SlideShare a Scribd company logo

Business Outsourcing to Asia

Download as PPT, PDF
Conferencias FIST
Conferencias FIST
Technology
1 of 31
Business Outsourcing to Asia: Security Challenges and Response FIST CONFERENCE - LISBON Presented By Anup Narayanan, CISA, CISSP anup@firstlegion.net Copyright First Legion 02/15/13 Consulting 1
Agenda • Domains of Outsourcing • Security Concerns • What International Customers demand ? • The answers – Business Perspective on Security – Government Perspective on Security – Comparison on Global Scale • Scope for Improvement Copyright First Legion Consulting
Domains of Outsourcing Copyright First Legion Consulting
Businesses that outsource to Asia • Software Engineering • Support Services – Call Centers – Back Office Processing • Health Insurance • Finance Services Copyright First Legion Consulting
Impact of Business Outsourcing • Increased international interactions • Exchange of Intellectual Property – Source Code – Designs • Exchange of personal information – Finance Data – Health Data • Impact of International Laws ( Information Security) on Indian Business, • Opening of new channels of Information Exchange – Extreme Reliance on Internet Copyright First Legion Consulting
Security Concerns Copyright First Legion Consulting
The spheres of concern • Protection of Intellectual Property • Protection of Privacy • Technical Threats – Related to Information Exchange – Related to communication channels • Legal Aspects Copyright First Legion Consulting
Initial Roadblocks • The advent of International Business initiated new work cultures. • Most Asian countries did not have – Framework for Intellectual Property Protection – Privacy Protection • Awareness of Privacy was and is not as advanced in Asian Countries. • What is the status today ? Copyright First Legion Consulting
What American and European customers demand ? Copyright First Legion Consulting
Information Security – Customer Requirement • Mature customers demand, – Detailed Information Security Framework – Management Understanding and Commitment to Information Security – Most of them stress on good Physical Security – Understanding of International Standards – SoX, GLBA, HIPAA Security Rule – Good Technical Infrastructure for Information Security – Encryption, Firewall and the works…. Copyright First Legion Consulting
The answers Copyright First Legion Consulting
How Asian Companies have adopted Information Security ? Copyright First Legion Consulting
Overview of Information Security in Asia • Asian companies ( Especially India and Japan) have been on the forefront of ISMS implementation. • For example – Japan is the largest adopter of BS7799 in the world. – India is at the 3rd largest adopter of BS7799 in the world. • Apart from this many companies voluntarily adopt SoX, COBIT, HIPAA Security Rule etc. Copyright First Legion Consulting
Status of ISO 27001 ( BS7799-2:2005) • Most widely adopted ISMS in Asia, especially India • Out of 2300 companies certified worldwide, roughly 1000 are in Asia. • The scope is normally the critical business processes of the organization. • More focus on, – Ownership and accountability of Information Security – Management commitment – Periodic review Copyright First Legion Consulting
What are the motivating factors ? • Though the law does not demand it, compliance is often voluntary because, – Business survival often depends on security compliance – Management realizes the importance of the same. • For example, Asian companies have, – Voluntarily complied to SoX and COBIT – Also, HIPAA Security Rule Copyright First Legion Consulting
Do we have incidents ? • Yes we do, • But the good factor is that there is maturity in resolution • Companies are coming out and sharing incident reports with government and other companies • Example - – A major outsourcing company in India with a major American Bank as it’s customer had an incident. The company reported the same and their security levels were reviewed. – The level of security was reviewed and was found to be better than that of the customers’. Copyright First Legion Consulting
How the Government has approached Security ? Copyright First Legion Consulting
Government Initiatives • Major initiatives have been through CERT. • Initiation of Privacy Laws – Example Indian Privacy Act • Apart from this many associations are active – ISACA – eISSA Copyright First Legion Consulting
Government and IT Laws • Indian enacted the IT Act in 2006 • All police stations in India are centers for reporting Cyber Security Thefts • Cyber Crime is slowly gaining recognition and there is regular training for Police on Cyber Security Copyright First Legion Consulting
Incident Handling and Reporting • Govt. of India has a good framework • CDAC – Center for Development of Advanced Computing, has released an open version of Forensic Analysis kit, which is recognized by the Government, • This tool has been used for convicting Cyber Criminals. Copyright First Legion Consulting
A perspective on Business Continuity and Pandemic Flu Copyright First Legion Consulting
What was the reaction to Avian Influenza? • Most Asian countries have a good Emergency Management framework for mitigating Pandemic Flu. • For example in India – The NDRC ( National Disaster Recovery Coordination) Committee coordinated with corporate companies to create recovery plans. – Businesses tested their DR plans through drills. – Industry meetings were arranged to discuss the possible impact of Pandemic Flu • The positive – There was a common sharing of knowledge and best practices. Copyright First Legion Consulting
Comparison on Global Scale Copyright First Legion Consulting
Approach • As far as ISMS goes, Asian companies are up there with the best or even leaders. • On Technological Aspects of Security, may be we do not have the latest geek devices. • There is immense improvements on – Management framework – Management commitment on regular investment in Information Security Copyright First Legion Consulting
The professional side • Though my stats are not accurate, Asia, especially India is a leader in number of CISSP’s, CISA’s • Security Professionals are amongst the best paid in India • Some of the major security service providers ( Nokia) have their Global Security Support services in India. • There is a demand for Risk Management and Business Continuity Management Professionals. Copyright First Legion Consulting
The challenges Copyright First Legion Consulting
We share some of the global challenges • The Human Aspect of Information Security – Social Engineering – Fraud – Theft – Corruption • Environmental Factors – Tsunami, Floods etc. Copyright First Legion Consulting
Specific Challenges • Too much focus on certification • This puts stress on small businesses to adopt ISMS’s and certify them – Not economically viable. • Slow adoption of privacy laws. • Compliance by users by fear and not real understanding. Copyright First Legion Consulting
Improvements ? • A more holistic approach to Information Security. • The aim of security should be achieving business goals and not just Confidentiality, Integrity And Availability. • Too many companies ( managers) adopt Information Security out of fear and not understanding it really. • There is no clear understanding on how much to invest and what to expect in return. Copyright First Legion Consulting
Creative Commons Attribution-NoDerivs 2.0 You are free: •to copy, distribute, display, and perform this work •to make commercial use of this work Under the following conditions: Attribution. You must give the original author credit. No Derivative Works. You may not alter, transform, or build upon this work. For any reuse or distribution, you must make clear to others the license terms of this work. Any of these conditions can be waived if you get permission from the author. Your fair use and other rights are in no way affected by the above. This work is licensed under the Creative Commons Attribution-NoDerivs License. To view a copy of this license, visit http://creativecommons.org/licenses/by-nd/2.0/ or send a letter to Creative Commons, 559Copyright First Legion California 94305, USA. Nathan Abbott Way, Stanford, Consulting
Thank You Anup Narayanan Sr. Consultant and Founder First Legion Consulting Copyright First Legion Consulting

Recommended

Business Outsourcing to Asia
Business Outsourcing to AsiaBusiness Outsourcing to Asia
Business Outsourcing to AsiaConferencias FIST
 
Information Security It's All About Compliance
Information Security It's All About ComplianceInformation Security It's All About Compliance
Information Security It's All About ComplianceDinesh O Bareja
 
Incident Response Requires Superhumans
Incident Response Requires SuperhumansIncident Response Requires Superhumans
Incident Response Requires SuperhumansDinesh O Bareja
 
Governance in Cybercrime and Cybersecurity orgns - final distribution Organiz...
Governance in Cybercrime and Cybersecurity orgns - final distribution Organiz...Governance in Cybercrime and Cybersecurity orgns - final distribution Organiz...
Governance in Cybercrime and Cybersecurity orgns - final distribution Organiz...Dinesh O Bareja
 
Can Cyber Insurance Enforce Change in Enterprise GRC
Can Cyber Insurance Enforce Change in Enterprise GRCCan Cyber Insurance Enforce Change in Enterprise GRC
Can Cyber Insurance Enforce Change in Enterprise GRCDinesh O Bareja
 
Managing Frequently Overlooked Risks & Threats (FORTS) in Corporations
Managing Frequently Overlooked Risks & Threats (FORTS) in CorporationsManaging Frequently Overlooked Risks & Threats (FORTS) in Corporations
Managing Frequently Overlooked Risks & Threats (FORTS) in CorporationsDinesh O Bareja
 
IT compliance
IT complianceIT compliance
IT compliancePhan Vuong
 
Bug Bounty Programs : Good for Government
Bug Bounty Programs : Good for GovernmentBug Bounty Programs : Good for Government
Bug Bounty Programs : Good for GovernmentDinesh O Bareja
 

Recommended

Business Outsourcing to Asia
Business Outsourcing to AsiaBusiness Outsourcing to Asia
Business Outsourcing to AsiaConferencias FIST
 
Information Security It's All About Compliance
Information Security It's All About ComplianceInformation Security It's All About Compliance
Information Security It's All About ComplianceDinesh O Bareja
 
Incident Response Requires Superhumans
Incident Response Requires SuperhumansIncident Response Requires Superhumans
Incident Response Requires SuperhumansDinesh O Bareja
 
Governance in Cybercrime and Cybersecurity orgns - final distribution Organiz...
Governance in Cybercrime and Cybersecurity orgns - final distribution Organiz...Governance in Cybercrime and Cybersecurity orgns - final distribution Organiz...
Governance in Cybercrime and Cybersecurity orgns - final distribution Organiz...Dinesh O Bareja
 
Can Cyber Insurance Enforce Change in Enterprise GRC
Can Cyber Insurance Enforce Change in Enterprise GRCCan Cyber Insurance Enforce Change in Enterprise GRC
Can Cyber Insurance Enforce Change in Enterprise GRCDinesh O Bareja
 
Managing Frequently Overlooked Risks & Threats (FORTS) in Corporations
Managing Frequently Overlooked Risks & Threats (FORTS) in CorporationsManaging Frequently Overlooked Risks & Threats (FORTS) in Corporations
Managing Frequently Overlooked Risks & Threats (FORTS) in CorporationsDinesh O Bareja
 
IT compliance
IT complianceIT compliance
IT compliancePhan Vuong
 
Bug Bounty Programs : Good for Government
Bug Bounty Programs : Good for GovernmentBug Bounty Programs : Good for Government
Bug Bounty Programs : Good for GovernmentDinesh O Bareja
 
Sem 001 sem-001
Sem 001 sem-001Sem 001 sem-001
Sem 001 sem-001SelectedPresentations
 
Assocham conf grc sept 13
Assocham conf grc sept 13Assocham conf grc sept 13
Assocham conf grc sept 13subramanian K
 
Navigating through the Cloud - 7 feb 2012 at Institute for Information Manage...
Navigating through the Cloud - 7 feb 2012 at Institute for Information Manage...Navigating through the Cloud - 7 feb 2012 at Institute for Information Manage...
Navigating through the Cloud - 7 feb 2012 at Institute for Information Manage...Livingstone Advisory
 
Pci Europe 2009 Underside Of The Compliance Ecosystem
Pci Europe 2009 Underside Of The Compliance EcosystemPci Europe 2009 Underside Of The Compliance Ecosystem
Pci Europe 2009 Underside Of The Compliance Ecosystemkpatrickwheeler
 
Navigating the risks in implementing Hybrid Cloud, Agile and Project Manageme...
Navigating the risks in implementing Hybrid Cloud, Agile and Project Manageme...Navigating the risks in implementing Hybrid Cloud, Agile and Project Manageme...
Navigating the risks in implementing Hybrid Cloud, Agile and Project Manageme...Livingstone Advisory
 
Thriving in the world of Big Data
Thriving in the world of Big DataThriving in the world of Big Data
Thriving in the world of Big DataLivingstone Advisory
 
Maximising the opportunities offered by emerging technologies within the chan...
Maximising the opportunities offered by emerging technologies within the chan...Maximising the opportunities offered by emerging technologies within the chan...
Maximising the opportunities offered by emerging technologies within the chan...Livingstone Advisory
 
Introduction to nudging in IT
Introduction to nudging in ITIntroduction to nudging in IT
Introduction to nudging in ITChristian F. Nissen
 
Career implications for the Business Analyst in the age of digital disruption
Career implications for the Business Analyst in the age of digital disruptionCareer implications for the Business Analyst in the age of digital disruption
Career implications for the Business Analyst in the age of digital disruptionLivingstone Advisory
 
Julius Clark is Making Criminal Hackers Miserable
Julius Clark is Making Criminal Hackers MiserableJulius Clark is Making Criminal Hackers Miserable
Julius Clark is Making Criminal Hackers MiserableJulius Clark, CISSP, CISA
 
Security For Business: Are You And Your Customers Safe
Security For Business: Are You And Your Customers SafeSecurity For Business: Are You And Your Customers Safe
Security For Business: Are You And Your Customers Safewoodsy01
 
Current enterprise information security measures continue to fail us. Why is ...
Current enterprise information security measures continue to fail us. Why is ...Current enterprise information security measures continue to fail us. Why is ...
Current enterprise information security measures continue to fail us. Why is ...Livingstone Advisory
 
ISE - InfoSec Essentials .. an introduction
ISE - InfoSec Essentials .. an introductionISE - InfoSec Essentials .. an introduction
ISE - InfoSec Essentials .. an introductionDinesh O Bareja
 
Using international standards to improve US cybersecurity
Using international standards to improve US cybersecurityUsing international standards to improve US cybersecurity
Using international standards to improve US cybersecurityIT Governance Ltd
 
Information Security for Small Business
Information Security for Small BusinessInformation Security for Small Business
Information Security for Small BusinessJulius Clark, CISSP, CISA
 
Topik 5
Topik 5Topik 5
Topik 5haroldalfredo
 
Exploring the opportunities and pitfalls of new and emerging technologies in ...
Exploring the opportunities and pitfalls of new and emerging technologies in ...Exploring the opportunities and pitfalls of new and emerging technologies in ...
Exploring the opportunities and pitfalls of new and emerging technologies in ...Livingstone Advisory
 
News letter feb 11
News letter feb 11News letter feb 11
News letter feb 11captsbtyagi
 
Spotlight on Technology 2017
Spotlight on Technology 2017Spotlight on Technology 2017
Spotlight on Technology 2017Craig Devlin
 
Protecting Donor Privacy
Protecting Donor PrivacyProtecting Donor Privacy
Protecting Donor PrivacyRaymond Cunningham
 
Network Forensics
Network ForensicsNetwork Forensics
Network ForensicsConferencias FIST
 
Analisis Estatico y de Comportamiento de un Binario Malicioso
Analisis Estatico y de Comportamiento de un Binario MaliciosoAnalisis Estatico y de Comportamiento de un Binario Malicioso
Analisis Estatico y de Comportamiento de un Binario MaliciosoConferencias FIST
 

More Related Content

What's hot

Assocham conf grc sept 13
Assocham conf grc sept 13Assocham conf grc sept 13
Assocham conf grc sept 13subramanian K
 
Navigating through the Cloud - 7 feb 2012 at Institute for Information Manage...
Navigating through the Cloud - 7 feb 2012 at Institute for Information Manage...Navigating through the Cloud - 7 feb 2012 at Institute for Information Manage...
Navigating through the Cloud - 7 feb 2012 at Institute for Information Manage...Livingstone Advisory
 
Pci Europe 2009 Underside Of The Compliance Ecosystem
Pci Europe 2009 Underside Of The Compliance EcosystemPci Europe 2009 Underside Of The Compliance Ecosystem
Pci Europe 2009 Underside Of The Compliance Ecosystemkpatrickwheeler
 
Navigating the risks in implementing Hybrid Cloud, Agile and Project Manageme...
Navigating the risks in implementing Hybrid Cloud, Agile and Project Manageme...Navigating the risks in implementing Hybrid Cloud, Agile and Project Manageme...
Navigating the risks in implementing Hybrid Cloud, Agile and Project Manageme...Livingstone Advisory
 
Maximising the opportunities offered by emerging technologies within the chan...
Maximising the opportunities offered by emerging technologies within the chan...Maximising the opportunities offered by emerging technologies within the chan...
Maximising the opportunities offered by emerging technologies within the chan...Livingstone Advisory
 
Career implications for the Business Analyst in the age of digital disruption
Career implications for the Business Analyst in the age of digital disruptionCareer implications for the Business Analyst in the age of digital disruption
Career implications for the Business Analyst in the age of digital disruptionLivingstone Advisory
 
Julius Clark is Making Criminal Hackers Miserable
Julius Clark is Making Criminal Hackers MiserableJulius Clark is Making Criminal Hackers Miserable
Julius Clark is Making Criminal Hackers MiserableJulius Clark, CISSP, CISA
 
Security For Business: Are You And Your Customers Safe
Security For Business: Are You And Your Customers SafeSecurity For Business: Are You And Your Customers Safe
Security For Business: Are You And Your Customers Safewoodsy01
 
Current enterprise information security measures continue to fail us. Why is ...
Current enterprise information security measures continue to fail us. Why is ...Current enterprise information security measures continue to fail us. Why is ...
Current enterprise information security measures continue to fail us. Why is ...Livingstone Advisory
 
ISE - InfoSec Essentials .. an introduction
ISE - InfoSec Essentials .. an introductionISE - InfoSec Essentials .. an introduction
ISE - InfoSec Essentials .. an introductionDinesh O Bareja
 
Using international standards to improve US cybersecurity
Using international standards to improve US cybersecurityUsing international standards to improve US cybersecurity
Using international standards to improve US cybersecurityIT Governance Ltd
 
Exploring the opportunities and pitfalls of new and emerging technologies in ...
Exploring the opportunities and pitfalls of new and emerging technologies in ...Exploring the opportunities and pitfalls of new and emerging technologies in ...
Exploring the opportunities and pitfalls of new and emerging technologies in ...Livingstone Advisory
 
News letter feb 11
News letter feb 11News letter feb 11
News letter feb 11captsbtyagi
 
Spotlight on Technology 2017
Spotlight on Technology 2017Spotlight on Technology 2017
Spotlight on Technology 2017Craig Devlin
 

What's hot (20)

Sem 001 sem-001
Sem 001 sem-001Sem 001 sem-001
Sem 001 sem-001
 
Assocham conf grc sept 13
Assocham conf grc sept 13Assocham conf grc sept 13
Assocham conf grc sept 13
 
Navigating through the Cloud - 7 feb 2012 at Institute for Information Manage...
Navigating through the Cloud - 7 feb 2012 at Institute for Information Manage...Navigating through the Cloud - 7 feb 2012 at Institute for Information Manage...
Navigating through the Cloud - 7 feb 2012 at Institute for Information Manage...
 
Pci Europe 2009 Underside Of The Compliance Ecosystem
Pci Europe 2009 Underside Of The Compliance EcosystemPci Europe 2009 Underside Of The Compliance Ecosystem
Pci Europe 2009 Underside Of The Compliance Ecosystem
 
Navigating the risks in implementing Hybrid Cloud, Agile and Project Manageme...
Navigating the risks in implementing Hybrid Cloud, Agile and Project Manageme...Navigating the risks in implementing Hybrid Cloud, Agile and Project Manageme...
Navigating the risks in implementing Hybrid Cloud, Agile and Project Manageme...
 
Thriving in the world of Big Data
Thriving in the world of Big DataThriving in the world of Big Data
Thriving in the world of Big Data
 
Maximising the opportunities offered by emerging technologies within the chan...
Maximising the opportunities offered by emerging technologies within the chan...Maximising the opportunities offered by emerging technologies within the chan...
Maximising the opportunities offered by emerging technologies within the chan...
 
Introduction to nudging in IT
Introduction to nudging in ITIntroduction to nudging in IT
Introduction to nudging in IT
 
Career implications for the Business Analyst in the age of digital disruption
Career implications for the Business Analyst in the age of digital disruptionCareer implications for the Business Analyst in the age of digital disruption
Career implications for the Business Analyst in the age of digital disruption
 
Julius Clark is Making Criminal Hackers Miserable
Julius Clark is Making Criminal Hackers MiserableJulius Clark is Making Criminal Hackers Miserable
Julius Clark is Making Criminal Hackers Miserable
 
Security For Business: Are You And Your Customers Safe
Security For Business: Are You And Your Customers SafeSecurity For Business: Are You And Your Customers Safe
Security For Business: Are You And Your Customers Safe
 
Current enterprise information security measures continue to fail us. Why is ...
Current enterprise information security measures continue to fail us. Why is ...Current enterprise information security measures continue to fail us. Why is ...
Current enterprise information security measures continue to fail us. Why is ...
 
ISE - InfoSec Essentials .. an introduction
ISE - InfoSec Essentials .. an introductionISE - InfoSec Essentials .. an introduction
ISE - InfoSec Essentials .. an introduction
 
Using international standards to improve US cybersecurity
Using international standards to improve US cybersecurityUsing international standards to improve US cybersecurity
Using international standards to improve US cybersecurity
 
Information Security for Small Business
Information Security for Small BusinessInformation Security for Small Business
Information Security for Small Business
 
Topik 5
Topik 5Topik 5
Topik 5
 
Exploring the opportunities and pitfalls of new and emerging technologies in ...
Exploring the opportunities and pitfalls of new and emerging technologies in ...Exploring the opportunities and pitfalls of new and emerging technologies in ...
Exploring the opportunities and pitfalls of new and emerging technologies in ...
 
News letter feb 11
News letter feb 11News letter feb 11
News letter feb 11
 
Spotlight on Technology 2017
Spotlight on Technology 2017Spotlight on Technology 2017
Spotlight on Technology 2017
 
Protecting Donor Privacy
Protecting Donor PrivacyProtecting Donor Privacy
Protecting Donor Privacy
 

Viewers also liked

Analisis Estatico y de Comportamiento de un Binario Malicioso
Analisis Estatico y de Comportamiento de un Binario MaliciosoAnalisis Estatico y de Comportamiento de un Binario Malicioso
Analisis Estatico y de Comportamiento de un Binario MaliciosoConferencias FIST
 
Ataques Mediante Memorias USB
Ataques Mediante Memorias USBAtaques Mediante Memorias USB
Ataques Mediante Memorias USBConferencias FIST
 
Demostracion Hacking Honeypot y Análisis Forense
Demostracion Hacking Honeypot y Análisis ForenseDemostracion Hacking Honeypot y Análisis Forense
Demostracion Hacking Honeypot y Análisis ForenseConferencias FIST
 
Inseguridad en Redes Wireless
Inseguridad en Redes WirelessInseguridad en Redes Wireless
Inseguridad en Redes WirelessConferencias FIST
 

Viewers also liked (9)

Network Forensics
Network ForensicsNetwork Forensics
Network Forensics
 
Analisis Estatico y de Comportamiento de un Binario Malicioso
Analisis Estatico y de Comportamiento de un Binario MaliciosoAnalisis Estatico y de Comportamiento de un Binario Malicioso
Analisis Estatico y de Comportamiento de un Binario Malicioso
 
Ataques Mediante Memorias USB
Ataques Mediante Memorias USBAtaques Mediante Memorias USB
Ataques Mediante Memorias USB
 
Demostracion Hacking Honeypot y Análisis Forense
Demostracion Hacking Honeypot y Análisis ForenseDemostracion Hacking Honeypot y Análisis Forense
Demostracion Hacking Honeypot y Análisis Forense
 
Not only a XSS
Not only a XSSNot only a XSS
Not only a XSS
 
Inkblot Passwords
Inkblot PasswordsInkblot Passwords
Inkblot Passwords
 
Inseguridad en Redes Wireless
Inseguridad en Redes WirelessInseguridad en Redes Wireless
Inseguridad en Redes Wireless
 
PKI Interoperability
PKI InteroperabilityPKI Interoperability
PKI Interoperability
 
Security Maturity Model
Security Maturity ModelSecurity Maturity Model
Security Maturity Model
 

Similar to Business Outsourcing to Asia

Best practices to mitigate data breach risk
Best practices to mitigate data breach riskBest practices to mitigate data breach risk
Best practices to mitigate data breach riskLivingstone Advisory
 
Cyber Recovery - Legal Toolkit
Cyber Recovery - Legal ToolkitCyber Recovery - Legal Toolkit
Cyber Recovery - Legal ToolkitKevin Duffey
 
William A Tanenbaum David with Goliath: How Big Companies Do Business with...
William A Tanenbaum David with Goliath: How Big Companies Do Business with...William A Tanenbaum David with Goliath: How Big Companies Do Business with...
William A Tanenbaum David with Goliath: How Big Companies Do Business with...William Tanenbaum
 
[Webinar Slides] Data Privacy for the IM Practitioner - Practical Advice for ...
[Webinar Slides] Data Privacy for the IM Practitioner - Practical Advice for ...[Webinar Slides] Data Privacy for the IM Practitioner - Practical Advice for ...
[Webinar Slides] Data Privacy for the IM Practitioner - Practical Advice for ...AIIM International
 
Security For Free
Security For FreeSecurity For Free
Security For Freegwarden
 
David WITH Goliath: How Big Companies Do Deals with Small Cloud and Social Me...
David WITH Goliath: How Big Companies Do Deals with Small Cloud and Social Me...David WITH Goliath: How Big Companies Do Deals with Small Cloud and Social Me...
David WITH Goliath: How Big Companies Do Deals with Small Cloud and Social Me...William Tanenbaum
 
ARC's Bob Mick Cyber Security Presentation @ ARC Industry Forum 2010
ARC's Bob Mick Cyber Security Presentation @ ARC Industry Forum 2010ARC's Bob Mick Cyber Security Presentation @ ARC Industry Forum 2010
ARC's Bob Mick Cyber Security Presentation @ ARC Industry Forum 2010ARC Advisory Group
 
Craft Your Cyber Incident Response Plan (Before It's Too Late)
Craft Your Cyber Incident Response Plan (Before It's Too Late)Craft Your Cyber Incident Response Plan (Before It's Too Late)
Craft Your Cyber Incident Response Plan (Before It's Too Late)Resilient Systems
 
Information Security is NOT an IT Issue
Information Security is NOT an IT IssueInformation Security is NOT an IT Issue
Information Security is NOT an IT IssueEvan Francen
 
FRSecure Sales Deck
FRSecure Sales DeckFRSecure Sales Deck
FRSecure Sales DeckEvan Francen
 
Chief I P Counsel Exchange Agenda 2015
Chief I P Counsel Exchange Agenda 2015Chief I P Counsel Exchange Agenda 2015
Chief I P Counsel Exchange Agenda 2015Fredrick Coleman
 
People are the biggest risk
People are the biggest riskPeople are the biggest risk
People are the biggest riskEvan Francen
 
FRSecure Company Overview
FRSecure Company OverviewFRSecure Company Overview
FRSecure Company OverviewKevin Orth
 
FRSecure Company Overview
FRSecure Company OverviewFRSecure Company Overview
FRSecure Company Overviewstevemarsden
 
Aceds 2015 Cyberseucity and the Legal Profession - NYC - April 7, 2015
Aceds 2015 Cyberseucity and the Legal Profession - NYC - April 7, 2015Aceds 2015 Cyberseucity and the Legal Profession - NYC - April 7, 2015
Aceds 2015 Cyberseucity and the Legal Profession - NYC - April 7, 2015Joe Bartolo
 
Patent Market 2017: Buyers, Sellers, Motivations & Prices?
Patent Market 2017: Buyers, Sellers, Motivations & Prices?Patent Market 2017: Buyers, Sellers, Motivations & Prices?
Patent Market 2017: Buyers, Sellers, Motivations & Prices?Erik Oliver
 
Dealing with Information Security, Risk Management & Cyber Resilience
Dealing with Information Security, Risk Management & Cyber ResilienceDealing with Information Security, Risk Management & Cyber Resilience
Dealing with Information Security, Risk Management & Cyber ResilienceDonald Tabone
 

Similar to Business Outsourcing to Asia (20)

Best practices to mitigate data breach risk
Best practices to mitigate data breach riskBest practices to mitigate data breach risk
Best practices to mitigate data breach risk
 
Cyber Recovery - Legal Toolkit
Cyber Recovery - Legal ToolkitCyber Recovery - Legal Toolkit
Cyber Recovery - Legal Toolkit
 
William A Tanenbaum David with Goliath: How Big Companies Do Business with...
William A Tanenbaum David with Goliath: How Big Companies Do Business with...William A Tanenbaum David with Goliath: How Big Companies Do Business with...
William A Tanenbaum David with Goliath: How Big Companies Do Business with...
 
[Webinar Slides] Data Privacy for the IM Practitioner - Practical Advice for ...
[Webinar Slides] Data Privacy for the IM Practitioner - Practical Advice for ...[Webinar Slides] Data Privacy for the IM Practitioner - Practical Advice for ...
[Webinar Slides] Data Privacy for the IM Practitioner - Practical Advice for ...
 
Security For Free
Security For FreeSecurity For Free
Security For Free
 
David WITH Goliath: How Big Companies Do Deals with Small Cloud and Social Me...
David WITH Goliath: How Big Companies Do Deals with Small Cloud and Social Me...David WITH Goliath: How Big Companies Do Deals with Small Cloud and Social Me...
David WITH Goliath: How Big Companies Do Deals with Small Cloud and Social Me...
 
ARC's Bob Mick Cyber Security Presentation @ ARC Industry Forum 2010
ARC's Bob Mick Cyber Security Presentation @ ARC Industry Forum 2010ARC's Bob Mick Cyber Security Presentation @ ARC Industry Forum 2010
ARC's Bob Mick Cyber Security Presentation @ ARC Industry Forum 2010
 
Craft Your Cyber Incident Response Plan (Before It's Too Late)
Craft Your Cyber Incident Response Plan (Before It's Too Late)Craft Your Cyber Incident Response Plan (Before It's Too Late)
Craft Your Cyber Incident Response Plan (Before It's Too Late)
 
(2016_01_20)_IS_Management_Basics_LinkedIn
(2016_01_20)_IS_Management_Basics_LinkedIn(2016_01_20)_IS_Management_Basics_LinkedIn
(2016_01_20)_IS_Management_Basics_LinkedIn
 
Information Security is NOT an IT Issue
Information Security is NOT an IT IssueInformation Security is NOT an IT Issue
Information Security is NOT an IT Issue
 
FRSecure Sales Deck
FRSecure Sales DeckFRSecure Sales Deck
FRSecure Sales Deck
 
Confidis-Briefing-Web
Confidis-Briefing-WebConfidis-Briefing-Web
Confidis-Briefing-Web
 
Chief I P Counsel Exchange Agenda 2015
Chief I P Counsel Exchange Agenda 2015Chief I P Counsel Exchange Agenda 2015
Chief I P Counsel Exchange Agenda 2015
 
People are the biggest risk
People are the biggest riskPeople are the biggest risk
People are the biggest risk
 
5548 isaca for-students
5548 isaca for-students5548 isaca for-students
5548 isaca for-students
 
FRSecure Company Overview
FRSecure Company OverviewFRSecure Company Overview
FRSecure Company Overview
 
FRSecure Company Overview
FRSecure Company OverviewFRSecure Company Overview
FRSecure Company Overview
 
Aceds 2015 Cyberseucity and the Legal Profession - NYC - April 7, 2015
Aceds 2015 Cyberseucity and the Legal Profession - NYC - April 7, 2015Aceds 2015 Cyberseucity and the Legal Profession - NYC - April 7, 2015
Aceds 2015 Cyberseucity and the Legal Profession - NYC - April 7, 2015
 
Patent Market 2017: Buyers, Sellers, Motivations & Prices?
Patent Market 2017: Buyers, Sellers, Motivations & Prices?Patent Market 2017: Buyers, Sellers, Motivations & Prices?
Patent Market 2017: Buyers, Sellers, Motivations & Prices?
 
Dealing with Information Security, Risk Management & Cyber Resilience
Dealing with Information Security, Risk Management & Cyber ResilienceDealing with Information Security, Risk Management & Cyber Resilience
Dealing with Information Security, Risk Management & Cyber Resilience
 

More from Conferencias FIST

Seguridad en Entornos Web Open Source
Seguridad en Entornos Web Open SourceSeguridad en Entornos Web Open Source
Seguridad en Entornos Web Open SourceConferencias FIST
 
Las Evidencias Digitales en la Informática Forense
Las Evidencias Digitales en la Informática ForenseLas Evidencias Digitales en la Informática Forense
Las Evidencias Digitales en la Informática ForenseConferencias FIST
 
Evolución y situación actual de la seguridad en redes WiFi
Evolución y situación actual de la seguridad en redes WiFiEvolución y situación actual de la seguridad en redes WiFi
Evolución y situación actual de la seguridad en redes WiFiConferencias FIST
 
El Information Security Forum
El Information Security ForumEl Information Security Forum
El Information Security ForumConferencias FIST
 
Mas allá de la Concienciación
Mas allá de la ConcienciaciónMas allá de la Concienciación
Mas allá de la ConcienciaciónConferencias FIST
 
Riesgo y Vulnerabilidades en el Desarrollo
Riesgo y Vulnerabilidades en el DesarrolloRiesgo y Vulnerabilidades en el Desarrollo
Riesgo y Vulnerabilidades en el DesarrolloConferencias FIST
 
IDS with Artificial Intelligence
IDS with Artificial IntelligenceIDS with Artificial Intelligence
IDS with Artificial IntelligenceConferencias FIST
 

More from Conferencias FIST (20)

Seguridad en Open Solaris
Seguridad en Open SolarisSeguridad en Open Solaris
Seguridad en Open Solaris
 
Seguridad en Entornos Web Open Source
Seguridad en Entornos Web Open SourceSeguridad en Entornos Web Open Source
Seguridad en Entornos Web Open Source
 
Spanish Honeynet Project
Spanish Honeynet ProjectSpanish Honeynet Project
Spanish Honeynet Project
 
Seguridad en Windows Mobile
Seguridad en Windows MobileSeguridad en Windows Mobile
Seguridad en Windows Mobile
 
SAP Security
SAP SecuritySAP Security
SAP Security
 
Que es Seguridad
Que es SeguridadQue es Seguridad
Que es Seguridad
 
Network Access Protection
Network Access ProtectionNetwork Access Protection
Network Access Protection
 
Las Evidencias Digitales en la Informática Forense
Las Evidencias Digitales en la Informática ForenseLas Evidencias Digitales en la Informática Forense
Las Evidencias Digitales en la Informática Forense
 
Evolución y situación actual de la seguridad en redes WiFi
Evolución y situación actual de la seguridad en redes WiFiEvolución y situación actual de la seguridad en redes WiFi
Evolución y situación actual de la seguridad en redes WiFi
 
El Information Security Forum
El Information Security ForumEl Information Security Forum
El Information Security Forum
 
Criptografia Cuántica
Criptografia CuánticaCriptografia Cuántica
Criptografia Cuántica
 
Mas allá de la Concienciación
Mas allá de la ConcienciaciónMas allá de la Concienciación
Mas allá de la Concienciación
 
Security Metrics
Security MetricsSecurity Metrics
Security Metrics
 
Wifislax 3.1
Wifislax 3.1Wifislax 3.1
Wifislax 3.1
 
Network Forensics
Network ForensicsNetwork Forensics
Network Forensics
 
Riesgo y Vulnerabilidades en el Desarrollo
Riesgo y Vulnerabilidades en el DesarrolloRiesgo y Vulnerabilidades en el Desarrollo
Riesgo y Vulnerabilidades en el Desarrollo
 
Cisco Equipment Security
Cisco Equipment SecurityCisco Equipment Security
Cisco Equipment Security
 
IDS with Artificial Intelligence
IDS with Artificial IntelligenceIDS with Artificial Intelligence
IDS with Artificial Intelligence
 
Continuidad de Negocio
Continuidad de NegocioContinuidad de Negocio
Continuidad de Negocio
 
Malware RADA
Malware RADAMalware RADA
Malware RADA
 

Recently uploaded

SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 

Recently uploaded (20)

SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 

Business Outsourcing to Asia

  • 1. Business Outsourcing to Asia: Security Challenges and Response FIST CONFERENCE - LISBON Presented By Anup Narayanan, CISA, CISSP anup@firstlegion.net Copyright First Legion 02/15/13 Consulting 1
  • 2. Agenda • Domains of Outsourcing • Security Concerns • What International Customers demand ? • The answers – Business Perspective on Security – Government Perspective on Security – Comparison on Global Scale • Scope for Improvement Copyright First Legion Consulting
  • 3. Domains of Outsourcing Copyright First Legion Consulting
  • 4. Businesses that outsource to Asia • Software Engineering • Support Services – Call Centers – Back Office Processing • Health Insurance • Finance Services Copyright First Legion Consulting
  • 5. Impact of Business Outsourcing • Increased international interactions • Exchange of Intellectual Property – Source Code – Designs • Exchange of personal information – Finance Data – Health Data • Impact of International Laws ( Information Security) on Indian Business, • Opening of new channels of Information Exchange – Extreme Reliance on Internet Copyright First Legion Consulting
  • 6. Security Concerns Copyright First Legion Consulting
  • 7. The spheres of concern • Protection of Intellectual Property • Protection of Privacy • Technical Threats – Related to Information Exchange – Related to communication channels • Legal Aspects Copyright First Legion Consulting
  • 8. Initial Roadblocks • The advent of International Business initiated new work cultures. • Most Asian countries did not have – Framework for Intellectual Property Protection – Privacy Protection • Awareness of Privacy was and is not as advanced in Asian Countries. • What is the status today ? Copyright First Legion Consulting
  • 9. What American and European customers demand ? Copyright First Legion Consulting
  • 10. Information Security – Customer Requirement • Mature customers demand, – Detailed Information Security Framework – Management Understanding and Commitment to Information Security – Most of them stress on good Physical Security – Understanding of International Standards – SoX, GLBA, HIPAA Security Rule – Good Technical Infrastructure for Information Security – Encryption, Firewall and the works…. Copyright First Legion Consulting
  • 11. The answers Copyright First Legion Consulting
  • 12. How Asian Companies have adopted Information Security ? Copyright First Legion Consulting
  • 13. Overview of Information Security in Asia • Asian companies ( Especially India and Japan) have been on the forefront of ISMS implementation. • For example – Japan is the largest adopter of BS7799 in the world. – India is at the 3rd largest adopter of BS7799 in the world. • Apart from this many companies voluntarily adopt SoX, COBIT, HIPAA Security Rule etc. Copyright First Legion Consulting
  • 14. Status of ISO 27001 ( BS7799-2:2005) • Most widely adopted ISMS in Asia, especially India • Out of 2300 companies certified worldwide, roughly 1000 are in Asia. • The scope is normally the critical business processes of the organization. • More focus on, – Ownership and accountability of Information Security – Management commitment – Periodic review Copyright First Legion Consulting
  • 15. What are the motivating factors ? • Though the law does not demand it, compliance is often voluntary because, – Business survival often depends on security compliance – Management realizes the importance of the same. • For example, Asian companies have, – Voluntarily complied to SoX and COBIT – Also, HIPAA Security Rule Copyright First Legion Consulting
  • 16. Do we have incidents ? • Yes we do, • But the good factor is that there is maturity in resolution • Companies are coming out and sharing incident reports with government and other companies • Example - – A major outsourcing company in India with a major American Bank as it’s customer had an incident. The company reported the same and their security levels were reviewed. – The level of security was reviewed and was found to be better than that of the customers’. Copyright First Legion Consulting
  • 17. How the Government has approached Security ? Copyright First Legion Consulting
  • 18. Government Initiatives • Major initiatives have been through CERT. • Initiation of Privacy Laws – Example Indian Privacy Act • Apart from this many associations are active – ISACA – eISSA Copyright First Legion Consulting
  • 19. Government and IT Laws • Indian enacted the IT Act in 2006 • All police stations in India are centers for reporting Cyber Security Thefts • Cyber Crime is slowly gaining recognition and there is regular training for Police on Cyber Security Copyright First Legion Consulting
  • 20. Incident Handling and Reporting • Govt. of India has a good framework • CDAC – Center for Development of Advanced Computing, has released an open version of Forensic Analysis kit, which is recognized by the Government, • This tool has been used for convicting Cyber Criminals. Copyright First Legion Consulting
  • 21. A perspective on Business Continuity and Pandemic Flu Copyright First Legion Consulting
  • 22. What was the reaction to Avian Influenza? • Most Asian countries have a good Emergency Management framework for mitigating Pandemic Flu. • For example in India – The NDRC ( National Disaster Recovery Coordination) Committee coordinated with corporate companies to create recovery plans. – Businesses tested their DR plans through drills. – Industry meetings were arranged to discuss the possible impact of Pandemic Flu • The positive – There was a common sharing of knowledge and best practices. Copyright First Legion Consulting
  • 23. Comparison on Global Scale Copyright First Legion Consulting
  • 24. Approach • As far as ISMS goes, Asian companies are up there with the best or even leaders. • On Technological Aspects of Security, may be we do not have the latest geek devices. • There is immense improvements on – Management framework – Management commitment on regular investment in Information Security Copyright First Legion Consulting
  • 25. The professional side • Though my stats are not accurate, Asia, especially India is a leader in number of CISSP’s, CISA’s • Security Professionals are amongst the best paid in India • Some of the major security service providers ( Nokia) have their Global Security Support services in India. • There is a demand for Risk Management and Business Continuity Management Professionals. Copyright First Legion Consulting
  • 26. The challenges Copyright First Legion Consulting
  • 27. We share some of the global challenges • The Human Aspect of Information Security – Social Engineering – Fraud – Theft – Corruption • Environmental Factors – Tsunami, Floods etc. Copyright First Legion Consulting
  • 28. Specific Challenges • Too much focus on certification • This puts stress on small businesses to adopt ISMS’s and certify them – Not economically viable. • Slow adoption of privacy laws. • Compliance by users by fear and not real understanding. Copyright First Legion Consulting
  • 29. Improvements ? • A more holistic approach to Information Security. • The aim of security should be achieving business goals and not just Confidentiality, Integrity And Availability. • Too many companies ( managers) adopt Information Security out of fear and not understanding it really. • There is no clear understanding on how much to invest and what to expect in return. Copyright First Legion Consulting
  • 30. Creative Commons Attribution-NoDerivs 2.0 You are free: •to copy, distribute, display, and perform this work •to make commercial use of this work Under the following conditions: Attribution. You must give the original author credit. No Derivative Works. You may not alter, transform, or build upon this work. For any reuse or distribution, you must make clear to others the license terms of this work. Any of these conditions can be waived if you get permission from the author. Your fair use and other rights are in no way affected by the above. This work is licensed under the Creative Commons Attribution-NoDerivs License. To view a copy of this license, visit http://creativecommons.org/licenses/by-nd/2.0/ or send a letter to Creative Commons, 559Copyright First Legion California 94305, USA. Nathan Abbott Way, Stanford, Consulting
  • 31. Thank You Anup Narayanan Sr. Consultant and Founder First Legion Consulting Copyright First Legion Consulting