New CIO Challenges

634 views

Published on

Why is it important for CIO's to also look at compliance to India Laws

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
634
On SlideShare
0
From Embeds
0
Number of Embeds
35
Actions
Shares
0
Downloads
11
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

New CIO Challenges

  1. 1. HowCompliant is your ―IT‖ toIndian law ? Vishal Bindra ( CISA, ISO 27001 LA) CEORisks & Consequences Vishal@acpl.com ACPL – Securing Information Assets since 1990. www.acpl.com
  2. 2. www.acpl.com
  3. 3. We all know the consequences of a murder crime for the killer? Consequences of Lapses In todays digital world are equally serious even if your organizations involvement isincidental and unintentional ? ACPL – Securing Information Assets since 1990. www.acpl.com
  4. 4. Lack of IT Governance Complicates Compliance with Costly Consequences!• The rise in data breaches has fuelled the rise in awareness when it comes to the Soaring Costs! importance of proactively securing sensitive data. • Compliance breakdowns and governance failures across industry sectors are now among the most common – and unwelcome – headlines in the business press today. Rising Breaches! Companies are finding legal and regulatory compliance costs soaring while effectiveness declines, giving rise to huge fines, penalties, awards and settlements — often in the billions of dollars ACPL – Securing Information Assets since 1990. www.acpl.com
  5. 5. Failure is not an optionACPL – Securing Information Assets since 1990. www.acpl.com
  6. 6. Costly Governance Failures!• Despite these frequent Some Indian cases reminders on the costly  Just Dial, sued their competitor, AskMe. consequences of lax  Travelocity - Cleartrip where TC has filed a security & compliance compliant against CT for data theft risk management, there is  Bazee .com still evidence that many  DPS MMS Case organizations do not  Arif Azim Case place sufficient executive  Karan Bahree Case attention on this issue.  Shekhar Verma Case  Cybersys Infotech Limited Case Many Many More That Occur But Are Never Reported www.acpl.com
  7. 7. Typical Executive Response is Denial • ―We’re fine, because we’ve never had a major data security or compliance problem.‖ • ―The kinds of problems our peers suffered couldn’t happen here — we’re better and smarter than that.‖ • ―We already have a code of conduct, whistleblower channel, and other elements of what’s required for compliance.‖ • ―Our general counsel has responsibility for ensuring we’re fully compliant with all laws and regulations, so we’re covered.‖ ACPL – Securing Information Assets since 1990. www.acpl.com
  8. 8. • Pornographic Or ObsceneSimple Breaches ! Emails/SMS/MMS • Sec.67 IT Act 2000 Serious Consequences! • Ist Conviction- – imprisonment for a term,which may extend to five years and with fine, which may extend to Rs. One lakh • 2nd Conviction- – imprisonment for a term, which may extend to ten years and also with fine which may extend to Rs. Two lakh ACPL – Securing Information Assets since 1990. www.acpl.com
  9. 9. • Software Source CodeSimple Breaches Sec.65 IT Act 2000 ! SeriousConsequences! • Punishment – imprisonment up to three years and / or – fine up to Rs. 2 lakh Identity Theft – • Punishment – imprisonment up to three years and / or – fine up to Rs. 1 lakh ACPL – Securing Information Assets since 1990. www.acpl.com
  10. 10. Simple Breaches ! Serious • Hacking with Computer systems,Consequences! Data alteration Sec.66 IT Act 2000 • Three Years Imprisonment and fine of Rs 5 lakhs per vioaltion • Penalty for damages to computer & computer systems –Liable for compensation upto • Rs. one crore ! ACPL – Securing Information Assets since 1990. www.acpl.com
  11. 11. Internal sources- the biggest risk for any legal entity using computersWho in the company faces the consequence and liability of employee actions? ACPL – Securing Information Assets since 1990. www.acpl.com
  12. 12. Consequences of Failure to Comply to Indian IT Act2000 ,Sections of IPC, Cr.P.C • Must be borne by the Top Management Leadership • Exposure to civil and criminal consequences • Imprisonment from 3 years to life imprisonment • Civil liability to pay damages by compensation upto 5 crore rupees per contravention • Sweeping powers provided to police officer under Section 80 of IT Act, 2000 to enter any public place and search & arrest. ACPL – Securing Information Assets since 1990. www.acpl.com
  13. 13. Good Governance is the key! Focus on Technology alone is not enough . Effective security must address people, process and technology and every security implementation does this. However, industry experience and studies show that security standards are implemented "in the letter and not in the spirit" - and sometime back this was a concern expressed by the President Obamas CIO too. Decision makers and stakeholders mustProactive actions to adopt ensure that security is embedded into the organization DNA and that industry global best practices in tools and solutions are adopted that will address risks and vulnerabilities at thesecurity and compliance! fundamental or design level. ACPL – Securing Information Assets since 1990. www.acpl.com
  14. 14. The Road Ahead Not your best day in office! Have a better day… Contact ACPLUnable to Defend your computer, protect sensitive data, and protect devices in your office Rest Info-Assured ! ACPL – Securing Information Assets since 1990. www.acpl.com
  15. 15. At ACPL we have been helping corporates become Info Assured in a Digital World since 1990! " ACPL – Securing Information Assets since 1990. www.acpl.com
  16. 16. What ACPL Offer. • Information Security • Information AvailabilitySolutions • Wire & Wireless Networking • Data Centre Optimisation • Standards (ISO 27001, PCI, BS25999) • Tech Processes & PoliciesConsulting • Vulnerability Management • Data Centric Risk Assessments • Information Security • Product Specific Training • Advanced NW Troubleshooting • InfoSec Trained Manpower Outsourcing www.acpl.com
  17. 17. Our Technology Partners www.acpl.com
  18. 18. Corporates who TRUSTED us! ACPL – Securing Information Assets since 1990. www.acpl.com
  19. 19. Vishal Bindra ( CISA, ISO 27001 LA) CEO Thank You . Vishal@acpl.com ACPL – Securing Information Assets since 1990. www.acpl.com

×