The Pakistan Saga!

What follows is just my individual thinking, analysis, observation, view, opinion and by no means I am promoting and marketing some or any doctrine what so ever! 

Pakistan recently banned quite a few sites for the blasphemous content that were displayed on Internet. Some one who is in my social circle asked a question which went like this, "Should we use Facebook now as the government has lifted the ban?" A heart throbbing question indeed.

Okay! Lets be a little logical here. Internet was the mean used to spread such hatred. Does that mean we should ban Internet in Pakistan? It is not just about Facebook. Why do the Pakistanis think they are the owner of Islam? Why did not the Muslims in other countries come out of their homes in protest? Why do we think we have to save Islam in our own righteous ways? So now what can be the solution to such issues? Well in my humblest opinion we should simply ignore. The less we care about such heinous displays of mediocre mindset the better would be the end result! We should focus on constructive solutions rather than hiding from the problem on hand. The blanket ban is not ignoring it is like what the Ostrich does to protect itself from the sandstorm. I think ignoring is the best solution. You can come up with better one.

I would also like to shed some light on the plight of Ahmadies in Pakistan. How many of us have read the religious books of Ahmadies? For that very matter how many of us have read our own religious books? Going into further granularity how many of us have really read Quran with translation? So who do we think we are to label someone as Kaafir?

Lets now just for the sake of our own well being start treating each other as mere humans and do not go into sects and divide ourselves and become prey to others! If I am Abbasi, you are Syed, she is Chaudhary and he is a Khan... What does it have to do with me being superior than others? In the very same manner, if I am Brelvi, you are Deobandi, she is Wahabi and he is Ahmadi... Please let them live and they will let you live. These are all different paths to the same destination. Let them have their path. Let us go on our path. In the end we will meet at the same place. Lets do it without pointing fingers at each other.

“Darkness can not drive out darkness; only light can do that. Hate cannot drive out hate; only love can do that.” 

- Martin Luther King

Let's all live in peace and harmony! :)

Life is important?

Why is money a priority in our lives? Why are the things bought from money important to us than our relations? Surely you can give me hundreds of reasons for these two questions but that would simply show your materialistic approach towards life. Do you think what you buy from money is important in any way than your life? 

On one particular day I witnessed a car accident. Definitely a horrible thing to happen to anyone. But what happened after the accident was more horrible than the accident itself. You may ask why? Well instead of thanking the stars that we are safe the accidentees started abusing each other for the loss that each incurred the other. Whoa! I wonder if they would have done the same after losing two three limbs and going unconscious or to the extreme if had reached the package expiration date. Why we start giving importance to unimportant things and do not see the obvious?

CISSP - Domain 10 - Operations Security

Operations Security relates security aspect in day to day activities of a business enterprise. The domain discusses all the questions regarding: How to keep the data at rest secure? How to securely destroy the data? What privileges need to be assigned and to whom and when? How to protect the hardware (maintenance) and software (piracy)? And how to carry out patch management, problem management, incident management etc.? The important access control concepts  like least privilege and need to know are also discussed along with mechanisms to facilitate and perform audit and monitoring. It can be said that Operations Security is basically the concise combination of all of the other domains of CISSP.

CISSP - Domain 9 - Application Development Security

Security Architecture domain focused on securing systems part while Application Security domain focuses on securing software and applications from their development phase to implementation phase to maintenance phases. The domain highlights that security should be the component of every cycle of Software Development Life Cycle (SDLC). Applications include agents, applets, software, databases, data warehouses, knowledge-based systems. The domain discusses concepts like data mining, data ware-housing, intelligent systems and elaborates on what application controls are needed to ensure confidentiality, integrity and availability of information system. The domain also touches on concepts of penetration testing with regards to applications.

CISSP - Domain 8 - Business Continuity and Disaster Recovery Planning

You may wonder, what business continuity and disaster recovery planning has to do with Information Security? We can have a pretty long discussion on this but to cut the story short the answer is in C-I-A triad. Plus Information Security acts a support system for business to keep going in any condition. The domain focuses on best practices for safeguarding critical information systems; their continuity and recovery procedures. How to manage an incident? How to perform business during and after an incident? How to recover from an incident and get back to the norm? All this is discussed in detail in this domain. While preparing for the exam, do not forget to differentiate between business continuity and disaster recovery.  

CISSP - Domain 7 - Telecommunications and Network Security

Telecommunications and Network Security is the lengthiest domain of CISSP. It emphasizes the concepts of networking -- OSI and TCP / IP models -- explaining each layer in detail; highlighting the technologies and their implementation. The domain discusses the following main concepts:

Physical: Network Topologies, Transmission Media, Communication Technology, Attacks
Data-Link: Technology, Encryption, Risks and Attacks
Network: WAN Technologies, Tunneling, Risks and Attacks
Transport: Technology, DoS Attacks, Remediation
Session: Technology and Implementation, Directory Services, Access Services
Presentation: Concepts, Technology and Implementations, Encryption
Application: Technologies, Data Exchange Services, Administrative Services

The domain also discusses different types of Firewalls and their architectures in detail. Different security protocols and methodologies like PGP, IPSec, SSL (VPN) etc. are also discussed in Network Security portion of the domain. Telecommunications and Network Security domain keeps on evolving with latest technologies arising and gives an overview of them as well, for example, Unified Threat Management.

CISSP - Domain 6 - Legal, Regulations, Compliance and Investigations

The domain gives an overview on laws and regulations associated with digital world. It sheds light on means, opportunities and methods associated with e-crimes. The domain gives account of digital forensics, evidence gathering, chain of custody, incident response, legal liabilities and ways to address compliance. Legal, Regulations, Compliance and Investigations is a very important domain with content that keeps on evolving. A lot of general questions are usually asked from the field of digital forensics (this domain) and penetration testing (application and network security domains) in the exam.

CISSP - Domain 5 - Security Architecture and Design

Security Architecture and Design domain specially focuses on how to create a secure and well-defined system. The domain highlights concepts, principles, structures and standards used to design, implement, monitor and secure operating systems, equipment, networks, applications and controls used to enforce various levels of confidentiality, integrity and availability. The domain also explains different security models in terms of information flow, confidentiality and integrity.

CISSP - Domain 4 - Physical Security

Physical Security is also known as Environmental Security. Perhaps the most underrated domain of CISSP, which in reality is very important, least, in respect to exam preparation. The domain focuses particularly on the threats, vulnerabilities and countermeasures that can be utilized to physically protect an enterprise's resources and sensitive information. The domain also gives a good overview on how to choose a secure site, design, configuration and practical implementation techniques. It is pertinent to know that the most important theme of this domain is protecting people first. The domain also takes into account how to naturally enforce physical security without creating much artificial fuss around -- Crime Prevention Through Environmental Design (CPTED).

CISSP - Domain 3 - Cryptography

Cryptography is thought to be the heart of IT Security. This domains tells us how to keep the confidentiality, integrity and authenticity of sensitive information intact during its lifetime or communication time. The domain discusses symmetric and asymmetric algorithms, how they are used practically and how can they be exploited with different means. How to use digital signatures to provide authenticity and non-repudiation during e-transaction is an important aspect of this domain as well.

CISSP - Domain 2 - Access Controls

Information system mainly comprises of three components Subject (component which accesses), Object (component which is accessed), Access Control (component which controls what objects can be accessed by subjects and importantly to what extent). Security Management Practices and Access Control are important domains to learn strong information security concepts. This domain, as the name suggests, talks more about how to control the access movements of Subject. The domain discusses access control concepts, methodologies and (practical) implementations within centralized and decentralized environments. It also discusses control techniques like personnel, technical, physical and measures likes preventive, detective and corrective.

CISSP - Domain 1 - Information Security Governance and Risk Management

The domain is also known as Security Management Practices -- all the crux of CISSP can be found in this very domain. Security Management Practices starts with the basics of information security. It describes to us what the terms threat, vulnerability, risk, exposure, confidentiality, integrity, availability etc. mean. The domain tells us what is the risk management process, how to carry out risk analysis and risk treatment. The domain gives us an overview to understand what policies, standards, guidelines, procedures and roles associated with information assets are all about. The domain emphasizes that security is management concern and not the IT concern.

What we want and actually need?

Life is spent either by fulfilling your needs or achieving your wants. The difference between want and need can be subtle for some or simply obvious for many. By what rule we live our lives determines what kind of a person we are generally. A person who focuses more on the needs lives more satisfying life than the person who focuses on achieving his wants.

If you are thirsty what you need is a glass of tap water and what you want is a carbonated drink. The sensible choice would be to go for tap water but most of us choose otherwise. If you are looking for a cellular device just for talking with your friends, family and colleagues then what you need is a simple mobile phone and what you want is an IPhone or some other SmartPhone. Whether you spend your money on your need or your want, the choice is all yours.

Want can be called a lavishing or a modernized need. The need and want of a common person in the developed country like US would be different from an average person living in the under-developed country like Somalia. Pizza, Rice, Chicken and Dessert is what you want for dinner while someone in different continent needs a small piece of bread to fulfill his hunger. Most of the marketing and branding strategies focus on making their product our want and then making our want our need.

The schools teach us complex mathematical techniques to uncover the hidden but they forget teaching us simple rules to live our lives with. Living by your needs or by your wants can change your life. Think about it! :)

Tips From The Holy Quran

Respect and honor all human beings irrespective of their religion, color, race, sex, language, status, property, birth, profession/job and so on [17/70]

Talk straight, to the point, without any ambiguity or deception [33/70]

Choose best words to speak and say them in the best possible way [17/53, 2/83]

Do not shout. Speak politely keeping your voice low. [31/19]

Always speak the truth. Shun words that are deceitful and ostentatious [22/30]

Do not confound truth with falsehood [2/42]

Say with your mouth what is in your heart [3/167]

Speak in a civilized manner in a language that is recognized by the society and is commonly used [4/5]

When you voice an opinion, be just, even if it is against a relative [6/152]

Do not be a bragging boaster [31/18]

Do not talk, listen or do anything vain [23/3, 28/55]

Do not participate in any paltry. If you pass near a futile play, then pass by with dignity [25/72]

Do not verge upon any immodesty or lewdness whether surreptitious or overt [6/151]

If, unintentionally, any misconduct occurs by you, then correct yourself expeditiously [3/134]

Do not be contemptuous or arrogant with people [31/18]

Do not walk haughtily or with conceit [17/37, 31/18]

Be moderate in thy pace [31/19]

Walk with humility and sedateness [25/63]

Keep your gazes lowered devoid of any lecherous leers and salacious stares [24/30-31, 40/19]

If you do not have complete knowledge about anything, better keep your mouth shut. You might think that speaking about something without full knowledge is a trivial matter. But it might have grave consequences [24/15-16]

When you hear something malicious about someone, keep a favorable view about him/her until you attain full knowledge about the matter. Consider others innocent until they are proven guilty with solid and truthful evidence [24/12-13]

Ascertain the truth of any news, lest you smite someone in ignorance and afterwards repent of what you did [49/6]

Do not follow blindly any information of which you have no direct knowledge. (Using your faculties of perception and conception) you must verify it for yourself. In the Court of your Lord, you will be held accountable for your hearing, sight, and the faculty of reasoning [17/36]

Never think that you have reached the final stage of knowledge and nobody knows more than yourself. Remember! Above everyone endowed with knowledge is another endowed with more knowledge [12/76]

Even the Prophet [p.b.u.h] was asked to keep praying, "O My Sustainer! Advance me in knowledge." [20/114]

The believers are but a single Brotherhood. Live like members of one family, brothers and sisters unto one another [49/10]

Do not make mockery of others or ridicule others [49/11]

Do not defame others [49/11]

Do not insult others by nicknames [49/11]

Avoid suspicion and guesswork. Suspicion and guesswork might deplete your communal energy [49/12]

Spy not upon one another [49/12]

Do not backbite one another [49/12]

When you meet each other, offer good wishes and blessings for safety. One who conveys to you a message of safety and security and also when a courteous greeting is offered to you, meet it with a greeting still more courteous or (at least) of equal courtesy [4/86]

When you enter your own home or the home of somebody else, compliment the inmates [24/61]

Do not enter houses other than your own until you have sought permission; and then greet the inmates and wish them a life of blessing, purity and pleasure [24/27]

Treat kindly -Your parents - Relatives - The orphans - And those who have been left alone in the society [4/36]

Take care of - The needy - The disabled - Those whose hard earned income is insufficient to meet their needs - And those whose businesses have stalled – And those who have lost their jobs [4/36]

Treat kindly -Your related neighbors, and unrelated neighbors - Companions by your side in public gatherings, or public transportation [4/36]

Be generous to the needy wayfarer, the homeless son of the street, and the one who reaches you in a destitute condition [4/36]

Be nice to people who work under your care. [4/36]

Do not follow up what you have given to others to afflict them with reminders of your generosity [2/262]

Do not expect a return for your good behavior, not even thanks [76/9]

Cooperate with one another in good deeds and do not cooperate with others in evil and bad matters [5/2]

Do no try to impress people on account of self-proclaimed virtues [53/32]

You should enjoin right conduct on others but mend your own ways first. Actions speak louder than words. You must first practice good deeds yourself, then preach [2/44]

Correct yourself and your families first [before trying to correct others] [66/6]

Pardon gracefully if anyone among you who commits a bad deed out of ignorance, and then repents and amends [6/54, 3/134]

Divert and sublimate your anger and potentially virulent emotions to creative energy, and become a source of tranquility and comfort to people [3/134]

Call people to the Way of your Lord with wisdom and beautiful exhortation. Reason with them most decently [16/125]

Leave to themselves those who do not give any importance to the Divine code and have adopted and consider it as mere play and amusement [6/70]

Sit not in the company of those who ridicule Divine Law unless they engage in some other conversation [4/140]

Do not be jealous of those who are blessed [4/54]

In your collective life, make rooms for others [58/11]

When invited to dine, Go at the appointed time. Do not arrive too early to wait for the preparation of meal or linger after eating to engage in bootless babble. Such things may cause inconvenience to the host [33/53]

Eat and drink [what is lawful] in moderation [7/31]

Do not squander your wealth senselessly [17/26]

Fulfill your promises and commitments [17/34]

Keep yourself clean, pure [9/108, 4/43, 5/6]

Dress-up in agreeable attire and adorn yourself with exquisite character from inside out [7/26]

Seek your provision only by fair endeavor [29/17, 2/188]

Do not devour the wealth and property of others unjustly, nor bribe the officials or the judges to deprive others of their possessions [2/188]

Note: The above points are some of the lessons learnt from Quran that apply to our general living. The verse(s) of Quran from which the lesson is drawn is given. The points above may not be word by word translations of Quranic verses. May Allah keep us all under His protection and guidance and enable us to read, understand and follow the Quran. Amen!

Being Exceptional

Saying the big words is easy but actually being sensible enough to follow them is quite demanding. A lot of professionals talk big but seldom are big achievers. The chief reason being they are not good enough in their respective professions; it is as simple as that. A professional is someone who performs the assigned work efficiently irrespective of good or bad times.

Lot of us are not professionals but just people doing work; we are not sincere with our professions. All of us have one thing in common that we want to earn huge sum of money but we seldom try to be good in what we do -- our work, our profession. It is pertinent to note that what we do is actually going to help us achieve our long term goals and the mere short term goal of feeding us. Why not be good in what we do? Why not be outstanding in what we do? Why remain mediocre when we can be exceptional in what we do?

Excellence in our work shows how much pleasure we take in doing it and opposite holds true as well. The degrees we have and the institutes we have studied become irrelevant if we are average in what we ought to be best at. It is quite disheartening to see there are very few good barbers, tailors, shoemakers, welders, technicians, scientists, engineers, doctors, politicians. It is time that we stop mourning about our lives and start being exceptional in what we do. :)

Why Businesses Fail?

Have you ever wondered why most of the businesses fail in Pakistan? The idea behind the business was brilliant, catchy, innovative, revolutionary, out of the box, original and yet the business could not flourish. There can be infinite reasons but particularly the most common two that I have found and are mostly consistent are as follows:

1) Poor Service

The first in the list is poor service. If you have a good genuine product with weak service then consider your business days numbered. If any business wants to excel in B2B relations then it must provide state of the art services to its clients. A good service provided would encourage positive referrals. The best way to market your business is through word of mouth -- let your customers do that for you!

A particular example of poor service or business operation can be seen through the following incidents:

We needed a server for our company, so I called couple of distributors operating in Islamabad. One of the distributors after receiving the call told me to contact after an hour because they are having lunch at the moment. Yes I would wait for sixty minutes to call you again and not call your competitor the very next moment for my need.

I needed to repair my laptop's broken LCD. I personally went to different repairing shops in the town to get the best deal. Some were charging a lot relatively. One particular shop gave me the best price for repairing and even gave a warranty of one year but I refused to accept their deal. Why? Because the shop keeper communicated indifferently and without any interest. Isn't it quite simple? If you want business from me, you have to show some interest first! Well I felt comfortable with the shop offering the same price but less warranty time because the people were more cooperative and respected the potential customer.

When you are doing business you have to make your customers comfortable to work with you. Always go out of the way to make them feel at home all the time. If you make the business offering complicated for them expect them to change their business partner the next time! Why would I do further or more business with you if you are unable to provide me the service as per the agreement? Provide value to your customers and you would reap benefits out of your business!

2) Lacking Professionalism

What is professionalism? To give your best even when you are not feeling so. What is ethics? Moral correctness of the specified conduct. Many businesses forget while doing business that they have to follow some level of professionalism and ethics as well. Examples of being professionally unethical include paying your employees late or paying your business partners not at time. When you are doing business you have to follow the universal morals. Your employees sustain your business, you need to respect them with their needs. Your partners help you get the business, you need to be at your best professional behavior with them. I have seen it a lot that employers because of their ignorance do not respect their employees and have big turn over rates. What happens when you are not professional with your employees? They leave you! Employees are the main asset of any organization and experienced employees are critical to your business stability, respect and revere them.

Trust is very important between an employee and employer relationship. If the employer does not trust the employee then expect the same from the employee. Having said that businesses should not be people specific but function and process oriented. Your business processes must be so strong that even if an employee leaves there is minimal repercussion. Businesses that are people specific are prone to disaster and waiting to be kicked out of business sooner than expected.

Do you expect to retain customers or do business after business with them if you were not professionally astute in your initial point of contact? No business is lucky the next time, you have to work hard, you have to give your best, you have to be easy to do business with, you have to be empathetic, you have to be far-sighted, you have to be visionary, you have to be persistent to get business after business from the same customer. A little unprofessionalism at your end can also affect your other potential leads as well.

Conclusion:

Any idea can be turned into healthy business if followed up with great service and high professionalism. The best you can do is sell me once but to sell me twice you need to be wise. :)