Your SlideShare is downloading. ×
NASSCOM GIC Conclave 2014 - Managing affairs of security and privacy in cross-border data flow - Som Mittal, Former Chairman and President, NASSCOM
Upcoming SlideShare
Loading in...5

Thanks for flagging this SlideShare!

Oops! An error has occurred.

Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

NASSCOM GIC Conclave 2014 - Managing affairs of security and privacy in cross-border data flow - Som Mittal, Former Chairman and President, NASSCOM


Published on

Published in: Business, Technology

  • Be the first to comment

  • Be the first to like this

No Downloads
Total Views
On Slideshare
From Embeds
Number of Embeds
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

No notes for slide


  • 1. Business Risks / Data Security imperative for GICs
  • 2. Risks – Structural and External Factors Socio-political Industry on treadmill Customer viewpoint Concentration Vs Competition Global Vs International Industry structure Input resources • USD 100 billion industry; 3 million direct employment; Largest export sector • Diversified structure; Constant growth over 2 decades 24-Apr-14 Cyber security Technology disruptions Each of us need to assess our specific situation 2
  • 3. GIC Specific Risks Global Leadership Executive Sponsorship Operating Model Evolution 24-Apr-14 3
  • 4. A NASSCOM® Initiative Managing the affairs of Security and Privacy
  • 5. A NASSCOM® InitiativeA NASSCOM® Initiative Security and Privacy Affairs: Current State National cyber security framework National cyber security policy Information Technology Act, 2000 & 2008 India CERT- advisories, drills & incidents Information Security Education & Awareness NCIIPC- Critical Infrastructure Protection Privacy rules notification under section 43 A New privacy law in making SecurityPrivacy Government Industry level- NASSCOM & DSCI Setting up DSCI for focused attention Engage in public policies & law making Negotiation for data transfers & market access Education- seminars, workshops & events Community building- DSCI chapters Cyber labs- building capacity of LEAs Export of security products & services NASSCOM Skill Registry Organization- IT, BPM, GICs Implementation of global standards Experience & learning from serving 90+ countries Security products & services Cloud computing Internet Governance Encryption Intermediaries Policies
  • 6. A NASSCOM® Initiative Security and Privacy Affairs: Issues & challenges • Security attacks & threat vectors are targeted, advanced and persistent- data, IPR as well as personal, remained as the key target • Rising up the value chain exposes organizations to the increasing quantum and complexity of data, giving huge incentives to the threats, both external & insider • Supply chain of ICT products & services on the one hand becoming more complex, on the other hand security concerns around it fostering protectionist ideas • Cyber security demands action well beyond the own requirements of organization. Hence, compliance regulations are becoming increasingly stringent • Privacy is proving an important detrimental factor in the global flow of data, introducing restrictions & conditions, affecting top line growth & adding bottom-line cost • Global expectations on the data protection are rising, putting more responsibility and liability on the businesses • Conflict of the global requirements & domestic need is leading to non-homogeneous implementation of security & privacy standards, challenging global product architectures & service models • Law enforcement agencies may not be equipped to handle data breaches & cyber crimes, raising doubts on the ability to resolve security incidents
  • 7. A NASSCOM® Initiative Awareness Events, Seminars, Trainings, Workshops Privacy Day- 28th Jan| 6 Meetings | Privacy Messages Desktop Theme |240,000 employees Network Corporate Members , Chapters Chapters | 10 chapters | security & privacy professionals Chapter Members| More than 1500 Public Advocacy Govt of India, International Regulatory Bodies NSCS | DeitY| DOT| MHA | MOC | EU | FTC | MEA Intermediaries| Privacy Law | Trade Negotiations – EU | Cloud Policy |Internet Governance Security & Privacy Practices DSCI & NASSCOM members , Domestic Industry Frameworks Security (DSF) | Privacy (DPF) |Assessment (DAF) Data Security Council of India Cyber Crime Investigation Law Enforcement, Judiciary, Security Agencies Cyber Labs 8 Labs (Thn, Mum, Blr, Chn, Hyd, Pne, Hyr, Kol) Training | 200-300 per month | more than 30000 MoU with CBI | Advanced courses Cyber Labs| Investigation Manual| Investigation Support Thought leadership -Study & Research Industry trends, challenges, practices | Policy Matters Securing cyber frontiers | Reference architecture | Security in Government Procurement | Surveys | FAQs Survey| Focused Study| Position papers Members | NASSCOM & Non- NASSCOM | Services DSCI Members| Total 700+ & NASSCOM Annual Summit | Best Practices Seminar | DSCI Awards Collaboration Academic, Government, industry, Professional Bodies , Content| Policies |Program| Training | Workshops CMU – Cloud computing measurement index (ISC)2 & SANS – core security training & workshops IITD, FMS, Open Group, GISFI Data Security Council of India Professional Certification Privacy | Security | Forensics DSCI Privacy Lead Assessor (DCPLA)- 200+ certified DCPP- Privacy Professionals, scheduled to launch in July CCFP- helped (ISC)2 develop forensic certification