8/3/2019 Information Security Management in Indian IT Industry
1/36
Information SecurityManagement in
Indian IT Industry
Presented By:
Naureen Broca-1030141112
Pranav Kataria- 10030141114
Malcolm DSouza- 10030141115
8/3/2019 Information Security Management in Indian IT Industry
2/36
IT & ITES INDUSTRY IN INDIA
Over the past decade, information technology industry has
become one of the fastest growing industries in India.
Strong demand over the past few years has placed Indiaamongst the fastest growing IT markets in the Asia- Pacificregion.
The Indian software and information technology enabledservices (ITES) industry has grown at a compounded annualgrowth rate (CAGR) of 28 percent during the lastfive years.
Global software product giants such as Microsoft, Oracle,SAP, etc., have established their captive development centresin India.
8/3/2019 Information Security Management in Indian IT Industry
3/36
Organizational Structure of
Indian IT
8/3/2019 Information Security Management in Indian IT Industry
4/36
IT/ITeS industry: Steady
growth track Direct employment for four
million and indirectemployment for 10 to 12million by 2015
Expected to earn revenues ofUS$ 64 billion in FY2008,recording a CAGR of 31 per centover the last five years
Domestic market compriseshardware, software and IT-BPOservices
8/3/2019 Information Security Management in Indian IT Industry
5/36
India maintains lead in
IT/ITeS Indian IT/ITeS sector has matured considerably
with its
- expansion into varied verticals
- well differentiated service offerings
- increasing geographic penetration Indias importance among emerging economies,both as a supply and demand centre, is fuelling furthergrowth of the sector
India maintains its position as a strategic off-shoring
destination for MNCs worldwideIT/ITeS sector contributed to over 5.4 per cent ofIndias GDP in 2006-07, an increase from 4.8 percentin 2005-06
8/3/2019 Information Security Management in Indian IT Industry
6/36
CURRENT STATUS:
8/3/2019 Information Security Management in Indian IT Industry
7/36
IT Services
Banking, Financial Servicesand Insurance (BFSI) verticalcontinues to account for thelargest share of exports at 31
per cent Telecom vertical accountsfor second-largest share ofthe pie at 19 per cent
Other verticals such as
manufacturing, retail, mediaand healthcare are rapidlygaining pace
8/3/2019 Information Security Management in Indian IT Industry
8/36
ITES-BPO
Industry has graduated to
providing a high proportion ofvoice-based services and a widerange of back-office processing
activities Scope of services has
expanded in the last(three tofour) years, to includeincreasingly complex processes
involving rule-based decisionmaking and research servicesrequiring informed individualjudgment
8/3/2019 Information Security Management in Indian IT Industry
9/36
IT/ITeS sector: Moving up
the value chain India, earlier the primary global offshoringdestination for low-end back-office services,
is now emerging as an innovation and
research hub
India is estimated to continue attractingsubstantial investments in the sector, with
the cost-arbitrage factor expected to prevail
for another 10 to 15 years
The ITeS segment is expected to leverage thepenetration of the IT segment;complementing and completing end-to-endcustomer requirements with the aid ofoffshore and onshore service offerings
8/3/2019 Information Security Management in Indian IT Industry
10/36
Major IT & ITES Companies
in India
8/3/2019 Information Security Management in Indian IT Industry
11/36
Why Information Securityis important in IT Industry
8/3/2019 Information Security Management in Indian IT Industry
12/36
The Value of Information
The businesses will hold sensitive information on theiremployees, salary information, financial results, and businessplans for the year ahead.
They may also hold trade secrets, research and other
information that gives them a competitive edge. Individuals usually hold sensitive personal information on their
home computers and typically perform online functions such asbanking, shopping and social networking; sharing their sensitiveinformation with others over the internet.
As more and more of this information is stored and processedelectronically and transmitted across company networks or theinternet, the risk of unauthorised access increases.
8/3/2019 Information Security Management in Indian IT Industry
13/36
Security Threats &Measures
8/3/2019 Information Security Management in Indian IT Industry
14/36
Threats & Measures Conduct Employee Security
AwarenessTraining: Raising theawareness level of employeesthrough mandatory, monthly
online courses is a terrificway to remind them thatsecurity is everyonesresponsibility. Choose atraining program that offersup-to-date courses, ensures
users understand policiesand procedures, andprovides reporting tomanagement.
Malicious Insiders (Rising
Threat): Employees withmalicious intent have alwaysbeen the biggest threat to
their organizations.
8/3/2019 Information Security Management in Indian IT Industry
15/36
Threats & Measures
URL Filtering, PatchManagement and OtherProtections. Proactivelymanage the sites where
employees are allowed tosurf by limiting them tosafe, approved sites fromreputable web publishers.Employ Patch
Management and systemAV & spyware protectionto combat the malwarethreat.
Malware (Steady
Threat): Malicious softwarecan include viruses, worms,Trojan horse programs, etc.
but most importantlywebsites that host malware,which has become the mostprolific distribution method.
8/3/2019 Information Security Management in Indian IT Industry
16/36
Threats & Measures
Implement Comprehensive PatchManagement: Often some of themost sensitive data are on non-Microsoft systems such as Linux,UNIX or Macintosh.
Invest in a patch management
solution offering full visibility intoyour network and covering alloperating systems and vendors, notjust Microsoft.
Consider host-based intrusionprevention (HIPS) which can monitoryour system looking for anomalousbehavior, applications attempting tobe installed, user escalation, andother non-standard events.
Exploited
Vulnerabilities
(Weakening Threat):Hackers find a weaknessin a commonly used
system or softwareproduct and exploit it fortheir gain.
8/3/2019 Information Security Management in Indian IT Industry
17/36
Threats & Measures
Social Engineering Testing: Inaddition to employee training toraise awareness you can hire afirm to come in and test youremployees for their resilience tosocial engineering. A 3rd party
can use mock scenarios toassess your vulnerability to areal attack.
Social Engineering (RisingThreat): With hacking you arecompromising a computer, butwith social engineering youcompromise a human by
tricking him/her into supplyingpersonal information andpasswords. Any method ofcommunication will be used toperpetrate this fraud includingtelephones, mobile phones, text
messaging, instant messaging,impersonation ofsupport/vendor staff and socialnetworking sites
8/3/2019 Information Security Management in Indian IT Industry
18/36
8/3/2019 Information Security Management in Indian IT Industry
19/36
Threats & Measures
Conduct Employee SecurityAwarenessTraining: Raising theawareness level of employeesthrough mandatory, monthly
online courses is a terrificway to remind them thatsecurity is everyonesresponsibility. Choose atraining program that offersup-to-date courses, ensures
users understand policiesand procedures, andprovides reporting tomanagement.
Careless Employees (RisingThreat): Mistakes made bycareless or untrained employeescan lead to a significant securitycompromise. A poor economicclimate puts strains on
employees causing them to cutcorners or important duties. Itcan also lead to less formalemployee training.
8/3/2019 Information Security Management in Indian IT Industry
20/36
Threats & Measures
Consider Opting for aSoftware-as-a-Service(SaaS) Solution to CutCosts. A company that hastraditionally kept their
security management andmonitoring in-house may usethis as an opportunity to lookat the cost benefits ofoutsourcing it to a leadingsecurity firm. Choose a
provider that offers a broadrange of services, isfinancially, viable and isaudited by multipleindependent 3rd parties.
Reduced Budgets (RisingThreat): A weak economyleads companies to tightentheir budgets, which
results in less headcountand less money forupgrades and newsystems.
8/3/2019 Information Security Management in Indian IT Industry
21/36
Threats & Measures
Use The Same Systems ForTelecommuters As For On-SiteEmployees. Dont forget toinstall security on your remoteVPNs. Make sure that remoteusers use company issued
systems with updated securitypatches and web contentfiltering. Provide easilyaccessible on-call tech supportso that employees dont resortto fixing things themselves andpossibly disabling necessarysecurity measures. Isolate workcomputers at home from thekids who can download threatsalong with their games.
Remote Workers & Road
Warriors (Steady Threat):Telecommuting and mobileworkers are on the upswing.
8/3/2019 Information Security Management in Indian IT Industry
22/36
Threats & Measures Limit Download and System
Update Administration to aTrained IT Professional. Dontallow users to download andinstall software on theirdesktops. Regularly updatesystem AV & Spyware
Protection. Consider host-basedintrusion prevention (HIPS)which can monitor your systemlooking for anomalous behavior,applications attempting to beinstalled, user escalation, andother non-standard events butmake sure that only ITmanagers have access to this.
Downloaded Software
Including Open Source
and P2P files (Steady
Threat): IT administratorsmay download and install
open source software orfreeware in an attempt tosave money, which canlead to a huge waste oftime in softwareconfiguration in and finetuning or a data breach.
8/3/2019 Information Security Management in Indian IT Industry
23/36
Most Times: Threat Comes
Like
8/3/2019 Information Security Management in Indian IT Industry
24/36
What is needed for
Prevention
8/3/2019 Information Security Management in Indian IT Industry
25/36
Privacy?
8/3/2019 Information Security Management in Indian IT Industry
26/36
Insiders Threat
8/3/2019 Information Security Management in Indian IT Industry
27/36
Comfort Zone for Prevention
8/3/2019 Information Security Management in Indian IT Industry
28/36
Eg- Data Leakage Prevention
8/3/2019 Information Security Management in Indian IT Industry
29/36
Case StudyWipro Technologies implements Websense to help manage
Web threats and improve policy management
8/3/2019 Information Security Management in Indian IT Industry
30/36
Overview
Wipro Technologies is aglobal service provider in ITservices and other servicessuch as technology
infrastructure, consultingand Business ProcessOutsourcing (BPO).
It has approximately 95,000employees (US, Europe,
Canada and Japan and 54development centresworldwide.
8/3/2019 Information Security Management in Indian IT Industry
31/36
Problem StatementAll the offices of Wipro Technologies across the globe are connected byLAN points, which link approximately 60,000 desktops and laptops and1,900 servers. The companys internal IT team of approximately 700professionals centrally manage their IT infrastructure from Bangalore.This team caters to all of Wipro employees as well as customers IT needs,for all locations across the globe. While the implementation of variouspolicies has been taken care of by the different locations themselves, thepolicies are managed from Bangalore.
One of the main challenges faced by Wipro in terms of security was theaccidental access to malware and spyware by employees. Employeeswould inadvertently allow in malware which could put the entire business
at risk, or cripple the systems. We needed to ensure that malware andspyware did not get entry into our systems and that employees were notaccidentally accessing inappropriate sites, says J Pazhamalai,GMInformation Risk Management, Wipro.
8/3/2019 Information Security Management in Indian IT Industry
32/36
Solution
Websense Integration
Websense Web SecuritySuite installation on 3gateways
Awareness regarding therisks associated with freeInternet access wascreated and data security
was given top priority.
8/3/2019 Information Security Management in Indian IT Industry
33/36
8/3/2019 Information Security Management in Indian IT Industry
34/36
The Results
Categorising Websites is now far simpler, making it easierto set down policies for access
Regular updates of blacklisted websites helps in ensuring
better information security risk management
Decrease in the access of unwanted and unauthorised sites
Improved network bandwidth usage
8/3/2019 Information Security Management in Indian IT Industry
35/36
8/3/2019 Information Security Management in Indian IT Industry
36/36