Jamuna Swamy Head-Information Security Hexaware Technologies Ltd Jan 09 1 Hexaware Technologies Ltd.
-
Upload
allen-oconnor -
Category
Documents
-
view
237 -
download
4
Transcript of Jamuna Swamy Head-Information Security Hexaware Technologies Ltd Jan 09 1 Hexaware Technologies Ltd.
Jamuna SwamyHead-Information Security
Hexaware Technologies Ltd
Jan 09 1Hexaware Technologies Ltd
What is it? Managing Availability, Confidentiality &
Integrity of InformationWhere are we?
What is so challenging in IT industry?
What is the Road map?
Information Security management (ISM)
Apr 19, 2023 2Hexaware Technologies Ltd
Presentation PathCorporate Information security Perspective
ISM Roles and Responsibilities
Use of Standards and Frameworks
ISM implementation and effectiveness
ISM spending and ROI
ISM alignment and integration
Recommendation
Apr 19, 2023 3Hexaware Technologies Ltd
Corporate Information Security Perspective in IT Industry
Alignment of Information Security objectives to meet Business ObjectivesDevelopment of ProductsOffshore Development CentreApplication Service Provider
Alignment of ISM with enterprise Risk managementRisk team focuses more on financial riskFlow of IS risks to enterprise risksIS is perceived as more technical in nature
Awareness on importance of IS governanceIdentification of Information Security RisksIdentification of regulatory driver for businessImpact of any security incidentPerception of IS as strategic importance
Apr 19, 2023 4Hexaware Technologies Ltd
ISM Roles and ResponsibilitiesHow the roles are defined and communicated?Various roles played by employees
Steering committee membersSecurity Task forceEmergency Response TeamBusiness Continuity Management team Information Security Team
ISM – Should be a part of Quality Management?
IS Head – Whom should he/she report to?Apr 19, 2023 5Hexaware Technologies Ltd
ISM Roles and Responsibilities What is the role of the following in ISM in
Software Industry?Sales ManagerAccounts ManagerDelivery HeadProject Team memberIS TeamTechnology TeamCustomer
Apr 19, 2023 6Hexaware Technologies Ltd
Use of standards and Frameworks What standards/ Frameworks should the
Organization certify for?
ISO 27001Cobit FrameworkSAS 70 AuditsHIPAAGLBAPCIDSS
Apr 19, 2023 7Hexaware Technologies Ltd
Use of standards and Frameworks Data Protection Acts
EuropeUSUKCanada …..List goes on
Federal laws and regulatory requirements
Apr 19, 2023 8Hexaware Technologies Ltd
ISM implementation and effectiveness Is it driven by Top Management?
Is it driven by Customer?
ISM implementation – Is it same to all employees?
Balancing Between operational efficiency and control
effectiveness Between privacy and monitoring Between availability and confidentiality
Key mantra to effective implementation Awareness ! Awareness ! Awareness ! Automation of controls
Apr 19, 2023 9Hexaware Technologies Ltd
ISM spending and ROI What is the % of business budget allocated to
ISM?
How the ROI calculated?Preferred partner?Customer confidence?Availability of services without any business
interruptionProtection of Customer information/
Organizational information
ROI Value ISM can createApr 19, 2023 10Hexaware Technologies Ltd
ISM alignment and integration How ISM aligns with business objective?
Application development CentreSelling a software productApplication maintenance
How the Project assets give input to Business Continuity Plan?
How the IS risks are constantly monitored and evaluated to give inputs to Organization Risks?
How these strategic risks are integrated to enterprise risks?
Apr 19, 2023 11Hexaware Technologies Ltd
What is the solution to over come these
challenges?
Recommendation Please turn over…..
Apr 19, 2023 12Hexaware Technologies Ltd
Currently the Compliance to the controls is what been looked at.
Graduate toUnderstand the controls from risk perspective.Relate the operational risks to strategic risks
NextRelate strategic risk to enterprise risk business
riskDefine controls to business risks ie. Governance
Contd….
Apr 19, 2023 13Hexaware Technologies Ltd
Bring ISM under GRC Framework
(Governance Risk Compliance)
Apr 19, 2023 14Hexaware Technologies Ltd
Thank You
Apr 19, 2023 15Hexaware Technologies Ltd