Scribd Logo
Upload

Welcome to Scribd!

  • Presentation On 25th April - New

    Uploaded by

    Rajesh A Pillai
    9 views15 pages
    This document outlines Rahul Gupta's PhD research project on developing an information security audit tool/framework for the BPO and related sectors. It discusses the background and motivation for the research, which is the large-scale data generation and outsourcing that has led to privacy and security issues. The proposed methodology involves developing questionnaires, statistical analysis of the responses, and focusing on key security areas and compliance laws to create an audit framework. The goal is to address the growing security threats in the BPO industry.

    Original Description:

    Original Title

    Presentation on 25th April_new

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    PPT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This document outlines Rahul Gupta's PhD research project on developing an information security audit tool/framework for the BPO and related sectors. It discusses the background and motivation for the research, which is the large-scale data generation and outsourcing that has led to privacy and security issues. The proposed methodology involves developing questionnaires, statistical analysis of the responses, and focusing on key security areas and compliance laws to create an audit framework. The goal is to address the growing security threats in the BPO industry.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PPT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    9 views15 pages

    Presentation On 25th April - New

    Uploaded by

    Rajesh A Pillai
    This document outlines Rahul Gupta's PhD research project on developing an information security audit tool/framework for the BPO and related sectors. It discusses the background and motivation for the research, which is the large-scale data generation and outsourcing that has led to privacy and security issues. The proposed methodology involves developing questionnaires, statistical analysis of the responses, and focusing on key security areas and compliance laws to create an audit framework. The goal is to address the growing security threats in the BPO industry.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PPT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 15

    “DEVELOPING INFORMATION SECURITY

    AUDIT TOOL/FRAMWORK FOR BPO AND


    RELATED SECTOR”

    Rahul Gupta Supervisor: Dr. M.D.Tiwari


    Project Associate Co-Supervisor: Dr. Anurika Vaish
    (RS 05)
    IIIT-Allahabad

    1
    Flow of Presentation
     Background

     Motivation

     Problem Formulation

     Literature Survey

     Proposed Methodology

     Conclusion

     Other Important Reference

    2
    Background
     It has been witnessed that the society is undergoing advent changes
    whether in their ethics, behavior, life style or technological usage due to
    the fast pace of life.

     Data is generated on a large scale

     The way of processing of data has improved and latest technological


    advancements are used to manage the data

     Security data issues are now prime.

     Information Security is being stressed upon

    3
    Motivation
     The data being generated with the fast pace of life is in huge
    quantum and due to this processing of data is being outsourced to
    certain third parties or BPO’s

     Organizations and people involved with the data collection and data
    processing, misused the personal information of individuals.

     Biggest threat started when data was outsourced to BPO’s where in


    due course of time some major frauds happened in India and other
    parts of the world.

     The information Security issues gave me a motivation to curb the


    misuse of the data collected & data processing particularly in BPO’s

    4
    Cyber Threat Evolution

    Malicious
    Identity Theft
    Virus Code
    (Phishing)
    (Melissa)

    Breaking Advanced Worm / Organised Crime


    Web Sites Trojan (I LOVE Data Theft, DoS /
    YOU) DDoS

    1977 1995 2000 2003-04 2005-06 2007-08

    Dr. Gulshan Rai, Director, CERT-IN, Govt. of India, 8THFEB 2009


    Problem Formulation
    The problem was thus taken up with reference to
    The BPO’s, which are involved as 3rd party

    As a result the threat to security was generated

    To find a solution for the BPO’s to mitigate these frauds

    To solve the deepening pockets of problems in the BPO


    industry

    Developing an Information Security Audit Tool/ Framework


    for BPO and related sectors.

    6
    Literature Review
    The literature review was divided in two aspects:

    1. For motivation & problem formulation (Part 1)

    2. Base model on which the PhD Thesis was set up (part 2)

    7
    Detailed Literature Survey
    ( For motivation & problem formulation)

    The literature survey was done to study the following aspects of my research:

    1.Understanding security and its real importance


    2.Information system framework for within the companies & expectation of security
    from outsourced company
    3.Different standards & control on outsourcing and securitization.
    4.Privacy & Data protection provisions for business
    5.Evaluating internal structure of BPO organization, Information flow bottleneck & t
    hird party involvement
    6.Establishing risk to Information in BPO setup
    7.Assessing a general compliance criteria for BPO organization of Indian origin as
    per the servicing client country

    8
    Base Model Proposed to be Developed

    DPA Framework Study

    My
    Outsourcing issues & Security Service Delivery Framework
    Proposed
    Framework Framework SOA, ITIL

    Legal Compliance
    Framework
    SOX, HIPPA, GLBA

    9
    Base model on which the PhD Thesis was set
    up
    • NASSCOM – DSCI - KPMG Survey on Information Security and Dat
    a Privacy
    Akhilesh Tuteja, Executive Director – KPMG, December 2008

    • Network Magazine, March 2005


    http://www.networkmagazineindia.com/200503/coverstory02.shtml

    • ITES-BPO Handbook

    • Indian ITES-BPO Industry – Fact Sheet (INDIAN ITES-BPO


    INDUSTRY : NASSCOM ANALYSIS)

    • Indian Security Environment – Fact Sheet (INFORMATION SECURITY


    ENVIRONMENT IN INDIA :NASSCOM ANALYSIS)

    10
    • DSCI SECURITY FRAMEWORK, DATA SECURITY COUNCIL OF
    INDIA, November, 2009

    • DSCI FRAMEWORK FOR DATA PROTECTION, DATA SECURITY


    COUNCIL OF INDIA, November, 2009

    • DSCI PRIVACY FRAMEWORK, DATA SECURITY COUNCIL OF


    INDIA, August, 2009

    • New Impacts on Outsourcing in 2009, Outsourcing Journal, By


    Kathleen Goolsby, http://www.outsourcing-journal.com/nov2008-
    outsourcing.html

    • Upcoming Changes in IT Infrastructure Outsourcing


    By Kathleen Goolsby, Senior Writer, Outsourcing Journal 2009

    11
    Proposed Methodology
    The methodology proposed after the literature survey was:

     Development of Questionnaires to get the views of


    different levels of users.

     Applying various statistical analysis software to process


    the response to the floated questionnaires.

    12
    RESEARCH ACTIVITIES TAKEN UP
    Key areas to be focused in BPO information security

    Assessment and ‘know how’ of prevalent audit


    mechanism and tools and their applied impact in the
    industry

    Frame work of prior research and knowledge in the area


    of direct and indirect interest to BPO audit and Information
    security through Literature Survey & Review

    Various compliance laws prevalent in different client


    industry were accessed to gain first hand information to
    current practices and statutes.
    13
    Conclusion
     I am trying my level best to create a solution to
    the burning issue of Information Security in the
    BPO and its related sectors through my PhD

     I firmly believe that this endeavor of mine will


    definitely prove to be fruitful

    14
    THANKS

    15

    You might also like