Sie sind auf Seite 1von 36

Information Security Management in Indian IT Industry

Presented By: Naureen Broca-1030141112 Pranav Kataria- 10030141114 Malcolm DSouza- 10030141115

IT & ITES INDUSTRY IN INDIA


Over the past decade, information technology industry has become one of the fastest growing industries in India. Strong demand over the past few years has placed India amongst the fastest growing IT markets in the Asia- Pacic region.

The Indian software and information technology enabled services (ITES) industry has grown at a compounded annual growth rate (CAGR) of 28 percent during the last ve years. Global software product giants such as Microsoft, Oracle, SAP, etc., have established their captive development centres in India.

Organizational Structure of Indian IT

IT/ITeS industry: Steady growth track


Direct employment for four million and indirect employment for 10 to 12 million by 2015 Expected to earn revenues of US$ 64 billion in FY2008, recording a CAGR of 31 per cent over the last five years Domestic market comprises hardware, software and IT-BPO services

India maintains lead in IT/ITeS


Indian IT/ITeS sector has matured considerably with its - expansion into varied verticals - well differentiated service offerings - increasing geographic penetration Indias importance among emerging economies, both as a supply and demand centre, is fuelling further growth of the sector India maintains its position as a strategic off-shoring destination for MNCs worldwide IT/ITeS sector contributed to over 5.4 per cent of Indias GDP in 2006-07, an increase from 4.8 percent in 2005-06

CURRENT STATUS:

IT Services
Banking, Financial Services and Insurance (BFSI) vertical continues to account for the largest share of exports at 31 per cent Telecom vertical accounts for second-largest share of the pie at 19 per cent Other verticals such as manufacturing, retail, media and healthcare are rapidly gaining pace

ITES-BPO
Industry has graduated to providing a high proportion of voice-based services and a wide range of back-office processing activities Scope of services has expanded in the last(three to four) years, to include increasingly complex processes involving rule-based decision making and research services requiring informed individual judgment

IT/ITeS sector: Moving up the value chain


India, earlier the primary global offshoring destination for low-end back-office services, is now emerging as an innovation and research hub India is estimated to continue attracting substantial investments in the sector, with the cost-arbitrage factor expected to prevail for another 10 to 15 years The ITeS segment is expected to leverage the penetration of the IT segment; complementing and completing end-to-end customer requirements with the aid of offshore and onshore service offerings

Major IT & ITES Companies in India

Why Information Security is important in IT Industry

The Value of Information


The businesses will hold sensitive information on their employees, salary information, financial results, and business plans for the year ahead. They may also hold trade secrets, research and other information that gives them a competitive edge. Individuals usually hold sensitive personal information on their home computers and typically perform online functions such as banking, shopping and social networking; sharing their sensitive information with others over the internet. As more and more of this information is stored and processed electronically and transmitted across company networks or the internet, the risk of unauthorised access increases.

Security Threats & Measures

Threats & Measures


Malicious Insiders (Rising Threat): Employees with malicious intent have always been the biggest threat to their organizations. Conduct Employee Security Awareness Training: Raising the awareness level of employees through mandatory, monthly online courses is a terrific way to remind them that security is everyones responsibility. Choose a training program that offers up-to-date courses, ensures users understand policies and procedures, and provides reporting to management.

Threats & Measures


Malware (Steady Threat): Malicious software can include viruses, worms, Trojan horse programs, etc. but most importantly websites that host malware, which has become the most prolific distribution method.

URL Filtering, Patch Management and Other Protections. Proactively manage the sites where employees are allowed to surf by limiting them to safe, approved sites from reputable web publishers. Employ Patch Management and system AV & spyware protection to combat the malware threat.

Threats & Measures


Exploited Vulnerabilities (Weakening Threat): Hackers find a weakness in a commonly used system or software product and exploit it for their gain.
Implement Comprehensive Patch Management: Often some of the most sensitive data are on nonMicrosoft systems such as Linux, UNIX or Macintosh. Invest in a patch management solution offering full visibility into your network and covering all operating systems and vendors, not just Microsoft. Consider host-based intrusion prevention (HIPS) which can monitor your system looking for anomalous behavior, applications attempting to be installed, user escalation, and other non-standard events.

Threats & Measures


Social Engineering (Rising Threat): With hacking you are compromising a computer, but with social engineering you compromise a human by tricking him/her into supplying personal information and passwords. Any method of communication will be used to perpetrate this fraud including telephones, mobile phones, text messaging, instant messaging, impersonation of support/vendor staff and social networking sites Social Engineering Testing: In addition to employee training to raise awareness you can hire a firm to come in and test your employees for their resilience to social engineering. A 3rd party can use mock scenarios to assess your vulnerability to a real attack.

Threats & Measures


Careless Employees (Rising Threat): Mistakes made by careless or untrained employees can lead to a significant security compromise. A poor economic climate puts strains on employees causing them to cut corners or important duties. It can also lead to less formal employee training.

Conduct Employee Security Awareness Training: Raising the awareness level of employees through mandatory, monthly online courses is a terrific way to remind them that security is everyones responsibility. Choose a training program that offers up-to-date courses, ensures users understand policies and procedures, and provides reporting to management.

Threats & Measures


Reduced Budgets (Rising Threat): A weak economy leads companies to tighten their budgets, which results in less headcount and less money for upgrades and new systems.
Consider Opting for a Software-as-a-Service (SaaS) Solution to Cut Costs. A company that has traditionally kept their security management and monitoring in-house may use this as an opportunity to look at the cost benefits of outsourcing it to a leading security firm. Choose a provider that offers a broad range of services, is financially, viable and is audited by multiple independent 3rd parties.

Threats & Measures


Remote Workers & Road Warriors (Steady Threat): Telecommuting and mobile workers are on the upswing.
Use The Same Systems For Telecommuters As For On-Site Employees. Dont forget to install security on your remote VPNs. Make sure that remote users use company issued systems with updated security patches and web content filtering. Provide easily accessible on-call tech support so that employees dont resort to fixing things themselves and possibly disabling necessary security measures. Isolate work computers at home from the kids who can download threats along with their games.

Threats & Measures


Downloaded Software Including Open Source and P2P files (Steady Threat): IT administrators may download and install open source software or freeware in an attempt to save money, which can lead to a huge waste of time in software configuration in and fine tuning or a data breach.
Limit Download and System Update Administration to a Trained IT Professional. Dont allow users to download and install software on their desktops. Regularly update system AV & Spyware Protection. Consider host-based intrusion prevention (HIPS) which can monitor your system looking for anomalous behavior, applications attempting to be installed, user escalation, and other non-standard events but make sure that only IT managers have access to this.

Most Times: Threat Comes Like

What is needed for Prevention

Privacy?

Insiders Threat

Comfort Zone for Prevention

Eg- Data Leakage Prevention

Case Study
Wipro Technologies implements Websense to help manage Web threats and improve policy management

Overview
Wipro Technologies is a global service provider in IT services and other services such as technology infrastructure, consulting and Business Process Outsourcing (BPO). It has approximately 95,000 employees (US, Europe, Canada and Japan and 54 development centres worldwide.

Problem Statement
All the offices of Wipro Technologies across the globe are connected by LAN points, which link approximately 60,000 desktops and laptops and 1,900 servers. The companys internal IT team of approximately 700 professionals centrally manage their IT infrastructure from Bangalore. This team caters to all of Wipro employees as well as customers IT needs, for all locations across the globe. While the implementation of various policies has been taken care of by the different locations themselves, the policies are managed from Bangalore. One of the main challenges faced by Wipro in terms of security was the accidental access to malware and spyware by employees. Employees would inadvertently allow in malware which could put the entire business at risk, or cripple the systems. We needed to ensure that malware and spyware did not get entry into our systems and that employees were not accidentally accessing inappropriate sites, says J Pazhamalai, GMInformation Risk Management, Wipro.

Solution
Websense Integration Websense Web Security Suite installation on 3 gateways Awareness regarding the risks associated with free Internet access was created and data security was given top priority.

The Results
Categorising Websites is now far simpler, making it easier to set down policies for access Regular updates of blacklisted websites helps in ensuring better information security risk management Decrease in the access of unwanted and unauthorised sites Improved network bandwidth usage

Das könnte Ihnen auch gefallen