Untitled Document
www.expresscomputeronline.com WEEKLY INSIGHT FOR TECHNOLOGY PROFESSIONALS
11 September 2006  
Untitled Document
Sections

Market
Management
Technology
Technology Life
Columns

Between The Bytes

Events

Technology Senate
Technology Sabha
Specials

HMA Bankbiz
UPS Batteries

Services
Subscribe/Renew
Archives
Search
Contact Us
Network Sites
Network Magazine India
Express Hospitality
Express TravelWorld
feBusiness Traveller
Express Pharma
Exp. Healthcare Mgmt.
Express Textile
Group Sites
ExpressIndia
Indian Express
Financial Express

Untitled Document
 
Home - Market - Article

News

Focus on security and compliance

A CII conference on IT security stressed on the need to look beyond mere compliance. Aishwarya Ramani reports

The Confederation of Indian Industries (CII) recently held a conference on information security with a focus on Business IT and IT Governance Beyond Compliance. The conference looked into the various aspects of enterprise security and the need to comply with regulations.

Divided into three sessions, the conference saw participation by industry veterans such as Prof Venugopal Iyengar, Director, ITOM, and President, Information System Audit and Control Association, Dr A M Pedgaonkar, the Chief General Manager of the Reserve Bank, Muralidharan Ramachandran, the Chief Information Security Officer, Corporate IT, Aditya Birla Management Corporation, and Dr Prasad Ram, CTO, Yahoo India Research and Development, among others.


Farhad Forbes, Chairman, CII Western Region, and Director, Forbes Marshall Group of Companies, remarked on how security was becoming an all-encompassing issue and organisations had to take it seriously.

Prof Iyengar said, “IT has become so crucial that it is being moulded according to the needs of each business.” He also believed that with alarming dependence on IT, organisations are also keeping up with the need to comply but it is difficult to accommodate each and every regulation in the IT framework.

Prof Iyengar also mentioned that it was the financial sector that was effectively adopting and deploying IT to its fullest.

The conference also looked at the issue of having policies in place and the need for end-user awareness. Avinash Kadam, Director, MIEL e-Security explained, “There is a need to plan ahead and take appropriate steps now so as to secure the future. This can be done by making security a personal responsibility of each and every employee of the company so as to prevent breaches.”

Pedgaonkar of RBI gave an instance of how security was becoming crucial with processes increasingly depending on IT. A case in point is the RBI’s initiative towards getting banks to adopt Real-Time Gross Settlement (RTGS) with an objective to improve profitability and efficiency.

He explained that the RTGS has three discrete security domains. First from the participant’s end which is the responsibility of the participant bank. Second from the Informal File Transfer Protocol (IFTP) domain that receives messages from participants and other stakeholders that’s looked after by the IFTP system manager, and lastly the IAS system domain which accepts messages from the IFTP domain, processes them and responds. This last part is handled by RBI.

The conference also covered areas such as importance of various legal and regulatory measures, avenues in the information security market and trends in the information security sector and best practices.

Bharat Mehta, Legal Advisor, i-flex, N S Nappinai, Advocate, Cyber Laws, and Akhilesh Tuteja, Executive Director, RAS, KMPG spoke on the importance of various legal and regulatory frameworks across the globe. The session discussed the cause of breaches in security such as not taking appropriate steps to prevent unauthorised access and misuse of computers and other devices such as mobile phones.

Mehta stressed on the need to implement policies to exercise control while taking into account the kind of information that is being divulged and to whom. He also pointed out the need for thorough employee background check.

Nappinai spoke about the need to establish a legal framework in every organisation. “The essentials of a legal framework are uniformity, stability, consistency, predictability and dynamism,” said Nappinai.

The second session looked into how security coding is becoming popular among organisations. Muralidharan of Aditya Birla said, “Security coding is a key component to address all threats and vulnerabilities emanating out of software development activities carried out by application developers.” He remarked that the BPO industry can adopt certain best practices to provide security. These include providing limited access to sets of applications based on need, masking of sensitive information, encrypting databases and data in transit, and using standard coding practices.

Anwer Baghdadi, Senior VP and CTO, Countrywide Financials focussed on the information security framework on three fronts that is confidentiality, integrity and availability. It means making sure that information is available to those who have been authorised.

Dr Ram of Yahoo spoke on the online violations that are common with Web-based mail providers. He said that since popular Web sites have several users belonging to different age groups availing their services, they had to implement stringent security measures to ensure that any obnoxious behaviour on the site gets reported and dealt with. Another major concern, according to Dr Ram was the increase of phishing attacks, especially those that masquerade as a trustworthy business site and steal confidential information of the user.

The third session aimed at identifying the trends in the information security sector and highlighted the global best practices.

According to Sangram Gayal, Principal Consultant, Price WaterhouseCoopers the focus of companies in 2006 has been on disaster recovery, employee awareness programmes, data backup and information security strategies. Gayal also believed that lack of proper funding and executive backing and a ‘not-us’ mentality are some of the issues that pose a challenge to implementing information security practices.

Vishal Jain, Manager, Ernst and Young stated that there was a need to identify and manage information security risks, benchmark security practices, comply with regulations and enhance skill levels. “The current trends in security are the adoption of risk management and governance, standardisation of technology, evolution of threat management systems, and security operation centres and business continuity and disaster recovery,” said Jain.

The conference highlighted the importance of making security a top priority as though the IT expenditure of organisations was increasing, investments in security continued to be low. The other aspect that got focus was the role of the user and the need for organisations to proactively involve users in security measures.

 


Untitled Document

UNSUBSCRIBE HERE
Untitled Document
© Copyright 2001: Indian Express Newspapers (Mumbai) Limited (Mumbai, India). All rights reserved throughout the world. This entire site is compiled in Mumbai by the Business Publications Division (BPD) of the Indian Express Newspapers (Mumbai) Limited. Site managed by BPD.