New CIO Challenges
-
Upload
acpl-systems-pvt-ltd -
Category
Technology
-
view
505 -
download
2
description
Transcript of New CIO Challenges
www.acpl.com
How Compliant is your “IT”
to Indian law ?
Risks & Consequences
ACPL – Securing Information Assets since 1990.
Vishal Bindra ( CISA, ISO 27001 LA) CEO
www.acpl.com
www.acpl.com
We all know the consequences of a murder crime for the killer?
Consequences of Lapses In today's digital world are
equally serious even if your organizations
involvement is incidental and unintentional ?
ACPL – Securing Information Assets since 1990.
www.acpl.com
• The rise in data breaches has fuelled the rise in awareness when it comes to the importance of proactively securing sensitive data.
Soaring Costs!
• Compliance breakdowns and governance failures across industry sectors are now among the most common – and unwelcome – headlines in the business press today.
Rising Breaches!
Lack of IT Governance Complicates Compliance with Costly
Consequences!
Companies are finding legal and regulatory compliance costs soaring while effectiveness declines, giving rise to huge fines, penalties, awards and settlements —
often in the billions of dollars
ACPL – Securing Information Assets since 1990.
www.acpl.com
Failure is not an option
ACPL – Securing Information Assets since 1990.
www.acpl.com
• Despite these frequent reminders on the costly consequences of lax security & compliance risk management, there is still evidence that many organizations do not place sufficient executive attention on this issue.
Some Indian cases Just Dial, sued their competitor, AskMe. Travelocity - Cleartrip where TC has filed a
compliant against CT for data theft Bazee .com DPS MMS Case Arif Azim Case Karan Bahree Case Shekhar Verma Case Cybersys Infotech Limited Case
Costly Governance Failures!
Many Many More That Occur But Are Never Reported
www.acpl.com
Typical Executive Response is Denial
• “We’re fine, because we’ve never had a major
data security or compliance problem.”
• “The kinds of problems our peers suffered
couldn’t happen here — we’re better and smarter
than that.”
• “We already have a code of conduct,
whistleblower channel, and other elements of
what’s required for compliance.”
• “Our general counsel has responsibility for
ensuring we’re fully compliant with all laws and
regulations, so we’re covered.”
ACPL – Securing Information Assets since 1990.
www.acpl.com
Simple Breaches !
Serious Consequences!
• Pornographic Or Obscene Emails/SMS/MMS
• Sec.67 IT Act 2000
• Ist Conviction- – imprisonment for a term,which may
extend to five years and with fine, which may extend to Rs. One lakh
• 2nd Conviction-– imprisonment for a term, which may
extend to ten years and also with fine which may extend to Rs. Two lakh
ACPL – Securing Information Assets since 1990.
www.acpl.com
• Software Source Code Sec.65 IT Act 2000
• Punishment– imprisonment up to three
years and / or– fine up to Rs. 2 lakh
– Identity Theft• Punishment
– imprisonment up to three years and / or
– fine up to Rs. 1 lakh
Simple Breaches !
Serious Consequences
!
ACPL – Securing Information Assets since 1990.
www.acpl.com
• Hacking with Computer systems, Data alteration
Sec.66 IT Act 2000
• Three Years Imprisonment and fine of Rs 5 lakhs per vioaltion
• Penalty for damages to computer & computer systems –Liable for
compensation upto
• Rs. one crore !
Simple Breaches !
Serious Consequences
!
ACPL – Securing Information Assets since 1990.
www.acpl.com
Who in the company faces the consequence and liability of employee actions?
Internal sources- the biggest risk for any legal entity using computers
ACPL – Securing Information Assets since 1990.
www.acpl.com
Consequences of Failure to Comply to Indian IT Act 2000 ,Sections of IPC, Cr.P.C
• Must be borne by the Top Management Leadership
• Exposure to civil and criminal consequences
• Imprisonment from 3 years to life imprisonment
• Civil liability to pay damages by compensation upto 5 crore rupees per contravention
• Sweeping powers provided to police officer under Section 80 of IT Act, 2000 to enter any public place and search & arrest.
ACPL – Securing Information Assets since 1990.
www.acpl.com
Good Governance is the key!Focus on Technology alone is not enough .
Proactive actions to adopt global best
practices in security and compliance!
Effective security must address people, process and technology and every security implementation does this. However, industry experience and studies show that security standards are implemented "in the letter and not in the spirit" - and sometime back this was a concern expressed by the President Obama's CIO too.
Decision makers and stakeholders must ensure that security is embedded into the organization DNA and that industry tools and solutions are adopted that will address risks and vulnerabilities at the fundamental or design level.
ACPL – Securing Information Assets since 1990.
www.acpl.com
Rest Info-Assured !
Not your best day in office! Have a better day… Contact ACPLUnable to Defend your computer, protect sensitive data,
and protect devices in your office
The Road Ahead
ACPL – Securing Information Assets since 1990.
www.acpl.com
"
At ACPL we have been helping corporates become Info Assured in a Digital World since
1990!
ACPL – Securing Information Assets since 1990.
www.acpl.com
What ACPL Offer.
• Information Security• Information Availability• Wire & Wireless Networking• Data Centre Optimisation
Solutions
• Standards (ISO 27001, PCI, BS25999)• Tech Processes & Policies• Vulnerability Management• Data Centric Risk Assessments
Consulting
• Information Security• Product Specific• Advanced NW Troubleshooting• InfoSec Trained Manpower Outsourcing
Training
www.acpl.com
Our Technology Partners
www.acpl.com
Corporates who TRUSTED us!
ACPL – Securing Information Assets since 1990.
www.acpl.com
Thank You .
ACPL – Securing Information Assets since 1990.
Vishal Bindra ( CISA, ISO 27001 LA)CEO