www.acpl.com

How Compliant is your “IT”

to Indian law ?

Risks & Consequences

ACPL – Securing Information Assets since 1990.

Vishal Bindra ( CISA, ISO 27001 LA) CEO

Vishal@acpl.com

www.acpl.com

www.acpl.com

We all know the consequences of a murder crime for the killer?

Consequences of Lapses In today's digital world are

equally serious even if your organizations

involvement is incidental and unintentional ?

ACPL – Securing Information Assets since 1990.

www.acpl.com

• The rise in data breaches has fuelled the rise in awareness when it comes to the importance of proactively securing sensitive data.

Soaring Costs!

• Compliance breakdowns and governance failures across industry sectors are now among the most common – and unwelcome – headlines in the business press today.

Rising Breaches!

Lack of IT Governance Complicates Compliance with Costly

Consequences!

Companies are finding legal and regulatory compliance costs soaring while effectiveness declines, giving rise to huge fines, penalties, awards and settlements —

often in the billions of dollars

ACPL – Securing Information Assets since 1990.

www.acpl.com

Failure is not an option

ACPL – Securing Information Assets since 1990.

www.acpl.com

• Despite these frequent reminders on the costly consequences of lax security & compliance risk management, there is still evidence that many organizations do not place sufficient executive attention on this issue.

Some Indian cases Just Dial, sued their competitor, AskMe. Travelocity - Cleartrip where TC has filed a

compliant against CT for data theft  Bazee .com DPS MMS Case Arif Azim Case Karan Bahree Case Shekhar Verma Case Cybersys Infotech Limited Case

Costly Governance Failures!

Many Many More That Occur But Are Never Reported

www.acpl.com

Typical Executive Response is Denial

• “We’re fine, because we’ve never had a major

data security or compliance problem.”

• “The kinds of problems our peers suffered

couldn’t happen here — we’re better and smarter

than that.”

• “We already have a code of conduct,

whistleblower channel, and other elements of

what’s required for compliance.”

• “Our general counsel has responsibility for

ensuring we’re fully compliant with all laws and

regulations, so we’re covered.”

ACPL – Securing Information Assets since 1990.

www.acpl.com

Simple Breaches !

Serious Consequences!

• Pornographic Or Obscene Emails/SMS/MMS

• Sec.67 IT Act 2000

• Ist Conviction- – imprisonment for a term,which may

extend to five years and with fine, which may extend to Rs. One lakh

• 2nd Conviction-– imprisonment for a term, which may

extend to ten years and also with fine which may extend to Rs. Two lakh

ACPL – Securing Information Assets since 1990.

www.acpl.com

• Software Source Code Sec.65 IT Act 2000

• Punishment– imprisonment up to three

years and / or– fine up to Rs. 2 lakh

– Identity Theft• Punishment

– imprisonment up to three years and / or

– fine up to Rs. 1 lakh

Simple Breaches !

Serious Consequences

!

ACPL – Securing Information Assets since 1990.

www.acpl.com

• Hacking with Computer systems, Data alteration

Sec.66 IT Act 2000

• Three Years Imprisonment and fine of Rs 5 lakhs per vioaltion

• Penalty for damages to computer & computer systems –Liable for

compensation upto

• Rs. one crore !

Simple Breaches !

Serious Consequences

!

ACPL – Securing Information Assets since 1990.

www.acpl.com

Who in the company faces the consequence and liability of employee actions?

Internal sources- the biggest risk for any legal entity using computers

ACPL – Securing Information Assets since 1990.

www.acpl.com

Consequences of Failure to Comply to Indian IT Act 2000 ,Sections of IPC, Cr.P.C

• Must be borne by the Top Management Leadership

• Exposure to civil and criminal consequences

• Imprisonment from 3 years to life imprisonment

• Civil liability to pay damages by compensation upto 5 crore rupees per contravention

• Sweeping powers provided to police officer under Section 80 of IT Act, 2000 to enter any public place and search & arrest.

ACPL – Securing Information Assets since 1990.

www.acpl.com

Good Governance is the key!Focus on Technology alone is not enough .

Proactive actions to adopt global best

practices in security and compliance!

Effective security must address people, process and technology and every security implementation does this. However, industry experience and studies show that security standards are implemented "in the letter and not in the spirit" - and sometime back this was a concern expressed by the President Obama's CIO too.

Decision makers and stakeholders must ensure that security is embedded into the organization DNA and that industry tools and solutions are adopted that will address risks and vulnerabilities at the fundamental or design level.

ACPL – Securing Information Assets since 1990.

www.acpl.com

Rest Info-Assured !

Not your best day in office! Have a better day… Contact ACPLUnable to Defend your computer, protect sensitive data,

and protect devices in your office

The Road Ahead

ACPL – Securing Information Assets since 1990.

www.acpl.com

"

At ACPL we have been helping corporates become Info Assured in a Digital World since

1990!

ACPL – Securing Information Assets since 1990.

www.acpl.com

What ACPL Offer.

• Information Security• Information Availability• Wire & Wireless Networking• Data Centre Optimisation

Solutions

• Standards (ISO 27001, PCI, BS25999)• Tech Processes & Policies• Vulnerability Management• Data Centric Risk Assessments

Consulting

• Information Security• Product Specific• Advanced NW Troubleshooting• InfoSec Trained Manpower Outsourcing

Training

www.acpl.com

Our Technology Partners

www.acpl.com

Corporates who TRUSTED us!

ACPL – Securing Information Assets since 1990.

www.acpl.com

Thank You .

ACPL – Securing Information Assets since 1990.

Vishal Bindra ( CISA, ISO 27001 LA)CEO

Vishal@acpl.com