Presentation is loading. Please wait.

Presentation is loading. Please wait.

A NASSCOM ® Initiative Security and Quality Kamlesh Bajaj CEO, DSCI May 23, 2009 NASSCOM Quality Summit Hyderabad 1.

Published byGilbert Ward Modified over 8 years ago

Similar presentations

Presentation on theme: "A NASSCOM ® Initiative Security and Quality Kamlesh Bajaj CEO, DSCI May 23, 2009 NASSCOM Quality Summit Hyderabad 1."— Presentation transcript:

1 A NASSCOM ® Initiative Security and Quality Kamlesh Bajaj CEO, DSCI May 23, 2009 NASSCOM Quality Summit Hyderabad 1

2 A NASSCOM ® Initiative 2 IT OperationsShifting from a technology-led siloed structure into a process-centric service- oriented organization Organizing FrameworkTo link technology components in infrastructure to the process steps that exist within IT Guiding FrameworkLink IT Processes to business activities and create service-level metrics IT Management frameworks ISO; CMMI; ITIL Generic FWs; must be tailored to the specific needs of a company Improve the management of IT Allow for the systematic and least disruptive path to adoption Support IT Governance imperatives Integrate new technologies and architectures into a service-oriented operation 1. ISO 20000 2. CMM 3. CMMI 4. ITIL 1. Focus on certification 2. Describes process maturity 3. Emphasizes process improvements 4. Defines & leverages best practices for management and operations of IT org IT Management Frameworks organized into 5 logical subject areas 1. Project Management (PMBOK, PRINCE2...) 2. Software development (TickIT, Agile, MSF, IT CMM...) 3. Process management (Software CMM, CobIT, ISO 15504, Six Sigma, TOGAF..) 4. Service management (ISO 20000, ISO/IEC 38500, ITIL, MOF, eTOM...) 5. Security management (ISO 27001...) 6. Strategy (Balanced Scorecard...) IT Services Management

3 A NASSCOM ® Initiative 3 Six Sigma and ITIL1.Facilitate Business and IT alignment through quality 2.Helps deliver high-quality IT services at min cost to business 3.Provide both process and performance improvements 4.Six Sigma focus on process; ITIL on best practices for delivery and support of IT services CMM and ITIL1.Help streamline infrastructure and development processes 2.ITIL focus on service management (Operations); CMM focus on maturity of the organization that develops and maintains software 3.Interdependencies through three key processes: change management, configuration management, and release management CoBIT and ITIL1.To measure ITIL in which ‘how’ of detailed tasks and steps absent 2.CobIT defines 34 processes; its performance measures define key performance indicators that ITIL processes must deliver against IT Frameworks benefit both business and IT

4 A NASSCOM ® Initiative 4 SOX Compliance1.Controls and monitoring practices required not new to QA 2.Companies with strong QA groups ahead in SOX compliance QA’s independence1.From applications development and the checks and balances performed by QA groups ensure adherence to best practices. 2.Implementing formal QA to standardize and document current processes for improvement and leveraging those practices for continued SOX compliance Restructuring of organizations 1.IT shops making testers part of centralized testing teams; not of development teams 2.Moving testing out of development and into operations. 3.Similar to Security Organization and IT Operations independence 4.Many IT functions, including quality assurance, security, architecture, and compliance, need some level of independence to avoid conflicts of interest. Security and QA in SOX Compliance

5 A NASSCOM ® Initiative 5 QA important for compliance 1.Adds value through formal process 2.Audit not a one-time exercise, process helps culture change 3.Continual verification, validation, and audit processes via QA assist in changing culture while improving overall delivery practices 4.Nature of QA is to develop, review, and document: test plans or SDLC practices, the essence of QA is in the auditability of processes 5.Leveraging QA practices provides assistance in ensuring IT compliance Section 404 of SOX or in COBIT requires that internal controls be in place ; but does not specify 1. QA's primary role is to validate processes and document findings in SDLC 2. Employing similar QA practices to validate compliance with SOX can gain additional value. 3. Using existing QA processes brings visibility to detect potential risks of noncompliance, as well as planning strategies for correction and validation. QA Role expansionApp Dev and delivery processes expanded to include compliance-related issues, such as risk, change control, and release management. QA and Security groups: synergize for Compliance

6 A NASSCOM ® Initiative 6 Triumph of Quality Management Frameworks

7 A NASSCOM ® Initiative Framework for a Systematic, Comprehensive Approach to Information Security 7

8 A NASSCOM ® Initiative Security Management ISO 27001 IT Governance CoBIT Security Standards ITU-T X.1051 Security Practices NIST SP 800 Risk Management OCTAVE | COSO | FMEA Infrastructure Mgmt ITIL | ISO 20000 EU Privacy Directives US- FTC directives, Patriot Act GLBA HIPAA Aus- Privacy Act 1988, APAC Canada- PIPEDA IT (Amendment) Act, 2008 UK- Data Protection Act 1998 PCI-DSS Privacy Regulations Compliance Regulations Security Market Research Academic Collaborations Industry best practices Data Protection Authorities Legal & Regulatory Requirements Knowledge Collaboration Legal Forums Architecture Principles Product, solution trends Vendor forums, interactions Technology advancement Solution Categories Security Technology Trends Security Vendor Collaboration Technology and Vendor interactions DSCI- Best Practices Data Security Data Privacy Technology Forums DSCI- Data Protection Practices Mapping to compliance regulations Adoption of leading practices Micro level & customized Easy of implementation 8

9 A NASSCOM ® Initiative Best Practices: Data Security and Privacy 9

10 A NASSCOM ® Initiative Thank You 10

Download ppt "A NASSCOM ® Initiative Security and Quality Kamlesh Bajaj CEO, DSCI May 23, 2009 NASSCOM Quality Summit Hyderabad 1."

Similar presentations

Formal Process of QA and quality related certifications Formal Process of QA and quality related certifications MIM 3 rd year – Sem V Abhishek Mishra –

Formal Process of QA and quality related certifications Formal Process of QA and quality related certifications MIM 3 rd year – Sem V Abhishek Mishra –
Leverage MarkITS for agile solutions delivery that balances strategic thinking with tactical execution for “Business & Technology Convergence” MarkITS.

Leverage MarkITS for agile solutions delivery that balances strategic thinking with tactical execution for “Business & Technology Convergence” MarkITS.
© 2006 itSMF USA. All rights reserved. ITIL v3 – Familiar Ground, New Territory David Cannon ITSM Practice Principal - HP.

© 2006 itSMF USA. All rights reserved. ITIL v3 – Familiar Ground, New Territory David Cannon ITSM Practice Principal - HP.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco Confidential 14854_10_2008_c1 1 Holistic Approach to Information Security Greg Carter, Cisco Security.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco Confidential 14854_10_2008_c1 1 Holistic Approach to Information Security Greg Carter, Cisco Security.
Chapter 10 Accounting Information Systems and Internal Controls

Chapter 10 Accounting Information Systems and Internal Controls
Bill McClanahan – Principal Business Consultant LPS Integration.

Bill McClanahan – Principal Business Consultant LPS Integration.
IT Governance Infocom India Presentation December 6, 2006.

IT Governance Infocom India Presentation December 6, 2006.
ACG 6415 SPRING 2012 KRISTIN DONOVAN & BETH WILDMAN IT Security Frameworks.

ACG 6415 SPRING 2012 KRISTIN DONOVAN & BETH WILDMAN IT Security Frameworks.
Www.isaca-malta.org Roger Southgate Past President of ISACA London Chapter Member of the BSI Committees for Service Management and IT Governance Leader.

Roger Southgate Past President of ISACA London Chapter Member of the BSI Committees for Service Management and IT Governance Leader.
Collaboration Oriented Architecture COA Position Paper An Overview Adrian Seccombe Board of Management, Jericho Forum ® CISO & Snr Enterprise Information.

Collaboration Oriented Architecture COA Position Paper An Overview Adrian Seccombe Board of Management, Jericho Forum ® CISO & Snr Enterprise Information.
Global Information Systems

Global Information Systems
Chapter 5 5-1 © 2009 Pearson Education, Inc. Publishing as Prentice Hall.

Chapter © 2009 Pearson Education, Inc. Publishing as Prentice Hall.
Chapter 5 5-1 © 2009 Pearson Education, Inc. Publishing as Prentice Hall.

Chapter © 2009 Pearson Education, Inc. Publishing as Prentice Hall.
Dr. Julian Lo Consulting Director ITIL v3 Expert

Dr. Julian Lo Consulting Director ITIL v3 Expert
IT Infrastructure Library ITIL vs COBIT. ANDRIAN EDUARD BANGGA IKHSAN BASKARA JOOVANNY PASUHUK RANGGA FAJARULLAH TEAM.

IT Infrastructure Library ITIL vs COBIT. ANDRIAN EDUARD BANGGA IKHSAN BASKARA JOOVANNY PASUHUK RANGGA FAJARULLAH TEAM.
Security Controls – What Works

Security Controls – What Works
Improving IT Governance Through Formal Change Management

Improving IT Governance Through Formal Change Management
Rethinking Security to Enable Business LJ Johnson Nike’s Global Information Security Officer August 16, 2005.

Rethinking Security to Enable Business LJ Johnson Nike’s Global Information Security Officer August 16, 2005.
© 2006 IBM Corporation Introduction to z/OS Security Lesson 9: Standards and Policies.

© 2006 IBM Corporation Introduction to z/OS Security Lesson 9: Standards and Policies.
Information Security Governance and Risk Chapter 2 Part 1 Pages 21 to 69.

Information Security Governance and Risk Chapter 2 Part 1 Pages 21 to 69.

Similar presentations

Ads by Google