India is rarely out of the news when it comes to IT, especially with the large IT BPO (business process outsourcing) industry, technology investments, information security incidents, new policy, hacking, certification, poor IT governance, bot infections and spamming.
An independent report into information security concerns in India has sought to establish what Information Security and IT professionals in India believe are concerns in India’s battle with cyber security. The report, jointly prepared by IndiaWatch and ClubHack, presents the concerns over three areas: The Nation, The Corporation or Business, and The Citizen.
Top 5 Information Security Concerns for the Corporation or Business
2) Information Security Management
3) Weaknesses during Implementation
4) ‘it cannot happen to me’ syndrome
5) Underestimation of Technology
Looking at top concerns for the Corporation or Business there are recurring themes of misplaced confidence, complacency or even disregard to the threats of information security. The report highlights poor policies, weak audits and compliance, certification for the sake of certification, and a lack of monitoring as areas of highest concern.
“It is easy to set up an ISMS and get certified but information security management is hardly about getting certificates”
Alarmingly both ‘Information Security Management’ and ‘Weaknesses during implementation’ feature high on the list. This suggests that the application of information security in many organisations has problems from the start which multiply through inadequate implementation and management thereafter.
ISO 27001 is the internationally recognised cyber security standard which the Indian ITA (Information Technology Act) requires any company that collects information in India to comply with. Do you comply with the act? Find out more information on with our free white paper.
Information security is not a box that needs ticking, it is the practices and systems that should be deep rooted into the modus operandi and company culture to protect the confidentiality, availability and integrity of information.