• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
Jaganathan - An Inclusive Approach to Information Security - Interop Mumbai 2009
 

Jaganathan - An Inclusive Approach to Information Security - Interop Mumbai 2009

on

  • 1,033 views

This session details the unique inclusive approach to Information Security Management (ISM) followed by Ajuba International. Ajuba’s model involves all employees in Information Security making ISM a ...

This session details the unique inclusive approach to Information Security Management (ISM) followed by Ajuba International. Ajuba’s model involves all employees in Information Security making ISM a part of the work rather than a watchdog function.

Statistics

Views

Total Views
1,033
Views on SlideShare
1,028
Embed Views
5

Actions

Likes
0
Downloads
34
Comments
0

2 Embeds 5

http://www.slideshare.net 4
http://r9.bb-info.jp 1

Accessibility

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    Jaganathan - An Inclusive Approach to Information Security - Interop Mumbai 2009 Jaganathan - An Inclusive Approach to Information Security - Interop Mumbai 2009 Presentation Transcript

    • INSPIRED PEOPLE. INSPIRING RESULTS. INCLUSIVE APPROACH TO INFORMATION SECURITY Security Culture in the Corporate World Jaganathan T ISSC Chairperson Ajuba Solutions India Pvt Ltd INTERNAL
    • INSPIRED PEOPLE. INSPIRING RESULTS. COMPANY OVERVIEW INTERNAL
    • INSPIRED PEOPLE. INSPIRING RESULTS. EXECUTIVE SUMMARY Industry leader in offshore healthcare billing and revenue cycle management Proven track record: We process claims with a gross value of over $3 Billion, code 3 million charts and collect over $1 Billion in cash annually Over 1700 domain experts Long term partnerships and retention of clients Seasoned Team and Quality Processes Employees come from organizations such as Deloitte, EDS, McKesson, NDC Health etc. Strong management bench and training capabilities; ability to scale INTERNAL
    • INSPIRED PEOPLE. INSPIRING RESULTS. INDUSTRY AWARDS & RECOGNITION Ranked among the Top 100 Offshore Companies in the world by Managing Offshore and Neo IT Identified as a ‘Rising Star’ by The International Association of Outsourcing Professionals (IAOP), in The Global Outsourcing 100 list and published by Fortune Magazine Ranked #1 as The Top Healthcare Revenue Cycle Management Outsourcing Vendor by The Black Book of Outsourcing Among The Best Employers in India (Hewitt Associates-The Economic Times) INTERNAL
    • INSPIRED PEOPLE. INSPIRING RESULTS. INDUSTRY AWARDS & RECOGNITION Among The Best Workplaces in India (Great Places to Work Institute Inc, US - The Economic Times) Among Best BPO Employers in India (IDC – Dataquest) Among The Top Emerging Exciting Places to Work for (NASSCOM- Grow Talent) Award for Excellence in Gender Inclusivity by NASSCOM INTERNAL
    • INSPIRED PEOPLE. INSPIRING RESULTS. THE FOUR PILLARS OF OUR DELIVERY MODEL PLE PEO PR OC ES S GY IN LO FR NO CH AS TE TR UC TU RE INTERNAL
    • INSPIRED PEOPLE. INSPIRING RESULTS. AJUBA - INFORMATION SECURITY TRACK RECORD ISO27001:2005 certified HIPAA Certified FDCPA Certified SAS70 Type 1 Certified We take Security and Compliance very seriously INTERNAL
    • INSPIRED PEOPLE. INSPIRING RESULTS. CHALLENGES FOR AJUBA IN INFO SECURITY In an industry where Info. Security and compliance is very critical to business. HIPAA Ajuba is continuously awarded as a `Best Employer’ and widely known for `Employee Friendly’ culture. Improper Security enforcement has the potential to affect `Best Employer’ brand equity. Judicious balance between Security Management and Employee comfort required. Average age less than 30. Additional impetus to security awareness required. INTERNAL
    • INSPIRED PEOPLE. INSPIRING RESULTS. IMPORTANT ASSET: PEOPLE CROSS FUNCTIONAL SECURITY TEAM INTERNAL
    • INSPIRED PEOPLE. INSPIRING RESULTS. TRADITIONAL SECURITY ORGANIZATION CEO CIO CSO CMO Info Security manager Auditor IT Security Officer Physical Security INTERNAL
    • INSPIRED PEOPLE. INSPIRING RESULTS. AJUBA SECURITY INFO ORGANIZATION President Director Director Director Manager Corporate Operations Finance & Technology& ISSC Comm. HR Chairperson Sr. Manager Operations Sr. Manager Manager HR Sr. Manager Manager Finance Sr. Manager Sr. Executive operations Operations Technology Asst Asst Asst Manager Asst Manager Manager Manager ISSC Manager Tech Team Team ISM Team Supervisor Supervisor Asst Supervisor Manager ISMS Team Team Agents Leader Leader Team Leader Agents Executive INTERNAL Executive
    • INSPIRED PEOPLE. INSPIRING RESULTS. INFORMATION SECURITY FORUM CROSS FUNCTIONAL TEAMS ISSC : Information Security Steering Committee Management team to guide and steer security implementation ISTF: Information Security Task Force Responsible for implementing and managing Information Security implementation. IRT: Incident Response Team Responsible for Incident Response and Resolution IAT: Internal Audit Team Responsible for Internal and External Audits ERT: Emergency Response Team Responsible for response to emergency conditions and drills INTERNAL
    • INSPIRED PEOPLE. INSPIRING RESULTS. For a total Ajuba staff strength of 1700 ISSC = 4 ISTF = 20 IRT = 12 IAT = 40 ERT = 63 Total 139 ie 8.2 % of total staff strength Extended Security Focus possible because of unique model followed INTERNAL
    • INSPIRED PEOPLE. INSPIRING RESULTS. INTERNAL
    • InfoSec – Focus Shift Ajuba Security Approach – Terminology Used TRADITIONAL APPROACH REPLACED BY Central Security Team Centrally Enabled Participative Team CSO Steering Committee coordinate by a Chairperson Policy Enforcement Participation & Peer Pressure Vigilance, Monitoring Peer Reporting & Health Check Disciplinary Action Incident Resolution Internal Audit Peer Review ISMS I Support Maintaining Security! INTERNAL
    • INSPIRED PEOPLE. INSPIRING RESULTS. SOME BEST PRACTICES PEOPLE INVOLVEMENT Second Week of every December is Celebrated as ISMS Week ISMS week Includes Various Competitions for staff Periodic spot checks and “ Best Compliant team” awarded annually Weekly ISMS quiz in intranet Monthly ISMS newsletter Transparent & Open security escalations INTERNAL
    • INSPIRED PEOPLE. INSPIRING RESULTS. PROCESS SOME BEST PRACTICES Automated Incident Registration, Tracking & Resolution Anonymous Incident Registration possible Weekly Security Posture Review Standard and structured disciplinary matrix known to all staff Security Responsibility is part of everyone’s Job Description Measurable KRAs for Security Team Security Conformance part of every employee’s HR track record. Electronic NDA as part of onboarding INTERNAL
    • INSPIRED PEOPLE. INSPIRING RESULTS. SOME BEST PRACTICES PEOPLE SECURITY Trendsetter in Transport Security – Last Drop Confirmation Quarterly ERT training Surprise ERT drills INTERNAL
    • INSPIRED PEOPLE. INSPIRING RESULTS. INFO SECURITY LIFE CYCLE IN AJUBA INFO SECURITY IS A COMPLETE LIFE CYCLE INVOLVEMENT IN AJUBA INTERNAL
    • INSPIRED PEOPLE. INSPIRING RESULTS. Info Security Metrics 20 18 16 14 Total Incident 12 10 20 8 6 12 12 10 10 11 9 4 7 2 5 4 2 0 1 2007 2008 2009 2007 2008 2009 2007 2008 2009 2007 2008 2009 Access Rights Camera Phone Non Compliance Physical Security Violations Violation with IS Policies Violation Security Incident Category --> INTERNAL
    • INSPIRED PEOPLE. INSPIRING RESULTS. RISK MODEL – COMPLETE FEEDBACK INTERNAL
    • INSPIRED PEOPLE. INSPIRING RESULTS. SUMMARY AJUBA UNIQUE INFOSEC MODEL Ajuba model brings People to the forefront and weaves Technology and Process around People No Compromise on Process and Technology Works very well for Ajuba Should work well for any company. May require little customization to suit the organization. Efficient security implementation at minimum cost INTERNAL
    • INSPIRED PEOPLE. INSPIRING RESULTS. THANK YOU INTERNAL