SlideShare une entreprise Scribd logo

Business Outsourcing to Asia

Conferencias FIST
Conferencias FIST
Technologie
1  sur  31
Télécharger pour lire hors ligne
Business Outsourcing to Asia: Security Challenges and Response FIST CONFERENCE - LISBON Presented By Anup Narayanan, CISA, CISSP anup@firstlegion.net Copyright First Legion Consulting 05/29/06 1
Agenda • Domains of Outsourcing • Security Concerns • What International Customers demand ? • The answers – Business Perspective on Security – Government Perspective on Security – Comparison on Global Scale • Scope for Improvement Copyright First Legion Consulting
Domains of Outsourcing Copyright First Legion Consulting
Businesses that outsource to Asia • Software Engineering • Support Services – Call Centers – Back Office Processing • Health Insurance • Finance Services Copyright First Legion Consulting
Impact of Business Outsourcing • Increased international interactions • Exchange of Intellectual Property – Source Code – Designs • Exchange of personal information – Finance Data – Health Data • Impact of International Laws ( Information Security) on Indian Business, • Opening of new channels of Information Exchange – Extreme Reliance on Internet Copyright First Legion Consulting
Security Concerns Copyright First Legion Consulting
The spheres of concern • Protection of Intellectual Property • Protection of Privacy • Technical Threats – Related to Information Exchange – Related to communication channels • Legal Aspects Copyright First Legion Consulting
Initial Roadblocks • The advent of International Business initiated new work cultures. • Most Asian countries did not have – Framework for Intellectual Property Protection – Privacy Protection • Awareness of Privacy was and is not as advanced in Asian Countries. • What is the status today ? Copyright First Legion Consulting
What American and European customers demand ? Copyright First Legion Consulting
Information Security – Customer Requirement • Mature customers demand, – Detailed Information Security Framework – Management Understanding and Commitment to Information Security – Most of them stress on good Physical Security – Understanding of International Standards – SoX, GLBA, HIPAA Security Rule – Good Technical Infrastructure for Information Security – Encryption, Firewall and the works…. Copyright First Legion Consulting
The answers Copyright First Legion Consulting
How Asian Companies have adopted Information Security ? Copyright First Legion Consulting
Overview of Information Security in Asia • Asian companies ( Especially India and Japan) have been on the forefront of ISMS implementation. • For example – Japan is the largest adopter of BS7799 in the world. – India is at the 3rd largest adopter of BS7799 in the world. • Apart from this many companies voluntarily adopt SoX, COBIT, HIPAA Security Rule etc. Copyright First Legion Consulting
Status of ISO 27001 ( BS7799-2:2005) • Most widely adopted ISMS in Asia, especially India • Out of 2300 companies certified worldwide, roughly 1000 are in Asia. • The scope is normally the critical business processes of the organization. • More focus on, – Ownership and accountability of Information Security – Management commitment – Periodic review Copyright First Legion Consulting
What are the motivating factors ? • Though the law does not demand it, compliance is often voluntary because, – Business survival often depends on security compliance – Management realizes the importance of the same. • For example, Asian companies have, – Voluntarily complied to SoX and COBIT – Also, HIPAA Security Rule Copyright First Legion Consulting
Do we have incidents ? • Yes we do, • But the good factor is that there is maturity in resolution • Companies are coming out and sharing incident reports with government and other companies • Example - – A major outsourcing company in India with a major American Bank as it’s customer had an incident. The company reported the same and their security levels were reviewed. – The level of security was reviewed and was found to be better than that of the customers’. Copyright First Legion Consulting
How the Government has approached Security ? Copyright First Legion Consulting
Government Initiatives • Major initiatives have been through CERT. • Initiation of Privacy Laws – Example Indian Privacy Act • Apart from this many associations are active – ISACA – eISSA Copyright First Legion Consulting
Government and IT Laws • Indian enacted the IT Act in 2006 • All police stations in India are centers for reporting Cyber Security Thefts • Cyber Crime is slowly gaining recognition and there is regular training for Police on Cyber Security Copyright First Legion Consulting
Incident Handling and Reporting • Govt. of India has a good framework • CDAC – Center for Development of Advanced Computing, has released an open version of Forensic Analysis kit, which is recognized by the Government, • This tool has been used for convicting Cyber Criminals. Copyright First Legion Consulting
A perspective on Business Continuity and Pandemic Flu Copyright First Legion Consulting
What was the reaction to Avian Influenza? • Most Asian countries have a good Emergency Management framework for mitigating Pandemic Flu. • For example in India – The NDRC ( National Disaster Recovery Coordination) Committee coordinated with corporate companies to create recovery plans. – Businesses tested their DR plans through drills. – Industry meetings were arranged to discuss the possible impact of Pandemic Flu • The positive – There was a common sharing of knowledge and best practices. Copyright First Legion Consulting
Comparison on Global Scale Copyright First Legion Consulting
Approach • As far as ISMS goes, Asian companies are up there with the best or even leaders. • On Technological Aspects of Security, may be we do not have the latest geek devices. • There is immense improvements on – Management framework – Management commitment on regular investment in Information Security Copyright First Legion Consulting
The professional side • Though my stats are not accurate, Asia, especially India is a leader in number of CISSP’s, CISA’s • Security Professionals are amongst the best paid in India • Some of the major security service providers ( Nokia) have their Global Security Support services in India. • There is a demand for Risk Management and Business Continuity Management Professionals. Copyright First Legion Consulting
The challenges Copyright First Legion Consulting
We share some of the global challenges • The Human Aspect of Information Security – Social Engineering – Fraud – Theft – Corruption • Environmental Factors – Tsunami, Floods etc. Copyright First Legion Consulting
Specific Challenges • Too much focus on certification • This puts stress on small businesses to adopt ISMS’s and certify them – Not economically viable. • Slow adoption of privacy laws. • Compliance by users by fear and not real understanding. Copyright First Legion Consulting
Improvements ? • A more holistic approach to Information Security. • The aim of security should be achieving business goals and not just Confidentiality, Integrity And Availability. • Too many companies ( managers) adopt Information Security out of fear and not understanding it really. • There is no clear understanding on how much to invest and what to expect in return. Copyright First Legion Consulting
Creative Commons Attribution-NoDerivs 2.0 You are free: •to copy, distribute, display, and perform this work •to make commercial use of this work Under the following conditions: Attribution. You must give the original author credit. No Derivative Works. You may not alter, transform, or build upon this work.           For any reuse or distribution, you must make clear to others the license terms of this work. Any of these conditions can be waived if you get permission from the author. Your fair use and other rights are in no way affected by the above. This work is licensed under the Creative Commons Attribution-NoDerivs License. To view a copy of this license, visit http://creativecommons.org/licenses/by-nd/2.0/ or send a letter to Creative Commons, 559 Nathan Abbott Way, Stanford, California 94305, USA. Copyright First Legion Consulting
Thank You Anup Narayanan Sr. Consultant and Founder First Legion Consulting Copyright First Legion Consulting

Recommandé

Business Outsourcing to Asia
Business Outsourcing to AsiaBusiness Outsourcing to Asia
Business Outsourcing to AsiaConferencias FIST
 
Information Security Management Education Program - Concept Document
Information Security Management Education Program - Concept Document Information Security Management Education Program - Concept Document
Information Security Management Education Program - Concept Document Dinesh O Bareja
 
Information Security It's All About Compliance
Information Security It's All About ComplianceInformation Security It's All About Compliance
Information Security It's All About ComplianceDinesh O Bareja
 
Can Cyber Insurance Enforce Change in Enterprise GRC
Can Cyber Insurance Enforce Change in Enterprise GRCCan Cyber Insurance Enforce Change in Enterprise GRC
Can Cyber Insurance Enforce Change in Enterprise GRCDinesh O Bareja
 
IT compliance
IT complianceIT compliance
IT compliancePhan Vuong
 
Managing Frequently Overlooked Risks & Threats (FORTS) in Corporations
Managing Frequently Overlooked Risks & Threats (FORTS) in CorporationsManaging Frequently Overlooked Risks & Threats (FORTS) in Corporations
Managing Frequently Overlooked Risks & Threats (FORTS) in CorporationsDinesh O Bareja
 
security and assurance lecture jan 14
security and assurance lecture jan 14security and assurance lecture jan 14
security and assurance lecture jan 14subramanian K
 
Assocham conf grc sept 13
Assocham conf grc sept 13Assocham conf grc sept 13
Assocham conf grc sept 13subramanian K
 

Recommandé

Business Outsourcing to Asia
Business Outsourcing to AsiaBusiness Outsourcing to Asia
Business Outsourcing to AsiaConferencias FIST
 
Information Security Management Education Program - Concept Document
Information Security Management Education Program - Concept Document Information Security Management Education Program - Concept Document
Information Security Management Education Program - Concept Document Dinesh O Bareja
 
Information Security It's All About Compliance
Information Security It's All About ComplianceInformation Security It's All About Compliance
Information Security It's All About ComplianceDinesh O Bareja
 
Can Cyber Insurance Enforce Change in Enterprise GRC
Can Cyber Insurance Enforce Change in Enterprise GRCCan Cyber Insurance Enforce Change in Enterprise GRC
Can Cyber Insurance Enforce Change in Enterprise GRCDinesh O Bareja
 
IT compliance
IT complianceIT compliance
IT compliancePhan Vuong
 
Managing Frequently Overlooked Risks & Threats (FORTS) in Corporations
Managing Frequently Overlooked Risks & Threats (FORTS) in CorporationsManaging Frequently Overlooked Risks & Threats (FORTS) in Corporations
Managing Frequently Overlooked Risks & Threats (FORTS) in CorporationsDinesh O Bareja
 
security and assurance lecture jan 14
security and assurance lecture jan 14security and assurance lecture jan 14
security and assurance lecture jan 14subramanian K
 
Assocham conf grc sept 13
Assocham conf grc sept 13Assocham conf grc sept 13
Assocham conf grc sept 13subramanian K
 
Cybersecurity Risks for Businesses
Cybersecurity Risks for BusinessesCybersecurity Risks for Businesses
Cybersecurity Risks for BusinessesAlex Rudie
 
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...International Federation of Accountants
 
Sem 001 sem-001
Sem 001 sem-001Sem 001 sem-001
Sem 001 sem-001SelectedPresentations
 
Navigating the risks in implementing Hybrid Cloud, Agile and Project Manageme...
Navigating the risks in implementing Hybrid Cloud, Agile and Project Manageme...Navigating the risks in implementing Hybrid Cloud, Agile and Project Manageme...
Navigating the risks in implementing Hybrid Cloud, Agile and Project Manageme...Livingstone Advisory
 
How an Integrated Management system helps you comply with new Cyber Laws and ...
How an Integrated Management system helps you comply with new Cyber Laws and ...How an Integrated Management system helps you comply with new Cyber Laws and ...
How an Integrated Management system helps you comply with new Cyber Laws and ...PECB
 
Advanced Cybersecurity Risk Management: How to successfully address your Cybe...
Advanced Cybersecurity Risk Management: How to successfully address your Cybe...Advanced Cybersecurity Risk Management: How to successfully address your Cybe...
Advanced Cybersecurity Risk Management: How to successfully address your Cybe...PECB
 
Navigating through the Cloud - 7 feb 2012 at Institute for Information Manage...
Navigating through the Cloud - 7 feb 2012 at Institute for Information Manage...Navigating through the Cloud - 7 feb 2012 at Institute for Information Manage...
Navigating through the Cloud - 7 feb 2012 at Institute for Information Manage...Livingstone Advisory
 
Introduction to nudging in IT
Introduction to nudging in ITIntroduction to nudging in IT
Introduction to nudging in ITChristian F. Nissen
 
Running with Scissors: Balance between business and InfoSec needs
Running with Scissors: Balance between business and InfoSec needsRunning with Scissors: Balance between business and InfoSec needs
Running with Scissors: Balance between business and InfoSec needsMichael Scheidell
 
Pci Europe 2009 Underside Of The Compliance Ecosystem
Pci Europe 2009 Underside Of The Compliance EcosystemPci Europe 2009 Underside Of The Compliance Ecosystem
Pci Europe 2009 Underside Of The Compliance Ecosystemkpatrickwheeler
 
Maximising the opportunities offered by emerging technologies within the chan...
Maximising the opportunities offered by emerging technologies within the chan...Maximising the opportunities offered by emerging technologies within the chan...
Maximising the opportunities offered by emerging technologies within the chan...Livingstone Advisory
 
Chapter 1
Chapter 1Chapter 1
Chapter 1anas_desa
 
Information Security For Small Business
Information Security For Small BusinessInformation Security For Small Business
Information Security For Small BusinessJulius Clark, CISSP, CISA
 
The CISO in 2020: Prepare for the Unexpected
The CISO in 2020: Prepare for the UnexpectedThe CISO in 2020: Prepare for the Unexpected
The CISO in 2020: Prepare for the UnexpectedIBM Security
 
2015 KSU So You Want To Be in Cyber Security
2015 KSU So You Want To Be in Cyber Security2015 KSU So You Want To Be in Cyber Security
2015 KSU So You Want To Be in Cyber SecurityPhil Agcaoili
 
Thriving in the world of Big Data
Thriving in the world of Big DataThriving in the world of Big Data
Thriving in the world of Big DataLivingstone Advisory
 
Security For Free
Security For FreeSecurity For Free
Security For Freegwarden
 
[Webinar Slides] Data Privacy Solving Negligence, Bad Practices, Access Contr...
[Webinar Slides] Data Privacy Solving Negligence, Bad Practices, Access Contr...[Webinar Slides] Data Privacy Solving Negligence, Bad Practices, Access Contr...
[Webinar Slides] Data Privacy Solving Negligence, Bad Practices, Access Contr...AIIM International
 
New CIO Challenges
New CIO ChallengesNew CIO Challenges
New CIO ChallengesCyber Security Startup Klassify , ACPL Systems Pvt. Ltd.
 
Career implications for the Business Analyst in the age of digital disruption
Career implications for the Business Analyst in the age of digital disruptionCareer implications for the Business Analyst in the age of digital disruption
Career implications for the Business Analyst in the age of digital disruptionLivingstone Advisory
 
Exploiting Web Applications PHP
Exploiting Web Applications PHPExploiting Web Applications PHP
Exploiting Web Applications PHPConferencias FIST
 
Security Metrics
Security MetricsSecurity Metrics
Security MetricsConferencias FIST
 

Contenu connexe

Tendances

Cybersecurity Risks for Businesses
Cybersecurity Risks for BusinessesCybersecurity Risks for Businesses
Cybersecurity Risks for BusinessesAlex Rudie
 
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...International Federation of Accountants
 
Navigating the risks in implementing Hybrid Cloud, Agile and Project Manageme...
Navigating the risks in implementing Hybrid Cloud, Agile and Project Manageme...Navigating the risks in implementing Hybrid Cloud, Agile and Project Manageme...
Navigating the risks in implementing Hybrid Cloud, Agile and Project Manageme...Livingstone Advisory
 
How an Integrated Management system helps you comply with new Cyber Laws and ...
How an Integrated Management system helps you comply with new Cyber Laws and ...How an Integrated Management system helps you comply with new Cyber Laws and ...
How an Integrated Management system helps you comply with new Cyber Laws and ...PECB
 
Advanced Cybersecurity Risk Management: How to successfully address your Cybe...
Advanced Cybersecurity Risk Management: How to successfully address your Cybe...Advanced Cybersecurity Risk Management: How to successfully address your Cybe...
Advanced Cybersecurity Risk Management: How to successfully address your Cybe...PECB
 
Navigating through the Cloud - 7 feb 2012 at Institute for Information Manage...
Navigating through the Cloud - 7 feb 2012 at Institute for Information Manage...Navigating through the Cloud - 7 feb 2012 at Institute for Information Manage...
Navigating through the Cloud - 7 feb 2012 at Institute for Information Manage...Livingstone Advisory
 
Running with Scissors: Balance between business and InfoSec needs
Running with Scissors: Balance between business and InfoSec needsRunning with Scissors: Balance between business and InfoSec needs
Running with Scissors: Balance between business and InfoSec needsMichael Scheidell
 
Pci Europe 2009 Underside Of The Compliance Ecosystem
Pci Europe 2009 Underside Of The Compliance EcosystemPci Europe 2009 Underside Of The Compliance Ecosystem
Pci Europe 2009 Underside Of The Compliance Ecosystemkpatrickwheeler
 
Maximising the opportunities offered by emerging technologies within the chan...
Maximising the opportunities offered by emerging technologies within the chan...Maximising the opportunities offered by emerging technologies within the chan...
Maximising the opportunities offered by emerging technologies within the chan...Livingstone Advisory
 
The CISO in 2020: Prepare for the Unexpected
The CISO in 2020: Prepare for the UnexpectedThe CISO in 2020: Prepare for the Unexpected
The CISO in 2020: Prepare for the UnexpectedIBM Security
 
2015 KSU So You Want To Be in Cyber Security
2015 KSU So You Want To Be in Cyber Security2015 KSU So You Want To Be in Cyber Security
2015 KSU So You Want To Be in Cyber SecurityPhil Agcaoili
 
Security For Free
Security For FreeSecurity For Free
Security For Freegwarden
 
[Webinar Slides] Data Privacy Solving Negligence, Bad Practices, Access Contr...
[Webinar Slides] Data Privacy Solving Negligence, Bad Practices, Access Contr...[Webinar Slides] Data Privacy Solving Negligence, Bad Practices, Access Contr...
[Webinar Slides] Data Privacy Solving Negligence, Bad Practices, Access Contr...AIIM International
 
Career implications for the Business Analyst in the age of digital disruption
Career implications for the Business Analyst in the age of digital disruptionCareer implications for the Business Analyst in the age of digital disruption
Career implications for the Business Analyst in the age of digital disruptionLivingstone Advisory
 

Tendances (20)

Cybersecurity Risks for Businesses
Cybersecurity Risks for BusinessesCybersecurity Risks for Businesses
Cybersecurity Risks for Businesses
 
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...
 
Sem 001 sem-001
Sem 001 sem-001Sem 001 sem-001
Sem 001 sem-001
 
Navigating the risks in implementing Hybrid Cloud, Agile and Project Manageme...
Navigating the risks in implementing Hybrid Cloud, Agile and Project Manageme...Navigating the risks in implementing Hybrid Cloud, Agile and Project Manageme...
Navigating the risks in implementing Hybrid Cloud, Agile and Project Manageme...
 
How an Integrated Management system helps you comply with new Cyber Laws and ...
How an Integrated Management system helps you comply with new Cyber Laws and ...How an Integrated Management system helps you comply with new Cyber Laws and ...
How an Integrated Management system helps you comply with new Cyber Laws and ...
 
Advanced Cybersecurity Risk Management: How to successfully address your Cybe...
Advanced Cybersecurity Risk Management: How to successfully address your Cybe...Advanced Cybersecurity Risk Management: How to successfully address your Cybe...
Advanced Cybersecurity Risk Management: How to successfully address your Cybe...
 
Navigating through the Cloud - 7 feb 2012 at Institute for Information Manage...
Navigating through the Cloud - 7 feb 2012 at Institute for Information Manage...Navigating through the Cloud - 7 feb 2012 at Institute for Information Manage...
Navigating through the Cloud - 7 feb 2012 at Institute for Information Manage...
 
Introduction to nudging in IT
Introduction to nudging in ITIntroduction to nudging in IT
Introduction to nudging in IT
 
Running with Scissors: Balance between business and InfoSec needs
Running with Scissors: Balance between business and InfoSec needsRunning with Scissors: Balance between business and InfoSec needs
Running with Scissors: Balance between business and InfoSec needs
 
Pci Europe 2009 Underside Of The Compliance Ecosystem
Pci Europe 2009 Underside Of The Compliance EcosystemPci Europe 2009 Underside Of The Compliance Ecosystem
Pci Europe 2009 Underside Of The Compliance Ecosystem
 
Maximising the opportunities offered by emerging technologies within the chan...
Maximising the opportunities offered by emerging technologies within the chan...Maximising the opportunities offered by emerging technologies within the chan...
Maximising the opportunities offered by emerging technologies within the chan...
 
Chapter 1
Chapter 1Chapter 1
Chapter 1
 
Information Security For Small Business
Information Security For Small BusinessInformation Security For Small Business
Information Security For Small Business
 
The CISO in 2020: Prepare for the Unexpected
The CISO in 2020: Prepare for the UnexpectedThe CISO in 2020: Prepare for the Unexpected
The CISO in 2020: Prepare for the Unexpected
 
2015 KSU So You Want To Be in Cyber Security
2015 KSU So You Want To Be in Cyber Security2015 KSU So You Want To Be in Cyber Security
2015 KSU So You Want To Be in Cyber Security
 
Thriving in the world of Big Data
Thriving in the world of Big DataThriving in the world of Big Data
Thriving in the world of Big Data
 
Security For Free
Security For FreeSecurity For Free
Security For Free
 
[Webinar Slides] Data Privacy Solving Negligence, Bad Practices, Access Contr...
[Webinar Slides] Data Privacy Solving Negligence, Bad Practices, Access Contr...[Webinar Slides] Data Privacy Solving Negligence, Bad Practices, Access Contr...
[Webinar Slides] Data Privacy Solving Negligence, Bad Practices, Access Contr...
 
New CIO Challenges
New CIO ChallengesNew CIO Challenges
New CIO Challenges
 
Career implications for the Business Analyst in the age of digital disruption
Career implications for the Business Analyst in the age of digital disruptionCareer implications for the Business Analyst in the age of digital disruption
Career implications for the Business Analyst in the age of digital disruption
 

En vedette

Exploiting Web Applications PHP
Exploiting Web Applications PHPExploiting Web Applications PHP
Exploiting Web Applications PHPConferencias FIST
 
Integrity and Security in Filesystems
Integrity and Security in FilesystemsIntegrity and Security in Filesystems
Integrity and Security in FilesystemsConferencias FIST
 
Ataques Mediante Memorias USB
Ataques Mediante Memorias USBAtaques Mediante Memorias USB
Ataques Mediante Memorias USBConferencias FIST
 
Antivirus Gateways Architecture Design
Antivirus Gateways Architecture DesignAntivirus Gateways Architecture Design
Antivirus Gateways Architecture DesignConferencias FIST
 
Assessment presentation
Assessment presentationAssessment presentation
Assessment presentationSpeech2023
 
Analisis Forense Memoria RAM
Analisis Forense Memoria RAMAnalisis Forense Memoria RAM
Analisis Forense Memoria RAMConferencias FIST
 
Using IPS for Web Protection
Using IPS for Web ProtectionUsing IPS for Web Protection
Using IPS for Web ProtectionConferencias FIST
 
Seguridad Windows Server 2008
Seguridad Windows Server 2008Seguridad Windows Server 2008
Seguridad Windows Server 2008Conferencias FIST
 
IDS with Artificial Intelligence
IDS with Artificial IntelligenceIDS with Artificial Intelligence
IDS with Artificial IntelligenceConferencias FIST
 

En vedette (16)

Exploiting Web Applications PHP
Exploiting Web Applications PHPExploiting Web Applications PHP
Exploiting Web Applications PHP
 
Security Metrics
Security MetricsSecurity Metrics
Security Metrics
 
Integrity and Security in Filesystems
Integrity and Security in FilesystemsIntegrity and Security in Filesystems
Integrity and Security in Filesystems
 
Network Access Protection
Network Access ProtectionNetwork Access Protection
Network Access Protection
 
Ataques Mediante Memorias USB
Ataques Mediante Memorias USBAtaques Mediante Memorias USB
Ataques Mediante Memorias USB
 
Antivirus Gateways Architecture Design
Antivirus Gateways Architecture DesignAntivirus Gateways Architecture Design
Antivirus Gateways Architecture Design
 
Assessment presentation
Assessment presentationAssessment presentation
Assessment presentation
 
Durabilidad
DurabilidadDurabilidad
Durabilidad
 
Analisis de Riesgos O-ISM3
Analisis de Riesgos O-ISM3Analisis de Riesgos O-ISM3
Analisis de Riesgos O-ISM3
 
Analisis Forense Memoria RAM
Analisis Forense Memoria RAMAnalisis Forense Memoria RAM
Analisis Forense Memoria RAM
 
Beyond Awareness
Beyond AwarenessBeyond Awareness
Beyond Awareness
 
Oissg
OissgOissg
Oissg
 
Using IPS for Web Protection
Using IPS for Web ProtectionUsing IPS for Web Protection
Using IPS for Web Protection
 
Seguridad Windows Server 2008
Seguridad Windows Server 2008Seguridad Windows Server 2008
Seguridad Windows Server 2008
 
Exploiting Layer 2
Exploiting Layer 2Exploiting Layer 2
Exploiting Layer 2
 
IDS with Artificial Intelligence
IDS with Artificial IntelligenceIDS with Artificial Intelligence
IDS with Artificial Intelligence
 

Similaire à Business Outsourcing to Asia

Best practices to mitigate data breach risk
Best practices to mitigate data breach riskBest practices to mitigate data breach risk
Best practices to mitigate data breach riskLivingstone Advisory
 
Cyber Recovery - Legal Toolkit
Cyber Recovery - Legal ToolkitCyber Recovery - Legal Toolkit
Cyber Recovery - Legal ToolkitKevin Duffey
 
ARC's Bob Mick Cyber Security Presentation @ ARC Industry Forum 2010
ARC's Bob Mick Cyber Security Presentation @ ARC Industry Forum 2010ARC's Bob Mick Cyber Security Presentation @ ARC Industry Forum 2010
ARC's Bob Mick Cyber Security Presentation @ ARC Industry Forum 2010ARC Advisory Group
 
Craft Your Cyber Incident Response Plan (Before It's Too Late)
Craft Your Cyber Incident Response Plan (Before It's Too Late)Craft Your Cyber Incident Response Plan (Before It's Too Late)
Craft Your Cyber Incident Response Plan (Before It's Too Late)Resilient Systems
 
[Webinar Slides] Data Privacy for the IM Practitioner - Practical Advice for ...
[Webinar Slides] Data Privacy for the IM Practitioner - Practical Advice for ...[Webinar Slides] Data Privacy for the IM Practitioner - Practical Advice for ...
[Webinar Slides] Data Privacy for the IM Practitioner - Practical Advice for ...AIIM International
 
Information Security is NOT an IT Issue
Information Security is NOT an IT IssueInformation Security is NOT an IT Issue
Information Security is NOT an IT IssueEvan Francen
 
William A Tanenbaum David with Goliath: How Big Companies Do Business with...
William A Tanenbaum David with Goliath: How Big Companies Do Business with...William A Tanenbaum David with Goliath: How Big Companies Do Business with...
William A Tanenbaum David with Goliath: How Big Companies Do Business with...William Tanenbaum
 
Aceds 2015 Cyberseucity and the Legal Profession - NYC - April 7, 2015
Aceds 2015 Cyberseucity and the Legal Profession - NYC - April 7, 2015Aceds 2015 Cyberseucity and the Legal Profession - NYC - April 7, 2015
Aceds 2015 Cyberseucity and the Legal Profession - NYC - April 7, 2015Joe Bartolo
 
IT Risk Management & Compliance
IT Risk Management & ComplianceIT Risk Management & Compliance
IT Risk Management & Compliancerhanna11
 
FRSecure Sales Deck
FRSecure Sales DeckFRSecure Sales Deck
FRSecure Sales DeckEvan Francen
 
People are the biggest risk
People are the biggest riskPeople are the biggest risk
People are the biggest riskEvan Francen
 
The Permanent Campaign
The Permanent CampaignThe Permanent Campaign
The Permanent CampaignDenim Group
 
BSIDES DETROIT 2015: Data breaches cost of doing business
BSIDES DETROIT 2015: Data breaches cost of doing businessBSIDES DETROIT 2015: Data breaches cost of doing business
BSIDES DETROIT 2015: Data breaches cost of doing businessJoel Cardella
 
David WITH Goliath: How Big Companies Do Deals with Small Cloud and Social Me...
David WITH Goliath: How Big Companies Do Deals with Small Cloud and Social Me...David WITH Goliath: How Big Companies Do Deals with Small Cloud and Social Me...
David WITH Goliath: How Big Companies Do Deals with Small Cloud and Social Me...William Tanenbaum
 
FRSecure Company Overview
FRSecure Company OverviewFRSecure Company Overview
FRSecure Company OverviewKevin Orth
 
FRSecure Company Overview
FRSecure Company OverviewFRSecure Company Overview
FRSecure Company Overviewstevemarsden
 
Dealing with Information Security, Risk Management & Cyber Resilience
Dealing with Information Security, Risk Management & Cyber ResilienceDealing with Information Security, Risk Management & Cyber Resilience
Dealing with Information Security, Risk Management & Cyber ResilienceDonald Tabone
 

Similaire à Business Outsourcing to Asia (20)

Best practices to mitigate data breach risk
Best practices to mitigate data breach riskBest practices to mitigate data breach risk
Best practices to mitigate data breach risk
 
Cyber Recovery - Legal Toolkit
Cyber Recovery - Legal ToolkitCyber Recovery - Legal Toolkit
Cyber Recovery - Legal Toolkit
 
ARC's Bob Mick Cyber Security Presentation @ ARC Industry Forum 2010
ARC's Bob Mick Cyber Security Presentation @ ARC Industry Forum 2010ARC's Bob Mick Cyber Security Presentation @ ARC Industry Forum 2010
ARC's Bob Mick Cyber Security Presentation @ ARC Industry Forum 2010
 
Craft Your Cyber Incident Response Plan (Before It's Too Late)
Craft Your Cyber Incident Response Plan (Before It's Too Late)Craft Your Cyber Incident Response Plan (Before It's Too Late)
Craft Your Cyber Incident Response Plan (Before It's Too Late)
 
[Webinar Slides] Data Privacy for the IM Practitioner - Practical Advice for ...
[Webinar Slides] Data Privacy for the IM Practitioner - Practical Advice for ...[Webinar Slides] Data Privacy for the IM Practitioner - Practical Advice for ...
[Webinar Slides] Data Privacy for the IM Practitioner - Practical Advice for ...
 
Information Security is NOT an IT Issue
Information Security is NOT an IT IssueInformation Security is NOT an IT Issue
Information Security is NOT an IT Issue
 
William A Tanenbaum David with Goliath: How Big Companies Do Business with...
William A Tanenbaum David with Goliath: How Big Companies Do Business with...William A Tanenbaum David with Goliath: How Big Companies Do Business with...
William A Tanenbaum David with Goliath: How Big Companies Do Business with...
 
Aceds 2015 Cyberseucity and the Legal Profession - NYC - April 7, 2015
Aceds 2015 Cyberseucity and the Legal Profession - NYC - April 7, 2015Aceds 2015 Cyberseucity and the Legal Profession - NYC - April 7, 2015
Aceds 2015 Cyberseucity and the Legal Profession - NYC - April 7, 2015
 
IT Risk Management & Compliance
IT Risk Management & ComplianceIT Risk Management & Compliance
IT Risk Management & Compliance
 
5548 isaca for-students
5548 isaca for-students5548 isaca for-students
5548 isaca for-students
 
FRSecure Sales Deck
FRSecure Sales DeckFRSecure Sales Deck
FRSecure Sales Deck
 
People are the biggest risk
People are the biggest riskPeople are the biggest risk
People are the biggest risk
 
The Permanent Campaign
The Permanent CampaignThe Permanent Campaign
The Permanent Campaign
 
BSIDES DETROIT 2015: Data breaches cost of doing business
BSIDES DETROIT 2015: Data breaches cost of doing businessBSIDES DETROIT 2015: Data breaches cost of doing business
BSIDES DETROIT 2015: Data breaches cost of doing business
 
David WITH Goliath: How Big Companies Do Deals with Small Cloud and Social Me...
David WITH Goliath: How Big Companies Do Deals with Small Cloud and Social Me...David WITH Goliath: How Big Companies Do Deals with Small Cloud and Social Me...
David WITH Goliath: How Big Companies Do Deals with Small Cloud and Social Me...
 
Confidis-Briefing-Web
Confidis-Briefing-WebConfidis-Briefing-Web
Confidis-Briefing-Web
 
Rogers eBook Security
Rogers eBook SecurityRogers eBook Security
Rogers eBook Security
 
FRSecure Company Overview
FRSecure Company OverviewFRSecure Company Overview
FRSecure Company Overview
 
FRSecure Company Overview
FRSecure Company OverviewFRSecure Company Overview
FRSecure Company Overview
 
Dealing with Information Security, Risk Management & Cyber Resilience
Dealing with Information Security, Risk Management & Cyber ResilienceDealing with Information Security, Risk Management & Cyber Resilience
Dealing with Information Security, Risk Management & Cyber Resilience
 

Plus de Conferencias FIST

Seguridad en Entornos Web Open Source
Seguridad en Entornos Web Open SourceSeguridad en Entornos Web Open Source
Seguridad en Entornos Web Open SourceConferencias FIST
 
Las Evidencias Digitales en la Informática Forense
Las Evidencias Digitales en la Informática ForenseLas Evidencias Digitales en la Informática Forense
Las Evidencias Digitales en la Informática ForenseConferencias FIST
 
Evolución y situación actual de la seguridad en redes WiFi
Evolución y situación actual de la seguridad en redes WiFiEvolución y situación actual de la seguridad en redes WiFi
Evolución y situación actual de la seguridad en redes WiFiConferencias FIST
 
El Information Security Forum
El Information Security ForumEl Information Security Forum
El Information Security ForumConferencias FIST
 
Inseguridad en Redes Wireless
Inseguridad en Redes WirelessInseguridad en Redes Wireless
Inseguridad en Redes WirelessConferencias FIST
 
Mas allá de la Concienciación
Mas allá de la ConcienciaciónMas allá de la Concienciación
Mas allá de la ConcienciaciónConferencias FIST
 
Riesgo y Vulnerabilidades en el Desarrollo
Riesgo y Vulnerabilidades en el DesarrolloRiesgo y Vulnerabilidades en el Desarrollo
Riesgo y Vulnerabilidades en el DesarrolloConferencias FIST
 
Demostracion Hacking Honeypot y Análisis Forense
Demostracion Hacking Honeypot y Análisis ForenseDemostracion Hacking Honeypot y Análisis Forense
Demostracion Hacking Honeypot y Análisis ForenseConferencias FIST
 

Plus de Conferencias FIST (20)

Seguridad en Open Solaris
Seguridad en Open SolarisSeguridad en Open Solaris
Seguridad en Open Solaris
 
Seguridad en Entornos Web Open Source
Seguridad en Entornos Web Open SourceSeguridad en Entornos Web Open Source
Seguridad en Entornos Web Open Source
 
Spanish Honeynet Project
Spanish Honeynet ProjectSpanish Honeynet Project
Spanish Honeynet Project
 
Seguridad en Windows Mobile
Seguridad en Windows MobileSeguridad en Windows Mobile
Seguridad en Windows Mobile
 
SAP Security
SAP SecuritySAP Security
SAP Security
 
Que es Seguridad
Que es SeguridadQue es Seguridad
Que es Seguridad
 
Las Evidencias Digitales en la Informática Forense
Las Evidencias Digitales en la Informática ForenseLas Evidencias Digitales en la Informática Forense
Las Evidencias Digitales en la Informática Forense
 
Evolución y situación actual de la seguridad en redes WiFi
Evolución y situación actual de la seguridad en redes WiFiEvolución y situación actual de la seguridad en redes WiFi
Evolución y situación actual de la seguridad en redes WiFi
 
El Information Security Forum
El Information Security ForumEl Information Security Forum
El Information Security Forum
 
Criptografia Cuántica
Criptografia CuánticaCriptografia Cuántica
Criptografia Cuántica
 
Inseguridad en Redes Wireless
Inseguridad en Redes WirelessInseguridad en Redes Wireless
Inseguridad en Redes Wireless
 
Mas allá de la Concienciación
Mas allá de la ConcienciaciónMas allá de la Concienciación
Mas allá de la Concienciación
 
Security Metrics
Security MetricsSecurity Metrics
Security Metrics
 
PKI Interoperability
PKI InteroperabilityPKI Interoperability
PKI Interoperability
 
Wifislax 3.1
Wifislax 3.1Wifislax 3.1
Wifislax 3.1
 
Network Forensics
Network ForensicsNetwork Forensics
Network Forensics
 
Riesgo y Vulnerabilidades en el Desarrollo
Riesgo y Vulnerabilidades en el DesarrolloRiesgo y Vulnerabilidades en el Desarrollo
Riesgo y Vulnerabilidades en el Desarrollo
 
Demostracion Hacking Honeypot y Análisis Forense
Demostracion Hacking Honeypot y Análisis ForenseDemostracion Hacking Honeypot y Análisis Forense
Demostracion Hacking Honeypot y Análisis Forense
 
Security Maturity Model
Security Maturity ModelSecurity Maturity Model
Security Maturity Model
 
Cisco Equipment Security
Cisco Equipment SecurityCisco Equipment Security
Cisco Equipment Security
 

Dernier

Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsRavi Sanghani
 
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotesMuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotesManik S Magar
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityIES VE
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Alkin Tezuysal
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxLoriGlavin3
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPathCommunity
 
Zeshan Sattar- Assessing the skill requirements and industry expectations for...
Zeshan Sattar- Assessing the skill requirements and industry expectations for...Zeshan Sattar- Assessing the skill requirements and industry expectations for...
Zeshan Sattar- Assessing the skill requirements and industry expectations for...itnewsafrica
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfpanagenda
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 
QCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architecturesQCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architecturesBernd Ruecker
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersNicole Novielli
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024TopCSSGallery
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Mark Goldstein
 
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...Nikki Chapple
 
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS: 6 Ways to Automate Your Data IntegrationBridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integrationmarketing932765
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentPim van der Noll
 

Dernier (20)

Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and Insights
 
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotesMuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a reality
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to Hero
 
Zeshan Sattar- Assessing the skill requirements and industry expectations for...
Zeshan Sattar- Assessing the skill requirements and industry expectations for...Zeshan Sattar- Assessing the skill requirements and industry expectations for...
Zeshan Sattar- Assessing the skill requirements and industry expectations for...
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 
QCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architecturesQCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architectures
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software Developers
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
 
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
 
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS: 6 Ways to Automate Your Data IntegrationBridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
 

Business Outsourcing to Asia

  • 1. Business Outsourcing to Asia: Security Challenges and Response FIST CONFERENCE - LISBON Presented By Anup Narayanan, CISA, CISSP anup@firstlegion.net Copyright First Legion Consulting 05/29/06 1
  • 2. Agenda • Domains of Outsourcing • Security Concerns • What International Customers demand ? • The answers – Business Perspective on Security – Government Perspective on Security – Comparison on Global Scale • Scope for Improvement Copyright First Legion Consulting
  • 3. Domains of Outsourcing Copyright First Legion Consulting
  • 4. Businesses that outsource to Asia • Software Engineering • Support Services – Call Centers – Back Office Processing • Health Insurance • Finance Services Copyright First Legion Consulting
  • 5. Impact of Business Outsourcing • Increased international interactions • Exchange of Intellectual Property – Source Code – Designs • Exchange of personal information – Finance Data – Health Data • Impact of International Laws ( Information Security) on Indian Business, • Opening of new channels of Information Exchange – Extreme Reliance on Internet Copyright First Legion Consulting
  • 6. Security Concerns Copyright First Legion Consulting
  • 7. The spheres of concern • Protection of Intellectual Property • Protection of Privacy • Technical Threats – Related to Information Exchange – Related to communication channels • Legal Aspects Copyright First Legion Consulting
  • 8. Initial Roadblocks • The advent of International Business initiated new work cultures. • Most Asian countries did not have – Framework for Intellectual Property Protection – Privacy Protection • Awareness of Privacy was and is not as advanced in Asian Countries. • What is the status today ? Copyright First Legion Consulting
  • 9. What American and European customers demand ? Copyright First Legion Consulting
  • 10. Information Security – Customer Requirement • Mature customers demand, – Detailed Information Security Framework – Management Understanding and Commitment to Information Security – Most of them stress on good Physical Security – Understanding of International Standards – SoX, GLBA, HIPAA Security Rule – Good Technical Infrastructure for Information Security – Encryption, Firewall and the works…. Copyright First Legion Consulting
  • 11. The answers Copyright First Legion Consulting
  • 12. How Asian Companies have adopted Information Security ? Copyright First Legion Consulting
  • 13. Overview of Information Security in Asia • Asian companies ( Especially India and Japan) have been on the forefront of ISMS implementation. • For example – Japan is the largest adopter of BS7799 in the world. – India is at the 3rd largest adopter of BS7799 in the world. • Apart from this many companies voluntarily adopt SoX, COBIT, HIPAA Security Rule etc. Copyright First Legion Consulting
  • 14. Status of ISO 27001 ( BS7799-2:2005) • Most widely adopted ISMS in Asia, especially India • Out of 2300 companies certified worldwide, roughly 1000 are in Asia. • The scope is normally the critical business processes of the organization. • More focus on, – Ownership and accountability of Information Security – Management commitment – Periodic review Copyright First Legion Consulting
  • 15. What are the motivating factors ? • Though the law does not demand it, compliance is often voluntary because, – Business survival often depends on security compliance – Management realizes the importance of the same. • For example, Asian companies have, – Voluntarily complied to SoX and COBIT – Also, HIPAA Security Rule Copyright First Legion Consulting
  • 16. Do we have incidents ? • Yes we do, • But the good factor is that there is maturity in resolution • Companies are coming out and sharing incident reports with government and other companies • Example - – A major outsourcing company in India with a major American Bank as it’s customer had an incident. The company reported the same and their security levels were reviewed. – The level of security was reviewed and was found to be better than that of the customers’. Copyright First Legion Consulting
  • 17. How the Government has approached Security ? Copyright First Legion Consulting
  • 18. Government Initiatives • Major initiatives have been through CERT. • Initiation of Privacy Laws – Example Indian Privacy Act • Apart from this many associations are active – ISACA – eISSA Copyright First Legion Consulting
  • 19. Government and IT Laws • Indian enacted the IT Act in 2006 • All police stations in India are centers for reporting Cyber Security Thefts • Cyber Crime is slowly gaining recognition and there is regular training for Police on Cyber Security Copyright First Legion Consulting
  • 20. Incident Handling and Reporting • Govt. of India has a good framework • CDAC – Center for Development of Advanced Computing, has released an open version of Forensic Analysis kit, which is recognized by the Government, • This tool has been used for convicting Cyber Criminals. Copyright First Legion Consulting
  • 21. A perspective on Business Continuity and Pandemic Flu Copyright First Legion Consulting
  • 22. What was the reaction to Avian Influenza? • Most Asian countries have a good Emergency Management framework for mitigating Pandemic Flu. • For example in India – The NDRC ( National Disaster Recovery Coordination) Committee coordinated with corporate companies to create recovery plans. – Businesses tested their DR plans through drills. – Industry meetings were arranged to discuss the possible impact of Pandemic Flu • The positive – There was a common sharing of knowledge and best practices. Copyright First Legion Consulting
  • 23. Comparison on Global Scale Copyright First Legion Consulting
  • 24. Approach • As far as ISMS goes, Asian companies are up there with the best or even leaders. • On Technological Aspects of Security, may be we do not have the latest geek devices. • There is immense improvements on – Management framework – Management commitment on regular investment in Information Security Copyright First Legion Consulting
  • 25. The professional side • Though my stats are not accurate, Asia, especially India is a leader in number of CISSP’s, CISA’s • Security Professionals are amongst the best paid in India • Some of the major security service providers ( Nokia) have their Global Security Support services in India. • There is a demand for Risk Management and Business Continuity Management Professionals. Copyright First Legion Consulting
  • 26. The challenges Copyright First Legion Consulting
  • 27. We share some of the global challenges • The Human Aspect of Information Security – Social Engineering – Fraud – Theft – Corruption • Environmental Factors – Tsunami, Floods etc. Copyright First Legion Consulting
  • 28. Specific Challenges • Too much focus on certification • This puts stress on small businesses to adopt ISMS’s and certify them – Not economically viable. • Slow adoption of privacy laws. • Compliance by users by fear and not real understanding. Copyright First Legion Consulting
  • 29. Improvements ? • A more holistic approach to Information Security. • The aim of security should be achieving business goals and not just Confidentiality, Integrity And Availability. • Too many companies ( managers) adopt Information Security out of fear and not understanding it really. • There is no clear understanding on how much to invest and what to expect in return. Copyright First Legion Consulting
  • 30. Creative Commons Attribution-NoDerivs 2.0 You are free: •to copy, distribute, display, and perform this work •to make commercial use of this work Under the following conditions: Attribution. You must give the original author credit. No Derivative Works. You may not alter, transform, or build upon this work.           For any reuse or distribution, you must make clear to others the license terms of this work. Any of these conditions can be waived if you get permission from the author. Your fair use and other rights are in no way affected by the above. This work is licensed under the Creative Commons Attribution-NoDerivs License. To view a copy of this license, visit http://creativecommons.org/licenses/by-nd/2.0/ or send a letter to Creative Commons, 559 Nathan Abbott Way, Stanford, California 94305, USA. Copyright First Legion Consulting
  • 31. Thank You Anup Narayanan Sr. Consultant and Founder First Legion Consulting Copyright First Legion Consulting