Home  |  Newsletter | Feedback | Advertise - Online  | Help
Google
Web dqindia.com
Search by issue  | Sitemap

• Visit pcquest.com to know all about the business benefits of IT infrastructure outsourcing • Ad : Play and Plug ERP by IBM

 
 RSS |  Follow Us on twitter
Home > Q&A

Security is more complicated than buying a product
Henry NG, business head, global services, Verizon
Pankaj Maru
Thursday, October 08, 2009
Print Comment Email DiggDigg DeliciousDel.icio.us RedittReddit TwitterTwitter

What kind of security compliance should businesses and industries need to have?
Different industries have different requirements. If you are into processing, transmitting, storing credit card information you have to observe the compliance called payment card industry data security standards (PCI DSS). If you are in financial industry like banks you have to observe Basel II compliance. Basically, it includes operational and technological risks. So, I think organizations and industries need to have to go for different security compliances according to the industry s requirements and standards.

What is your view of the security compliance in Indian IT, and banking?
Lot of companies here understand the importance of information security and management systems (ISMS), so they will have to document necessary controls to adhere to the ISO27001 certification. However, I am a bit worried about those Indian companies certified by ISO 27001 as there might be the forced perception that they are secured but actually they are not. Security, unfortunately is more complicated than buying an product.

What are your views on the global certifications and standards?
To a certain extent, ISO 27001 is a type of standard that is applicable across different countries. But different industries behave differently. For the payment card industry ISO 27001 is not sufficient for security of information. So the card industry associations such as VISA, American Express and others have built a new standard called PPI to specifically address the major concerns of leaking of payment card data. Generally speaking, the ISO27001 would be a great starting point but depending on specific industries and businesses you need better security standards.

What is the awareness level about security compliance in India?
ISO 27001 certification is very big in India, about 450 companies are certified. Its more matured than the US in terms of companies spending on increasing security compliance and standards. But risk factors in different countries are different. For instance in the US, you see huge number of hacking, data losses or leakages. Whereas in India, companies are not viewing that kind of risk exposures. Eventually the same risk exposures can be seen by Indian companies. So its the matter of time, when Indian organizations wake up and say that they need more protection than just ISO 27001.

Pankaj Maru/CMN
maildqindia@cybermedia.co.in

Page(s)   1  

Print Comment Email DiggDigg DeliciousDel.icio.us RedittReddit TwitterTwitter



ZTE:Leading CDMA Technology





Collective Intelligence @ Work

Analysts: Guiding Stars or Shepherds?

How's the 'pitch' looking?

What's your Everest?

 

 

 

 

 

 

Magazine Subscription | Sitemap | Contact Us | About Us | Advertising Print | Mediakit Print | jobs@cybermedia
Other CyberMedia web sites
  [Voice&Data]  [CIOL]  [PCQuest]  [Living Digital]  [IDC India]
  [CIOL Shop]  [DQ Channels]  [DQweek]  [CyberMedia Events]
  [Cybermedia Digital]  [CyberMedia India]   [Cyber Astro
  [Global Services Media ]  [BioSpectrum]  [BioSpectrum Asia]

Copyright © CyberMedia. All rights reserved.
Reproduction in whole or in part in any form or medium without express written permission is prohibited.
Usage of this web site is subject to terms and conditions.