Jaganathan - An Inclusive Approach to Information Security - Interop Mumbai 2009
-
Upload
interop-mumbai-2009 -
Category
Technology
-
view
451 -
download
3
description
Transcript of Jaganathan - An Inclusive Approach to Information Security - Interop Mumbai 2009
INTERNAL
INSPIRED PEOPLE. INSPIRING RESULTS.
INCLUSIVE APPROACH TO INFORMATION SECURITYSecurity Culture in the Corporate World
Jaganathan T
ISSC Chairperson
Ajuba Solutions India Pvt Ltd
INTERNAL
INSPIRED PEOPLE. INSPIRING RESULTS.
COMPANY OVERVIEW
INTERNAL
INSPIRED PEOPLE. INSPIRING RESULTS.
EXECUTIVE SUMMARY
Industry leader in offshore healthcare billing and revenue cycle management
Proven track record:
� We process claims with a gross value of over $3 Billion, code 3 million charts and collect
over $1 Billion in cash annually
� Over 1700 domain experts
� Long term partnerships and retention of clients
Seasoned Team and Quality Processes
� Employees come from organizations such as Deloitte, EDS, McKesson, NDC Health etc.
� Strong management bench and training capabilities; ability to scale
INTERNAL
INSPIRED PEOPLE. INSPIRING RESULTS.
� Ranked among the Top 100 Offshore Companies in the world by Managing
Offshore and Neo IT
� Identified as a ‘Rising Star’ by The International Association of Outsourcing
Professionals (IAOP), in The Global Outsourcing 100 list and published by
Fortune Magazine
� Ranked #1 as The Top Healthcare Revenue Cycle Management Outsourcing
Vendor by The Black Book of Outsourcing
� Among The Best Employers in India (Hewitt Associates-The Economic Times)
INDUSTRY AWARDS & RECOGNITION
INTERNAL
INSPIRED PEOPLE. INSPIRING RESULTS.
� Among The Best Workplaces in India (Great Places to Work Institute
Inc, US - The Economic Times)
� Among Best BPO Employers in India (IDC – Dataquest)
� Among The Top Emerging Exciting Places to Work for (NASSCOM-
Grow Talent)
� Award for Excellence in Gender Inclusivity by NASSCOM
INDUSTRY AWARDS & RECOGNITION
INTERNAL
INSPIRED PEOPLE. INSPIRING RESULTS.
PEOPLEPROCESS
TECHNOLOGY
THE FOUR PILLARS OF OUR DELIVERY MODEL
INFR
ASTR
UCTU
RE
INTERNAL
INSPIRED PEOPLE. INSPIRING RESULTS.
AJUBA - INFORMATION SECURITY TRACK RECORD
� ISO27001:2005 certified
� HIPAA Certified
� FDCPA Certified
� SAS70 Type 1 Certified
We take Security and Compliance very
seriously
INTERNAL
INSPIRED PEOPLE. INSPIRING RESULTS.
CHALLENGES FOR AJUBA IN INFO SECURITY
� In an industry where Info. Security and
compliance is very critical to business. HIPAA
� Ajuba is continuously awarded as a `Best
Employer’ and widely known for `Employee
Friendly’ culture. Improper Security enforcement
has the potential to affect `Best Employer’ brand
equity. Judicious balance between Security
Management and Employee comfort required.
� Average age less than 30. Additional impetus to
security awareness required.
INTERNAL
INSPIRED PEOPLE. INSPIRING RESULTS.
IMPORTANT ASSET: PEOPLE CROSS FUNCTIONAL SECURITY TEAM
INTERNAL
INSPIRED PEOPLE. INSPIRING RESULTS.
TRADITIONAL SECURITY ORGANIZATION
Physical Security
IT Security Officer
Auditor
Info Security manager
CMOCSOCIO
CEO
INTERNAL
INSPIRED PEOPLE. INSPIRING RESULTS.
AJUBA SECURITY INFO ORGANIZATION
Sr. Manager Operations
ISM
Manager Corporate Comm.
Team Supervisor
Asst Manager
Manager Operations
Team Leader
Agents
Asst Manager
Sr. Manager operations
Manager HR
Team Supervisor
Asst Manager
Team Leader
Executive
Sr. Manager Finance
Asst Manager
Manager Tech
Team Leader
Executive
Sr. Manager Technology
Sr. Executive
ISMS
ISSC
President
Director Technology& ISSC
Chairperson
Director Finance &
HR
DirectorOperations
Sr. Manager Operations
ISM
Manager Corporate Comm.
Team Supervisor
Asst Manager
Manager Operations
Team Leader
Agents
Asst Manager
Sr. Manager operations
Manager HR
Team Supervisor
Asst Manager
Team Leader
Executive
Sr. Manager Finance
Asst Manager
Manager Tech
Team Leader
Executive
Sr. Manager Technology
Sr. Executive
ISMS
ISSC
President
Director Technology& ISSC
Chairperson
Director Finance &
HR
DirectorOperations
Asst Manager
Team Supervisor
Agents
INTERNAL
INSPIRED PEOPLE. INSPIRING RESULTS.
INFORMATION SECURITY FORUM CROSS FUNCTIONAL TEAMS
ISSC : Information Security Steering
Committee� Management team to guide and steer security
implementation
ISTF: Information Security Task Force� Responsible for implementing and managing
Information Security implementation.
IRT: Incident Response Team� Responsible for Incident Response and
Resolution
IAT: Internal Audit Team� Responsible for Internal and External Audits
ERT: Emergency Response Team� Responsible for response to emergency
conditions and drills
INTERNAL
INSPIRED PEOPLE. INSPIRING RESULTS.
� For a total Ajuba staff strength of 1700
ISSC = 4
ISTF = 20
IRT = 12
IAT = 40
ERT = 63
Total 139 ie 8.2 % of total staff strength
Extended Security Focus possible because of unique model followed
INTERNAL
INSPIRED PEOPLE. INSPIRING RESULTS.
INTERNAL
InfoSec – Focus Shift
TRADITIONAL APPROACH REPLACED BY
Central Security Team Centrally Enabled Participative Team
CSO Steering Committee coordinate by a Chairperson
Policy Enforcement Participation & Peer Pressure
Vigilance, Monitoring Peer Reporting & Health Check
Disciplinary Action Incident Resolution
Internal Audit Peer Review
ISMS I Support Maintaining Security!
Ajuba Security Approach – Terminology Used
INTERNAL
INSPIRED PEOPLE. INSPIRING RESULTS.
SOME BEST PRACTICES
PEOPLE INVOLVEMENT
� Second Week of every December is
Celebrated as ISMS Week
� ISMS week Includes Various Competitions
for staff
� Periodic spot checks and “ Best Compliant
team” awarded annually
� Weekly ISMS quiz in intranet
� Monthly ISMS newsletter
� Transparent & Open security escalations
INTERNAL
INSPIRED PEOPLE. INSPIRING RESULTS.
SOME BEST PRACTICESPROCESS
� Automated Incident Registration, Tracking &
Resolution
� Anonymous Incident Registration possible
� Weekly Security Posture Review
� Standard and structured disciplinary matrix
known to all staff
� Security Responsibility is part of everyone’s Job
Description
� Measurable KRAs for Security Team
� Security Conformance part of every employee’s
HR track record.
� Electronic NDA as part of onboarding
INTERNAL
INSPIRED PEOPLE. INSPIRING RESULTS.
SOME BEST PRACTICES
PEOPLE SECURITY
� Trendsetter in Transport Security – Last
Drop Confirmation
� Quarterly ERT training
� Surprise ERT drills
INTERNAL
INSPIRED PEOPLE. INSPIRING RESULTS.
INFO SECURITY LIFE CYCLE IN AJUBA
INFO SECURITY IS A COMPLETE LIFE CYCLEINVOLVEMENT
IN AJUBA
INTERNAL
INSPIRED PEOPLE. INSPIRING RESULTS.
0
2
4
6
8
10
12
14
16
18
20
2007 2008 2009 2007 2008 2009 2007 2008 2009 2007 2008 2009
Access Rights Violations
Camera Phone Violation
Non Compliance with IS Policies
Physical Security
Violation
12
9
7
10 10
2
20
1211
54
1
Total Incident
Security Incident Category -->
Info Security Metrics
INTERNAL
INSPIRED PEOPLE. INSPIRING RESULTS.
RISK MODEL – COMPLETE FEEDBACK
INTERNAL
INSPIRED PEOPLE. INSPIRING RESULTS.
SUMMARY
AJUBA UNIQUE INFOSEC MODEL
� Ajuba model brings People to the forefront and weaves Technology and Process around People
� No Compromise on Process and Technology
� Works very well for Ajuba
� Should work well for any company. May require little customization to suit the organization.
� Efficient security implementation at minimum cost
INTERNAL
INSPIRED PEOPLE. INSPIRING RESULTS.
THANK YOU