Presentation is loading. Please wait.

Presentation is loading. Please wait.

Challenges in Infosecurity Practices at IT Organizations

Published byAllen O’Connor’ Modified over 8 years ago

Similar presentations

Presentation on theme: "Challenges in Infosecurity Practices at IT Organizations"— Presentation transcript:

1 Challenges in Infosecurity Practices at IT Organizations
9-Dec-2008 Challenges in Infosecurity Practices at IT Organizations Jamuna Swamy Head-Information Security Hexaware Technologies Ltd Jan 09 Hexaware Technologies Ltd Hexaware Technologies Ltd

2 Information Security management (ISM)
What is it? Managing Availability, Confidentiality & Integrity of Information Where are we? What is so challenging in IT industry? What is the Road map? 23-Apr-17 Hexaware Technologies Ltd

3 Presentation Path Corporate Information security Perspective
ISM Roles and Responsibilities Use of Standards and Frameworks ISM implementation and effectiveness ISM spending and ROI ISM alignment and integration Recommendation 23-Apr-17 Hexaware Technologies Ltd

4 Corporate Information Security Perspective in IT Industry
Alignment of Information Security objectives to meet Business Objectives Development of Products Offshore Development Centre Application Service Provider Alignment of ISM with enterprise Risk management Risk team focuses more on financial risk Flow of IS risks to enterprise risks IS is perceived as more technical in nature Awareness on importance of IS governance Identification of Information Security Risks Identification of regulatory driver for business Impact of any security incident Perception of IS as strategic importance 23-Apr-17 Hexaware Technologies Ltd

5 ISM Roles and Responsibilities
How the roles are defined and communicated? Various roles played by employees Steering committee members Security Task force Emergency Response Team Business Continuity Management team Information Security Team ISM – Should be a part of Quality Management? IS Head – Whom should he/she report to? 23-Apr-17 Hexaware Technologies Ltd

6 ISM Roles and Responsibilities
What is the role of the following in ISM in Software Industry? Sales Manager Accounts Manager Delivery Head Project Team member IS Team Technology Team Customer 23-Apr-17 Hexaware Technologies Ltd

7 Use of standards and Frameworks
What standards/ Frameworks should the Organization certify for? ISO 27001 Cobit Framework SAS 70 Audits HIPAA GLBA PCIDSS 23-Apr-17 Hexaware Technologies Ltd

8 Use of standards and Frameworks
Data Protection Acts Europe US UK Canada …..List goes on Federal laws and regulatory requirements 23-Apr-17 Hexaware Technologies Ltd

9 ISM implementation and effectiveness
Is it driven by Top Management? Is it driven by Customer? ISM implementation – Is it same to all employees? Balancing Between operational efficiency and control effectiveness Between privacy and monitoring Between availability and confidentiality Key mantra to effective implementation Awareness ! Awareness ! Awareness ! Automation of controls 23-Apr-17 Hexaware Technologies Ltd

10 ISM spending and ROI ROI  Value ISM can create
What is the % of business budget allocated to ISM? How the ROI calculated? Preferred partner? Customer confidence? Availability of services without any business interruption Protection of Customer information/ Organizational information ROI  Value ISM can create 23-Apr-17 Hexaware Technologies Ltd

11 ISM alignment and integration
How ISM aligns with business objective? Application development Centre Selling a software product Application maintenance How the Project assets give input to Business Continuity Plan? How the IS risks are constantly monitored and evaluated to give inputs to Organization Risks? How these strategic risks are integrated to enterprise risks? 23-Apr-17 Hexaware Technologies Ltd

12 What is the solution to over come these challenges?
Recommendation  Please turn over….. 23-Apr-17 Hexaware Technologies Ltd

13 Currently the Compliance to the controls is what been looked at.
Graduate to Understand the controls from risk perspective. Relate the operational risks to strategic risks Next Relate strategic risk to enterprise risk  business risk Define controls to business risks ie. Governance Contd…. 23-Apr-17 Hexaware Technologies Ltd

14 Bring ISM under GRC Framework (Governance Risk Compliance)
23-Apr-17 Hexaware Technologies Ltd

15 Thank You 23-Apr-17 Hexaware Technologies Ltd

Download ppt "Challenges in Infosecurity Practices at IT Organizations"

Similar presentations

Agenda What is Compliance? Risk and Compliance Management

Agenda What is Compliance? Risk and Compliance Management
Alignment of COBIT to Botswana IT Audit Methodology

Alignment of COBIT to Botswana IT Audit Methodology
Overview of Priorities and Activities: Shared Services Canada Presentation to the Information Technology Infrastructure Roundtable June 17, 2013 Liseanne.

Overview of Priorities and Activities: Shared Services Canada Presentation to the Information Technology Infrastructure Roundtable June 17, 2013 Liseanne.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco Confidential 14854_10_2008_c1 1 Holistic Approach to Information Security Greg Carter, Cisco Security.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco Confidential 14854_10_2008_c1 1 Holistic Approach to Information Security Greg Carter, Cisco Security.
Information Security Level 1 – Confidential © 2008 – Proprietary and Confidential Information of Amdocs Human Resources as a Business Partner Nurit Shiber,

Information Security Level 1 – Confidential © 2008 – Proprietary and Confidential Information of Amdocs Human Resources as a Business Partner Nurit Shiber,
Agenda COBIT 5 Product Family Information Security COBIT 5 content

Agenda COBIT 5 Product Family Information Security COBIT 5 content
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
COBIT - II.

COBIT - II.
Global Information Systems

Global Information Systems
AUDIT COMMITTEE FORUM TM ACF Roundtable IT Governance – what does it mean to you as an audit committee member July 2010 The AUDIT COMMITTEE FORUM TM is.

AUDIT COMMITTEE FORUM TM ACF Roundtable IT Governance – what does it mean to you as an audit committee member July 2010 The AUDIT COMMITTEE FORUM TM is.
Security Controls – What Works

Security Controls – What Works
Advantages of IT Security Prof. Uldis Sukovskis, CISA Riga Information Technology Institute Secure information exchange in Electronic media Baltic IT&T.

Advantages of IT Security Prof. Uldis Sukovskis, CISA Riga Information Technology Institute Secure information exchange in Electronic media Baltic IT&T.
By Collin Smith http://techinitiatives.blogspot.com COBIT Introduction By Collin Smith http://techinitiatives.blogspot.com.

By Collin Smith COBIT Introduction By Collin Smith
WHY CHOOSE CEO-PE?  We employ International Association of Privacy Professionals (IAPP) Certified and Health Insurance Portability & Accountability Act.

WHY CHOOSE CEO-PE?  We employ International Association of Privacy Professionals (IAPP) Certified and Health Insurance Portability & Accountability Act.
Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.

Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.
ISO 17799&ITS APPLICATION Prepared by Çağatay Boztürk 14.06.2005.

ISO 17799&ITS APPLICATION Prepared by Çağatay Boztürk
Rethinking Security to Enable Business LJ Johnson Nike’s Global Information Security Officer August 16, 2005.

Rethinking Security to Enable Business LJ Johnson Nike’s Global Information Security Officer August 16, 2005.
© 2006 IBM Corporation Introduction to z/OS Security Lesson 9: Standards and Policies.

© 2006 IBM Corporation Introduction to z/OS Security Lesson 9: Standards and Policies.
Information Security Governance and Risk Chapter 2 Part 1 Pages 21 to 69.

Information Security Governance and Risk Chapter 2 Part 1 Pages 21 to 69.
First Practice - Information Security Management System Implementation and ISO 27001 Certification.

First Practice - Information Security Management System Implementation and ISO Certification.

Similar presentations

Ads by Google