DEV Community: Riean Esteves

GRC Sounds Complex— Until You Realize You’re Already Doing It!

Riean Esteves — Tue, 03 Mar 2026 17:07:09 +0000

Governance Risk and Compliance (GRC) always sounded like one of those serious boardroom acronyms the kind that comes with long meetings and heavy documentation. While working on system audits using GRC frameworks, I realized that Governance, Risk, and Compliance are not just high-level corporate terms but indirectly implied on how IT systems are reviewed, controlled, and improved. What once seemed like theoretical knowledge became very practical. Through audits, I began to understand how governance structures, risk identification, and control validation come together in real-world IT environments.

What is actually the behind this GRC??

At its core, GRC consists of three interconnected pillars that ensure an organization operates responsibly, securely, and in alignment with its objectives.

Governance defines direction and accountability
Risk highlights what could impact stability or security and
Compliance ensures that established rules and standards are consistently adhered.

An organization must meet both its internal policy requirements and external regulatory obligations.

During audits, these concepts stop being merely conceptual and instead become visibly practical. Every control review, access validation, change assessment, or documentation check reflects one or more of these pillars in action.

💡 Why Beginners Should Learn GRC!!

Every industry needs it (banking, fintech, healthcare, SaaS)
It combines business + technology + regulation
It has strong career demand
It builds a solid foundation for audit, security, and risk careers

Even if you don’t work directly in GRC, understanding it strengthens how you approach IT processes.

🟢 Where ITSM and GRC Overlap!?

💫Here’s how I see the connection💡: ITSM Executes What GRC Governs!!

ITSM Process	GRC Concept
Change Management	Risk Mitigation
Incident Management	Operational Risk Handling
Access Management	Control Implementation
Service Reporting	Compliance Evidence

This is when it clicked for me:
GRC is not separate from IT operations🤝🏻.
It is embedded within structured service management.💼

Every approved change reduces risk exposure.
Every resolved incident demonstrates operational resilience.
Every access review strengthens control integrity.
Every report becomes compliance evidence.

When governance sets expectations and risk identifies exposure, ITSM ensures those expectations are operationally enforced.

😶‍🌫️The Visual That Made It Clear📊

I came across a visual representation of GRC structured like a periodic table. What made it interesting was not just the design but the clarity it brought.

At first glance, it may look complex. But once you observe closely, it reflects something simple the GRC is not one concept. It is a system of interconnected parts working together. This visual became the primary reason for writing this blog.

Because what seemed like separate activities in ITSM from change reviews, access validations, reporting, documentation are clearly part of a larger structured ecosystem.

GRC is not a checklist. It is an organized structure where every component supports another. Remove one element, and the system weakens.

💫Final Refelction

What once felt like a corporate acronym now feels like an integrated mindset.

This blog is not a deep dive into GRC frameworks it is simply a reflection on how structured service management quietly embeds governance and risk principles into everyday IT processes.

In the next piece, I plan to break down the elements of the GRC “periodic table” and explore how each component contributes to building resilient IT systems.

If you’ve experienced a similar overlap between ITSM and GRC, I’d love to hear your thoughts.

From Engineering to Corporate :2024 Rewind

Riean Esteves — Sun, 02 Feb 2025 18:08:23 +0000

This is a submission for the 2025 New Year Writing challenge: Retro’ing and Debugging 2024.

Retro’ing and Debugging 2024
As 2024 comes to a close, I find myself reflecting on a year filled with learning, challenges, and transformation. From being a student immersed in engineering concepts to stepping into the professional world as an auditor, a system quality assurance officer, this year has been a whirlwind of growth. It was a journey of pushing boundaries, embracing failures, and evolving into a more adaptable and resilient individual.

✨Lessons Learned in 2024 ✨

This year, I realized that my growth was a continuous process, and each phase of life comes with unique lessons. To me, these were not just academic or professional insights but fundamental shifts to my persona.

Throughout 2024, I developed a strong problem-solving mindset, analytical thinking, and drafting skills that played a crucial role for both my academic and professional journey.Engineering taught me that understanding concepts is just the beginning—the real challenge lies in applying them to real-world problems. My ability to structure information evolved significantly, transitioning from writing lecture notes📝 to framing MOM (Minutes of Meetings). Moreover, shifting from 👩🏻‍💻 writing code to ensuring compliance within coded codes gave me a broader perspective on quality assurance and regulatory standards, reinforcing my attention towards accuracy.

As I stepped into the professional world, I realized that mistakes are not setbacks but valuable learning opportunities.An effective communication and knowing when to ask for help proved to be crucial,🤝🏻 as seeking guidance often solved half the challenges I faced, while also teaching to meet deadlines and manage time. Having a strong support system of mentors and colleagues who always had my back allowed me to navigate obstacles more efficiently, making my transition into the corporate world smoother and more rewarding.🤩

✨Overcoming Obstacles📈

Despite the challenges, 2024 was a year of growth, achievements, and transformation. Completing my bachelor’s degree while actively participating in cultural and technical events pushed me to balance academics with leadership, even earning me the 🏆 Outgoing Student Cultural Excellence Award. Stepping into the corporate world was a major shift—from being an engineering student to navigating analytical data and compliance as a professional. Looking back, I see how failures, from coding errors to design flaws, weren’t setbacks but stepping stones that strengthened my persistence and problem-solving skills. I learned that success isn’t just about talent but about continuous effort, adaptability, and resilience. Managing multiple projects, handling deadlines, and embracing challenges shaped me into a more confident and solution-oriented individual. This year wasn’t just about achievements; it was about evolving, learning, and preparing for an even stronger future.With the support of the Dev community and other social media platforms, I broadened my horizons and deepened my knowledge.

From challenges faced to lessons learned,
Through trials and triumphs, my passion burned.
With every fall, I rose once more,
Stronger, wiser than ever before.

~Riean

✨Looking foward >>2025.. ✨

The lessons I’ve learned, the challenges I’ve faced, and the achievements I’ve celebrated have laid the foundation for an even stronger 2025. As I move forward, I carry with me the belief that growth is an ongoing journey, and every experience—good or bad—is a stepping stone toward excellence.

Here’s to another year of learning, adapting, and thriving!✨

Afterlife.exe: The Afterlife of Your Digital Footprint

Riean Esteves — Sun, 25 Aug 2024 18:28:01 +0000

404: User Not Found, But Their Data Lives On!!!

Ever wondered what your online life would look like after you've logged off for the final time? That, my friend, is your digital footprint—those traces of data that outlive even the best of us, haunting the internet like a ghost in the machine.

A digital footprint– sometimes called a digital shadow or an electronic footprint – refers to the trail of data you leave when using the internet. Right from posting on social media, subscribing to a newsletter, leaving an online review, or shopping online these are all example evidences of digi data. A digital footprint can be used to track a person’s online activities and devices. Internet users create their digital footprint either actively or passively, sometimes knowingly and mostly unknowingly .

Understanding the fate of your digital data after death is crucial because it affects privacy, security, and the emotional well-being of loved ones. Without proper planning, your online presence could be vulnerable to misuse, creating risks for both your legacy and those you leave behind.

Imagine, your digital life as a giant virtual junk drawer; one's social media accounts are like the endless selfie archives and birthday wish lists, your emails are a labyrinth of forgotten conversations, and your cloud storage is the virtual attic stuffed with photos and documents thess are types of Personal Data.Then there’s your Financial Data—think of it as the virtual piggy bank and subscription services that keep charging you even when you forget they exist. And don’t forget the legal stuff i.e. Legal Data : your digital contracts and signatures are the invisible ink that holds your online dealings together.

The debate over who gets to play keeper of your digital footprint after you’ve logged off for good is still raging—some say only your closest kin, others argue for no one at all—but luckily, there are rules and acts out there that might just help sort out the digital dust-up before it turns into a ghostly free-for-all.

When it comes to managing your digital afterlife, the legal landscape is as complex as a long-forgotten password. From Europe’s GDPR with its right to be forgotten, to the CCPA in California giving you control over your data even after you've logged off for good, and the UFADAA across U.S. states letting executors handle your digital assets like physical ones, there are plenty of rules in play. Australia’s Privacy Act and India’s Information Technology Act add more layers to the mix. But the latest player in this game is India’s Digital Personal Data Protection Bill, 2023, passed on August 7, 2023. This bill lays down clear obligations for entities handling your data and reinforces the rights of individuals to control what happens to their digital footprint. So, while the debate over who should access your data after death continues, these laws offer a roadmap—helping you keep your digital legacy from turning into a wild west.

When managing a deceased person's digital footprint, start by contacting digital service providers like Google, Facebook, or Apple, as they have procedures for account management or deletion. For financial and legal issues, consult the executor of the estate or a legal professional in digital assets. If privacy concerns arise, reach out to a data protection authority or a relevant government body, such as India’s Data Protection Authority under the Digital Personal Data Protection Bill, 2023, to ensure the digital legacy is handled legally and respectfully.

In the digital realm where our data takes flight,
Our online traces linger, both day and night.
In cyberspace, your digital trace lingers on,
A footprint in the ether, though you’re gone.
Secure your legacy, let your wishes be known,
So your online story is handled with care, not alone.
Plan ahead for the future, don’t let it be a plight,
Ensure your digital world’s managed just right!!
~Rieesteves

Conclusion

Planning for your digital data after death is as crucial as any other aspect of estate planning. It ensures that your online presence is managed according to your wishes, protecting your privacy and legacy. Take proactive steps now—designate legacy contacts, create a digital will, and familiarize yourself with relevant laws—to secure your digital footprint and give your loved ones peace of mind.

Ref: Digital After life

Drop a comment below with your digital legacy thoughts or questions—because even in the afterlife, we could use a little help with tech support!

From Policy to Compliance: Unpacking the Key Annexures of ISO 27001

Riean Esteves — Sun, 04 Aug 2024 18:54:32 +0000

In the world of ISO 27001, the international standard for information security management, whether you're a business owner, IT professional, or just someone interested in understanding how organizations protect their data, this guide will help you navigate the essential clauses and annexures of ISO 27001

ISO 27001 provides a clear guide for setting up, running, and improving a system to manage information security. It has 11 main sections, but the heart of the standard is Clauses 4-10. These sections lay out a step-by-step process to handle security risks and protect your information's confidentiality, integrity, and availability.

Key Clauses and Their Significance

Clause : Type	Description
Clause 4: Context of the Organization	Understand Internal/External Issues: Understands internal/external issues, stakeholder needs, and defines ISMS scope.
Clause 5: Leadership	Top Management Commitment: Top management's role in leading and committing to the ISMS.
Clause 6: Planning	Risk Management: Identifies and addresses information security risks and opportunities.
Clause 7: Support	Resource and Competency Management:Ensures resources, competencies, and documentation are in place to support the ISMS
Clause 8: Operation	Top Management Commitment: Executes risk treatment plans and manages information security operations.
Clause 9: Performance Evaluation	Monitoring and Measurement: Monitors, measures, analyzes, and evaluates the ISMS for effectiveness.
Clause 10: Improvement	Continuous Enhancement: Continuously enhances the ISMS through corrective actions and process improvements.

The Annex A is like a toolkit that helps organizations identify and mitigate potential risks to their information systems. It covers everything from creating security policies and managing employee access to implementing physical security measures and ensuring compliance with legal requirements. Let's dive in and explore how these essential annexures work together to create a robust framework for protecting your organization's valuable information.

The ISO 27001 ANNEX A provides the essential controls for ensuring information security...
It starts with A.5, where there is a need for clear and solid security policies such as guidelines on how to handle data. A.6 defines who should bear the responsibility of performing security duties. Furthermore, A.7 mandates that certain precautions be taken when hiring, working at an organization and leaving it with a particular focus on training employees in sufficient measures.A.8 involves keeping track of information assets and protecting them properly. A.9 controls who can access information to ensure only authorized individuals have access while A.10 gives guidance on using storage media for holding data securely particularly hard disks for backups, optical discs for original copies of important files and flash drives. A.11 secures physical spaces and equipment. A.12 ensures IT systems run securely, including managing changes and protecting against malware. A.13 secures communication channels and networks. A.14 integrates security requirements into software development and deployment. A.15 manages security when working with third-party suppliers, ensuring they follow security requirements. A.16 sets up procedures to quickly detect and respond to security incidents. A.17 integrates security into business continuity plans to ensure resilience during disruptions. Lastly, A.18 ensures compliance with legal and regulatory requirements through regular audits and reviews.

From Policy to Practice: Implementation Tips

To implement Annex A controls, start with a risk assessment to identify your security needs. Develop clear security policies and communicate them to all employees. Assign security roles and ensure accountability. Conduct regular training and awareness programs. Implement access controls to restrict information access and use encryption to protect data. Regularly review and update security measures to address new threats. Establish incident response procedures and integrate security into business continuity planning.

In Conclusion , Pursuing ISO 27001 compliance boosts your organization’s security and trust with stakeholders. Implementing Annex A controls protects your information and shows your commitment to security. Regular improvements and audits ensure your measures stay effective. ISO 27001 compliance gives you a competitive edge, improves efficiency, and reduces security risks, creating a safer business environment.

The IT Auditor’s Secret Sauce for SSPA Compliance

Riean Esteves — Sat, 20 Jul 2024 18:07:43 +0000

In today’s digital landscape, data security and privacy are paramount for maintaining trust and compliance. Microsoft’s Supplier Security and Privacy Assurance (SSPA) program sets a high standard for suppliers, ensuring they adhere to rigorous security and privacy requirements when handling Microsoft’s data. For IT auditors, understanding and effectively implementing the SSPA program is crucial. This guide provides a comprehensive overview of the key elements of the SSPA.

Introduction to SSPA Program

The Supplier Security and Privacy Assurance (SSPA) program by Microsoft ensures that suppliers handling Microsoft’s data adhere to stringent security and privacy standards. This program mandates suppliers to regularly attest compliance with Microsoft's Data Protection Requirements (DPR), conduct independent assessments, and manage a Data Processing Profile (DPP). IT auditors play a pivotal role in this ecosystem, acting as the unsung heroes of data privacy by meticulously evaluating and enforcing these controls. They ensure that every byte of data is protected, every risk mitigated, and every compliance box ticked, thereby safeguarding sensitive information from potential breaches and fostering a culture of trust and security.

Key Components

Data Processing Profile (DPP): Keeping it real.
The DPP outlines how a supplier handles data, providing a clear picture of their data processing activities and ensuring transparency.
Data Protection Requirements (DPR): The rules of the game.
The DPR sets the mandatory security and privacy standards suppliers must follow to protect Microsoft’s data.
Independent Assessments: Calling in the reinforcements.
These are third-party audits that verify a supplier’s compliance with the SSPA program’s stringent requirements.
Compliance Status: Staying in the green zone.
This indicates whether a supplier is meeting the required standards, helping them maintain a compliant and secure status

Basic ITGC Controls

Control Areas	Key Security Controls / Description
Access Controls	User Access Management: Authorized access only.
	Multi-Factor Authentication: Multiple verification steps for extra security.
Change Management	Change Control Processes: Formalized change requests and reviews.
	Testing and Approval: Ensures changes are tested and approved.
Data Backup and Recovery	Backup Procedures: Regularly back up critical data.
	Recovery Testing: Test backup and recovery processes.
Incident Management	Incident Response Plans: Predefined strategies for breaches.
	Incident Detection and Reporting: Quick identification and reporting.
Logical Security	System and Network Security: Protects IT infrastructure.
	Patch Management: Regular system updates and fixes.
Physical Security	Physical Access Controls: Restricts access to IT infrastructure.
	Environmental Controls: Protects against environmental hazards.
Data Encryption	Encryption Standards: Encrypts data at rest and in transit.
Audit and Logging	Logging and Monitoring Practices: Tracks system access and changes.
	Log Retention and Review: Regular review of retained logs.
Third-Party Management	Vendor Risk Management: Assesses and manages vendor risks.
	Contractual Controls: Includes security requirements in vendor contracts.
Compliance and Training	Compliance Programs and Regular Audits: Ensures ongoing adherence.
	Security Awareness Training: Educates employees on security practices.

Tools used conducting SSPA Audit

Risk Assessment Tools:
- Archer: Streamlines risk assessment processes. Archer
- MetricStream: Provides comprehensive risk management solutions. MetricStream
Compliance Management Tools:
- OneTrust: Simplifies compliance with various privacy laws. OneTrust
- TrustArc: Manages compliance risks and data privacy. TrustArc
SIEM Tools:
- Splunk: Monitors and analyzes security data. Splunk
- IBM QRadar: Detects and responds to security threats. IBMQRadar
Vulnerability Assessment Tools:
- Qualys: Identifies vulnerabilities in IT systems. Qualys
- Nessus: Performs comprehensive vulnerability assessments.
Incident Response Tools:
- Cortex XSOAR: Automates incident response processes.
- TheHive: Facilitates collaborative incident response. TheHive
Data Encryption Tools:
- Vormetric: Protects data through encryption and access controls.
- Azure Information Protection: Classifies and protects data. Azure Information Protection
Documentation and Workflow Tools:
- Confluence: Supports collaboration and documentation.
- JIRA: Manages project workflows and tasks.
Monitoring and Logging Tools:
- ELK Stack: Provides real-time logging and monitoring. ELK Stack
- Graylog: Simplifies log management and analysis. Graylog

Thus in Conclusion ..,
Ensuring compliance with Microsoft’s Supplier Security and Privacy Assurance (SSPA) program is no small feat, but it’s a crucial part of maintaining data security and trust in today’s digital landscape. By understanding and implementing the key IT General Controls (ITGC) and following a structured audit process, IT auditors can safeguard sensitive information and uphold high standards of privacy.

Through rigorous auditing, IT auditors not only verify compliance but also identify areas for improvement, ensuring continuous enhancement of security measures. This proactive approach helps in mitigating risks and preventing data breaches.

As the field of data security evolves, staying updated with the latest SSPA requirements and best practices is essential. Continuous learning and adaptation are key to maintaining effective audits and robust data protection frameworks. Remember, every audit is a step towards a more secure digital environment, making IT auditors the unsung heroes of data privacy.

By following these guidelines and embracing the importance of thorough audits, we can ensure that data remains secure and trusted, paving the way for a safer digital future

Exploring ITGC Controls in Application, OS, and Database.

Riean Esteves — Fri, 12 Jul 2024 10:58:53 +0000

In today’s interconnected world, securing the application, operating system (OS), and database (DB) layers isn’t just prudent—it’s essential.
In the previous blog we got to know about the basis and basic controls in ITGC.. thus now let us understand the Critical Connections while Exploring ITGC Controls in OS, Application, and Database

Let us get a better insight of these controls over :

Application Layer
OS Layer (Operating System)
DB Layer (Database)

Overview of the Controls in the Layers

Layer	Key Security Controls
Application	Logical Access Management, Change Management, Patch Management, Email Security, Logging and Monitoring (SIEM), Incident and Problem Management (ITIL)
Operation System	Physical Access Management, Physical and Environmental Controls, Backup Management, Network Security, Endpoint Security (Antivirus, DLP), Asset Management
Database	Logical Access Management, Change Management, Backup Management, Vendor and Third-Party Risk Management, Business Continuity Plan and Disaster Recovery, Capacity Utilization and Planning

Application Layer

Logical Access Management : Implementing RBAC (Role Based Access Controls) this ensure restricted access of application functions and data according to the user roles and responsibilities. Segregating the duties within applications to prevent conflicts of interest and reduce the risk of fraud

Learn about RBAC implementation and benefits from resources like TechTarget's RBAC guide !
Change Management : Establishes a formal change management process for applications to track and authorize changes. It ensures, that changes are properly tested and approved to maintain application integrity and functionality
Patch Management : Applying the patches and updates to application software to address security vulnerabilities and bugs thereafter Test the patches in a controlled environment to minimize disruption to application operations.
Email Security : Implement email security controls within applications to protect against phishing attacks, malware attachments, and unauthorized access to email accounts, these are some of the protocols used :- SPF/DKIM/DMARC
Logging and Monitoring (SIEM): : Implement logging mechanisms within applications to capture and monitor events related to user activities, system operations, and security incidents. Integrate with SIEM (Security information and event management) for centralized monitoring and analysis.
Incident and Problem Management (ITIL): To handle accidents and issues pertaining to applications, adhere to ITIL procedures. To reduce recurrence, keep incident records, examine the underlying reasons, and take corrective action.

Explore ITIL's incident management processes through resources like AXELOS ITIL guides.

Operating System

Physical Access Management : Implement physical security controls such as access cards, biometric authentication, and surveillance cameras to prevent unauthorized access to servers and workstations.
Physical and Environmental Controls :Ensure servers and data centres have physical security controls like secure facilities, temperature monitoring, fire suppression systems, and backup power supplies.
Backup Management: Regularly back up OS configurations, system files, and critical data to prevent data loss and periodically test restoration procedures to ensure reliability and quick restoration in case of failure.

Backup Management Best Practices:

Guidelines for implementing effective backup strategies can be found on Backblaze's blog.
Network Security :Configure firewalls, IDS/IPS, and VPNs to protect OS layer from unauthorized network access and attacks, and continuously monitor network traffic for potential security breaches.
*Endpoint Security (Antivirus, DLP) *: Install antivirus software and DLP solutions on endpoints to protect against malware, unauthorized data transfers, and other security threats
Asset Management: : Maintain an inventory of OS licenses, software versions, and hardware configurations. While tracking the assets to ensure compliance with licensing agreements and optimize resource allocation.

Database Layer

Logical Access Management : Implementation of access controls within databases to restrict users' access to sensitive data based on their roles and responsibilities. Separating the duties for database administrators (DBAs) and application developers to prevent unauthorized data access.
Change Management : Develop and test database schema, stored procedures, and SQL queries controls in a development environment before deploying them to production.
Backup Management :Perform regular backups of databases to protect system work against data loss. Storing backups securely and ensure they are tested for reliability and integrity.

Disaster Recovery Planning

Guidance on disaster recovery planning is available from IBM's disaster recovery resources.
Vendor and Third-Party Risk Management: Assess security risks associated with third-party database vendors and service providers. Review contracts and service level agreements (SLAs) to ensure compliance with security requirements.
Business Continuity Plan and Disaster Recovery : Create and test procedures for data restoration and database recovery in the event of a disaster, guaranteeing business continuity to reduce downtime and data loss.
Capacity Utilization and Planning: Database performance metrics, including CPU utilization, memory usage, and storage capacity, should be monitored. Planning for scalability and resource allocation is crucial to accommodate increasing data needs.

Database Security Best Practices

Learn about securing databases from Oracle's database security guide.

Each layer of IT infrastructure (Application, OS, DB) requires tailored controls and management practices to mitigate risks effectively, ensure regulatory compliance, and maintain operational resilience.
Audits play a crucial role in verifying the implementation of these controls and assessing the overall security posture of the organization. By adhering to best practices and leveraging comprehensive security frameworks like NIST, ISO, or CIS, organizations can enhance their ability to protect sensitive data, respond to incidents, and sustain business continuity.

Working Towards Compliance through ITGC !

Riean Esteves — Thu, 11 Jul 2024 09:40:35 +0000

In the auditing world , the focus is on verifying compliance with procedures by addressing the key questions about People, Processes, and Technology ie. PPT

ITGC stands for Information Technology General Controls. These are the foundational controls that ensure the overall effectiveness and efficiency of an organization's IT environment.

The basic general controls of ITGC include :

Access Controls: Making certain that only people who truly have the right to access such kind of software and data.
Change Management: Organizing IT systems in such a way that changes meet the requirements, are approved, tested, and done.
Backup and Recovery: Protecting data and maintaining it through the system with the help of the appropriate procedure of backup and restoration.
IT Operations Controls: Ensuring the proper functioning of IT systems, including job scheduling, performance monitoring, and error handling.
Physical and Environmental Controls: Protecting IT infrastructure from physical threats like theft, fire, and natural disasters.
Security Management Controls: Writing regulations and ways unclear in IT assets that prevent unauthorized access. _________________________________________________________________________

Categories of IT General Controls
1. Access Controls

User Access Management: Controls around creating, modifying, and deleting user accounts.
Segregation of Duties: Ensuring that no single individual has the ability to execute and control all stages of a critical process.
Authentication and Authorization: Verifying the identity of users and granting appropriate access rights based on their roles and responsibilities.

2. Change Management

Change Control Procedures: Formal processes for requesting, reviewing, approving, testing, and implementing changes to IT systems.
Version Control: Managing and documenting changes to software versions and configurations.
Emergency Change Procedures: Protocols for handling urgent changes that cannot wait for the regular change management process.

3. Backup & Recovery

Data Backup Procedures: Regular and secure backup of critical data to ensure availability in case of data loss or corruption.
Backup Storage and Testing: Storing backups securely and periodically testing the ability to restore data from backups.

4. IT Operations Controls

Job Scheduling: Automating and scheduling IT processes to ensure timely execution without human intervention.
Incident Management: Processes for detecting, reporting, and resolving IT incidents.
Monitoring and Logging: Monitoring the performance and security of IT systems and maintaining logs for auditing purposes.

5. Physical and Environmental Controls

Data Centre Security: Physical security measures to protect IT infrastructure from unauthorized access and environmental threats.
Environmental Monitoring: Monitoring and controlling environmental factors such as temperature, humidity, and power supply to ensure optimal conditions for IT equipment.

6. Security and Management Controls

Network Security: Protecting networks from unauthorized access, including firewall configurations and intrusion detection systems.
Vulnerability Management: Identifying, assessing, and mitigating vulnerabilities in IT systems and applications.
Security Awareness Training: Educating employees about IT security best practices and policies to reduce human-related risks.

Importance of ITGC
ITGCs manage risks, ensure compliance, support financial reporting accuracy, and improve operational efficiency by ensuring data integrity, ensuring financial reporting reliability, and streamlining IT operations.

In summary, ITGCs are fundamental controls that organizations implement to safeguard their IT environments, ensure operational efficiency, and mitigate risks associated with IT operations and data management.

Decoding Databases: The Backbone of Data Science

Riean Esteves — Sat, 22 Jun 2024 12:22:40 +0000

Data is the most important part of the architecture in Data Science which organizes all the data by making it to be the most efficient by storing, managing, and realizing large data sets(data records) at high speeds also being cost-effective.Thus inorder to understand this futher let dive into the conceptual understanding first.

Computer Science , solving tomorrow’s problem with yesterday's bugs! Computer Science deals with the study of algorithms that define logic, data structures, computation, and databases. It creates a website and makes analytical algorithms to find trends of providing both theoretical and practical tools for user-friendly systems.

It is obviously understood that data and databases are among the core thoughts within the realm of computer science, accommodate, organize, and analyze data in its diversified forms and structures. RDBMS/SQL, NoSQL, cloud, and time series databases scale and flex to bridge that gap.

Information analysis and visualization are interpreted into meaningful actions that result from the application of visualization software, machine learning algorithms, and data mining techniques. It is powered and made more powerful by next-generation big data technologies like Hadoop and Spark.

Connecting the Dots: How Databases Fuel Data Science Innovations!!
Lets us understand with an example : fictional online-retail - ‘ShopMart’

In this example of online retail 'ShopMart':

The Role of computer science ensures creating secure, scalable, and user-friendly systems.
Database structure, design, and normalization ensure a secure system while maintaining data storage and organizing on types of data. Transaction management guarantees reliable operations and integrity of data even in case of system failure.
Sales data analysis depicts trends and facilitates better purchase experiences.It aids in the optimization of purchase experiences by identifying the trends and recommending relevant merchandise.

Descriptive statistics algorithms, collaborative filtering tools like Tensorflow, Seaborn, together with data mining and big data technologies: Hadoop and Spark used.

Thus Computer Science Driving insights and innovation through data.

The Dynamic Duo of Modern Computing !!

Riean Esteves — Sat, 22 Jun 2024 12:00:14 +0000

This is a submission for DEV Computer Science Challenge v24.06.12: One Byte Explainer.

From Storage to Insight : How Databases Drive Data Science

Database the architects of order and efficiency, that in turn turn chaos into clarity the world of data for computer science. A well-designed database is like a well-organized library. Data science that transforms numbers, patterns into insight and wisdom.

Additional Context

Types of Database

Overcoming the Fear of LOCO(Lines of Coding)

Riean Esteves — Tue, 14 Sep 2021 04:26:17 +0000

A little more than 250 lines under font-size of 18pxl,the worse fear rather nightmare for beginners. And if there is a comma or a semi-colon missing, the slightest error of spelling and the whole program goes for a toss. Fear of LOCO (Lines of coding)/ Coding is not exactly a fear but a mindset which sets you feared.

Attributes, arguments ,class ,method, objects ,function, parameter's and more.... and end-list list of these technical jargons. How frightening are these to hear and understand initially; but gradually with time one can ACE it and code with EASE! These are building blocks of a code and structure the program efficiently.

FEAR of LOCO(Lines of Coding)!!!

As a beginner a new IDE( text editors for coding) with some fancy language and amazing colors fascinating at first as complexity of code increases it increase the fear!
Now this fear, is it Fear of length of code? Confused with concepts? thinking its out of ones capability! afraid to mess up the hard work? tendency to error up as having knowledge of too many languages(java, c, python, html, etc) whatever the option the bottom line thereafter lies happiness when the code successfully runs at the wink of your eye! This lost happiness can be easily found if this minor fear is over-come. Coding is not an easy task like having a piece of cake and one should be in the attitude of "Oh ! This is not my cup of tea !" , this is where the fear begins in us.

The Question now arises :

How do we overcome ????

1.Keep a positive attitude and well planned structural idea in mind
Before one starts to code keep a rough structure jotted down. This will help to keep a track of your work pending/done , also it will help in building up your self confidence and esteem.

2.Learn coding from Good Resources
With Online being better preferred option rather than the tradition books learning ,there are various open source learning platform's that help you get better in this field
As a beginner / even later these are some sights I find very helpful to learn new ways/styles to clear a concept and to tackle a statement.( *The resources are attached at the end)

3.Master one Language at a time.
Don't be the jack of all and master on none, learn one language either C++ , Java , Python ;or whichever you feel easy the best.
No one is 100% perfect to learn everything in a short span of time and remember it at the wink of an eye . However there is no harm in re-watching videos or reading articles again to understand a concept. The outcome should be whatever the problem may be one has an ideal technical logic in-order to come up with a solution.

4.Don't Worry about the near future
Coders usually tend to worry and question themselves with What If?! This attitude is not very heathy always .Thinking about the future whether a code runs or no will affect one currently typing and having a clear idea set also one can tend to end up with multiple silly typo-errors. It might lead to a break in the flow of the process which eventually can create a mess in your code so Just stay calm and keep typing!!

5.Begin with Small Steps
However experienced one may be , in whichever aspect a small start has always lead to a wonderful turnover. Similarly with coding; Don't just get super-fascinated after learning some concepts and jump to a conclusion you know it all! and try doing something out of hand out of thought and get caught up with fear of LOCO.
Start small by this I mean break the complex problem in simple easy solvable steps

clickhere to read more

6.Google the best companion
You know the best answers to the solution is Ok Google!!
Searching and learning via google is no harm but yes one should know the subject and research more and not just 'Ctrl + C' & 'Ctrl + V'. but understand and add you own twist in it.

7.Reach Out
Reach out to the professional/ your peers.
*Teachers/ Professors (School /college/University)
*Peers
*community learning
You lend a hand for help and then reach out to those who seek. A best two way learning process and most helpful way to overcome fear of coding.

8. Coding everyday helps the LOCO fear go Away!
Yes indeed, a small amount of coding daily helps you get a better in logical thinking as well as increases your typing speed. Some may find it funny with a bustling busy schedule how can I code everyday? But if one gets to this practice, there is no fear that can overpower your will power.

Lastly, LOCO fear isn't a harm ; well unless you overstress, and overthink about the outcome in future . Lines of coding gradually increases with experience and professional status or work load so.. break you work , and code with Ease. Remember to overcome LOCO you need to defeat he fear in your mind your hand will automatically work smoothly. As beginners just be a master of one and not a jack of all; it eventually helps you with clear idea of usage of tags parameters etc in your code.

  Links to the online resources