Jamuna SwamyHead-Information Security

Hexaware Technologies Ltd

Jan 09 1Hexaware Technologies Ltd

What is it? Managing Availability, Confidentiality &

Integrity of InformationWhere are we?

What is so challenging in IT industry?

What is the Road map?

Information Security management (ISM)

Apr 19, 2023 2Hexaware Technologies Ltd

Presentation PathCorporate Information security Perspective

ISM Roles and Responsibilities

Use of Standards and Frameworks

ISM implementation and effectiveness

ISM spending and ROI

ISM alignment and integration

Recommendation

Apr 19, 2023 3Hexaware Technologies Ltd

Corporate Information Security Perspective in IT Industry

Alignment of Information Security objectives to meet Business ObjectivesDevelopment of ProductsOffshore Development CentreApplication Service Provider

Alignment of ISM with enterprise Risk managementRisk team focuses more on financial riskFlow of IS risks to enterprise risksIS is perceived as more technical in nature

Awareness on importance of IS governanceIdentification of Information Security RisksIdentification of regulatory driver for businessImpact of any security incidentPerception of IS as strategic importance

Apr 19, 2023 4Hexaware Technologies Ltd

ISM Roles and ResponsibilitiesHow the roles are defined and communicated?Various roles played by employees

Steering committee membersSecurity Task forceEmergency Response TeamBusiness Continuity Management team Information Security Team

ISM – Should be a part of Quality Management?

IS Head – Whom should he/she report to?Apr 19, 2023 5Hexaware Technologies Ltd

ISM Roles and Responsibilities What is the role of the following in ISM in

Software Industry?Sales ManagerAccounts ManagerDelivery HeadProject Team memberIS TeamTechnology TeamCustomer

Apr 19, 2023 6Hexaware Technologies Ltd

Use of standards and Frameworks What standards/ Frameworks should the

Organization certify for?

ISO 27001Cobit FrameworkSAS 70 AuditsHIPAAGLBAPCIDSS

Apr 19, 2023 7Hexaware Technologies Ltd

Use of standards and Frameworks Data Protection Acts

EuropeUSUKCanada …..List goes on

Federal laws and regulatory requirements

Apr 19, 2023 8Hexaware Technologies Ltd

ISM implementation and effectiveness Is it driven by Top Management?

Is it driven by Customer?

ISM implementation – Is it same to all employees?

Balancing Between operational efficiency and control

effectiveness Between privacy and monitoring Between availability and confidentiality

Key mantra to effective implementation Awareness ! Awareness ! Awareness ! Automation of controls

Apr 19, 2023 9Hexaware Technologies Ltd

ISM spending and ROI What is the % of business budget allocated to

ISM?

How the ROI calculated?Preferred partner?Customer confidence?Availability of services without any business

interruptionProtection of Customer information/

Organizational information

ROI Value ISM can createApr 19, 2023 10Hexaware Technologies Ltd

ISM alignment and integration How ISM aligns with business objective?

Application development CentreSelling a software productApplication maintenance

How the Project assets give input to Business Continuity Plan?

How the IS risks are constantly monitored and evaluated to give inputs to Organization Risks?

How these strategic risks are integrated to enterprise risks?

Apr 19, 2023 11Hexaware Technologies Ltd

What is the solution to over come these

challenges?

Recommendation Please turn over…..

Apr 19, 2023 12Hexaware Technologies Ltd

Currently the Compliance to the controls is what been looked at.

Graduate toUnderstand the controls from risk perspective.Relate the operational risks to strategic risks

NextRelate strategic risk to enterprise risk business

riskDefine controls to business risks ie. Governance

Contd….

Apr 19, 2023 13Hexaware Technologies Ltd

Bring ISM under GRC Framework

(Governance Risk Compliance)

Apr 19, 2023 14Hexaware Technologies Ltd

Thank You

Apr 19, 2023 15Hexaware Technologies Ltd