1 / 15

Challenges in Infosecurity Practices at IT Organizations

Challenges in Infosecurity Practices at IT Organizations. Jamuna Swamy Head-Information Security Hexaware Technologies Ltd. Information Security management (ISM). What is it? Managing Availability, Confidentiality & Integrity of Information Where are we?

veda-delgado
Download Presentation

Challenges in Infosecurity Practices at IT Organizations

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Challenges in Infosecurity Practices at IT Organizations Jamuna Swamy Head-Information Security Hexaware Technologies Ltd Hexaware Technologies Ltd

  2. Information Security management (ISM) • What is it? • Managing Availability, Confidentiality & Integrity of Information • Where are we? • What is so challenging in IT industry? • What is the Road map? Hexaware Technologies Ltd

  3. Presentation Path • Corporate Information security Perspective • ISM Roles and Responsibilities • Use of Standards and Frameworks • ISM implementation and effectiveness • ISM spending and ROI • ISM alignment and integration • Recommendation Hexaware Technologies Ltd

  4. Corporate Information Security Perspective in IT Industry • Alignment of Information Security objectives to meet Business Objectives • Development of Products • Offshore Development Centre • Application Service Provider • Alignment of ISM with enterprise Risk management • Risk team focuses more on financial risk • Flow of IS risks to enterprise risks • IS is perceived as more technical in nature • Awareness on importance of IS governance • Identification of Information Security Risks • Identification of regulatory driver for business • Impact of any security incident • Perception of IS as strategic importance Hexaware Technologies Ltd

  5. ISM Roles and Responsibilities • How the roles are defined and communicated? • Various roles played by employees • Steering committee members • Security Task force • Emergency Response Team • Business Continuity Management team • Information Security Team • ISM – Should be a part of Quality Management? • IS Head – Whom should he/she report to? Hexaware Technologies Ltd

  6. ISM Roles and Responsibilities • What is the role of the following in ISM in Software Industry? • Sales Manager • Accounts Manager • Delivery Head • Project Team member • IS Team • Technology Team • Customer Hexaware Technologies Ltd

  7. Use of standards and Frameworks • What standards/ Frameworks should the Organization certify for? • ISO 27001 • Cobit Framework • SAS 70 Audits • HIPAA • GLBA • PCIDSS Hexaware Technologies Ltd

  8. Use of standards and Frameworks • Data Protection Acts • Europe • US • UK • Canada …..List goes on • Federal laws and regulatory requirements Hexaware Technologies Ltd

  9. ISM implementation and effectiveness • Is it driven by Top Management? • Is it driven by Customer? • ISM implementation – Is it same to all employees? • Balancing • Between operational efficiency and control effectiveness • Between privacy and monitoring • Between availability and confidentiality • Key mantra to effective implementation • Awareness ! Awareness ! Awareness ! • Automation of controls Hexaware Technologies Ltd

  10. ISM spending and ROI • What is the % of business budget allocated to ISM? • How the ROI calculated? • Preferred partner? • Customer confidence? • Availability of services without any business interruption • Protection of Customer information/ Organizational information • ROI  Value ISM can create Hexaware Technologies Ltd

  11. ISM alignment and integration • How ISM aligns with business objective? • Application development Centre • Selling a software product • Application maintenance • How the Project assets give input to Business Continuity Plan? • How the IS risks are constantly monitored and evaluated to give inputs to Organization Risks? • How these strategic risks are integrated to enterprise risks? Hexaware Technologies Ltd

  12. What is the solution to over come these challenges? • Recommendation  Please turn over….. Hexaware Technologies Ltd

  13. Currently the Compliance to the controls is what been looked at. • Graduate to • Understand the controls from risk perspective. • Relate the operational risks to strategic risks • Next • Relate strategic risk to enterprise risk  business risk • Define controls to business risks ie. Governance Contd…. Hexaware Technologies Ltd

  14. Bring ISM under GRC Framework (Governance Risk Compliance) Hexaware Technologies Ltd

  15. Thank You Hexaware Technologies Ltd

More Related