The CIA triad is a high-level checklist to evaluate security procedures. It is a vital model used to assess the risks, threats, and vulnerabilities of the system.
The CIA triad, also known as the AIC triad, is a benchmark model to assess Information Security. It guides security professionals in protecting any asset that is valuable for running a business.
Security testing should start from the requirement phase in the Software development lifecycle, and it should be integrated into every phase in SDLC.
CIA triad is helpful in identifying the information to be protected and in defining security requirements needed for an application.
CIA Triad stands for Confidentiality, Integrity, and Availability.
Confidentiality ensures that the system or data is exposed to the right users. This could be ensured by having the following four security measures in an application. They are Identification, Authentication, Authorization, and Encryption.
The confidentiality of an application is assessed by knowing whether the sensitive information in a system is disclosed to unauthorized users. The sensitivity of data is a measure of its importance. The owner of the data decides the sensitivity measure of the data.
Integrity ensures that the data is reliable. The system or data should be accurate, complete, and consistent.
The integrity of the data could be ensured by having proper security measures in our system. Some of them are Hashing, User access controls, Version control, Backup and recovery procedures, Error checking, and Data validation.
The integrity of the data is measured using a factor called the baseline. The baseline is the measure of the current state of the data. The goal of integrity is to preserve the baseline throughout the transaction.
The data or system should be available to the users when and wherever it’s needed. The availability of the application could be ensured by using Hardware maintenance, Software patching/upgrading, Load balancing, and Fault tolerance.
Appropriate levels of availability should be provided based on the criticality of the data. Criticality is the measure of the dependency of a system on data to perform its operation.
CIA triad helps in understanding and prioritizing the severity of a vulnerability in an application. Neglecting the CIA triad makes the application vulnerable to Interruption, Interception, Modification, or Fabrication class of attack.
CIA serves as a yardstick to evaluate the security of an application. If CIA triad standards were met, then the security of that system would be stronger and better equipped to handle threats.
Is CIA Triad enough for Information Security? – No, but it covers most of the security loopholes in an application.
Authored by Shamphavi Shanmugasundram @ BISTEC Global
This article explains how to develop a real-time data integration using Azure resources and a python program. Using Azure event hub & Azure stream analytics, we are going to retrieve real-time stock details to the Power BI dashboard.
Sign in to the Azure portal and navigate to your resource group section. Then create a resource group under your subscription.
Search Azure Event Hub in the marketplace and create an event hub namespace.
Now create an event hub under the event hub namespace and also you can configure partition count as well.
To communicate event hubs with the python program, we have to create an access policy under the event hubs namespace. Go to Shared access policies in the left side panel.
Then create a shared access policy with the “Manage” option and save.
Search Azure Streaming Analytics in the marketplace and create. And remember to select the same geographical location as an Azure event hub namespace. Using stream analytics, you will be able to access data sent through the Azure event hub.
After Creating a streaming analytics job, we have to configure the input for the stream analytics job. Go to the input section under the job topology and set up the event hub configuration.
Using the Python program, we are going to retrieve stock information and send that information to azure using an azure event hub configured in our azure account.
Import the below libraries to develop a python program
from dis import findlinestarts import pandas as pd import json from yahoo_fin import stock_info as si from azure.eventhub.aio import EventHubProducerClient from azure.eventhub import EventData from azure.eventhub.exceptions import EventHubError import asyncio from datetime import datetime import warnings warnings.filterwarnings("ignore", category=FutureWarning) warnings.filterwarnings("ignore", category=DeprecationWarning)
Python program to send stock information to an azure event hub
con_string = 'Event Hub Connection String' eventhub_name = 'Event Hub Name' def get_stock_data(stockName): stock_pull = si.get_quote_data(stockName) stock_df = pd.DataFrame([stock_pull],columns=stock_pull.keys())[['regularMarketTime','regularMarketPrice','marketCap','exchange','averageAnalystRating']] stock_df['regularMarketTime'] = datetime.fromtimestamp(stock_df['regularMarketTime']) stock_df['regularMarketTime'] = stock_df['regularMarketTime'].astype(str) stock_df[['AnalystRating','AnalystBuySell']] = stock_df['averageAnalystRating'].str.split(' - ',1,expand=True) stock_df.drop('averageAnalystRating',axis=1,inplace=True) stock_df['MarketCapInTrillion'] = stock_df.apply(lambda row: "$" + str(round(row['marketCap']/1000000000000,2)) + 'MM',axis=1) return stock_df.to_dict('record') datetime.now() get_stock_data('AAPL')
async def run(): # Create a producer client to send messages to the event hub. # Specify a connection string to your event hubs namespace and# the event hub name. while True: await asyncio.sleep(5) producer = EventHubProducerClient.from_connection_string(conn_str=con_string, eventhub_name=eventhub_name) async with producer: # Create a batch. event_data_batch = await producer.create_batch() # Add events to the batch. event_data_batch.add(EventData(json.dumps(get_stock_data('AAPL')))) # Send the batch of events to the event hub. await producer.send_batch(event_data_batch) print('Stock Data Sent To Azure Event Hub') loop = asyncio.get_event_loop() try: loop.run_until_complete(run()) loop.run_forever() except KeyboardInterrupt: pass finally: print('Closing Loop Now') loop.close()
Once we completed the python program, we can see the python program sending data to an azure event hub. To verify that, go to Azure Stream Analytics Job> Query section.
In this section, we are going to develop a Power BI dashboard using real-time data coming through an azure event hub.
To Create a Power BI dashboard, navigate to the output option under “Job Topology” and add the Power BI option as below.
Then Configure the below information and authorize to create of a Power BI dataset in your workspace
Now go to Power BI workspace and you can see the dataset created using the stream analytics job.
To create a dashboard, Go to the new and select the dashboard option in the menu section, and type the name for your Power BI dashboard.
Now we can add visuals to the Power BI report and to that, go to the edit section and select the “Add Tile” option.
Select the “Custom Streaming Data” option and select the dataset we created using Azure Stream Analytics Job.
Now you can add multiple Cards, Line Charts, etc depending on your requirement. There are only a few visuals available for streaming analytics data but we will be able to create a meaningful dashboard using available components.
Authored by Janaka Nawarathna @ BISTEC Global
The faster your page loads, the longer visitors spend time on your website. Here is a new framework that makes the loading time of your web page 10X faster. This amazing technology is AMP or Accelerated Mobile Pages. AMP optimizes a web page’s loading speed time to just a few seconds.
AMP is an open-source HTML framework developed by the AMP Open-Source Project. Google created it as a competitor to Facebook Instant Articles and Apple News. It is optimized for mobile web browsing and designed to help web pages load faster. And AMP pages can be cached by a CDN, such as Microsoft Bing or Cloudflare’s AMP caches, allowing pages to be served speedily.
Usually, mobile pages have problems like slow loading, unresponsive pages and content displaced by ads et cetera. Studies show that,
Maintaining a fast mobile website to overcome these problems on your own often requires large development teams or specialized skill sets.
AMP helps to overcome these issues as a smart solution. It does not require a large development team budget. And to top it off, it is compatible with all modern browsers!
With AMP you can have,
For developers and publishers, it creates opportunities for distribution on Google, Bing, Twitter, LinkedIn, Pinterest etc.
Accelerated Mobile Pages are built of 3 components – AMP HTML, AMP JS, and AMP Cache.
AMP Cache helps with validating AMP pages with fetched cache. AMP is component-based and is not dependent on any special tooling. All components are with Standard HTML, CSS & JS.
AMP provides a static layout and minimum size stylesheet with inline & size-bound CSS.
“Hello World” with AMP
Authored by Evantha Harshana @ BISTEC Global
Power Virtual Agents from Microsoft allow you to develop intelligent chatbots that can answer questions from users, consumers, and even workers in many languages, allowing you to automate customer service and team management activities.
What is the most attractive feature of Power Virtual Agents?
No programming is needed!
It is also called low code – no code concept as you may incorporate these bots into your processes without the assistance of any data science or engineering staff. This ensures fewer outgoings and none of the complicated code that is expected when integrating this technology.
Within this blog let’s discover how Power Virtual Agents make things easy to connect with consumers in a variety of settings.
Power Virtual Agents from Microsoft are intelligent chatbots that respond to inquiries from clients, customers, and team members without the need for human interaction. Rather than dealing with staff communications constantly or paying a large customer care crew to speak with customers, you may create smart bots that handle all of the jobs for you.
Chatbots are growing more popular for businesses of all sizes. According to research, by the end of 2021, 85 percent of customer contacts will be conducted without the use of human agents. And chatbots can lower operating expenses in an organization by up to 30 percent.
Power Virtual Agents, on the other hand, are even more beneficial to organizations due to their integration with so many other programs, services, and connections in the Microsoft ecosystem. Power Virtual Agents, which are part of the Power Apps package, sync with numerous technologies to facilitate interactions across many platforms. For example, Microsoft Teams. When Power Virtual Agents and Teams are combined, you can automate chats with teammates and solve problems rapidly.
Power Virtual Agents enables you to build intelligent chatbots that can respond to inquiries provided by customers, other workers, or visitors to your website or business.
These bots may be simply constructed without the assistance of data scientists or engineers. Power Virtual Agents bots have been utilized in a variety of ways, including,
Power Virtual Agents is accessible as a standalone web app as well as an inbuilt app in Microsoft Teams. Most of the features are similar across the two. However, depending on how you want to use Power Virtual Agents, there may be distinct reasons to select one version over the other.
Topics for the bot can be created by users, who can program conversation pathways that can have several branchings based on the customer’s inquiries and replies to the Power Virtual Agent. The authoring canvas may be used to configure topics. Topics can be toggled on and off.
When a new bot is formed, the system generates lesson topics that the Power Virtual Agent administrator may utilize to learn how to develop Power Virtual Agent content. Please keep in mind that these lesson topics are just for training purposes and should not be used in production.
Each topic should have a few keywords linked with it. Trigger phrases are phrases or keywords that users may enter to direct the bot to a certain topic. It’s critical to realize that trigger words don’t have to be accurate, which is where machine learning comes in. For example, if a subject includes a trigger phrase named “I want help” but the user enters in “help” or “need a help” the bot will still direct the user to the correct topic.
Power Virtual Agent has a library of pre-built entities. Entities may be used to inform the bot not only what sort of data to look for when a client writes into the chat window (email address, money, a person’s name, etc.), but also how to record that data. There is, for example, an age object that allows Power Virtual Agent to extract an actual number from the data entered in the chat window. If the user input is ‘I’m 19 years old,’ the bot will save the value ’19’. Alternatively, if someone writes in ‘Five years,’ the bot will save it as a value of ‘5’.
We may also design our own custom entities, which allow us to enter a list of objects as well as synonyms for those items. These lists can be used to organize or categorize words. For example, if you’re creating a bot to handle the status of a request, you may have an object named Request Status with values like ‘Pending’, ‘Completed’, ‘Rejected‘, and so on. By putting these elements into a single list, the bot is able to better analyze the data that is entered.
We may enable smart matching in these custom entities, which allows the bot to detect things in the list even if the user misspells an item or uses a similar term, such as matching ‘status’ to ‘state.’
From this point, we can start to build our bot. Admins will most likely spend most of their time here, as this is where subjects’ questions, responses, actions, and variables are configured. Anyone with less knowledge about chatbots can also write the canvas’s user interface, although it might get a little busy if you have a lot of questions with different branches. When you begin to construct your dialogue, you have several alternatives to pick from,
Variables are placeholders in which the application records customer responses and can be used in a variety of ways by administrators. The variable data can be used in the conversation that Power Virtual Agent has with the customer.
For example, if Power Virtual Agent asks the customer what his first name is, the customer replies Ben, which is saved as ‘Name Variable,’ and responds to the client by saying “Nice to meet you ‘Name Variable,’ which will appear to the client as “Nice to meet you, Ben”. Variables can also be supplied externally to the Power Virtual Agent.
Administrators can run actions (such as Power Automate Flow) and move data from variables to Power Automate Flow. Power Automate will then run and provide the data to Power Virtual Agent, which can subsequently be used in the client discussion. Power Virtual Agent asks the client for an email address and then searches the Dynamics 365 CE database to check whether there is a lead or contact record in the database with that email address. If no contact is available it will have Power Automate build a lead in Dynamics 365.
Power Virtual Agent can be deployed through a variety of channels, including custom websites, mobile applications, and chat apps like Facebook Messenger and Microsoft Teams. Administrators of Power Virtual Agent can utilize the demo website to test the topics after they have been set up and published. This URL can be shared both internally and internationally, but it is not a live site. After running numerous tests, the Power Virtual Agent administrator may analyze the scans for each specific issue.
Sign in to Power Virtual Agent and click ‘start free’
Then sign in with your O365 mail.
Fill in the bot name and language in the bot creation window.
After filling in all the needed fields, click Create.
Create a new topic with an appropriate name.
Create a trigger phrase as the below figure trigger phrases are,
After creating the trigger phrase click the Go to author canvas and you will direct to the author canvas.
After being directed to author canvas, the flow of the chatbot is displayed with the created trigger phrases.
Continue the flow as you like with the questions, messages, variables etc.
After finishing the flow you can select the End the conversation to finish the flow.
The flow will be completed as in the below figure.
Click the save button to save the flow of the newly created chatbot.
Test your chatbot by clicking the Test your bot.
You can do a test run of the created chatbot after that.
Select the publish Icon in the navigation pane.
Click the Publish button to publish your chatbot.
Microsoft Power Virtual Agents allows you to engage with clients, consumers, and team members in up to 60 different languages without writing code. Integrating this technology into your firm provides various communication benefits without the need to invest thousands of dollars in data engineers.
Working with a Power Virtual Agent partner enhances your experience. A professional will customize the program to your exact company requirements and give you all of the tools you’ll need for effective setup and ongoing maintenance. This suggests that communication will improve with time.
Authored by Bhashitha Dhananjaya @ BISTEC Global