...page 4
What’s up at NCRCL?
3
Message from Dr. RSM
4
Information Security Management System (ISMS) - A closer Look (Part - III)
6
Developing self-awareness
7
Blood group check out your traits!!
8 What’s up at NCRCL? 9 An Exclusive Talk 10 Parichay 12 Quiz Corner 12 Birthday Corner 12 Ha Ha Ha !!!☺
see more..page 10
Developing self-awareness Consider a colleague at the workplace who shares excellent rapport with others. This colleague is always thoughtful, thinks about others‟ needs and feelings, is humble about her strengths......
Blood group check out your traits!! Blood group O, A, B, AB.….... read more..page 7
read more..page 6
An Exclusive Talk with U Shrikantha Maiya
Parichay Nathan India
see more..page 9
see more..page 10
Consultants’ Corner
Message from Dr. RSM
1
2
3
4
5
6
7
8
9
10
11
12
Doing things properly Dr. R. S. Murali muralirs@ncrcl.com
Every time I look for a fix for my electrical or plumbing needs, I don‟t land up on the right guy. In the field of medicine the system of „family doctor‟ is gone. Same is the situation with the family plumber, family electrician and so on. Even the personal banking branches of banks have people who do not know their customers -nothing personal there! Are all these indicators of growth and development? I think some are very unique to India. As days go by, the quality goes down! Right from electrical plug to stainless steel vessels - in everything the quality has gone down. When we talk of education we say India‟s literacy has increased but has learning increased? Teachers fail in government examinations. The conceptual understanding of every student seems to have gone down in the recent past, particularly in the last decade.Is this quality deterioration because of the speed at which the changes are taking place? Is it because the general attitudes and thinking have undergone a major change? A country like India, which was contributingto about a third of global GDP till a few centuries back, deteriorating like this is not acceptable. Gandhi said any change we wish to see should start from within us. So, let us look at ourselves first. Every work we do, whether official or personal do we do them:
Earnestly?
Effectively?
Efficiently?
Excellently?
Enjoyably?
If not, why? I have spoken to students who are not interested in studies or even a single subject but who want their qualifications, and I have been talking to students doing professional courses like CA but repeatedly fail. A common answer from all the students is that they are either unlucky or they are feeling bored. The period they have to invest in preparing themselves for life, they spend instead in unwanted things, in an unfocussed manner, and blame everything else, from their stars to their luck! These are indications of internal inefficiency and inadequacy. We need to do this properly. This means “giving ourselves fully” to the work we do. We need to understand how to immerse ourselves in our work. When we immerse, concentration automatically arises, intuition develops, innovation happens. We need to learn to go deeply in our work. Students hate exams because they are not familiar with the subjects, executives do not do their work properly because they do not involve themselves in their work. Familiarity, involvement, interest, commitment, whatever the words we use, it ultimately boils down to getting immersed in the work. Unless this is done quality cannot improve, delivery cannot take place, understanding does not happen, and happiness does not result. Is it so very difficult to immerse yourself in your work? Why don‟t you try for a week and get back with your experience? We can discuss…
Happiness is a skill. It requires effort and time. - Andrew Weil
Consultants’ Corner
1
2
3
4
5
6
7
8
9
10
11
12
Information Security Management System (ISMS) - A closer Look (Part III) Praveena K R praveena@nrcl.com
E. Business Impact Analysis (BIA) A BIA report quantifies the importance of business components and suggests appropriate fund allocation for measures to protect them. The possibilities of failures are likely to be assessed in terms of their impacts on safety, finances, marketing, legal compliance, and quality assurance. Where possible, impact is expressed monetarily for purposes of comparison. For example, a business may spend three times as much on marketing in the wake of a disaster to rebuild customer confidence. This is an essential component of an organization's business continuance plan; it includes an exploratory component to reveal any vulnerabilities, and a planning component to develop strategies for minimizing risk. The result of analysis is a business impact analysis report, which describes the potential risks specific to the organization studied. One of the basic assumptions behind BIA is that every component of the organization is reliant upon the continued functioning of every other component, but that some are more crucial than others and require a greater allocation of funds in the wake of a disaster. For example, a business may be able to continue more or less normally if the cafeteria has to close, but would come to a complete halt if the information system crashes. A sample series of questions a BIA team must look to answer will be:
What critical interdependencies exist between internal systems, applications, business processes, and departments?
What specialized equipment is required and how is it used?
How would the department function if the mainframe, network and/or Internet access were not available?
What single points of failure exist and how significant are those risks?
What are the critical outsourced relationships and dependencies?
F. Business Continuity Planning (BCP) & Disaster Recovery (DR) Business Continuity Planning involves identifying, developing, acquiring, documenting and testing procedure and resources that will ensure continuity of an organisation's key operations in the event of an accident,
disaster, emergency, and / or threat.. It involves risk mitigation planning (reducing possibility of the occurrence of adverse events), and
Disaster Recovery continued operation in disaster).
planning (ensuring the aftermath of a
These plans are drawn up based on the BIA Report, as this gives a clear indication of the business critical processes that have to be focussed on. Some basics to cover in a Business Continuity plan are:
Develop and practice a contingency plan that includes a succession plan for the CEO.
Train backup employees to perform emergency tasks.
Determine offsite crisis meeting places and crisis communication plans for top executives.
Practice crisis communication with employees, customers and the outside world.
Invest in an alternate means of communication in case the phone networks go down.
Make sure that all employees-as well as executives-are involved in the exercises so that they get practice in responding to an emergency.
Make business continuity exercises realistic.
Form partnerships with local emergency response groups—fire fighters, police and EMTs - to establish a good working relationship.
Evaluate the company's performance during each test, and work toward constant improvement. Continuity exercises should reveal weaknesses.
Test the continuity plan regularly to reveal and accommodate changes. Technology, personnel and facilities are in a constant state of flux at any company. contd on next page
Don't judge each day by the harvest you reap but by the seeds that you plant. - Robert Louis Stevenson
Consultants’ Corner Disaster Recovery Plan is a subset of BCP. But covers elaborate details such as a documentation of the procedures as to declaring emergency, evacuation of site pertaining to nature of disaster, active backup, notification of the related officials/DR team/staff, notification of procedures to be followed when disaster breaks out, alternate location specifications, etc. It is beneficial to be prepared in advance with sample DRPs and disaster recovery examples so that every individual in an organization are better educated on the basics. Documentation should include identification and contact details of key personnel in the disaster recovery team, their roles and responsibilities in the team. The lifecycle in information security Security is not a permanent state which, once achieved, will never change. Every organisation and public agency is subject to continuous dynamic changes. Many of these changes also affect information security due to changes in the business processes, tasks, infrastructure, organisational structures and the IT. Besides the obvious changes within an institution, changes to the external conditions can also occur, for example, the statutory or contractual stipulations as well as the available information and communications technologies might change considerably. It is therefore necessary to manage security actively so that the security level that has been reached is also maintained over the long term.
1
2
3
4
5
6
7
8
9
10
11
12
1. Planning 2. Implementing the plan and carrying out the project 3. Performance review and monitoring the achievement of objectives 4. Eliminating discovered flaws and weaknesses and making optimisations as well as improvements Phase 4 describes the immediate elimination of minor flaws. If fundamental or extensive changes are needed, one must of course return to the planning phase again. This model is named after the individual phases ("Plan", "Do", "Check", "Act") and is thus also referred to as the PDCA model. The PDCA cycle is considered as an upward spiral as each cycle will be perfecting the ISMS resulting in the next cycle's extent being a little lesser than the previous. Concluding Remarks The management system concept is being applied across many new disciplines. With the ratification of the ISO27001 standard, information security management systems have achieved new prominence, in some arenas becoming an essential requirement. In conclusion, an ISMS:
Integrates information security enterprise risk management.
Documents informed choice decision making and due diligence.
Provides a compliance.
Offers a structure to efficiently and effectively integrate people, process, and technology.
Furnishes a mechanism for monitoring and reporting.
Is business differentiator.
framework
friendly,
for
and
risk
into
regulatory
a
market
References:
http://www.csoonline.com
Useful Books and information on Business Continuity and Disaster Recovery:
Not only business processes and IT systems have a "lifecycle"; the policy for information security, information security organisation and ultimately the entire information security process all have a lifecycle. The information security process is commonly divided into the following phases:
The Disaster Recovery Handbook: A Step-By-Step Plan Wallace and Webber (Anacom 2010)
Building an Enterprise-Wide Business Continuity Program Kelley Okolita (CRC Press 2009)
A Risk Management Approach to Business Continuity: Aligning Business Continuity with Corporate Governance - by Julia Graham et al (Rothstein Associates 2006)
- By - By
There is hope if people will begin to awaken that spiritual part of themselves, that heartfelt knowledge that we are caretakers of this planet. - B M Eagle
Consultants’ Corner
1
2
3
4
5
6
7
8
9
10
11
12
Developing self-awareness Rekha Murali rekha@ncrcl.com (As published in „The Hindu—opportunities‟ dated January 09, 2013)
Consider a colleague at the workplace who shares excellent rapport with others. This colleague is always thoughtful, thinks about others‟ needs and feelings, is humble about her strengths, and is concerned about how her words and actions may affect others. It is wonderful to work with such a person and the entire team buzzes around her, eager to please and assist her. The team finds solace around such a person. This is because this person has immense self-awareness. Self awareness is being aware of oneself including one‟s traits, behaviour and feelings through introspection. It is one of the most valuable leadership competencies that are always underestimated. Such leaders shoulder responsibilities willingly and are able to accept what they do not know. Most leaders pretend to know everything. But a person with self-awareness understands his/her limitations and is willing to learn from others. Rumi has aptly quoted, “O, happy the soul that saw its own faults”. People often do not understand their strengths and weaknesses and this hinders their performance. This is because of poor self-awareness. Such people tend to brush their faults under the carpet and pretend to be a “know-all”. This leads to poor performance and in some cases even termination. So the solution is to be aware of yourself. How can this be done? Here are a few tips to develop self-awareness and be successful in both your personal and professional life. Introspection: To develop self -awareness, introspection is the key. All tips listed below are based on this introspection, which is the ability to think through an action by looking deep within. Seek answers within for your actions and reactions to develop a more positive approach towards life and others. Blame-game: Normally, people don‟t look at themselves, with the result that you blame one another for the mistakes. Stop this blame game and look within for the reason as to why the action of a particular person makes you upset.
So often, the annoyance factor in the other person may be reflected somewhere deep within you. Carl Jung notes that everything that irritates us about others can lead us to an understanding of ourselves. Strengths and weaknesses: Introspection leads to an awareness of your strengths and weaknesses. This understanding helps you choose your career path, and your friends which enhance both your personal and professional life. Slow down: In this fast paced competitive life, you are always in a rush with deadlines to meet, projects to be completed. This leaves you with no time to pause and look at your situation, and the situation of all the people with whom you interact. So slow down your pace and become conscious of your life, what you are and what you want to achieve. Mindfulness: The Buddhist philosophy of mindfulness is an easy tool to stay connected with your inner core and be aware of yourself. It simply means living in the moment. This can be developed through simple techniques like meditation, relaxation techniques, watching the breath, listening to music, sitting quietly observing your thoughts and so on. This a therapeutic exercise where you are consciously aware of each and every moment and action of yours. Living in the moment, in the present helps get rid of stress and give your full focus and attention to the task. This way you minimise mistakes, give your best and excel in your work! Thus self-awareness helps you develop non-judgmental awareness of all that you are and will be. This reflects on the outside so that your relationships are based on accepting the other person for what he/she is. By understanding yourself, you learn to use your strengths better, develop where you can and avoid or compensate areas where you don‟t have the necessary skills. People who understand themselves work better. To sum up, in James Allen‟s words, “Only by much searching and mining are gold and diamonds obtained, and man can find every truth connected with his being if he will dig deep into the mine of his soul.”
How beautiful can life be? We hardly dare imagine it. - Charles Eisenstein
Consultants’ Corner
1
2
3
4
5
6
7
8
9
10
11
12
Blood group and personality traits!! Is this true? - check and give us feedback. BLOOD GROUP O In a nutshell Cannot stand people who hide the truth Basic Behav- Make objectives clear ior Possess great deal of confidence Honest, optimistic and energetic
Source: Internet
BLOOD GROUP A Pessimistic and too sensitive
BLOOD GROUP B
Cannot take orders easily Romantic and sentimental
Careful about decision- Make decisions fast making Make things clear in black Can be flexible and white Care too much about so- Do not care about rules cial rules and standards Respect scientific and practical findings
Tolerance
Strength and endurance High tolerance for Maintain the longest depend on their aim physical or repetitive work interest in what they do Give up easily if they Cannot take changes find the job meaningless easily
Seem impatient
Lose interest in a hobby Dislike repetitious work easily How do they Positive about the past, Try hard to forget the past Hard to forget recent see their fu- thus do not regret about affairs, but able to forget ture and the past past and memories past? Seek financial stability Pessimistic about the for the future future How do they Usually stable and calm Able to display cool outexpress their look even though angry emotions? Sensitive towards sinShort-tempered cerity
Give frank, direct opinions
BLOOD GROUP AB
Extremely practical Excellent in analyses Give fair criticisms Cannot decide when it comes to important issues Try to be hard-working
Tend to be impatient
Sentimental about the past More concern about the immediate problems than anything else
Expressive
Sentimental
Cool and objective
Usually cool and steady, but can get upset with an immediate, unsolved problem Can get moody easily
Take longer to heal a broken heart
Although joke a lot, could actually be very shy
Sensitive to others' opinions
Change moods like the weather Cannot stop complaining when they are upset
How do they Ability to concentrate work? vary from time to time, depending on aim
Perfectionist
Creative and possess new Able to handle a wide ideas scope of jobs
Mostly prefer to lead
Handle one thing at a time
Cannot differentiate between work and hobby
Can overlook details
Work a line between work Cannot take orders and personal affairs
Quick in understanding
Highly responsible
Not highly responsible and unable to follow-up on a project until its completion Tend to be artistic in approach
Tend to choose hobbies which help them release stress
Do not hesitate to introduce innovative changes and are not worried about theirs criticisms
Value hard work
Consultants’ Corner
1
2
3
4
5
6
7
8
9
10
11
12
What’s up at NCRCL? Study Circle meeting last month 1. Indian Philosophy and Heritage - Session III by Dr R S Murali on 30th Jan 2013 2. Business Process Re-engineering for Karnataka State Cricket Association by U S Mohanty on 22nd Feb 2013
RSM gave a talk on Achievement Motivation at NCRCL Bangalore office on 27th Feb 2013
Team NCRCL (RSM, Kishore, Bhavana, Namith and Krishnan) were at ICSR, IIT Chennai as a part of implementation phase discussions of our earlier project.
Presentation of the next version of DocuMan by Raghu of Deltacadd on 20th Feb 2013 at NCRCL Bangalore and Chennai through video conferencing
Consultants’ Corner
1
2
3
4
5
6
7
8
9
10
11
12
An Exclusive Talk with U Shrikantha Maiya
U Shrikantha Maiya B E, PGDMM, PGD(HRM), PGDEEM&EA, MBA Working as Head Administration Born on 02nd January Email: smaiya@ncrcl.com Phone No: 080 23642795
CC. The meaning of your name. S Maiya: Master of Lakshmi = Vishnu CC. Nickname. S Maiya: No nick name CC. Your dream job. S Maiya: It is too late to think about this now due to age factor CC Your first impression of NCRCL. S Maiya: Well organized, well knit organisation CC. What personal/emotional characteristic of yours do you want to change? S Maiya: Difficult to answer. I am not sure whether I can really change my short comings if any at this age. CC. Money or job satisfaction? S Maiya: It should be both, depending on the circumstances under which one is placed. CC. Your Stress buster. S Maiya: Develop philosophy that stress is part of our life and on this we may not have any control. CC. Do you have a small circle of close friends, rather than a large number of friends? S Maiya: It should be both. One must develop to have small circle of close friends in the inner circle and should have large number of friends with Lakshmana Rekha in between.
CC. What do you most like about a person? S Maiya: Simplicity, honesty, trust worthiness, hard work and without ego. CC. What do you most hate in a person? S Maiya: Hatred, jealousy, revenge, groupism, politics and indulging in destroying personal life of others. CC. Team work vs Individual work – your comments. S Maiya: Team work‟ CC. Do you make efforts to get others to laugh and smile? S Maiya: Not much CC. Your heart rules your head or your head rules your heart? S Maiya: This would be both depending on the situation. CC. What kind of special talent do you have? S Maiya: Nothing special to mention CC. What are your hobbies? S Maiya: Listening to good and old music, watching TV and occasional singing
Life offers its wisdom generously. Everything teaches. Not everyone learns. - Rachel Naomi Remen
Parichay
Know our Associates!
Nathan India Nathan India, in Chennai and Delhi is a wholly owned subsidiary of Nathan Associates Inc. USA. Staffed with expert economists and highly skilled researchers, the subsidiary provides clients a range of services from market surveys and econometric analysis of survey data to economic impact analysis of industrial development on the environment. Clients include Indian banks, providers of analytical services, and conglomerates, as well as U.S. trade associations and litigation clients. Nathan India is also pursuing work in sports economics in the wake of cricket franchise development through the Indian Premier League. NCRCL速 is proud to be associated with Nathan India. This association has led to the short listing of the team as consultants for DFID funded projects in India. Many other ventures are in the offing where NCRCL速 expertise in finance can be utilised along with the economic analytical services of Nathan.
Consultants’ Corner
1
2
3
4
5
6
7
8
9
10
11
11
Quiz Corner 1). With BRIC unable to live upto its promise, investors are looking at MINT. Which 4 countries make up the MINT? 2). Why has Bangladesh Government decided to ban cartoon channels on TV in their country? 3). Which Bollywood entertainment co started as a book library started by Shethia and Maroo families in Mumbai ? 4). ____ is to India, what Coca Cola is to US. Name India‟s no 1 FMCG brand in terms of sales value. 5). The cricketer Anil Kumble‟s firm TENVIC has the tag line „ToENsureVICtory”. There is one more reason it is called TENVIC. What is the reason? Send in your answers to the editor at cc@ncrcl.com Participants with the correct entry will be awarded with a Recognition Certificate by NCRCL.
Answer To last month’s Knowledge Snippet question: 1). In terms of per capita income which is the richest country in the world ? 2). Twigs from which tree were recommended by Prophet Muhammad for brushing. It is also a brand. 3). In Google, for products to be accepted they need to pass a “toothbrush test “. What is it ? 4). Which Indian co is the largest tractor manufacturer in the world ? 5). Which recently released movie has been given two awards by Indian govt for promoting Indian tourism ?
Answer: 1) Qatar at 98,000+ $ , 2)Miswak, 3) Used atleast twice daily , 4) Mahindra and Mahindra, 5) Life of Pi
Ha Ha Ha !!!
Birthday Corner!
Karthik M V—6th March
Your feedback I feel it should be in landscape mode and comfortably fit the screen of any comp, laptop, or notebook. Is there such an option? I feel it is cumbersome scrolling up and down. -Jordi Griera If you have any comment/suggestion for the editors, please write to us at cc@ncrcl.com! Your views and comments on articles featured here are also welcome!
Ability is what you're capable of doing. Motivation determines what you do. Attitude determines how well you do it. - Lou Holtz
NCR Consultants Limited
Our Business Associates
NCR & Co Chartered Accountants
www.hsbconsulting.biz
www.4spl.biz
www.mcmillanwoods.com
www.obsitech.com
www.nathaninc.com
www.deltacadd.com
www.fichtner.in/india.htm
www.altacit.com
Karnataka Institute of Public Auditors
www.ineval.org
www.fugoconsulting.com
i2i IFRS
Contact
Registered Office: 2nd Floor, New No. 4, Old No. 23, C P Ramasamy Road, Alwarpet, Chennai - 600 018 Ph: +91 44 2466 0955 Fax: +91 44 4218 5593 Email: chennai@ncrcl.com
Branch Office: #107, 1st Floor, Railway Parallel Road, Kumarapark West, Bangalore - 560 020 Ph/Fax: +91 80 23560265 Email: bangalore@ncrcl.com
Website: www.ncrcl.com