NASSCOM GIC Conclave 2014 - Managing affairs of security and privacy in cross-border data flow - Som Mittal, Former Chairman and President, NASSCOM

  • 296 views
Uploaded on

 

More in: Business , Technology
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
296
On Slideshare
0
From Embeds
0
Number of Embeds
1

Actions

Shares
Downloads
46
Comments
0
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. Business Risks / Data Security imperative for GICs
  • 2. Risks – Structural and External Factors Socio-political Industry on treadmill Customer viewpoint Concentration Vs Competition Global Vs International Industry structure Input resources • USD 100 billion industry; 3 million direct employment; Largest export sector • Diversified structure; Constant growth over 2 decades 24-Apr-14 Cyber security Technology disruptions Each of us need to assess our specific situation 2
  • 3. GIC Specific Risks Global Leadership Executive Sponsorship Operating Model Evolution 24-Apr-14 3
  • 4. A NASSCOM® Initiative Managing the affairs of Security and Privacy
  • 5. A NASSCOM® InitiativeA NASSCOM® Initiative Security and Privacy Affairs: Current State National cyber security framework National cyber security policy Information Technology Act, 2000 & 2008 India CERT- advisories, drills & incidents Information Security Education & Awareness NCIIPC- Critical Infrastructure Protection Privacy rules notification under section 43 A New privacy law in making SecurityPrivacy Government Industry level- NASSCOM & DSCI Setting up DSCI for focused attention Engage in public policies & law making Negotiation for data transfers & market access Education- seminars, workshops & events Community building- DSCI chapters Cyber labs- building capacity of LEAs Export of security products & services NASSCOM Skill Registry Organization- IT, BPM, GICs Implementation of global standards Experience & learning from serving 90+ countries Security products & services Cloud computing Internet Governance Encryption Intermediaries Policies
  • 6. A NASSCOM® Initiative Security and Privacy Affairs: Issues & challenges • Security attacks & threat vectors are targeted, advanced and persistent- data, IPR as well as personal, remained as the key target • Rising up the value chain exposes organizations to the increasing quantum and complexity of data, giving huge incentives to the threats, both external & insider • Supply chain of ICT products & services on the one hand becoming more complex, on the other hand security concerns around it fostering protectionist ideas • Cyber security demands action well beyond the own requirements of organization. Hence, compliance regulations are becoming increasingly stringent • Privacy is proving an important detrimental factor in the global flow of data, introducing restrictions & conditions, affecting top line growth & adding bottom-line cost • Global expectations on the data protection are rising, putting more responsibility and liability on the businesses • Conflict of the global requirements & domestic need is leading to non-homogeneous implementation of security & privacy standards, challenging global product architectures & service models • Law enforcement agencies may not be equipped to handle data breaches & cyber crimes, raising doubts on the ability to resolve security incidents
  • 7. A NASSCOM® Initiative Awareness Events, Seminars, Trainings, Workshops Privacy Day- 28th Jan| 6 Meetings | Privacy Messages Desktop Theme |240,000 employees Network Corporate Members , Chapters Chapters | 10 chapters | security & privacy professionals Chapter Members| More than 1500 Public Advocacy Govt of India, International Regulatory Bodies NSCS | DeitY| DOT| MHA | MOC | EU | FTC | MEA Intermediaries| Privacy Law | Trade Negotiations – EU | Cloud Policy |Internet Governance Security & Privacy Practices DSCI & NASSCOM members , Domestic Industry Frameworks Security (DSF) | Privacy (DPF) |Assessment (DAF) Data Security Council of India Cyber Crime Investigation Law Enforcement, Judiciary, Security Agencies Cyber Labs 8 Labs (Thn, Mum, Blr, Chn, Hyd, Pne, Hyr, Kol) Training | 200-300 per month | more than 30000 MoU with CBI | Advanced courses Cyber Labs| Investigation Manual| Investigation Support Thought leadership -Study & Research Industry trends, challenges, practices | Policy Matters Securing cyber frontiers | Reference architecture | Security in Government Procurement | Surveys | FAQs Survey| Focused Study| Position papers Members | NASSCOM & Non- NASSCOM | Services DSCI Members| Total 700+ & NASSCOM Annual Summit | Best Practices Seminar | DSCI Awards Collaboration Academic, Government, industry, Professional Bodies , Content| Policies |Program| Training | Workshops CMU – Cloud computing measurement index (ISC)2 & SANS – core security training & workshops IITD, FMS, Open Group, GISFI Data Security Council of India Professional Certification Privacy | Security | Forensics DSCI Privacy Lead Assessor (DCPLA)- 200+ certified DCPP- Privacy Professionals, scheduled to launch in July CCFP- helped (ISC)2 develop forensic certification