Infrastructure management is undergoing a transformation. ITIL can help manage conflicting demands like – “low cost but high service quality”, “ubiquitous access but enhanced security”?

Main

August 05, 2008

Who is after the personal customer data you have!

Posted by Bhoopendra Adhikari

 

Apparently a lot of people and from all over the globe. And they are not your customers. Today’s conviction of 11 persons for the one of the largest ever data breach in terms of records is an indicator of this. What’s so interesting about this? Here are some facts:

 

Continue reading "Who is after the personal customer data you have!" »

Posted by Guest Author at 10:51 PM | | Comments (0) | TrackBacks (0)

July 28, 2008

People over process – Is your IT department doing it too?

Posted by Bhoopendra Adhikari 

Some kind of dependency on one person is a way of life in most IT departments in small and mid size organizations and its not uncommon even in large organizations. We are all used to that ‘wizard’ in IT department who knows those key systems like no one does and who can do everything. Every once in a while these guys turn rogue and we start debating how imperative it is to be not dependent on one person but do we ever try going beyond this reasoning!

Continue reading "People over process – Is your IT department doing it too?" »

Posted by Guest Author at 05:58 AM | | Comments (3) | TrackBacks (0)

July 22, 2008

IT Controls: Essential vs. Excellent

Posted by Bhoopendra Adhikari

The Data breach report 2008 from Verizon business risk team shares many useful results some of which are surprising, some commonly known and some encourage us to look at few old things in a new way. The report is debated widely among the IT security community since its release and I am picking few related results here which in my opinion give an insight on a key aspect of your IT controls eco-system:

Continue reading "IT Controls: Essential vs. Excellent" »

Posted by Guest Author at 09:56 PM | | Comments (1) | TrackBacks (0)

Introducing Bhoopendra Adhikari

Deep Insights come from those in the thick of action. Introducing Bhoopendra Adhikari- someone who's been throught it all. He is an IT risk and compliance consultant and is CISSP, CISA, CISM and PMP certified professional. He has a wide range of consulting experience in IT Risk, Compliance and Governance domain. Over to you Bhoopen

Posted by Ramshankar Ramdattan at 09:12 PM | | Comments (0) | TrackBacks (0)

October 09, 2007

Relationships – Part 1

Did someone say Relationships define life? Well in the context of Information Risk Management (IRM) it would. Do you agree? Let’s see.

We have all seen the extensive IT policies that companies come up with. Some of them are very point - eg- Clean Desk policy while others are broad in nature - eg - Privacy policy. For starting points on what policies should be, SANS institute has a very useful section in the resources area

Continue reading "Relationships – Part 1" »

Posted by Ramshankar Ramdattan at 08:53 PM | | Comments (0) | TrackBacks (0)

August 30, 2007

How many controls?

Recently I was part of a very interesting discussion on pre-audit controls management for one of our clients. One of the questions that occurred post that meeting was this - “how many controls does an organization truly need?"

 

Continue reading "How many controls?" »

Posted by Ramshankar Ramdattan at 06:50 PM | | Comments (2) | TrackBacks (0)

July 16, 2007

Your word versus mine

Last month I was speaking at the CSI Net Sec 2007 conference around Identity and Access Management a key topic within IRM domains. Overall this was a very well attended event featuring various themes and topics.

It dawned on me during the show, that fundamentally what was happening was a very well structured collaboration forum. People coming in and sharing a range of experiences in different industries, initiatives and focused content.

Continue reading "Your word versus mine" »

Posted by Ramshankar Ramdattan at 06:21 AM | | Comments (1) | TrackBacks (0)

June 07, 2007

For the sake of Valuations

Traditionally our notion around Valuable Assets has been to lock them up or store them in a bank’s locker. These could be monetary in nature, cash, jewels, any other important product/ document that we perceive as valuable to us.

This primarily means a) Getting a fix around the notion of "what value", which is commonly understood and agreed to.

b) Taking ownership of the risk around these valuable assets falling into the wrong hands/ misusedOR c) Transferring the risk to a trusted third party entity with whom we have a business relationship.

Continue reading "For the sake of Valuations" »

Posted by Ramshankar Ramdattan at 11:53 PM | | Comments (0) | TrackBacks (0)

June 05, 2007

Discover the language of “Information Risk"

"Business -IT alignment"(BIA) is a term used to mean different things to different people. What is particularly interesting is how this is viewed in different contexts and scenarios. The expectation of Business from IT in a product centric industry such as Retail versus a technology centric business such as a wireless Carrier is dramatically different. And does IT have any requirements from the Business? Absolutely! So the "alignment" term is something that really needs to be explored in more detail.

And what are those alignment magic words- ? - performance, cutting edge capability, efficiency, reuse, key projects, resource skillets, ROI. And the list goes on.

In the compliance and Security Services domain, BIA takes up an altogether different meaning. The ability of Security leadership to communicate the value that the function provides to the business in real terms, is often lost in the noise of breaches, regulations, control programs and of course those lost laptops! 

The fundamental question therefore is “how does the business and IT communicate when it comes to Information Security Services? "

Continue reading "Discover the language of “Information Risk"" »

Posted by Ramshankar Ramdattan at 12:05 AM | | Comments (0) | TrackBacks (0)