The Telegraph
TT Epaper
Today's Edition Monday, September 12, 2005 | Advertise with us
 
 
IN TODAY'S PAPER
  Front Page
  Nation
  Calcutta
  Bengal
  Opinion
  International
  Business   Stocks Live
  Sports        Cricket Live
  At Leisure
  Sudoku
  Crossword   New!
  Jumble   New!
  Gallery
  Horse Racing
WEEKLY FEATURES
  Knowhow
  Jobs
  Telekids
  Careergraph
  Etc
  Weekend
  Look
CITY NEWSLINES
FEEDS
  RSS
  My Yahoo!
SEARCH
 
Archives Web
 
ARCHIVES
Since 1st March, 1999
 
THE TELEGRAPH
- About Us
- Advertise
- Feedback
- Contact Us
 
 
Front Page > Business > Story
Email This Page
Big holes in infotech security wall
OUR SPECIAL CORRESPONDENT
On your guard

New Delhi, Sept. 11: India needs to accord priority to the security aspects of business process outsourcing. A couple of incidents in the recent past has rudely woken up the domestic industry to the risks of offshore business.

While major players seem to be alert to the security concerns of their customers, it is the small and medium enterprises that need to make significant investments to plug the loopholes. This would increase their productivity and cost competitiveness.

According to a report prepared by the Confederation of Indian Industry (CII), 71 per cent of the respondents had no security process certification.

Ganesh Natarajan, chairman of the IT security conference and deputy chairman and MD of Zensar Technologies, said, ?There are no silver bullets in IT security. There will always be vulnerabilities in complex software and systems as well as human errors.?

IT security involves many aspects, including software design, configuration, patching, sharing of threat and vulnerable information. It also covers user education, investigation and prosecution of IT crime, both within India and overseas, he said.

The survey, titled Report on Information Security Baseline 2005 and piloted by CII?s western region, used a database of 100 respondents. About 38 per cent firms did not have any information-security policy and an alarming 7 per cent were not interested in IT security. About 11 per cent did not have user ID password protection. More than 71 per cent had no security process certification.

The responses were drawn from different industry segments: 26 per cent from manufacturing, 14 per cent from consumer goods and 42 per cent from IT and IT-enabled services companies, BPOs, ISPs, consultants, education, insurance, construction, real estate and financial services. All respondents used computers in their businesses.

The report said the industry in India, particularly the IT segment, has taken a few measures to secure IT infrastructure. However, it has been more as a knee-jerk reaction to a security breach or compliance, not an informed proactive effort.

Says Cyber law expert Pawan Duggal: ?The practice of proactive compliance of law and various requirements for IT security is practically non-existent in our country. Consequently, we find that any breach of security suddenly leads to a temporary phase of compliance. However, with the passage of time, exigencies of business take over and compliance levels go down again.?

The survey, which interviewed CEOs and senior management of large and small organisations, found that the Indian industry did not give importance to the post of a chief security officer and chief information security officer in a company.

Top
Email This Page
 
 
 Copyright © 2005 The Telegraph. All rights reserved. Disclaimer | Privacy Policy | Contact Us