Challenges in Infosecurity Practices at IT Organizations

Slides:

Advertisements

Similar presentations

Agenda What is Compliance? Risk and Compliance Management

Advertisements

Alignment of COBIT to Botswana IT Audit Methodology

Overview of Priorities and Activities: Shared Services Canada Presentation to the Information Technology Infrastructure Roundtable June 17, 2013 Liseanne.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco Confidential 14854_10_2008_c1 1 Holistic Approach to Information Security Greg Carter, Cisco Security.

Information Security Level 1 – Confidential © 2008 – Proprietary and Confidential Information of Amdocs Human Resources as a Business Partner Nurit Shiber,

Agenda COBIT 5 Product Family Information Security COBIT 5 content

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Global Information Systems

AUDIT COMMITTEE FORUM TM ACF Roundtable IT Governance – what does it mean to you as an audit committee member July 2010 The AUDIT COMMITTEE FORUM TM is.

Security Controls – What Works

Advantages of IT Security Prof. Uldis Sukovskis, CISA Riga Information Technology Institute Secure information exchange in Electronic media Baltic IT&T.

By Collin Smith COBIT Introduction By Collin Smith

WHY CHOOSE CEO-PE?  We employ International Association of Privacy Professionals (IAPP) Certified and Health Insurance Portability & Accountability Act.

Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.

ISO 17799&ITS APPLICATION Prepared by Çağatay Boztürk

Rethinking Security to Enable Business LJ Johnson Nike’s Global Information Security Officer August 16, 2005.

© 2006 IBM Corporation Introduction to z/OS Security Lesson 9: Standards and Policies.

Information Security Governance and Risk Chapter 2 Part 1 Pages 21 to 69.

First Practice - Information Security Management System Implementation and ISO Certification.

© 2012 McGladrey LLP. All Rights Reserved.© 2014 McGladrey LLP. All Rights Reserved. © 2012 McGladrey LLP. All Rights Reserved. © 2013 McGladrey LLP. All.

Information Systems Controls for System Reliability -Information Security-

Privileged and Confidential Strategic Approach to Asset Management Presented to October Urban Water Council Regional Seminar.

CORPORATE PROFILE

DSCI Framework- Pilot Implementation. Operational Locations Different project groups Different client Geographies Different services Exposes PI through.

A NASSCOM ® Initiative Security and Quality Kamlesh Bajaj CEO, DSCI May 23, 2009 NASSCOM Quality Summit Hyderabad 1.

INFORMATION SECURITY GOVERNANCE (ISG) Relates to the security of information systems Is an element of corporate governance.

Information Security Framework & Standards

SecureAware Building an Information Security Management System.

Bucharest, Romania October 2006 The World is Changing and so is Information Assurance Management This document is confidential and is intended solely for.

Evolving IT Framework Standards (Compliance and IT)

What Keeps You Awake at Night Compliance Corporate Governance Critical Infrastructure Are there regulatory risks? Do employees respect and adhere to internal.

GRC - Governance, Risk MANAGEMENT, and Compliance

Vijay V Vijayakumar.  SOX Act  Difference between IT Management and IT Governance  Internal Controls  Frameworks for Implementing SOX  COSO - Committee.

Managing the Privacy Function at a Large Company Kimberly S. Gray, Esq., CIPP Chief Privacy Officer Highmark Inc.

Purpose: These slides are for use with customers by the Microsoft Dynamics NAV sales force and partners. How to use: Add these slides to the core customer.

Roles and Responsibilities

OVERVIEW OF INFORMATION SYSTEM (IS) AUDITING NORHAFIZAH BINTI ABDUL MUDALIP YAP YONG TECK TAN YUAN JUE TAY QIU JIE GROUP MEMBER:

Systems and Software Consortium | 2214 Rock Hill Road, Herndon, VA Phone: (703) | FAX: (703) Best.

ISO17799 Maturity. Confidentiality Confidentiality relates to the protection of sensitive data from unauthorized use and distribution. Examples include:

Roadmap to Maturity FISMA and ISO 2700x. Technical Controls Data IntegritySDLC & Change Management Operations Management Authentication, Authorization.

Committee of Sponsoring Organizations of The Treadway Commission Formed in 1985 to sponsor the National Commission on Fraudulent Financial Reporting “Internal.

ITIL Framework. What is ITIL ? ITIL stands for the Information Technology Infrastructure Library. ITIL is the international de facto management framework.

Security Standards and Threat Evaluation. Main Topic of Discussion  Methodologies  Standards  Frameworks  Measuring threats –Threat evaluation –Certification.

Privacy Project Framework & Structure HIPAA Summit Brent Saunders

IT Governance: COBIT, ISO17799 & ITIL. Introduction COBIT ITIL ISO17799Others.

1 Technological Challenges in Banking Operations R.N. Ramanathan Dy. MD (IT) State Bank of India.

Geneva Association/International Insurance Society Research Presentation, Chicago Enterprise Risk Management in the Insurance Industry Madhusudan.

IT GOVERNANCE  Objective : The objective of this area is to ensure that the Certified Information Systems Auditor ( CISA ) candidate understands and can.

NEACS: CRO Perspective William Feher Vice President, Internal Audit and Chief Risk Officer October 27, 2015.

Solutions4Business Inc. “Your Consulting Partner for Strategic Supply Chain Initiatives” Mark Hehl Senior Consultant Solutions4Business Inc.

International Security Management Standards. BS ISO/IEC 17799:2005 BS ISO/IEC 27001:2005 First edition – ISO/IEC 17799:2000 Second edition ISO/IEC 17799:2005.

ISMS Implementation Workshop Adaptive Processes Consulting Pvt. Ltd.

TMS - Cooperation partner of TÜV SÜD EFFECTIVE SERVICE MANAGEMENT based on ISO/IEC & ISO/IEC

Chapter 8 Auditing in an E-commerce Environment

12-CRS-0106 REVISED 8 FEB 2013 APO (Align, Plan and Organise)

2/20/2016 Leveraging IT Governance and COBIT Chip Council, PhD, CGEIT, CISM, CISA Matt Schmidt, MS, CISSP, CISA Adjunct Professors, University of Minnesota.

Offshore Europe September 8-11, 2015 ABS Group Offshore Drilling.

Operational Resilience DR’s Big Data Dilemma September 16, 2015 Datalink IT Resiliency Practice.

Alex Ezrakhovich Process Approach for an Integrated Management System Change driven.

ForrTel: IT Governance Frameworks

Cisco Systems Amy Kwan Annual Revenue: US $40 Billion Worldwide Presence: Culture: Innovation, Quality, Teamwork Changing the way we work, play and learn.

1© Copyright 2016 EMC Corporation. All rights reserved. VIEWTRUST SOFTWARE OVERVIEW RISK MANAGEMENT AND COMPLIANCE MONITORING.

An Information Security Management System

Privacy Project Framework & Structure

Alignment of COBIT to Botswana IT Audit Methodology

Holistic Approach to Information Security

Presentation transcript:

Challenges in Infosecurity Practices at IT Organizations 9-Dec-2008 Challenges in Infosecurity Practices at IT Organizations Jamuna Swamy Head-Information Security Hexaware Technologies Ltd Jan 09 Hexaware Technologies Ltd Hexaware Technologies Ltd

Information Security management (ISM) What is it? Managing Availability, Confidentiality & Integrity of Information Where are we? What is so challenging in IT industry? What is the Road map? 23-Apr-17 Hexaware Technologies Ltd

Presentation Path Corporate Information security Perspective ISM Roles and Responsibilities Use of Standards and Frameworks ISM implementation and effectiveness ISM spending and ROI ISM alignment and integration Recommendation 23-Apr-17 Hexaware Technologies Ltd

Corporate Information Security Perspective in IT Industry Alignment of Information Security objectives to meet Business Objectives Development of Products Offshore Development Centre Application Service Provider Alignment of ISM with enterprise Risk management Risk team focuses more on financial risk Flow of IS risks to enterprise risks IS is perceived as more technical in nature Awareness on importance of IS governance Identification of Information Security Risks Identification of regulatory driver for business Impact of any security incident Perception of IS as strategic importance 23-Apr-17 Hexaware Technologies Ltd

ISM Roles and Responsibilities How the roles are defined and communicated? Various roles played by employees Steering committee members Security Task force Emergency Response Team Business Continuity Management team Information Security Team ISM – Should be a part of Quality Management? IS Head – Whom should he/she report to? 23-Apr-17 Hexaware Technologies Ltd

ISM Roles and Responsibilities What is the role of the following in ISM in Software Industry? Sales Manager Accounts Manager Delivery Head Project Team member IS Team Technology Team Customer 23-Apr-17 Hexaware Technologies Ltd

Use of standards and Frameworks What standards/ Frameworks should the Organization certify for? ISO 27001 Cobit Framework SAS 70 Audits HIPAA GLBA PCIDSS 23-Apr-17 Hexaware Technologies Ltd

Use of standards and Frameworks Data Protection Acts Europe US UK Canada …..List goes on Federal laws and regulatory requirements 23-Apr-17 Hexaware Technologies Ltd

ISM implementation and effectiveness Is it driven by Top Management? Is it driven by Customer? ISM implementation – Is it same to all employees? Balancing Between operational efficiency and control effectiveness Between privacy and monitoring Between availability and confidentiality Key mantra to effective implementation Awareness ! Awareness ! Awareness ! Automation of controls 23-Apr-17 Hexaware Technologies Ltd

ISM spending and ROI ROI  Value ISM can create What is the % of business budget allocated to ISM? How the ROI calculated? Preferred partner? Customer confidence? Availability of services without any business interruption Protection of Customer information/ Organizational information ROI  Value ISM can create 23-Apr-17 Hexaware Technologies Ltd

ISM alignment and integration How ISM aligns with business objective? Application development Centre Selling a software product Application maintenance How the Project assets give input to Business Continuity Plan? How the IS risks are constantly monitored and evaluated to give inputs to Organization Risks? How these strategic risks are integrated to enterprise risks? 23-Apr-17 Hexaware Technologies Ltd

What is the solution to over come these challenges? Recommendation  Please turn over….. 23-Apr-17 Hexaware Technologies Ltd

Currently the Compliance to the controls is what been looked at. Graduate to Understand the controls from risk perspective. Relate the operational risks to strategic risks Next Relate strategic risk to enterprise risk  business risk Define controls to business risks ie. Governance Contd…. 23-Apr-17 Hexaware Technologies Ltd

Bring ISM under GRC Framework (Governance Risk Compliance) 23-Apr-17 Hexaware Technologies Ltd

Thank You 23-Apr-17 Hexaware Technologies Ltd