After the GenZ Revolution in Nepal (8–13 September 2025) against corruption and nepotism, the interim government was formed under the leadership of Rt. Hon. Prime Minister Sushila Karki. During this time, Hon. Jagdish Kharel was appointed as Minister of Communication and Information Technology.
His first declaration was that the Government of Nepal would provide free internet in public areas of 10 major cities. While this may sound positive, it feels somewhat disappointing as a first announcement from a central minister, especially when there are many high-priority tasks that need immediate attention. This decision also gives the impression of being more of a publicity move, or perhaps reflects a lack of deep knowledge in the ICT field, since the minister is a media and communication expert rather than a technology professional. For such an important role, leadership with relevant skills, experience, and qualifications in the field of Information and Communication Technology is crucial.
Announcements about free Wi-Fi zones have been common in the past decade and have often appeared more symbolic than practical. Leaders from local governments, provinces, and even at the federal level have made similar promises. Moreover, many private companies, such as WorldLink, are already providing free Wi-Fi services in public spaces.
In the current situation, attention should instead be directed toward more pressing priorities. Since the minister comes from a media background, expectations could reasonably include:
- Protecting and supporting genuine media professionals who are facing threats.
- Monitoring and controlling the spread of fake news on the internet. With current situation, this could mislead citizens.
- Ensuring accountability for misinformation.
Even more importantly, there is a need to focus on critical issues such as:
- Preparing detailed logs of data lost during the recent protests due to fire and damage, and creating plans for restoration. An audit shall help to know where we are. This would help in making plans for restoring of lost data.
- Developing clear processes for re-registration of lost public records. For example, citizens must be assured of how they can claim ownership of property if government records are no longer available.
- Establishing proper disaster recovery (DR) and backup systems for public data to avoid future situations like this. DR sites should be placed in secure areas where they cannot be harmed by unrest or other disruptions.
- Implementing strict policies that define responsibility and accountability in all digitalization efforts.
These tasks are both urgent and achievable within the next six months if given proper attention.
We recently concluded Full-Stack Training to 12 Developers and out of them we hired 5 Full-Stack Developers. We are, now, looking to hire 50 Full-Stack Trainees.
Who we are?
We are Rapid Web Solutions Pvt. Ltd (a subsidiary of P2H Inc.) working with clients all over the world since 2012. We have over 300+ staff members all over the world. We are looking to extend our team and thus are looking to hire more Full Stack Developers. Our specialists have created a program to teach the people with basic markup knowledge to become a full stack developer in three months. If you’re up for the challenge, apply now—it’s entirely free.
What are the Requirements?
- A good communication skill in English:
- over emails,
- chat or voice calls
- notes taking
- A good understanding of Frontend Development:
- Markup Language: HTML (be able to create an HTML page of medium complexity)
- Stylesheet Language: CSS (be able to develop the page design)
- Programming Language: JavaScript (Good foundation knowledge of DOM manipulation)
- A basic understanding of server-specific programming concepts:
- Language: PHP (Basic)
- Database: SQL (Basic)
- Will be a plus to have a basic understanding of computer networks:
- Client / Server architecture
- Network Protocols (HTTP/UDP/TCP etc)
- Network Security (Encryption, HTTPS/SSL/TLS, VPNs, Firewalls etc)
- File Protocols (FTP/SFTP etc)
- Should be familiar with the development tools:
- Browsers and DevTools (Chrome, Firefox, Safari)
- Code Editors (VS Code, WebStorm, Sublime Text etc.)
- Version Controlling (Git/Github/GitLab etc.)
- Package Managers: NPM, yarn, composer etc.
- Command Line Interface (CLI) – basic
- Build tools: Webpack, Vite, Parcel etc.
- Design tools: Sketch, Photoshop, Adobe Illustrator, Figma, XD etc.
How the program works?
- Apply, and if shortlisted, you’ll be called for an interview.
- Successful candidates join our courses for the next 2 months.
- The most successful candidates will be selected for the 3rd month and get the bonus of Rs. 15,000.
- Upon the course completion, for best candidates a full-time job offer is extended with salary based on performance.
What are our benefits?
- Competitive compensation;
- Ability to work from office as well as from home;
- Permanent ongoing training programs and those for the skills upgrading;
- 10 holidays, 15 paid leaves, Annual Bonus on Dashain festival and Provident Fund;
- Maternity leave 60 days, paternity leave 5 days, mourning leave 10 days;
- Friendly teams;
- Timely performance review and individual development plan creation.
Don’t stay behind the door. An Opportunity is striking right in-front of you.
Apply with your CV: hr-ktm@p2h.com
Video
- Evaluate the organization’s information security and privacy policies and practices.
- Evaluate physical and environmental controls to determine whether information assets are adequately safeguarded.
- Evaluate logical security controls to verify the confidentiality,integrity, and availability of information.
- Evaluate data classification practices for alignment with the organization’s policies and applicable external requirements.
- Perform technical security testing to identify potential threats and vulnerabilities.
- Evaluate potential opportunities and threats associated with emerging technologies, regulations, and industry practices.
4. Information Systems Operations and Business Resilience – Why CISA
Author: Dr. Abhijit Gupta
Date: May 12, 2021
- Evaluate IT operations to determine whether they are controlled effectively and continue to support the organization’s objectives.
- Evaluate IT maintenance practices to determine whether they are controlled effectively and continue to support the organization’s objectives.
- Evaluate database management practices.
- Evaluate data governance policies and practices.
- Evaluate problem and incident management policies and practices.
- Evaluate change, configuration, release, and patch management policies and practices.
- Evaluate end‐user computing to determine whether the processes are effectively controlled.
- Evaluate the organization’s ability to continue business operations.
- Evaluate policies and practices related to asset lifecycle management.
3. Information Systems Acquisition, Development and Implementation: Why CISA?
Author: Dr. Abhijit Gupta
Date: May 11, 2021
- Evaluate whether the business case for proposed changes to information systems meet business objectives.
- Evaluate the organization’s project management policies and practices.
- Evaluate controls at all stages of the information systems development lifecycle.
- Evaluate the readiness of information systems for implementation and migration into production.
- Conduct post-implementation review of systems to determine whether project deliverables, controls, and requirements are met.
- Evaluate the IT strategy for alignment with the organization’s strategies and objectives.
- Evaluate the effectiveness of IT governance structure and IT organizational structure.
- Evaluate the organization’s management of IT policies and practices.
- Evaluate the organization’s IT policies and practices for compliance with regulatory and legal requirements.
- Evaluate IT resource and portfolio management for alignment withthe organization’s strategies and objectives.
- Evaluate the organization’s risk management policies andpractices.
- Evaluate IT management and monitoring of controls.
- Evaluate the monitoring and reporting of IT key performance indicators (KPIs).
- Evaluate whether IT supplier selection and contract management processes align with business requirements.
- Identify opportunities for process improvement in the organization’sIT policies and practices.
- Evaluate potential opportunities and threats associated withemerging technologies, regulations, and industry practices.
- Conduct periodic review of information systems and enterprise architecture.
- Evaluate the information security program to determine itseffectiveness and alignment with the organization’s strategies andobjectives.
- Evaluate whether IT service management practices align withbusiness requirements.
1. Information System Auditing Process: Why CISA Certification
Author: Dr. Abhijit Gupta
Date: May 2, 2021
CISA Certification is strongly recommended for Inforamtion System Auditing processes if you as an auditor
- Plan audit to determine whether information systems are protected, controlled, and provide value to the organization.
- Conduct audit in accordance with IS audit standards and a risk-based IS audit strategy.
- Communicate audit progress, findings, results, andrecommendations to stakeholders.
- Conduct audit follow-up to evaluate whether risks have been sufficiently addressed.
- Utilize data analytics tools to streamline audit processes.
- Provide consulting services and guidance to the organization inorder to improve the quality and control of information systems.
Web Application Firewall Fingerprinting Toolkit wafw00f
Author: Dr. Abhijit Gupta
Date: April 30, 2021
WAFW00F is a Python tool to helps in fingerprinting and identifyng Web Application Firewall (WAF) products. It is an active reconnaissance tool as it actually connects to the web server, but it starts out with a normal HTTP response and escalates as necessary.
How does WAFW00F work?
- Sends a normal HTTP request and analyses the response; this identifies a number of WAF solutions
- If that is not successful, it sends a number of (potentially malicious) HTTP requests and uses simple logic to deduce which WAF it is
- If that is also not successful, it analyses the responses previously returned and uses another simple algorithm to guess if a WAF or security solution is actively responding to our attacks
Nmap is a free open source tool which can be used for foot-printing/ reconnaissance to discover hosts and services on a computer network by sending packets and analyzing the retrieved responses. Nmap is a noisy scanner and can be easily detected by firewalls. “The quieter you become, the more you are able to hear”. Thus, as a security analyst, one must learn how to do it quietly and anonymously.
- Nmap can provide information on targets, including reverse DNS names, device types, and MAC addresses.
- Host discovery – Identifying hosts on a network. For example, listing the hosts that respond to TCP and/or ICMP requests or have a particular port open.
- Port scanning – Enumerating the open ports on target hosts.
- OS detection – Determining the operating system and hardware characteristics of network devices.
- Version detection – Interrogating network services on remote devices to determine the application name and version number.
- Scriptable interaction with the target support using the Nmap Scripting Engine (NSE).
Commands of Nmap
Nmap scans against ip or hosts: These commands will help to scan against ip or hostname.
nmap 1.1.1.1
nmap scanme.nmap.orgNmap ping scans: It helps in detecting hosts on any network, however, in most cases remote hosts block ip-based ping packets, thus ARP-based requests are recommended.
nmap -sp 192.168.5.0/24Specific ports or entire port range on a remote or local server: This results in the scan for all 65535 ports on localhost computer. Further, specific ports on specific ip or hosts can be scanned using nmap.
nmap -p 1-65535 localhost
nmap-p 80, 443 scanme.nmap.org
nmap-p 80, 443 1.1.1.1Scan multiple IP Addresses: Multiple ip or hosts can be scanned or range of hosts, consecutive ip, or entire subnet, or random hosts, or excluding targets
nmap 192.168.0.1 192.168.0.2
nmap -p 192.168.0.1,2,3,4
nmap 192.168.0.1-10
nmap 192.168.0.1/24
nmap -iR 0
nmap 192.168.0.1/24 –exclude 192.168.0.100, 192.168.0.200Scan popular ports: Specifying 10 limits the popular ports on the host/ip
nmap --top-ports 10 192.168.1.106ARP Ping: Using traceroute, force reverse DNS resolution, alternative DNS lookup
nmap –traceroute 192.168.0.1
nmap -R 192.168.0.1
nmap –system-dns 192.168.0.1References:
On Nov 21, 2019, a meeting was held in between Cyber Security Experts from Nepal and Mr. Jeffrey Ringel, Director of Operation, The Soufan Group, New York and team.
The Soufan Group is a global intelligence and security consultancy that helps clients in the public and private sectors enhance their ability to identify, assess, and successfully operate in high-risk, high opportunity environments. They focus on the most important geostrategic challenges of time, addressing existing fault lines and anticipating emerging trend lines. They enable and support informed strategic and tactical decisions that maximize opportunity and minimize risk.
The meeting was carried with discussion on private sector perspective and cases of Cyber Crime such as Ransomware, Sabotage, Hack, Identity Theft, Disinformation etc. Mr. Ringel was kind enough to help us understand the extension of Cyber in to modern disintermediation strategic and tactical threats – disinformation model, indemnification/ quantification, response strategies and counter measures, regulatory/ legislative context. The data privacy perspective plus legislation including General Data Protection Regulation (EU GDPR 2016/679), California Consumer Privacy Act (CCPA 2018).