::DIBAS NEUPANE::

इन्टरनेट, म अनि तपाई

DIBAS NEUPANE — Sun, 13 Jun 2010 05:58:41 +0000

इन्टरनेट भनेको के हो भनेर कसैले सोधिहाल्यो भने हामी धेरै जसोले एउटा सामान्य कम्प्युटर देखाउँछौं । त्यसैबाट इमेल पठाउने, पाउने र चाहिएको सूचना प्राप्त गरिन्छ । इन्टरनेटको व्याख्या यतिले मात्र पुग्दैन र सायद मैले पनि पुरा दिन सक्दिन । तर म कोसिस गर्नेछु । यो आँखा नदेख्ने मानिसहरूलाई हात्ती कस्तो छ भनि सोध्दा कसैले खम्बा जस्तो छ, कसैले पहाड जस्तो छ र कसैले पाइप जस्तो छ भनेको जस्तै पनि हुन सक्छ । सबै यसको अन्तर गहिराइसम्म पुग्न सक्दैनन् र आफुले जस्तो रूपमा देख्यो उस्तै जवाफ दिएको पाइन्छ ।

संसारमा करोडौ कम्प्युटरमा सूचना तथा जानकारी राखिएको छ । यसरी राखिएका कम्प्युटरहरूलाई एक सञ्जालमा जोडिएको छ । यो सञ्जाल विश्वव्यापी छ । यो सबै देशमा त पुगेको छैन तर अन्तरिक्षमा भने पुगिसकेको छ । संसारमा जहाँ सूचनाहरू राखिएका छन् ती कम्प्युटरका आ–आफ्ना ठेगानाहरू छन् । हामीले पनि हाम्रा कम्प्युटर यही सञ्जालमा जोड्यौं भने हाम्रा कम्प्युटरको पनि एक ठेगाना हुन्छ ।

संसारमा जहाँ सूचनाहरू राखिएका छन् तिनीहरूलाई “सर्भर” (server) वा सेवा दिने ठाउँ वा ठेगाना भनी बुझ्नुपर्छ । ती सूचनाहरूलाई जहाँबाट हेरिन्छ वा प्रयोग गरिन्छ तिनलाई ग्राहक (client) भनिन्छ । ग्राहक हामीले देख्ने गरेका कम्प्युटर, ल्यापटप, मोवाइल फोन तथा पीडिए (Portable Digital Assistant) जस्ता उपकरण हुन् ।

सामान्यतया ग्राहक उपकरणबाट सर्भरहरूलाई कुनै जानकारीका लागि अनुरोध गरिन्छ र सर्भरले जुन ग्राहकले जे जस्तो सूचना खोजेको हो उसैलाई सो उपलब्ध सूचना पठाइदिन्छ । यसरी अनुरोध गर्दा वा सूचना पठाउँदा यो सञ्जाल साहै« ठुलो जञ्जाल भए पनि अनुरोध वा सूचना जहाँ पुग्नु पर्ने हो त्यहीँ पु¥याउनको लागि बीच बीचमा राउटर र स्वीच जस्ता उपकरणको प्रयोग गरिएको हुन्छ । यही इन्टरनेट सञ्जालमा प्रयोग हुने राउटर उपकरणहरूको काम खास गरी एकातिरबाट अनुरोध लिने र अर्कोतिर पठाउने हुन्छ । यसरी अनुरोध पठाउँदा यी उपकरणको काम निर्दिष्ट ठाउँमा पु¥याउन सबैभन्दा राम्रो बाटो (छोटो) बाटो पठाउनु पनि हो ।

यसरी अनुरोधको आदान प्रदान गर्दा एक उपकरण (राउटर, सर्भर र ग्राहक) ले अर्को उपकरणसँग पहिला नै कायम गरिएको प्रोटोकलको आधारमा मात्र गर्न सक्दछ । यसको खास मतलब के हो भने एउटा ग्राहक (उपकरण) ले इमेल सर्भरसँग गर्दा वा वेभ सर्भरसँग सुचना लिन खोज्दा फरक फरक तर निर्दिष्ट तरिकाले अनुरोध पठाउँछ ।

इन्टरनेटको वेब ब्राउजिङ एकदमै जनप्रिय सेवा हो । आजभोलि तात्कालिक सन्देश (Instant Messaging) र ध्वनि (Voice) आदान प्रदान गर्ने सेवाहरू पनि अत्यधिक प्रचलनमा छन् । यस बाहेक फाइल आदान प्रदान गर्ने सेवा (File Transfer Protocol-FTP) पनि उत्तिकै प्रयोगमा छन् ।

इन्टरनेटमा प्रयोग हुने ठेगाना नम्बरमा ह’न्छ । जस्तै २०२.७०.६४.२ यस्ता ठेगानाहरू मानिसहरूलाई सम्झन गाहो हुने भएकाले यस्ता ठेगानाको सम्झन सकिने नाम दिइएको हुन्छ । जस्तो नेपाल टेलिकमको वेब सर्भरको हालको (पछि परिवर्तन हुन सक्छ) ठेगाना २०२.७०.६४.२ हो । तर यो सम्झन गाहो हुने भएकाले हामी डब्लु डब्लु डब्लु डट एनटिसी डट नेट डट एनपी (www.ntc.net.np) प्रयोग गर्छौं । नामको ठेगाना नम्बरमा परिवर्तन डोमेन नेम सेवाबाट हुन्छन् । यहाँ ntc.net.np, cnn.com jf bbc.co.uk लाई डोमेन नेम भनिन्छ । डोमेन नेम सेवाले नामका ठेगानालाई नम्बर मा उल्था गरिदिन्छ । हामीलाई इन्टरनेटबाट सुचना चाहिएमा जुन सर्भरमा राखिएको हुन्छ त्यही सर्भरको ठेगाना चाहिन्छ । यदि सर्भरको ठेगाना थाहा पाइएन भने खोज यन्त्र (Search Engine) को सहायता लिन सकिन्छ । अहिले गुगल, याहु र वीङ जनप्रिय खोज यन्त्र हुन् ।

इमेल यही इन्टरनेट भित्रकै एक सेवा हो जसले एकठाउँबाट अर्को ठाउँसम्म सन्देश पठाउने काम गर्दछ । इमेलका लागि पनि छुट्टै ठेगाना हुन्छ । यहाँ लेखकको इमेल ठेगाना dibas@sambad.com.np हो । इमेल ठेगनामा @ हुन्छ नै । @ ले इमेल ठेगानालाई दुई भागमा छुट्याउँछ । सामान्यतया @ अगाडिको भाग प्रयोग कर्ता र पछाडिको भागले उक्त इमेल कुन सर्भरले उपलव्ध गराउँछ त्यसको जानकारी मिल्छ । जस्तो कि rampyari@yahoo.com इमेलमा rampyari इमेल प्रयोगकर्ता हुन् भने yahoo.com चाहिँ सर्भरको नाउँ÷ ठेगाना हो ।

म २४ घण्टामा प्रायः इन्टरनेटबाट छुट्टिन्न । मेरो काम इन्टरनेटमा आवश्यक सुचनाको खोजी गर्नु र इमेल सन्देश आदान प्रदान गर्नु हो । प्रायः हामी घरायसी र कामकाजी कुनै काम छिटो छरितो गर्न इन्टरनेट प्रयोग गर्छौं ।

इन्टरनेटमा सूचना प्रवाह गर्न धेरै सजिलो र सस्तो पर्दछ । एउटा वेब सर्भरमा राखिएको सूचना हजारौ जनाले एकैपटक हेर्न सक्छन् । यसै गरी एकै पटकमा लाखौ जनालाई इमेल सन्देश पठाउन सकिन्छ । इन्टरनेटबाट हाम्रो व्यक्तिगत वा कामकाजको सुचनाको पहुँच अरबौ जनासम्म सजिलै पु¥याउन सकिन्छ । जहाँ धेरै जनालाई सुचना पु¥याउन प¥यो त्यहाँ इन्टरनेट भन्दा सस्तो सजिलो अरु कुनै साधन छैन ।

इन्टरनेटमा राम्रोसँग सूचना राखियो भने यसबाट व्यक्ति तथा संस्थाको तस्वीर÷छाप राम्रो पार्न सकिन्छ । कर्पोरेट वा व्यवसायिक कम्पनीले आफ्नो परिचय लगायत सम्पादन गर्ने काम राख्न सक्छन् र उसका सम्भाव्य ग्राहकहरूकोमा उक्त सूचना पुगी व्यवसायमा महत्वाकांक्षी वृद्धि हुनसक्छ ।

इन्टरनेटको अर्को मुख्य विशेषता भनेको यसको स्वामित्व पनि हो । यसको स्वामित्व कुनै एक व्यक्ति, संस्था वा देशमा छैन । यो यति व्यापक छ कि कुनै देश वा महादेश सम्पुर्ण रूपमा ध्वस्त भए पनि काम गर्ने गरी डिजाइन गरिएको छ ।

हामीले इन्टरनेटको के के सुविधा प्रयोग गर्छौ ? इमेल, वेब ब्राउजिङ वा तात्कालिक सन्देश । इन्टरनेट प्रयोग कर्ताले पहिलो हेक्का के राख्नुपर्छ भने इन्टरनेट सबैभन्दा असुरक्षित सञ्जाल हो । हामीले यसका सेवा उपभोग गर्दा संसारको अरबौ मानिसका लागि हाम्रा उपकरण तथा सुचनाहरू खुला गर्छौ । अरबौ मध्ये केही मात्रको इच्छा वा उद्देश्य तपाईं र मलाई बिगार्ने भयो भने पनि हामीलाई क्षति हुन सक्छ । अर्को महत्वपुर्ण कुरा के हो भने इन्टरनेट महासागर जस्तै भएकोले यसमा भएका सबै सुचनाहरू मानवोपयोगी मात्र हुन्छन् भन्न सकिन्न । यसमा उपलब्ध हुने सूचनाहरू संसोधन हुन बाँकी पनि हुन सक्छन् र यस्ता संसाधन हुन बाँकी सूचनाबाट प्रभावित हुने हाम्रा निर्णयहरू परिपक्व र राम्रा नहुन सक्छन् ।

इन्टरनेट धेरै प्रयोग गर्नेहरू यसको अम्मली पनि धेरै भएका छन् । यसको जहाँबाट जे का लागि इन्टरनेट प्रयोग गरिए पनि त्यसको विवरण राखिएको हुन्छ । यसैले इन्टरनेटमा अरुलाई थाहा हुँदैन भनेर जे मन लाग्यो त्यही हेर्ने वा प्रयोग गर्ने गर्नु हुदैन । यसका थुप्रै विकृतिहरू पनि छन् । तपार्इंका अति गोप्य रहनुपर्ने सूचनाहरूमा पनि यसका अरबौ प्रयोगकर्ताको पनि पहुँच हुने भएकोले इन्टरनेट र यसका सेवाहरू प्रयोग गर्दा गोप्यता गुमाउनु होला, होस पु¥याउनुस है, मैले त सम्झाएको छु नि ।

Projecting Service in Global Market: Winning Factor

DIBAS NEUPANE — Tue, 08 Jun 2010 10:52:51 +0000

The business environment of Nepal is not favorable to businesses resulting from numerous reasons. Some believe that it is from political reason, some people argue that it has been due to lack of infrastructure, and some people say that availability of human resources is not enough for business. We have to agree that even in difficult situation, there is still scope of good business, and doing sustainable business in Nepal is not an easy job.

For some years, Nepal was focusing on manufacturing sector only and service sector was ignored. Due to the liberalization policy taken in banking, insurance and other sector, we can see significant growth in volume and depth. For other business of subsystem of service is yet to be emerged. Many entrepreneurs feel that a small market space investment or good quality service requires lot of research and infrastructure. In most cases, it is observed that the service products available in Nepal are already designed, implemented, and are popular in other parts of the World. Nepalese organizations are inheriting the service and providing that service in subversion with substandard features. Nepalese business organizations are only conversion agent of the services. It is difficult to find any service designed, implemented, and popular in Nepal has been projected to global market space by any business entity.

There are lots of research, theories, and notes that proved global market space is best option for enterprises in Nepal which provides increased sales, higher profits, reduction on dependence on traditional markets, diversified market, new knowledge, experience, and enhanced domestic competitiveness and global competitiveness. These are only a few points that supports positively to encourage Nepalese business entity to jump to the global market rather a big list can also be found considering nature of product. Likewise, there are number of theories and notes describing disadvantages moving to international markets.

How much is the gap in between the theories and notes that encourage business entity to jump to global market space and realm of doing business in global market and projecting services to cross border market? The transformation of theory in business to practical use-space fills a vast difference. Not all business organization is scalable, and most of the business entity failed when trying to expand their business in global market space.

Business leaders have to address some key points while projecting their services in global market space. The first thing is to consider is domestic legal framework as well as countries where the service is offered and law of the land from where customer is expected. It includes passport, visa, foreign exchange limitations and financial movement and transfer framework.

Before projecting service into cross border market space, the business organization should have complete domain knowledge of the product, in most cases spectrum knowledge is preferred.

For service product, tangibility spectrum comes into effect so every encounter to customer and prospective customer to be treated with high consideration. The image of the company, products attributes and people in-front and behind must meet industry standard and comply with category standard. Company brand also comes into consideration that includes language and color used in letters, flyers and brochures, paper quality and size, and framework of information delivery.

Finalization of service encounter will be fixed upon considering business situation of domestic as well as country targeted, marketing lifecycle, festive occasion, fiscal year ending/starting, resources available and utilization. If the service is time framed/bound political situation and geographic location need also be considered. If the targeted customers are from landlocked countries, preferred service encounter place could be sea shore and for sea attached counties, the place can be Himalayan region.

Market research can help to find out the cluster of customers. It will help to direct and concentrate marketing activities in the location so that marketing cost can be reduced. Proximity and connection of rail, road, and flight and its frequency to service encounter place is important to attract customer from distance places.

The service is closely related to other logistics like travel arrangement, visa processing, accommodation booking, the organization has to maintain integration with related trusted partners. If food is served during the service delivery, consideration of vegetarian and non-vegetarian issue will come. In some cases, people do not prefer seafood and availability of Muslim foods issue will arise.

The organization has to show evidence of adequate skill, managerial and financial capabilities, and experience to prospective customer. These can be achieved through sales, photographs and media coverage of same or related service delivery to domestic market. If business organization cannot scale to deliver the service to customers from global market space, it can jointly go through partners of different location. A sincere preview is needed to figure out the revenue and resource to be shared with partners.

A service product export can be suitable for Nepalese business entrepreneurs since country is facing unpredictable political and business environment. A careful service product design by domain experts and marketed to regionally and globally by the team with knowledge and capacity and industry standard service delivery is inevitable. A handful of global market prospects are awaiting, we just need careful exploitation of them.

The Central Depository System(CDS) and Scripless Securities Settlement System for Government Securities for Nepal

DIBAS NEUPANE — Fri, 14 Aug 2009 16:29:33 +0000

Scripless Government Securities	The government securities such as Treasury Bills and Bonds are being issued at present in the form of paper certificates. They are called scrip securities. The scripless securities are issued in data entry form without a paper certificate. To enable the issuing and recording of transactions on scripless securities, a computer based central securities depository and a settlement system will be installed. When securities are transferred from one beneficial owner to another, the central depository will record such title transfers. These securities will be settled through an electronic settlement called Scripless Securities Settlement System (SSSS). The SSSS and the central depository are named as ‘NepagovSecure’. NepagovSecure is purposed and can be changed with decision of concerned authority.
Reasons for moving from scrip to scripless Securities	The main reason for moving from scrip to scripless form is to improve efficiency in the government debt securities market by making dynamic and efficient secondary market trading and eliminating risks associated with paper based securities. It also plays most important role in a major move to enhance financial sector efficiency through modernized payments and settlements. Since the System will operate electronically on-line, trading will be convenient to all market participants i.e. market makers, banks and investors. Under the proposed system, the Central Depository System (CDS) will be the registry as well as the custodian for government securities. The ownership of securities will be recorded electronically in the CDS. At present, the transfers of securities done by manual endorsement. This new system will be a very safe system for holders of government securities to maintain records of their ownership. The corresponding payments for securities or settlement of funds in scripless securities is based on a Real Time Gross Settlement System (RTGS) through which funds will be settled instantaneously on real time. This also enables on-line reporting to the authorities of all treasury bills and government bonds.
Central Depository System (CDS)	The Central Depository System (CDS) is a computer based data recording system which records the holdings of government securities. This will be a depository, maintaining records at the beneficial client level. At any given point in time, the holders of scripless securities in the CDS will be able to obtain confirmation of their holdings. The transfer of holdings of scripless securities will be recorded electronically in the CDS according to instructions received from participants of the System i.e. primary dealers (market makers) and licensed commercial banks. The CDS will be linked electronically to participating institutions which trade in government securities. The CDS will periodically (generally monthly) statements confirming the balances held by investors in government securities. The CDS will also advice the parties involved in a transaction, whenever a transaction is carried out within the System.
Scripless Securities Settlement System	The Scripless Securities Settlement System (SSSS) will enable the settlement of government securities transactions electronically, online in a computer based system. Whenever, a transaction takes place, securities will be transferred from one account to another. In an outright buying and selling transaction, for instance, there will be a buyer who will receive securities and his account will be credited with securities and the seller’s securities account will be debited. The buyer of securities will pay funds through the normal banking procedures. Given these electronic and efficient systems, it is expected that there will be a large number of transactions taking place in any given business day in the government debt securities market. The settlement of securities on account of all these transactions will be recorded through the SSSS
Participants of the CDS and SSSS	There are two categories of participants in the CDS and SSSS. They are: Market makers and licensed commercial banks who are called ‘dealer direct participants’ and any other institution permitted by the Nepal Rastra Bank who are called ‘direct participants’. The ‘dealer direct participants’ will maintain accounts on their own account and on behalf of their customers. The direct participants will maintain accounts only on their own account.

CDS location	The CDS will be installed in Nepal Rastra Bank and maintained in the Public Debt Management Department of the Nepal Rastra Bank. Both dealer direct participants and direct participants will be linked online to the CDS.
Individual customers/investors need to open and maintain accounts in the CDS	Accounts will be opened through dealer direct participants of the CDS, i.e. primary dealers and licensed commercial banks on their own account and on behalf of their customers for recording and changing ownership of scripless securities. Each investor will have a separate account in the CDS. Movement of securities and outstanding positions of investors are electronically recorded in these accounts.
Information is required to open an account in the CDS	Investors have to provide name, address and their personal details such as the national identity/passport number to open an account in the CDS. Since the primary dealers and licensed commercial banks are the dealer direct participants of the CDS, investors have to provide this information to the primary dealer or licensed commercial bank from whom securities will be purchased. Upon receipt of required information from the investor, the relevant participant will communicate with the CDS and take steps to open an account and record the securities transactions by the investor. The main difference between the existing system and the proposed system is that transactions in the proposed system will take place in scripless form electronically and the CDS will maintain the records whereas in the existing system the certificate has to be endorsed by holder to transfer it to another person.
Ownership be recorded in the CDS	Accounts of investors will be maintained in the CDS by dealer direct participants. The investors will have to deal with the CDS through primary dealers and commercial banks. The instructions by an investor regarding a transaction should always be sent to the CDS through a primary dealer or a licensed commercial bank with whom the investor maintains his securities account. Ownership of scripless securities will be recorded with details such as name, citizenship certificate(nagarikata) number, address etc. in the case of an individual investor. The accounts will also indicate the type of securities i.e. Treasury Bills and Treasury Bonds, maturity, date of purchase and value. The holders of scripless securities in the CDS will be issued confirmation of transactions as well as periodic account statements of their holdings.
Repurchase (repo) transactions	A repurchase (repo) is a sale of securities with an agreement to buy back. Once the buyer and seller of a repo have agreed on the terms of the repo, the details of the transaction will be reported to the CDS. There will be a separate account in the CDS for recording the repo transactions. After the funds are settled for the underlying repo transaction by the buyer, the ownership of securities will be transferred to his repo account in the CDS. However, the procedure for recording is quite similar to that of outright transactions. There is provision for freezing securities under repos preventing further transactions on the securities that have been lent as collateral for the repo. On the reversal date, the buyer and seller are expected to settle their obligations through reversing entries in the repo account held in the CDS.
Adantages of the SSSS to the investor	Investor’s risks associated with holding and trading of paper based securities will be totally eliminated under the SSSS. The investor will not experience the hassle of handling the paper-based certificates involving safekeeping, endorsement and physical delivery as at present. The new system will operate on Delivery Vs Payment (DVP) basis. The other advantages in the SSSS include saving of time as the system will operate more efficiently. The efficiency of the system will improve liquidity in government debt securities market thus benefiting the investor as dealers can reduce their margins due to enhanced liquidity. Further, investors will have access to an advanced system which will be based on the state-of-the-art technology.
Role of intermediaries in the SSSS	Primary dealers and licensed commercial banks who are dealer direct participants of the system also play the role of intermediaries in the CDS and SSSS. The SSSS will be based on an on-line connection between CDS and its participants. Primary dealers and licensed commercial banks also act as custodians for their customers in the CDS. This role of custodianship has the following responsibilities. to promptly and accurately record the name, address and citizenship certificate no(nagrita)/passport number or company registration number of the customer in the CDS when a customer obtains legal ownership of a security; to promptly and accurately record any change of ownership of a security. to account and make payment to, on any coupon or maturity proceeds due to a customer. to effect transactions on their customer’s behalf, provided such transactions are legal and do not place the participant in breach of the system rules.
Lowering Risk	Generally, government securities are free of credit or default risk. Under the new system, since the records of transactions and holdings are maintained electronically in a centralized database with a hot back-up, the risk of technical failure is minimized. Furthermore, account holders can view their positions of holdings in the system at any time through ‘browser workstation’ made available to system’s participants. Thus scripless securities will eliminate the risk that is associated with scrip securities.
Records of each and every investment	The investor-wise records of transactions will be maintained in the CDS. The CDS will be a registry of transactions and holdings of securities. It will also be the custodian of these securities, holding nominee ownership of the securities, on behalf of the beneficial owners. Accounts in the CDS are defined according to participant accounts, customer-owner accounts and other types of accounts. Accounts will be created automatically in the CDS based on the instructions received from participants.
Issue letters of confirmation to investors	The CDS in the Nepal Rastra Bank (Public Debt Management Department) will issue the following statements to the account holder. A statement confirming the transactions that took place during the day. If no transactions have taken place during the day, no statement will be generated by the system: A statement confirming the transactions and outstanding balance held by each investor as at end of each month/quarter. A statement indicating the maturity proceeds and/or interest payments whenever such payments are made to an investor. These statements will be issued directly to the name and address of the investor, as registered in the CDS. Apart from these statements, it is possible to generate other prescribed statements.
Authenticity of a statement issued by the CDS	The statements issued by the CDS will provide official confirmation of the securities holdings or transactions that have taken place. In addition, all investors (through their respective participant of the CDS) can view details of their accounts with the CDS through browser based workstations. This will enable the investor doubly confirm the accuracy of the statement issued by the CDS.
Statement issued by the CDS transferable and tradable	The statement issued by the CDS is not a transferable or tradable instrument and it will only serve the purpose of confirming either a transaction or holdings of securities by an investor.
Statements of confirmation be pledged as a security, say to obtain a loan	The statements issued by the CDS may be used as evidence of holding of securities. However, there is a risk of producing an old statement of which securities have since been sold. Therefore, a statement of confirmation issued by the CDS may not always indicate the current ownership or holdings of securities by an investor. A pledging facility is available in the CDS, which enables investors to pledge their holdings electronically with banks or other financial institutions, so that those shares are then maintained under the control of the bank or financial institution, for the duration of the pledging transaction.
Investor wants to change his personal particulars in the CDS account	To notify any changes, the customer/investor should contact the primary dealer or licensed commercial bank who maintains his/ her account in the CDS. Changes will be made on the instructions received by the CDS from the investor through the relevant primary dealer or the licensed commercial bank.
In the event of a discrepancy in the statement	Any clarification regarding a statement should be referred to the party who has issued the statement. If the statement has been issued by a primary dealer or a licensed commercial bank any inquiry should be directed to the respective primary dealer or the licensed commercial bank. Similarly, if the statement has been issued by the CDS, any inquiry should be referred to the Public Debt Department of Nepal Rastra Bank.
Customer/investor make online inquiries regarding the status of his/her investment	Yes. This can be done only through a participant of the system, with whom the customer/investor maintains his account(s) in the CDS. Account holders (both participants and customers) can view their positions using a browser-based workstation, without any payment.
Access information residing in the CDS	The system’s participants i.e. primary dealers or licensed commercial banks can access CDS accounts for information through browser-based workstations which will facilitate viewing his customer accounts as well. The customer inquiry will be directed to the CDS by the relevant system’s participant. This is a facility available in the System in addition to the statements issued by the CDS. No participant will have access to information relating to accounts maintained by the other participants.
Charges of the SSSS and CDS	Primary dealers and licensed commercial banks may charge their customers to cover the cost that they may incur on account of any SWIFT transaction. SWIFT is the safest, globally accepted messaging system used for financial transactions. It is a standard format which will be used by all participants in this System. The SSSS and CDS will operate on the SWIFT messaging system. There will not be any charge on either the participant or the customer for the statements issued by the CDS.
Access to the records of investments in the CDS	Information recorded in the SSSS and the CDS will be treated strictly confidentially. There will not be any access to information in these systems by any authority or individual other than the Nepal Rastra Bank. The participants of the System will have limited access to information relating to their customer holdings and accounts maintained on their own behalf.
Investor/customer appoint a nominee for his/her Investment	The primary dealers and licensed commercial banks will act on instructions from their customers. An investor/customer may appoint a nominee and the procedure will be outside the CDS.
Collection maturity proceeds and coupon payments	The maturity proceeds and interest payments will be computed on the due dates by the CDS. There will not be any change to the formula of computation and procedures adopted at present. Payments will be made to the registered holders through respective primary dealers and licensed commercial banks in the same way as such payments are made at present. Primary dealers and licensed commercial banks are responsible for making payments to respective investors/customers.
Reminders to investors regarding maturity and interest payment	There will not be an advance reminder regarding payments. However, the account holders will be informed individually by the CDS about payments that will be made to a system’s participant (i.e. primary dealer or a licensed commercial bank) on account of each investor. The respective primary dealers and licensed commercial banks will issue advance notices regarding payments to their customers.
Re-investment of maturity proceeds and coupon interest payments	An investor can advice the primary dealer or licensed commercial bank with whom the maturing securities are held for reinvestment of maturity proceeds and coupon payments. The investor/ customer can make prior arrangement with a primary dealer or a licensed commercial bank regarding the reinvestment of maturity proceeds or coupon payments on the same day on which maturity proceeds/coupon payments are received, thus maximizing the benefits.
Death of a holder of securities	There is no change to the procedure adopted at present in regard to an investment of a deceased party. Claims regarding an investment of a deceased should be sent to the primary dealer or licensed commercial bank with whom the deceased party maintained the CDS account.
Safe investment and documentation	The security features of the CDS are very advanced. Accessing the system will be restricted only to authorized officers of the Nepal Rastra Bank. In addition, there will be a Disaster Recovery (back-up) site where records are updated automatically and simultaneously with the CDS. The service providers have ensured maximum safety available in similar systems used in other countries in the world.
System failure or disaster	The Nepal Rastra Bank will have a disaster recovery plan for the SSSS and the CDS. In the event of a failure of the system, facilities will be available to continue operation from the back-up site.
Stolen/lost securities	In the CDS, records are maintained electronically and they cannot be stolen/lost. The records are updated concurrently in real-time, as and when the transactions are carried out. Transmission of information on transactions from the participants to the CDS takes place within a matter of a few seconds. Therefore, there is no time lag in executing a transaction and hence the probability of omissions in the process would be minimal.
Responsibility for maintaining confidentiality of information in the CDS	Participants of the CDS will sign an agreement with the Nepal Rastra Bank for maintaining strict confidentiality of the information. The information for which the system’s participants have access will always be treated as confidential. As mentioned earlier, each CDS participant will have limited access to information relating to the accounts that are maintained by that participant on his own account and on behalf of his customers’ accounts.
Operating hours of Operation of Business	NepagovSecure will be available for operations on all business days from prescribed banking hours (10 a.m. to 2.30 p.m.). The participants of the system and their clients must ensure that they complete the day’s transactions before the prescribed bank closing time. ‘NepagovSecure’ will not be open for business on public and bank holidays. The operation time can be announced and modified by Nepal Rastra Bank, Public Debt Management Department.
Minimum value of investment	It is suggested that scripless securities will be issued with minimum face value of Rs. 10,000/- and any higher denomination in multiples of Rs. 10,000/ Transactions in the System will specify the securities to be transferred in number of units. One unit is equivalent to the minimum face value i.e. Rs. 10,000/-. The minimum marketable parcel of securities will also be one unit i.e. Rs.10,000/-.
Scrip securities if required	There will not be scrip securities once ‘NepagovSecure’ has commenced operations. The Nepal Rastra Bank will start issuing securities only in scripless form when ‘NepagovSecure’ is scheduled to be fully operational. Transactions in the CDS will be possible only in scripless form
Transferring securities in the CDS	Securities will be moved from one account to another in the CDS on a request made by a customer through the relevant CDS participant. Once the deal is agreed upon by the counter parties involved, transaction will take place on any of the following basis as the case may be i.e. Delivery Vs Payment (DvP), Receive Vs Payment (RvP), Deliver Free (DF), Receive Free (RF) and Repositioning Investors have to go to a primary dealer or a licensed commercial bank in order to initiate a transaction in the System. Trading can be initiated by originating a message from the computer-based terminal of a participant. If the transaction is between two parties, both parties have to agree with the terms and conditions of the transaction. Once the transaction is matched, the securities will be moved from the seller’s account to the buyer’s account. The corresponding funds transfer will take place through the normal banking procedures.
Settlement of funds and securities	Whenever there is a securities transaction pending, the system will check whether funds are available in the respective account. To enable the securities transaction to take place, funds should be available in the respective account.
Do other countries do have SSSS and CDS	Yes. Almost all countries are using this system and technology including Bangladesh, India, Pakistan and Sri Lanka in South Asia.
How can we start ?	We need to avail the budget for commissioning this system. We may require more documentation on a new state-of-the-art system and to change or make new regulations to recognize nominee ownership of securities, held by ‘NepagovSecure’.

Information Security: A Competitive Advantage for Business

DIBAS NEUPANE — Fri, 14 Aug 2009 06:40:30 +0000

Business today is information centric for manufacturing and service delivery organizations. Information is created, stored and processed in every step like industrial controls, business transactions, enterprise collaborations, management information system, decision support system and executive information system. The pull/push based supply chain management and customer relationship management which are backbone of today’s business are generating a huge amount of important information.

The change in business process from manual to electronic involves people, procedures and technology. The combination of all three components results in a greater level of coverage, depth, productivity and availability in business. To sustain in the competitive market, organizations cannot compromise the above factors. Development of Information Technology has made easy to run the business creating new strengths and opportunities along with known and unknown threats.

79% of businesses believe they have a clear understanding of the security risks they face, but only 48% formally assess those risks. 88% are confident that they have caught all significant security breaches, but only 56% have procedures to log and respond to incidents. 81% believe security is a high priority to their board, but only 55% have a security policy. 77% say protecting customer information is very important, but only 11% prevent it walking out of the door on USB sticks. Only 8% encrypt laptop hard drives.

~ Information Security Breaches Survey, 2008.

The Department for Business, Enterprise & Regulatory Reform, UK

Information is an asset and has to be protected from unauthorized disclosure to competitors and media and must be available when needed with accuracy and completeness. Ensuring confidentiality, integrity and availability of information is essential to maintain competitive edge, cash flow, profitability, legal compliance, commercial image and branding. Organizations, which do not treat it as an asset, face the consequences of negative growth and shortly vanish from the market. Now-a-days, securing information is business security.

All information, which is sensitive, critical and has commercial value, exists in printed paper, stored electronically, transmitted by post of electronic means, spoken in conversation has to be protected. It damage trustworthiness and reliability and reputation within hours earned through efforts for ten years or more. Some countries like the USA and UK have regulations that have provisions for securing information. Failure to secure information results in severe penalties.

Everyone including the board, CEO, line managers, staff, users and customers are responsible for information security. Upper level management is responsible for formulating and enforcing Information Security Policy. Middle level managers are responsible for operational activities and awareness. Lower level and users are responsible for following policies and complying with control mechanisms.

Information has a wide range of threats including natural threats, social threats and technological threats. Risk is a potential harm or loss of asset. Vulnerabilities are weaknesses in victims that allow a threat to become effective. Threats are actions of attackers that can cause harm which depends on skills, knowledge, resources and motives. Minimizing risk means reducing threats and vulnerabilities. Information Security can be achieved through minimizing risks.

Google has become the largest advertising company on the Internet. The majority of their revenue comes from targeting advertisements to specific consumer needs and this is basically done by collecting data on consumer surfing habits. Millions of users among of us are providing personal information through gmail, google talk, WebAccelerator, AdSense and other freely available features unknowingly. What happens if our valuable business information asset is taken by others? Perceived value is less than intrinsic value using some services.

Digitization of business transactions requires huge amount of resources on technology and skilled and efficient human resources. The challenge of effective and efficient use of technology has never been greater than today for business organizations. Lower configuration of technology and people welcomes competitors to grab the chunk of profitable business which cannot be considered to be an option of today’s business managers.

Valuable information can be lost through improper physical environment, codes and human behavior. Physical environment includes keeping out of unauthorized person access to and protection of data against fire, water, power loss and earthquake. Code attacks are those generated from virus, worms, logic bombs and trojan horses. Lower configuration is also a major challenge for Information Security. Present information technology is based on Client-Server technology. Networking technology provides unlimited distance from server to clients. Millions of Gmail and Yahoo users are not transparent to their respective servers about location and distance. The conversation between server and clients are also important segments of security. Distributed Denial of Service(DDOS) attack is also very popular in networking environment. Risk is not only associated with physical and technological means but also equally contributed by human factors. Social Engineering is widely used for taking information from others. Woman and children are used in most of the cases. Amount of spamming and phishing attack is increasing day by day. Most of the spyware codes records the keylogs and screenshots and sent to them where they are designed for.

Hackers compromise assets just because of making awareness to the asset owner about vulnerabilities. Hackers do not harm to the asset. Crackers attack information with malicious intentions. Competitors and rival companies do target for research and development, plans and strategies of other companies. Students are enjoying with taking unauthorized information from organizations. An FBI report mentions that 67 percent of information theft is done by employees. Politics and ideology stimulate people to take information from opponents.

Information Security is the protection of information from a wide range of threats in order to ensure business continuity, minimize business risk, and maximize returns on investments and business opportunities. Information Security is possible through varieties of works. It is a comprehensive approach. It starts from generating/creating information to disposing it. It also deals all three components; namely; people, procedures and technology. To prevent it from theft of information, we have to take of care of physical facilities, access control and awareness. Formulation of good policy and effective enforcement is basic work for information Security. Organizations which do not have any policy are more at risks than those who have it. Information Security Policy is a framework document that outlines how an organization can use the best practices to protect the information, the most important asset from being maliciously or unintentionally changed, make it available where and when needed and ensure that only those who have legitimate rights can access to it.

A large financial services company in UK had outsourced their customer relationship management system (CRM). Unfortunately, one of the outsource provider’s laptops had a virus containing a key logger. This enabled an attacker to capture one of the outsource team’s user ID and password. The attacker then used these to access customer details and launch phishing attacks against customers registered in the CRM system.

Organizations lack scale to implement technology independently, technical skill sets in existing staff, complexities of implementing technology which are barriers to entry and pricing structures encourage organizations to outsource their job. While outsourcing the work, organizations must carry out risk assessment, control, ongoing monitoring and information access level.

Keeping hardware and software in current version reduces the risk. Avoid installation of applications from unknown sources. Limit the user privilege using access control. Keeping the antivirus/antispyware updated database also can reduce the risk. Most valuable information transmission may require virtual private networking (VPN) and encryption. Information related equipments hard drives, flash drives and printed documents must be disposed carefully so that any information cannot be extracted doing dumpster diving.

Information Security increases cost of doing business. Business managers have to calculate the cost for implementing information security controls and not doing it. Cost of disruption of service, incident response cost, direct financial loss and damage to reputation are to be considered.

To reduce security threats organizations have to integrate security into normal business behavior through clear policy and staff education. Deploy integrated technical controls and keep them up to date. Respond quickly and effectively in case of security breaches by planning ahead for disasters and contingencies. Every planning should be tested and periodically reviewed. Understand the security threats by drawing on the right knowledge sources and select the controls from ISO/IEC 27002 to reduce the identified risk to an acceptable level. Use risk assessment to target on security investment at the most beneficial areas.

Information security is an emerging issue of present and future business. Organizations, which integrate information Security, are having sustainable competitive advantages than those which are not opting it. Information Security became a winning factor rather than a qualifying factor of future business.