Professional Documents
Culture Documents
Kamlesh Bajaj
Data Security Council of India
1
Data Protection is the Leading Business Objective as well
“How important to your IT Security group will each of the
following business objectives be in the next 12 months?”
2
Security Threat Scenario
External Threats Internal Threats
5
Data Scenario & Security Requirements
Data Scenario Security Requirements
6
Securing the Enterprise
Information Security – Strategic View Information Security – Operational View
• Threat Management
• Infrastructure Protection: keep the Perimeter, internal network,
unauthorized users out – FW, IDS, applications security; VoIP, Web
IPS, AV, SCM, MSS services, and storage networks,
• Secure Business Enablement: let Wireless and mobile security ;
Moving from detection to
the genuine users in – IAM, strong
prevention ; Application layer
authentication, access controls, digital
protection
rights management • Secure Content Management
• Security Administration: keep the Spam, Spyware, Adware, Web
wheels going – security operations, content
security awareness, information • Security and Vulnerability
security organization, BCP/DR Management
Risk management , Application and
software security vulnerability
mgmt
• Identity and Access Management
Access control, Identity
confirmation, User provisioning
• Information Security Service
Threat focus, Application security, MSS
IS
IS strategic
strategic view
view same
same as
as before,
before, but
but more
more and
and more
more security
security concerns
concerns
7
Securing the Enterprise
Top
Top Security
Security Concerns
Concerns Security Organization
Need
Need to
to protect
protect enterprise
enterprise information
information assets
assets throughout
throughout lifecycle
lifecycle
Not
Not merely
merely aa technology
technology problem
problem -- Security
Security culture,
culture, awareness,
awareness, controls,
controls, processes
processes
9
DSCI – Mission
To create awareness among industry professionals and
other stakeholders about security and privacy issues
To build capacity & provide training among members to
develop, & continually improve appropriate data protection &
security programs
To adopt, monitor & enforce an appropriate security & data
protection standard for the Indian IT/ITES industry that
would be adequate, cost effective, adaptable & comparable
with the global standards
To create a common platform for promoting sharing of
knowledge about information security & to foster a
community of security professionals & firms
To provide appropriate oversight and certification services
for member organizations
10
DSCI – Objectives
Adoption of Best Global Practices
Independent Oversight
Self – Regulation
Focused Mission
Enforcement Mechanism
11
Thank You
Kamlesh Bajaj
CEO, DSCI
kamlesh.bajaj@dsci.in