Business Continuity India

DSCI Best Practices Meet witnesses huge participation

DSCI, a NASSCOM initiative, organized its third DSCI Best Practices Meet for Data Protection focused on ‘Promoting Dialogue for Building an Ecosystem for Data Protection’.

This year’s meet specifically focused on the regulatory environment – rules under section 43A and 79 of the IT (Amendment) Act, 2008 and its implications on business and privacy ecosystem in India; the new landscape – the cloud - and security and privacy as important challenges to the adoption of cloud computing; and the current trends in security practices being followed in specific disciplines like threat and vulnerability management, application security and user access and privilege management.

"The IT (Amendment Act, 2008 (ITAA 2008) is on a sound footing. A strong data protection regime requires that cyber crimes such as identity theft, phishing, data leakage, cyber terrorism, child pornography etc. be covered to ensure data security and data privacy,” said Dr. Kamlesh Bajaj, CEO, Data Security Council of India (DSCI) in his welcome address at DSCI's Best Practices Meet 2011 in Bengaluru on Tuesday.

"The IT (Amendment Act, 2008 (ITAA 2008) has indeed established a strong protection regime in India. It also provides for security of critical infrastructure, by terming such cyber attacks as cyber terrorism; and for establishing a nation encryption policy for data security. ITAA 2008 thus enhances trustworthiness of cyberspace," Dr. Bajaj added

DSCI presented its experience of taking the Security and Privacy Framework (DPF) to the industry, and took a deep dive in some of the important security disciplines.
The meet also featured the release of the study on insider threat - ‘The Threat Within’ – developed by DSCI and PwC. The study is based on a survey of service provider organizations and client organizations and highlights some interesting findings, reflecting the perspectives of both the service providers and clients.

Krishnakumar Natrajan, CEO& MD, Mindtree, in his inaugural address drew the attention to the fact that Indian IT solutions providers are now performing core functions for their clients and how to create an environment of data protection to make an organization more global in its approach. He said, “Through public advocacy, assessments and frameworks, India will further enhance its status as a preferred provider of IT services.

How can your business stay protected from natural and man-made ...

The internet constitutes an integral tool for conducting business today. As organisations evaluate implementation of some technologies for information security benefits, they need to be aware of not making simple mistakes that can irreversibly affect the running of their business.

The security landscape is constantly changing, so the threats businesses face today are different from the threats a year ago – or even six months ago.

There have been significant changes to the threat landscape in 2010, including an increase in volume and sophistication of threat activity, continued growth of social networking sites, and a change in hackers’ attack tactics.

Most common security and data protection mistakes that organisations of all sizes make are:

Lack of proper security software and policies Not scheduling a regular data back-up Not having a disaster preparedness plan Failing for social media scams Not buying real software

Therefore, it is extremely important that organisations recognise these common slip-ups, they need to know what steps they would need to take to ensure their company doesn’t fall victim to data loss.

We are living in extremely dangerous and disruptive times, making us more prone to external threats than ever before. Economic instability, terrorist attacks, hacker activities and natural disasters are the biggest factors that could cause critical damage to a company. Anyone, who has watched the impact of, for instance, cyclones in India, or floods in Pakistan in recent years, will recognise that directors must plan for their organisation to overcome natural disasters. Poor business continuity infrastructure is another key element that affects most companies in India. Some foreign organisations, for instance, have decided to outsource only a certain portion of their business processes in India, which leads to some Indian firms losing business.

BS25999 business continuity management has been helping organisations cope for the last five years. This standard is often described as a business-critical activity – but conversation on the subject is often confused by the parallel concept of disaster recovery management and the recent arrival of three different business continuity related standards hasn’t improved understanding. So, what exactly is business continuity management, and how do all the standards relate to one another?