NCR Consultants Limited www.ncrcl.com

An Associate of

Volume 7 | Number 79 | Mar 2013 | Page 1– 12

Consultants’ Corner

Information Security Management System

(ISMS) - A closer Look (Part III Page. 04

Doing things properly Page. 03

Drawing by Gopal Agarwal in the Drawing

competition held at NCRCL Bangalore

3rd Place

3 Message from Dr. RSM

4 Information Security Man-agement System (ISMS) - A closer Look (Part - III)

6 Developing self-awareness

7 Blood group check out your traits!!

8 What’s up at NCRCL?

9 An Exclusive Talk

10 Parichay

12 Quiz Corner

12 Birthday Corner

12 Ha Ha Ha !!!☺

Inside

Our Mission is to apply our professional capabilities with a holistic approach for the happiness of clients,

through values and social commitment.

Information Security Management System (ISMS) - A closer Look (Part

III)

A BIA report quantifies the importance of business components and suggests

appropriate fund allocation for measures to protect them. The possibilities of failures

are likely to be assessed in terms of their impacts on safety, finances, marketing,

legal compliance, and quality assurance. .….…

-read more...page 4

An Exclusive Talk with U Shrikantha Maiya

Parichay

Nathan India

see more..page 10

Developing self-awareness

Consider a colleague at the workplace who shares

excellent rapport with others. This colleague is always

thoughtful, thinks about others‟ needs and feelings, is

humble about her strengths......

read more..page 6

see more..page 10

What’s up at NCRCL?

Blood group check out your traits!!

Blood group O, A, B, AB.…....

read more..page 7

see more..page 9

1 2 3 4 5 6 7 8 9 10 11 12 Consultants’ Corner

Doing things properly Dr. R. S. Murali

muralirs@ncrcl.com

Message from Dr. RSM

Every time I look for a fix for my electrical or plumbing needs, I don‟t land up on the right

guy. In the field of medicine the system of „family doctor‟ is gone. Same is the situation

with the family plumber, family electrician and so on. Even the personal banking

branches of banks have people who do not know their customers -nothing personal

there! Are all these indicators of growth and development?

I think some are very unique to India. As days go by, the quality goes down! Right from

electrical plug to stainless steel vessels - in everything the quality has gone down. When we talk of education we say

India‟s literacy has increased but has learning increased? Teachers fail in government examinations. The conceptual

understanding of every student seems to have gone down in the recent past, particularly in the last decade.Is this quality

deterioration because of the speed at which the changes are taking place? Is it because the general attitudes and think-

ing have undergone a major change?

A country like India, which was contributingto about a third of global GDP till a few centuries back, deteriorating like this

is not acceptable. Gandhi said any change we wish to see should start from within us. So, let us look at ourselves first.

Every work we do, whether official or personal do we do them:

Earnestly?

Effectively?

Efficiently?

Excellently?

Enjoyably?

If not, why? I have spoken to students who are not interested in

studies or even a single subject but who want their qualifications,

and I have been talking to students doing professional courses like

CA but repeatedly fail. A common answer from all the students is

that they are either unlucky or they are feeling bored. The period

they have to invest in preparing themselves for life, they spend in-

stead in unwanted things, in an unfocussed manner, and blame

everything else, from their stars to their luck! These are indications

of internal inefficiency and inadequacy.

We need to do this properly. This means “giving ourselves fully” to

the work we do. We need to understand how to immerse ourselves in our work. When we immerse, concentration

automatically arises, intuition develops, innovation happens. We need to learn to go deeply in our work. Students hate

exams because they are not familiar with the subjects, executives do not do their work properly because they do not

involve themselves in their work. Familiarity, involvement, interest, commitment, whatever the words we use, it ulti-

mately boils down to getting immersed in the work. Unless this is done quality cannot improve, delivery cannot take

place, understanding does not happen, and happiness does not result.

Is it so very difficult to immerse yourself in your work? Why don‟t you try for a week and get back with your experience?

We can discuss…

Happiness is a skill. It requires effort and time.

- Andrew Weil

Information Security Management System (ISMS)

- A closer Look (Part III)

Praveena K R

praveena@nrcl.com

1 2 3 4 5 6 7 8 9 10 11 12 Consultants’ Corner

contd on next page

E. Business Impact Analysis (BIA)

A BIA report quantifies the importance of business

components and suggests appropriate fund allocation

for measures to protect them. The possibilities of failures

are likely to be assessed in terms of their impacts on

safety, finances, marketing, legal compliance, and

quality assurance. Where possible, impact is expressed

monetarily for purposes of comparison. For example, a

business may spend three times as much on marketing

in the wake of a disaster to rebuild customer confidence.

This is an essential component of an organization's

business continuance plan; it includes an exploratory

component to reveal any vulnerabilities, and a planning

component to develop strategies for minimizing risk. The

result of analysis is a business impact analysis report,

which describes the potential risks specific to the organi-

zation studied. One of the basic assumptions behind BIA

is that every component of the organization is reliant

upon the continued functioning of every other

component, but that some are more crucial than others

and require a greater allocation of funds in the wake of a

disaster. For example, a business may be able to

continue more or less normally if the cafeteria has to

close, but would come to a complete halt if the

information system crashes.

A sample series of questions a BIA team must look to

answer will be:

What critical interdependencies exist between

internal systems, applications, business

processes, and departments?

What specialized equipment is required and how

is it used?

How would the department function if the

mainframe, network and/or Internet access were

not available?

What single points of failure exist and how

significant are those risks?

What are the critical outsourced relationships and

dependencies?

F. Business Continuity Planning (BCP) & Disaster

Recovery (DR)

Business Continuity Planning involves identifying,

developing, acquiring, documenting and testing

procedure and resources that will ensure continuity of an

organisation's key operations in the event of an

accident,

disaster, emergency, and / or threat..

It involves

risk mitigation planning (reducing possibility of

the occurrence of adverse events), and

Disaster Recovery planning (ensuring

continued operation in the aftermath of a

disaster).

These plans are drawn up based on the BIA Report, as

this gives a clear indication of the business critical

processes that have to be focussed on.

Some basics to cover in a Business Continuity plan are:

Develop and practice a contingency plan that

includes a succession plan for the CEO.

Train backup employees to perform emergency

tasks.

Determine offsite crisis meeting places

and crisis communication plans for top

executives.

Practice crisis communication with employees,

customers and the outside world.

Invest in an alternate means of communication

in case the phone networks go down.

Make sure that all employees-as well as

executives-are involved in the exercises so that

they get practice in responding to an

emergency.

Make business continuity exercises realistic.

Form partnerships with local emergency

response groups—fire fighters, police and EMTs

- to establish a good working relationship.

Evaluate the company's performance during

each test, and work toward constant

improvement. Continuity exercises should

reveal weaknesses.

Test the continuity plan regularly to reveal and

accommodate changes. Technology, personnel

and facilities are in a constant state of flux at

any company.

Don't judge each day by the harvest you

reap but by the seeds that you plant.

- Robert Louis Stevenson

1 2 3 4 5 6 7 8 9 10 11 12 Consultants’ Corner

There is hope if people will begin to awaken that spiritual part of themselves, that heartfelt knowledge

that we are caretakers of this planet. - B M Eagle

Disaster Recovery Plan is a subset of BCP. But covers

elaborate details such as a documentation of the

procedures as to declaring emergency, evacuation of

site pertaining to nature of disaster, active backup,

notification of the related officials/DR team/staff,

notification of procedures to be followed when disaster

breaks out, alternate location specifications, etc. It is

beneficial to be prepared in advance with sample DRPs

and disaster recovery examples so that every individual

in an organization are better educated on the basics.

Documentation should include identification and contact

details of key personnel in the disaster recovery team,

their roles and responsibilities in the team.

The lifecycle in information security

Security is not a permanent state which, once achieved,

will never change. Every organisation and public agency

is subject to continuous dynamic changes. Many of

these changes also affect information security due to

changes in the business processes, tasks,

infrastructure, organisational structures and the IT.

Besides the obvious changes within an institution,

changes to the external conditions can also occur, for

example, the statutory or contractual stipulations as well

as the available information and communications

technologies might change considerably. It is therefore

necessary to manage security actively so that the

security level that has been reached is also maintained

over the long term.

Not only business processes and IT systems have a

"lifecycle"; the policy for information security, information

security organisation and ultimately the entire

information security process all have a lifecycle. The

information security process is commonly divided into

the following phases:

1. Planning

2. Implementing the plan and carrying out the

project

3. Performance review and monitoring the

achievement of objectives

4. Eliminating discovered flaws and weaknesses

and making optimisations as well as

improvements

Phase 4 describes the immediate elimination of minor

flaws. If fundamental or extensive changes are needed,

one must of course return to the planning phase again.

This model is named after the individual phases ("Plan",

"Do", "Check", "Act") and is thus also referred to as the

PDCA model. The PDCA cycle is considered as an

upward spiral as each cycle will be perfecting the ISMS

resulting in the next cycle's extent being a little lesser

than the previous.

Concluding Remarks

The management system concept is being applied

across many new disciplines. With the ratification of the

ISO27001 standard, information security management

systems have achieved new prominence, in some

arenas becoming an essential requirement.

In conclusion, an ISMS:

Integrates information security risk into

enterprise risk management.

Documents informed choice decision making

and due diligence.

Provides a framework for regulatory

compliance.

Offers a structure to efficiently and effectively

integrate people, process, and technology.

Furnishes a mechanism for monitoring and

reporting.

Is business friendly, and a market

differentiator.

References:

http://www.csoonline.com

Useful Books and information on Business Continuity and Disas-

ter Recovery:

The Disaster Recovery Handbook: A Step-By-Step Plan - By

Wallace and Webber (Anacom 2010)

Building an Enterprise-Wide Business Continuity Program - By

Kelley Okolita (CRC Press 2009)

A Risk Management Approach to Business Continuity: Aligning

Business Continuity with Corporate Governance - by Julia Gra-

ham et al (Rothstein Associates 2006)

How beautiful can life be? We hardly

dare imagine it.

- Charles Eisenstein

1 2 3 4 5 6 7 8 9 10 11 12 Consultants’ Corner

Consider a colleague at the workplace who shares

excellent rapport with others. This colleague is always

thoughtful, thinks about others‟ needs and feelings, is

humble about her strengths, and is concerned about

how her words and actions may affect others.

It is wonderful to work with such a person and the entire

team buzzes around her, eager to please and assist her.

The team finds solace around such a person. This is

because this person has immense self-awareness.

Self awareness is

being aware of

oneself including

o n e ‟ s t r a i t s ,

behaviour and

feelings through

introspection. It is

one of the most

valuable leader-

ship competencies that are always underestimated.

Such leaders shoulder responsibilities willingly and are

able to accept what they do not know. Most leaders

pretend to know everything. But a person with

self-awareness understands his/her limitations and is

willing to learn from others. Rumi has aptly quoted, “O,

happy the soul that saw its own faults”.

People often do not understand their strengths and

weaknesses and this hinders their performance. This is

because of poor self-awareness. Such people tend to

brush their faults under the carpet and pretend to be a

“know-all”. This leads to poor performance and in some

cases even termination. So the solution is to be aware of

yourself. How can this be done? Here are a few tips to

develop self-awareness and be successful in both your

personal and professional life.

Introspection: To develop self -awareness,

introspection is the key. All tips listed below are based

on this introspection, which is the ability to think through

an action by looking deep within. Seek answers within

for your actions and reactions to develop a more positive

approach towards life and others.

Blame-game: Normally, people don‟t look at

themselves, with the result that you blame one another

for the mistakes. Stop this blame game and look within

for the reason as to why the action of a particular person

makes you upset.

So often, the annoyance factor in the other person may

be reflected somewhere deep within you. Carl Jung

notes that everything that irritates us about others can

lead us to an understanding of ourselves.

Strengths and weaknesses: Introspection leads to an

awareness of your strengths and weaknesses. This

understanding helps you choose your career path, and

your friends which enhance both your personal and

professional life.

Slow down: In this fast paced competitive life, you are

always in a rush with deadlines to meet, projects to be

completed. This leaves you with no time to pause and

look at your situation, and the situation of all the people

with whom you interact. So slow down your pace and

become conscious of your life, what you are and what

you want to achieve.

Mindfulness: The Buddhist philosophy of mindfulness

is an easy tool to stay connected with your inner core

and be aware of yourself. It simply means living in the

moment. This can be developed through simple

techniques like meditation, relaxation techniques,

watching the breath, listening to music, sitting quietly

observing your thoughts and so on. This a therapeutic

exercise where you are consciously aware of each and

every moment and action of yours. Living in the

moment, in the present helps get rid of stress and give

your full focus and attention to the task. This way you

minimise mistakes, give your best and excel in your

work!

Thus self-awareness helps you develop non-judgmental

awareness of all that you are and will be. This reflects

on the outside so that your relationships are based on

accepting the other person for what he/she is. By

understanding yourself, you learn to use your strengths

better, develop where you can and avoid or compensate

areas where you don‟t have the necessary skills. People

who understand themselves work better.

To sum up, in James Allen‟s words, “Only by much

searching and mining are gold and diamonds obtained,

and man can find every truth connected with his being if

he will dig deep into the mine of his soul.”

Developing self-awareness

Rekha Murali

rekha@ncrcl.com

(As published in „The Hindu—opportunities‟ dated January 09, 2013)

Blood group and personality traits!!

Is this true? - check and give us feedback.

1 2 3 4 5 6 7 8 9 10 11 12 Consultants’ Corner

BLOOD GROUP O BLOOD GROUP A BLOOD GROUP B BLOOD GROUP AB

In a nutshell Cannot stand people who hide the truth

Pessimistic and too sensitive

Cannot take orders easily Romantic and sentimental

Basic Behav-ior

Make objectives clear Careful about decision-making

Make decisions fast Extremely practical

Possess great deal of confidence

Make things clear in black and white

Can be flexible Excellent in analyses

Honest, optimistic and energetic

Care too much about so-cial rules and standards

Do not care about rules Give fair criticisms

Respect scientific and practical findings

Cannot decide when it comes to important is-sues

Tolerance Strength and endurance depend on their aim

High tolerance for physical or repetitive work

Maintain the longest interest in what they do

Try to be hard-working

Give up easily if they find the job meaningless

Cannot take changes easily

Seem impatient Tend to be impatient

Lose interest in a hobby easily

Dislike repetitious work

How do they see their fu-ture and past?

Positive about the past, thus do not regret about the past

Try hard to forget the past Hard to forget recent affairs, but able to forget past and memories

Sentimental about the past

Seek financial stability for the future

Pessimistic about the future

More concern about the immediate problems than anything else

How do they express their emotions?

Usually stable and calm Able to display cool out-look even though angry

Expressive Sentimental

Sensitive towards sin-cerity

Short-tempered Cool and objective Usually cool and steady, but can get upset with an immediate, unsolved problem

Give frank, direct opin-ions

Take longer to heal a broken heart

Although joke a lot, could actually be very shy

Can get moody easily

Sensitive to others' opinions

Change moods like the weather

Cannot stop complaining when they are upset

How do they work?

Ability to concentrate vary from time to time, depending on aim

Perfectionist Creative and possess new ideas

Able to handle a wide scope of jobs

Mostly prefer to lead Handle one thing at a time

Cannot differentiate be-tween work and hobby

Value hard work

Can overlook details Work a line between work and personal affairs

Cannot take orders Quick in understanding

Highly responsible Do not hesitate to intro-duce innovative changes and are not worried about theirs criticisms

Not highly responsible and unable to follow-up on a project until its completion

Tend to choose hobbies which help them release stress

Tend to be artistic in approach

Source: Internet

1 2 3 4 5 6 7 8 9 10 11 12 Consultants’ Corner

What’s up at NCRCL?

Team NCRCL (RSM, Kishore, Bhavana, Namith and Krishnan) were at ICSR, IIT Chennai as a part

of implementation phase discussions of our earlier project.

Presentation of the next version of DocuMan by Raghu of Deltacadd on 20th Feb 2013 at NCRCL Bangalore and Chen-

nai through video conferencing

Study Circle meeting last month

1. Indian Philosophy and Heritage - Session III by Dr R S Murali on 30th Jan 2013

2. Business Process Re-engineering for Karnataka State Cricket Association by U S Mohanty on 22nd Feb 2013

RSM gave a talk on Achievement Motivation at NCRCL Bangalore office on 27th Feb 2013

An Exclusive Talk with U Shrikantha Maiya

U Shrikantha Maiya B E, PGDMM, PGD(HRM), PGDEEM&EA, MBA Working as Head Administration Born on 02nd January Email: smaiya@ncrcl.com Phone No: 080 23642795

CC. The meaning of your name.

S Maiya: Master of Lakshmi = Vishnu

CC. Nickname.

S Maiya: No nick name

CC. Your dream job.

S Maiya: It is too late to think about this now due to age

factor

CC Your first impression of NCRCL.

S Maiya: Well organized, well knit organisation

CC. What personal/emotional characteristic of yours do

you want to change?

S Maiya: Difficult to answer. I am not sure whether I can

really change my short comings if any at this age.

CC. Money or job satisfaction?

S Maiya: It should be both, depending on the

circumstances under which one is placed.

CC. Your Stress buster.

S Maiya: Develop philosophy that stress is part of our life

and on this we may not have any control.

CC. Do you have a small circle of close friends, rather

than a large number of friends?

S Maiya: It should be both. One must develop to have

small circle of close friends in the inner circle and should

have large number of friends with Lakshmana Rekha in

between.

1 2 3 4 5 6 7 8 9 10 11 12 Consultants’ Corner

CC. What do you most like about a person?

S Maiya: Simplicity, honesty, trust worthiness, hard

work and without ego.

CC. What do you most hate in a person?

S Maiya: Hatred, jealousy, revenge, groupism, politics

and indulging in destroying personal life of others.

CC. Team work vs Individual work – your

comments.

S Maiya: Team work‟

CC. Do you make efforts to get others to laugh and

smile?

S Maiya: Not much

CC. Your heart rules your head or your head rules

your heart?

S Maiya: This would be both depending on the

situation.

CC. What kind of special talent do you have?

S Maiya: Nothing special to mention

CC. What are your hobbies?

S Maiya: Listening to good and old music, watching

TV and occasional singing

Life offers its wisdom generously. Every-

thing teaches. Not everyone learns.

- Rachel Naomi Remen

Parichay Know our Associates!

Nathan India

Nathan India, in Chennai and Delhi is a wholly owned subsidiary of Nathan Associates Inc. USA.

Staffed with expert economists and highly skilled researchers, the subsidiary provides clients a range of

services from market surveys and econometric analysis of survey data to economic impact analysis of

industrial development on the environment. Clients include Indian banks, providers of analytical

services, and conglomerates, as well as U.S. trade associations and litigation clients. Nathan India is

also pursuing work in sports economics in the wake of cricket franchise development through the

Indian Premier League.

NCRCL® is proud to be associated with Nathan India. This association has led to the short listing of

the team as consultants for DFID funded projects in India. Many other ventures are in the offing

where NCRCL® expertise in finance can be utilised along with the economic analytical services of Na-

than.

Ha Ha Ha !!!

Quiz Corner

Birthday Corner!

1). With BRIC unable to live upto its promise, investors are looking at MINT. Which 4 countries make up the

MINT?

2). Why has Bangladesh Government decided to ban cartoon channels on TV in their country?

3). Which Bollywood entertainment co started as a book library started by Shethia and Maroo families in Mumbai ?

4). ____ is to India, what Coca Cola is to US. Name India‟s no 1 FMCG brand in terms of sales value.

5). The cricketer Anil Kumble‟s firm TENVIC has the tag line „ToENsureVICtory”. There is one more reason it is called

TENVIC. What is the reason?

Send in your answers to the editor at cc@ncrcl.com

Participants with the correct entry will be awarded with a Recognition Certificate by NCRCL.

Ability is what you're capable of doing. Motivation determines what you do. Attitude determines how

well you do it. - Lou Holtz

I feel it should be in landscape mode and comfortably fit the screen of any comp, laptop, or notebook. Is

there such an option? I feel it is cumbersome scrolling up and down.

-Jordi Griera

If you have any comment/suggestion for the editors, please write to us at cc@ncrcl.com! Your views and comments on

articles featured here are also welcome!

Answer To last month’s Knowledge Snippet question:

1). In terms of per capita income which is the richest country in the world ?

2). Twigs from which tree were recommended by Prophet Muhammad for brushing. It is also a brand.

3). In Google, for products to be accepted they need to pass a “toothbrush test “. What is it ?

4). Which Indian co is the largest tractor manufacturer in the world ?

5). Which recently released movie has been given two awards by Indian govt for promoting Indian tourism ?

Answer: 1) Qatar at 98,000+ $ , 2)Miswak, 3) Used atleast twice daily , 4) Mahindra and Mahindra, 5) Life of Pi

1 2 3 4 5 6 7 8 9 10 11 11 Consultants’ Corner

Your feedback

Karthik M V—6th March

Our Business Associates

NCR & Co

Chartered Accountants www.deltacadd.com

www.nathaninc.com

www.hsbconsulting.biz www.obsitech.com

www.altacit.com

www.fichtner.in/india.htm

www.4spl.biz

www.ineval.org

www.fugoconsulting.com

Karnataka Institute of

Public Auditors www.mcmillanwoods.com

Registered Office:

2nd Floor, New No. 4, Old No. 23, C P Ramasamy Road, Alwarpet,

Chennai - 600 018

Ph: +91 44 2466 0955

Fax: +91 44 4218 5593

Email: chennai@ncrcl.com

Branch Office:

#107, 1st Floor, Railway Parallel Road, Kumarapark West,

Bangalore - 560 020

Ph/Fax: +91 80 23560265

Email: bangalore@ncrcl.com

Contact

Website: www.ncrcl.com

NCR Consultants Limited

i2i IFRS