Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
New CIO Challenges
1. How
Compliant is
your ―IT‖
to
Indian law ? Vishal Bindra ( CISA, ISO 27001 LA)
CEO
Risks & Consequences Vishal@acpl.com
ACPL – Securing Information Assets since 1990. www.acpl.com
3. We all know the consequences of a murder
crime for the killer?
Consequences of Lapses In
today's digital world are
equally serious even if your
organizations involvement is
incidental and unintentional ?
ACPL – Securing Information Assets since 1990. www.acpl.com
4. Lack of IT Governance Complicates
Compliance with Costly Consequences!
• The rise in data breaches has fuelled the
rise in awareness when it comes to the
Soaring Costs!
importance of proactively securing sensitive
data.
• Compliance breakdowns and governance
failures across industry sectors are now
among the most common – and unwelcome
– headlines in the business press today.
Rising Breaches! Companies are finding legal and regulatory
compliance costs soaring while
effectiveness declines, giving rise to huge
fines, penalties, awards and settlements —
often in the billions of dollars
ACPL – Securing Information Assets since 1990. www.acpl.com
5. Failure is not an option
ACPL – Securing Information Assets since 1990. www.acpl.com
6. Costly Governance Failures!
• Despite these frequent Some Indian cases
reminders on the costly Just Dial, sued their competitor, AskMe.
consequences of lax Travelocity - Cleartrip where TC has filed a
security & compliance compliant against CT for data theft
risk management, there is Bazee .com
still evidence that many DPS MMS Case
organizations do not Arif Azim Case
place sufficient executive Karan Bahree Case
attention on this issue. Shekhar Verma Case
Cybersys Infotech Limited Case
Many Many More That Occur But Are Never Reported www.acpl.com
7. Typical Executive Response is Denial
• ―We’re fine, because we’ve never had a major
data security or compliance problem.‖
• ―The kinds of problems our peers suffered
couldn’t happen here — we’re better and
smarter than that.‖
• ―We already have a code of conduct,
whistleblower channel, and other elements of
what’s required for compliance.‖
• ―Our general counsel has responsibility for
ensuring we’re fully compliant with all laws and
regulations, so we’re covered.‖
ACPL – Securing Information Assets since 1990. www.acpl.com
8. • Pornographic Or Obscene
Simple Breaches ! Emails/SMS/MMS
• Sec.67 IT Act 2000
Serious
Consequences! • Ist Conviction-
– imprisonment for a term,which may
extend to five years and with fine,
which may extend to Rs. One lakh
• 2nd Conviction-
– imprisonment for a term, which may
extend to ten years and also with
fine which may extend to Rs. Two
lakh
ACPL – Securing Information Assets since 1990. www.acpl.com
9. • Software Source Code
Simple Breaches Sec.65 IT Act 2000
! Serious
Consequences! • Punishment
– imprisonment up to three
years and / or
– fine up to Rs. 2 lakh
Identity Theft
–
• Punishment
– imprisonment up to three
years and / or
– fine up to Rs. 1 lakh
ACPL – Securing Information Assets since 1990. www.acpl.com
10. Simple Breaches
! Serious • Hacking with Computer systems,
Consequences! Data alteration
Sec.66 IT Act 2000
• Three Years Imprisonment and
fine of Rs 5 lakhs per vioaltion
• Penalty for damages to computer
& computer systems –Liable for
compensation upto
• Rs. one crore !
ACPL – Securing Information Assets since 1990. www.acpl.com
11. Internal sources- the biggest risk for any legal entity using computers
Who in the company faces the consequence and
liability of employee actions?
ACPL – Securing Information Assets since 1990. www.acpl.com
12. Consequences of Failure to Comply to Indian IT Act
2000 ,Sections of IPC, Cr.P.C
• Must be borne by the Top Management
Leadership
• Exposure to civil and criminal
consequences
• Imprisonment from 3 years to life
imprisonment
• Civil liability to pay damages by
compensation upto 5 crore rupees per
contravention
• Sweeping powers provided to police
officer under Section 80 of IT Act, 2000
to enter any public place and search &
arrest.
ACPL – Securing Information Assets since 1990. www.acpl.com
13. Good Governance is the key!
Focus on Technology alone is not enough .
Effective security must address
people, process and technology and
every security implementation does
this. However, industry experience
and studies show that security
standards are implemented "in the
letter and not in the spirit" - and
sometime back this was a concern
expressed by the President Obama's
CIO too.
Decision makers and stakeholders must
Proactive actions to adopt ensure that security is embedded into
the organization DNA and that industry
global best practices in tools and solutions are adopted that will
address risks and vulnerabilities at the
security and compliance! fundamental or design level.
ACPL – Securing Information Assets since 1990. www.acpl.com
14. The Road Ahead
Not your best day in office! Have a better day… Contact ACPL
Unable to Defend your computer, protect sensitive data,
and protect devices in your office
Rest Info-Assured !
ACPL – Securing Information Assets since 1990. www.acpl.com
15. At ACPL we have been helping corporates become
Info Assured in a Digital World since 1990!
"
ACPL – Securing Information Assets since 1990. www.acpl.com
16. What ACPL Offer.
• Information Security
• Information Availability
Solutions • Wire & Wireless Networking
• Data Centre Optimisation
• Standards (ISO 27001, PCI, BS25999)
• Tech Processes & Policies
Consulting • Vulnerability Management
• Data Centric Risk Assessments
• Information Security
• Product Specific
Training • Advanced NW Troubleshooting
• InfoSec Trained Manpower Outsourcing
www.acpl.com