Shweta Rai’s CISA Study Notes

Shweta is a very well known buddy in CISA whatsapp group. She is the reason behind success of many cisa achievers. Her notes are in much demand for the ease of language and simplicity of the concepts. I personally know some candidates who even didn’t purchase isaca’s database and solely relied on shweta’s question-answer session in whatsapp group and cleared CISA in first attempt. We can reach shweta at

We are grateful to her for sharing her notes for our benefits:
(1)Audit role in governance of enterprise IT:

  • Audit plays a significant role in the successful implementation of IT governance within an organizations
  • Reporting on IT governance involves auditing at the highest level in the organization and may cross     division, function or departmental boundaries.
  • Oversight committees.

In accordance with the defined role of the IS auditor, the following aspect related to IT governance need to be assessed;

  • How enterprise governance and Governance of Enterprise IT are aligned
  • Alignment of the IS function with the organization’s mission, vision, values, objectives and strategies.
  • Achievement of performance objectives established by the business ( e.g., effectiveness and efficiency by the IS functions.
  • Legal, environmental, information quality, fiduciary, security, and privacy requirements
  • The control environment of the organization
  • The inherent risk with the IS environment
  • IT investment/expenditure

(2)Separating Governance from Management


  • Governance ensures that stakeholder needs to be achieved by setting direction and monitoring performance
  • Board of Directors under the leadership of Chairperson.


  • Management plans, builds, runs and monitors activities in alignment with the direction set by the governance body.

(3)IT Governing Committees

  • The creating of an IT strategy committee is an industry best practice
  • Committee should broaden its scope to include not only advise on strategy when assisting the board in its IT governance responsibilities, but also to focus on IT value, risks and performance.

(4)IT Balance Scorecard

  • A process management evaluation technique that can be applied to the IT governance proses
  • Method goes beyond the traditional financial evaluation
  • One of the most effective means to aid the IT strategy committee and management in achieving IT and business alignment

Objective of IT BSC

  • To measure and evaluate performance of IT
  • To optimize the performance

What to measure   (CIA)

  • Customer satisfaction
  • Internal processes
  • Ability to innovate

How to measure

  • Key performance indicator to be defined before implementing IT BSC
  • These KPIs to be evaluated to measure the performance.

Objective of IT Balance Score Card

  • To measure and evaluate performance of IT
  • To optimize the performance

What to measure

  • Customer satisfaction
  • Internal processes
  • Ability to innovate

How to measure

  • Key performance indicator to be defined before implementing IT BSC
  • These KPIs to be evaluated to measure the performance.

Effective Information security governance

  • To achieve effective information security governance, management must establish and maintain a framework to guide the development and management of a comprehensive information security program that supports business objective.
  • This framework provides the basis for the development of a cost-effective information security program that supports organization business goals.

(5)Information security governance requires strategic direction and inputes from:

  • Boards of directors / senior management
  • Senior management
  • Information Security Steering committee
  • Chief information security officers

(6)Information Security Policy

  • Defines information security, overall objectives and scope
  • IS a statement of management intent
  • IS a framework for setting control objective including risk management
  • Defines responsibilities for information security management.

(7)Acceptable Use Policy (AUP)

  • Defines a set of guidelines and/or rules to control how its information system resource will be used
  • Other security policies might include 1)data classification, 2)acceptable use, 3) End-user computing, and 4) Access control
  • Know the different things to look for when you review the information security policy
  • Procedures are required and they are “step by step instructions”  <– that’s a hint!!!!!

Procedures are detailed documents that:

  • Documents and define steps for achieving policy objectives
  • Must be derived from the parent policy
  • Must implement the spirit (intent) of the policy statement
  • Must be written in clear and concise manner.

(8)Risk Management

The process of identifying vulnerabilities and threat to the information resources used by an organization in achieving business objectives.

  • Avoid
  • Mitigate
  • Transfer
  • Accept

To develop a risk management program:

  • Establish the purpose of the risk management program
  • Assign responsibility for the risk management plan

(9)Risk Management Process

  • Identification and collection of relevant data to enable effective IT-relate risk identification, analysis and reporting
  • Assess threats and vulnerabilities and likelihood of their occurrence
  • Once the elements of risk have been established they are combined to form an overall view of risk
  • Evaluate existing controls or design new controls to reduce the vulnerabilities to an acceptable level of residual risk

(10)Outsourcing practice and strategies

  • Contractual agreements under which organization hands over control of part or all the function of the IS department to an external party.
  • Becoming increasingly important in many organizations
  • The IS auditor must be aware of the various forms outsourcing can take as well as the associated risks.
  • The IS auditor can assist an organization in moving IS functions offsite or offshore by ensuring that IS management consider the following.
  • Legal, regulatory and tax issues
  • Continuity of operations
  • Personnel
  • Telecommunication issues
  • Cross-border and cross-cultural issues
  • Accountability remains with the management of the client organization

(11)Segregation of Duties within IS

  • Avoids possibility of errors or misappropriation
  • Discourages fraudulent acts
  • Limits access to data
  • Control measures to enforce segregation of duties include:
  • Transaction authorization
  • Custody of assets
  • Access to data  1) Authorization forms 2) User authorization tables

Compensating controls for lack of segregation duties include:

  • Audit trails (Detective Control)
  • Reconciliation  (Detective Control)
  • Exception reporting (Detective Control)
  • Transaction logs (Detective Control)
  • Supervisory reviews(Detective Control)
  • Independent reviews  (Detective Control)

(12) Business Continuity Planning

Business continuity Planning is a process designed to reduce the organization’s business risk.  – BC

A BCP is much more than just a plan for the information systems.  –DR

Corporate risks could cause an organization to suffer

Inability to maintain critical customer service

Damage to market share, reputation or brand

Failure to protect the company assets including intellectual  properties and personnel.

Business control failure

Failure to meet legal or regulatory requirements

(13)Critical step in developing the business continuity plan

Three main question to consider during BIA phase:

What are the different business process?

What are the critical information resources related to an organiztion’s critical business process?

What is the critical recovery time period for information resources in which business processing must be resume before significant or unacceptable losses are suffered?

(14)Development of BCP

Factors to consider when developing the plans:

Pre disaster  readiness covering incident response management to address all relevant incidents affecting business processes

Evacuation procedures

Procedure for declaring a disaster (escalation procedures)

Circumstance under which disaster should be declared

The clear identification of the responsibilities in the plan.

The clear identification of the person responsible for each function in the plan

The clear identification of contract information

The set-by-step explanation of the recovery process

The clear identification of the various resources required for recovery and continued operation of the organization.

(14)BCP Plan Testing

Schedule testing at a time that will minimize disruption to normal operations

Test must simulate actual processing conditions

Test execution:

Documentation of results

Results analysis

Recovery / continuity plan maintenance

(15)Process for developing and maintaining the BCP/DRP

Conduct risk assessment

Prepare Business Impact Analysis

Choose appropriate controls and measures for recovering IT components to support the CRITICAL BUSINESS PROCESS

Developed the detailed plan for recovering IS facilities (DRP).

Developed detailed plan for the critical business function to continue to operate at an acceptable level (BCP).

Test the plans

Maintain the plans as the business changes and systems develop.

(16) Auditing Business Continuity

Review the BCP

Review the test results, we’re assuming they tested the BCP of course and they should have documented “Lessons Learned”  <–  Another hint, ISACA likes this term

Understand and evaluate business continuity strategy

Evaluate plans for accuracy and adequacy

Verify plan effectiveness

Evaluate offsite storage

Evaluate ability of IS and user personnel to respond effectively

Ensue plan maintenance is in place

Evaluate readability of business continuity manuals and procedure.

(17)Reviewing Alternative Processing

An  IS auditor should obtain a copy of the contract with the vendor

The contract should be reviewed against a number of guidelines

  • Contract is clear and understandable
  • Organization’s agreement with the rules

Reviewing Insurance Coverage

Insurance coverage must reflect actual cost of recovery

Coverage of the following must be reviewed fro adequacy

  • Media damage
  • Business interruption
  • Equipment replacement
  • Business continuity processing

(18)The IS auditor when auditing the IT functions, some of the more significant indicators of potential problems include:

  • Unfavorable end-user attitudes
  • Excessive costs
  • Budget overruns
  • Late projects
  • High staff turnovers
  • Inexperienced staff
  • Frequent HW/SW errors
  • An excessive backlog of user request
  • Slow computer response time
  • Numerous aborted
  • or suspended development projects
  • Unsupported or unauthorized HW/SW purchase
  • Frequent HW/SW upgrades
  • Extensive exception reports
  • Exception reports that were not followed up
  • Poor motivation
  • Lack of succession plans
  • A reliance on one or two key personnel
  • Lack of adequate training

(19)In reviewing a sample of contracts, the IS auditor should evaluate the adequacy of the following terms and conditions.

  • Service level
  • Right to audit or third-party audit reporting
  • Software escrow
  • Penalties for noncompliance
  • Adherence to security policies and procedures
  • Protection of customer information
  • Ownership of intellectual property (IP)
  • Contract change process
  • Contract termination and any associated penalties

(20)A program is a group of projects and time-bound task that are closely linked together through common objectives, a common budget, intertwined schedules and strategies (n number of inter-related projects with a common objective, managed together).

A portfolio is all the projects belonging to an owner

(21)Project Management Structure

Know the three major forms of organizational alignment Know three different ways to communicate during project initiation Project objectives are aligned with what?

Business objectives, of course Know the roles and responsibilities for project steering committee, project sponsor, and quality assurance

Three major forms of organizational alignment for projects management are:

  1. Influence project organization
  2. Pure project organization
  3. Matrix project organization

(22) Project Management Practices

Know the three elements of a project and the effect of increasing or decreasing one of the elements of the nine ways of project planning, concentrate on







(23)Business Application Development

What is the major risk of any software development project – final outcome does not meet all requirements.

Understand the eight phases of the traditional SDLC approach In which phase does testing start In which phase does security start (control specs) In which phase does UAT occur What should be in an RFP What is software base lining and when does it occur What is the auditor’s focus in SDLC What’s an IDE Know the difference between Unit Testing, Interface/Integration Testing, System Testing and Final Acceptance Testing When is it the most, or least, expensive time to make changes (which phase for each condition) What’s a structured walkthrough test, white box test, black box test, blue team, red team, yellow box testing and regression testing When does data conversion occur in which phase Know the different types of cutover

The implementation process for business applications, commonly referred to as an SDLC, begins when an individual application is initiated as a result of one or more of the following situations:

  • A new opportunity that relates to a new or existing business process
  • A problem that relates to an existing business process
  • A new opportunity that will enable the organization to take advantage of technology.
  • A problem with the current technology.
  • Confilicting

(24)Description of Traditional SDLC Phase

Phase 1-Feasibility Study

Phase 2-Requirements Definition

Phase 3A-Software Selection & Acquisition

Phase 4A -Development (in-house)

Phase 4B-Configuration

Phase  5-Final Testing and

Phase 6-Implementation

Phase 7 -Post implementation

(25)Benefits Realization

The objective of benefits realization is to ensure that IT and the business fulfill their value management responsibilit8ies. Particular that;

  • IT-enabled business investment achieve the promised benefits and deliver measurable business value
  • Required capabilities (solution and service) are delivered:
  • On time, both with respect to schedule and time-sensitive market, industry and regulatory requirements
  • Within budget
  • IT service and other IT assets continue to contribute to business value.

The premise of benefits realization is that there is strong concern at board and senior management levels that the high expenditures on IT-related initiative are not realizing business benefits they promise.

Benefits realization of projects is a compromise among major factors such as cost, quality, development/delivery time, reliability and dependability.

(26)Critical Path Methodology (CPM)

A PERT chart helps to illustrate how a project is a “network” of related and sequenced tasks. In this network it is possible to draw “paths” through ordered tasks from the beginning to the end of the project.

When a PERT chart includes notation regarding the elapsed time required for each task, then you can follow each path through the network and add the elapsed time to get a total time for each path.

A project’s critical path is that path through the PERT chart with the highest total elapsed time.

It is important to identify the critical path in a project, because this allows the project manager to understand which tasks are most likely to impact the project schedule and to determine when the project will finally conclude. When a project manager knows which tasks are on the critical path, he or she can perform analysis and attempt to improve the project plan through one of the following:

  • Start critical tasks earlier If a critical-path task on a project can be started earlier, then this will directly affect the project’s end date. To be able to start a task earlier, it may be necessary to change the way that earlier dependent tasks are performed. For example, a Unix system administrator can be brought into a project a week earlier to begin critical tasks such as building servers.
  • Reduce dependencies If earlier tasks in the project can be changed, then it may be possible to remove one or more dependencies that will allow critical tasks to begin (and hence, end) earlier. For example, a task “Install operating system” depends on an earlier task, “Purchase server.” If the organization has an available server in-house, then the project does not need to wait to order, purchase, and receive a server. By using an in-house server, the task “Install operating system” can be started earlier.

Peaks and valleys of resource utilization are more costly and disruptive. They’re more costly, especially when external resources (for example, contractors and consultants) are used, since on-again off-again resource utilization may incur extra fees. But they can also be costly for internal resources if personnel are being shuttled back and forth between projects. Starts and stops can mean that personnel incur startup time as they move back and forth between projects.

(27)Security administrator need to have read-only access to security log files to make sure that logs are not modified. However, the security administrator needs to have rights to modify and update users’ rights and privileges.

(28)Logging options in a system means the system of controlling the way users’ activities are being monitored and reported in a system. A security administrator need to have write access to the logging option to make sure that users’ activities and transactions are stored the proper way.

(29)Data owners are responsible for the overall use of data in an organization. The owner should provide written authorization to the users to access the data.

(30)Data classification is necessary to provide proper access rights to the users. If you do not classify data according to their sensitivity and importance to the business, you cannot apply proper access rules to them. Data owners are responsible for defining access rules. The data classification process starts with the process of establishing ownership of data. This process also helps to prepare data dictionary.

(31)The purpose of data criticality analysis is to protect data and its takes input for analysis from the output of data classification.

(32)The same person should not both capture and verify data. It represents the problem of segregation of duty.

(33)Depending on the functional importance, IS functions can be divided into three broad categories: sensitive, critical, vital and non-critical. The IS functions those cannot be replaced by manual methods are considered critical functions. You can manually perform sensitive functions (with tolerable cost) for an extended period of time. Vital functions can be performed manually only for a short period of time. If some functions can be irrupted for a longer period of time with low cost or no cost and can be restored to its original state with little or zero cost, then those functions are called non-critical IS functions.

(34) Creating an inventory of all IS resources is the basis for resource classification. You need to create an inventory of IS resources for implementing access control.

(35)Defense-in-depth: it means using various types of security devices or technology at the same time so that if one type of security mechanism fails then the other types of mechanism provide the security. For example, you can use both firewall and logical access control to your system at the same time.

(36)Diversity in defense: it means using the same type of security devices from different manufacturers. For instance, you can install two firewalls from two different manufactures.

(37)Piggybacking refers to unauthorized persons following an authorized person, either physically or virtually, in order to gain access to the system

(38)Dumpster diving is all about looking through an organization’s trash for finding valuable information.

(39) Without an appropriate authorization process, it will be impossible to establish functional limits and accountability.

(40)Authentication=identification (user name) + verification(password)

(41)If more than one user claim their identity as a specific user then that is an authentication process problem.

(42)Stenography is used to hide digital rights information into the messages or files. Example-water marking. An IS auditor should find the use of stenography while auditing or reviewing digital rights management (DRM).

(43)Paring is a widely used technique in computer programming and data entry editing work. It is a process that breaks data blocks into smaller portion so as they can be easily managed and interpreted by the computer.


(44)Changing the value of the data before they enter into the database or computer system is known as data diddling, which is an inherent risk of the computer system without any reventive control. Anyone without any technical knowledge can do it. That is why data diddling cannot be prevented with information security.

(45)Network based intrusion detection system create a database of pattern by monitoring various traffic activity in the network. It is very similar to statistical type of intrusion detection system. However, it has self-learning capacity.

(46)Statistical based intrusion detection system has no self-learning capacity. It makes decision based on its database, which has an extensive list of commonly known and expected behavior of network traffic.

(47)IDS types are determined by the way they functions such as analyzing statistics (statistical IDS).

(48) IDS categories are determined by the place where they reside. One category of IDS is host based IDS.

(49)The only purpose of using hashing is to ensure message integrity i.e make sure the message has not been modified by anyone on the way to its destination. Hashing does not provide data  privacy. Hashing is generated from the original message and is attached to the original message. The receiver receive both the hash and the original message and he generates a hashing message from the original message that he received and compare it with the hash that was send with the original message. If both the messages match, then it confirms the integrity of the message. You must remember that hashing is an irreversible process—you cannot create original message from the message hash.

(50) SSL or secure socket layer only provides data confidentially. It does not ensure integrity of the message.

(51)To maintain message integrity, confidentiality and nonrepudiation, use the following steps

-Create a digest of your message with hash algorithm—it ensures message integrity.

-Encrypt your digest with the sender’s private key—this will confirm nonrepudiation.

-Encrypt your message with a symmetric key and then encrypt the key with the receiver’s public key key—this will ensure both confidentiality and receiver’s nonrepudiation.

(52)What is virus wall? It works like a logical wall at the entry point of a network to detect viruses. Normally, a virus scanner along with a firewall forms a virus wall. It is considered as an effective virus detection technique than detecting virus in servers or computers.

(53) Certification authority statement (CAS) is a set of rules that govern the operation of CA(certification authority)

(54) Web of trust is a method of distributing public key for establishing communication in a small group.

(55)Key distribution center is a key distribution method that is suitable for establishing international communication for a large number of uses symmetric key distribution.

(56)CA (certification authority) is a third party organization that ensures or validates the authenticity of the digital certification owner. It is used to establish a secure communication among a larger number of users.

(57)Kerberos authentication system helps to extend the functionality of a key distribution center.

(58)Buffer overflow is the cause of inadequate programming and coding practices.

(59) A deadman door helps to prevent piggy backing. A deadman door uses a pair of doors to prevent piggybacking. The second door will only open when the first door is closed.

(60)The only way to make sure that confidential information stored in the magnetic media cannot be retrieved is to destroy it.

(61)The damage of the wires around servers is prevented by installing a raised floor. That is why both data and power cables are installed under the raised floor.

(62) At first make a IS resource inventory. Next classify the assets and then design the access control on your IS resources.

(63) Wi-Fi protected access (WPA-2) use AES (advanced encryption system) and it is considered as most secured wireless system against unauthorized access attempts. It supports the extensible authentication protocol and the pre-hashed secret key authentication model.

(64)WEP uses a static key that need to be communicated to all the authorized users—thus cause a key management problem. Besides, WEP can be easily cracked.

(65)Man-in-the-middle attack is considered a major risk with the wireless personal area network (WPAN).

(66)DDOS attacks are initiated centrally using multiple compromised computers. The attacks work by flooding the target site with spurious data, thereby overwhelming the network and the other related resources. To achieve this objective, the attack needs to be directed at a specific target and occurs simultaneously.

(67)A firewall can prevent IP spoofing attack by discarding packets with source routing field enabled. An attacker can modify the source IP address of the packet when the source routing filed remains enabled.


38 thoughts on “Shweta Rai’s CISA Study Notes”

  1. Thanks Swetha. This is one of the best to the point notes I came across. A must review notes for CISA preparation. Good work and best wishes.
    And thanks a lot Hemang Doshi. This website will be soon to be one stop guide for CISA aspirants. I appreciate your selfless service.

  2. Awesome work done by Hemang…Really Appreciate the way he is helping people .God bless him..Shweta is also helping people like us who have just started career in CISA..

  3. Hi all! My friend has informed me some remarkable news in the crypto currency dominion . Several gents in the cryptocurrency neighborhood have kindly published some insider info that a new cryptocurrency is presently undergoing the final stages of its formation and, it is jointly advocated by the major UK law firms ! According to some cryptocurrency experts, its name is LAWesome coin! It would be superb if anyone into cryptocurrency on this discussion forum could share the latest updates on this coin. I would particularly, love to purchase this coin in the course of the ICO and take part in the bounty hunt to earn some free coins also. Unfortunately, there is not enough info on the LAWesome coin as I reckon that it is a being kept hush hush. I wonder what persuaded the law firms to enter into the cryptocurrency space? This interesting move will undoubtedly grant the cryptocurrency more stability and confidence.

  4. PLEASE STOP POSTING RANTS that the anti 2a crowd will use as indications of the mentally unhinged being those in support of this ruling. While it likely is trolling from the anti 2a crowd making these horrible and racist postings it’s still posted on a website where they will be taken at face value without this considered. We must openly denounce these rantings on this to show this is NOT who we are. Stop and think about your words before posting on the interwebs where everyone can see your comments and remember nothing ever goes away on the internet. You’re harming everyone with this nonsense and giving ammunition to those who oppose our freedom, you have the right to speak your mind but you have a RESPONSIBILITY to do that with tact and knowledge.

  5. The Principal,ABC SchoolSubject: Application for Sick LeaveRespected Madam,It is to inform you that I am student of ——. I have met an accident yesterday and got my right leg fractured. Owing to this I am not able to be at campus for about 2 weeks as I’m prescribed to be at full bed rest. I want you to kindly grant me leave for the specified duration. My medical certificates are attached with the application. I hope to recover from this illness soon. I shall be thankful for your consideration.Yours Obediently,NameClass

  6. Success is constructed on the back of durable labor, commitment and hopefulness. That optimism as an United States citizen continues to be the motivator for my plight from homelessness to the Business Mogul of PunchFlix, Inc., while trying to hunt for the American vision. A wish of monetary great success, entrepreneurship and employment formation for a lot of people in search of that identical vision. Anticipation implies, there exists a chance!

  7. Wow! This can be one particular of the most useful blogs We have ever arrive across on this subject. Basically Excellent. I’m also an expert in this topic therefore I can understand your effort.

  8. Hi. I have checked your and i see you’ve got some duplicate content so
    probably it is the reason that you don’t rank high in google.
    But you can fix this issue fast. There is a tool that generates articles like
    human, just search in google: miftolo’s tools

  9. Hi. Very interesting article but it’s hard to find in google.
    You are out of google’s top 10, so you can’t expect big traffic.

    You need hi quality backlinks. And you can get them even for free, just search in google:
    wrastain’s tools

  10. Hello I am so ցrаteful I found your website, I really foսnd yoս by error, while I was
    searching on Askjeeve for sometһing else, Anyhow I am here now
    and would just like to say cheers for a marvelous post and a all round entertaining blog (I alѕo love the theme/design),
    I don’t haѵe time to ɡo through іt all at the moment but I have saved it and also added in your RSS feeds, so when I haᴠe time I will bе back to read more, Pleasе do keep up tһe fantastic work.

  11. Free Gems for Clash Royale 2019 is an app that promises to increase your wealth in Clash Royale by giving you as many gems and coins as you want.The way Free Gems for Clash Royale 2019 works is pretty simple: when you open the app, you’ll see three sections you need to fill in with information. In the first, you need to enter your Clash Royale username to make sure you send the gems and coins to the right account; in the second, you enter how many gems you want; and in the third, you enter how many coins you want.Once you’ve entered all this information (the numbers can be as high as you want), tap ‘accept,’ and a message will appear to confirm that the app is sending the gems and coins to your Clash Royale account.When this process is finished, you can go to your Clash Royale account and check if Free Gems for Clash Royale 2019 has made good on its promise.Free Gems for Clash Royale 2019 is a relatively trustworthy app that promises to give you more coins and gems in Clash Royale.Take your free gems HERE

  12. Hi guys! Just wanted to drop you a line to say that I really enjoyed reading your guest article on Peaches and Screams UK site! Great perspective. Have an awesome day!

  13. Adult Date Finder Sites – Hooking Up and Online Dating..Deep within ourselves, we want to spend the rest of our lives with that single individual that can make a great impact on our lives. We hope to meet that person someday, but with billions of people out there in this world, this can be difficult and could take years before we actually stumble upon “the one”.You would ask yourself, “Where exactly do you begin searching and how will you know if you’re looking for this person in the right places?” This is where adult date finder sites come in, and believe it or not, these sites are rampant all over the World Wide Web, especially for hooking up. Through these online adult finder sites, you’ll discover that there is a massive community of singles out there waiting for you to post your profile and start interacting with them. If you haven’t begun your online dating journey just yet, right now think about how you can take full advantage of your resources and opportunities.This is going to be a great benefit for you because now, you don’t have to browse through newspapers and useless infomercials when you have easy-to-use adult dating sites that’ll make finding compatible partners a whole lot easier for you.Today, in this kind of society, the age of online dating has begun and is sweeping through the entire world population like wildfire. There are literally hundreds of adult date finder websites which you can easily sign up for and begin skimming through thousands of personals and profiles of different people with different backgrounds, interests, hobbies, and beliefs.What’s more, you have the power to narrow down your options and potential partners depending on your personal preferences. The end result lies in your hands as well as Fate’s, so use these adult dating websites wisely and with all honesty.

  14. Ways of Preventing Premature Hair Graying.Are you looking for ways to prevent the aging process when it comes to your hair? While hair dyes are great for covering gray strands, the chemicals contained in commercial dye products can often worsen the situation. To naturally treat graying hair, follow the tips provided below.Combating Gray Hair: Why Natural is Best.1.No more scented oils.Doing away with perfumed hair oils is a great way to contain the growth of gray hair, since the chemicals in these oils tend to aggravate the problem even further. A better substitution for scented hair oil would be pure coconut oil.2.Avoid external pollutants.The free radicals in environmental pollution can wreck havoc on your hair color. If you must go outside, cover your head with a piece of cloth or a head cap, since this will keep dirt and chemicals from entering the scalp and prevent graying.3.Do away with commercial shampoos.Over time, the excessive use of expensive commercial shampoos will eventually result in gray hair. To keep this from happening, consider using a natural herbal shampoo instead.4.Eat healthy.By consuming foods and liquids rich in vitamins and minerals, you are guaranteeing the health and vitality of your hair. Green vegetables, fruit, and other foods high in vitamin B are especially helpful in preventing premature graying. Fried and processed foods, alcohol, and coffee have been known to deplete nourishing nutrients in hair, so avoid them, if at all possible.5.Stop using hair dyes.Using hair colorants at the first sight of gray hair will only worsen the problem, since harsh chemicals have an adverse affect on healthy hair. If you must color your hair, stick to environmentally friendly products. There is no guarantee they won’t stop the graying process, but at least they won’t intensify it.6.Other methods.It’s been said that mixing the contents of a vitamin E tablet and coconut oil and massaging it in the scalp is a wonderful treatment for preventing gray hair. Also, mixing a tablespoon of yeast and yogurt and eating it before every meal can also be effective.

  15. Pretty nice post. I just stumbled upon your weblⲟɡ
    and wished to menti᧐n that I’ve truly enjoyed bгօwsing
    your weblog posts. In any case I’ll be subscribing to your feed and
    I am hoping ʏou write once more very soon!

  16. Нi there, just Ьecame alert to y᧐ur blߋg
    through Google, and fоսnd that it’s truly informative.
    I am gonna watch out for brussels. I’ll Ƅe grateful
    if you continue this in future. Numerous people will be benefited
    from your writing. Cheers!

  17. Thіs is really fascіnating, You’re an excessively professional blogger.
    I have joineⅾ your rss feеd and stay up for seekіng extra of your excellent post.
    Also, I’ve shared your site in my soϲial networks

  18. Hі everybody, heгe every one is sharing these fаmiliarity,
    tһerefore it’s nice to read this web site, and Ι used
    to pay a quick visit this web site everyday.

  19. Տweet blog! I found it ԝhile browsing on Yahoo News.
    Do you һave any tips on how to get listed in Yahoo News? I’ve been trying
    for a while but I never seem to get there! Thanks

  20. Chat With Strangers-The New Way to Meet People Online.In this day and age, there are many ways to communicate with other people and even those who are on the opposite side of the globe. With the advancement of technology, avenues have been opened left and right to allow people to do more things than they have ever imagined. For the past decade the World Wide Web has developed into one of the most innovative ways to make life easier for everyone and open countless opportunities for more people. The internet is a great place to meet new people, make new friends and connect with old ones as well. That is why we see many websites that are put up specifically to make communicating and interacting much easier. One way of keeping in touch is done through chatting on the web. Several programs have been specifically made to suite such needs of people surfing the web. There are even those sites that are specifically customized for what the internet population is looking for.

  21. Hеy There. I found your blog using msn. This is ɑn extremely well written article.
    I’ll be sure to bߋokmark it and come back to reаd more
    of your useful info. Thanks for the post. I’ll certainly return.

Comments are closed.