jaganathan - an inclusive approach to information security - interop mumbai 2009
DESCRIPTION
This session details the unique inclusive approach to Information Security Management (ISM) followed by Ajuba International. Ajuba’s model involves all employees in Information Security making ISM a part of the work rather than a watchdog function.TRANSCRIPT
![Page 1: Jaganathan - An Inclusive Approach to Information Security - Interop Mumbai 2009](https://reader033.vdocuments.us/reader033/viewer/2022042623/54b384444a7959d8128b45ab/html5/thumbnails/1.jpg)
INTERNAL
INSPIRED PEOPLE. INSPIRING RESULTS.
INCLUSIVE APPROACH TO INFORMATION SECURITYSecurity Culture in the Corporate World
Jaganathan T
ISSC Chairperson
Ajuba Solutions India Pvt Ltd
![Page 2: Jaganathan - An Inclusive Approach to Information Security - Interop Mumbai 2009](https://reader033.vdocuments.us/reader033/viewer/2022042623/54b384444a7959d8128b45ab/html5/thumbnails/2.jpg)
INTERNAL
INSPIRED PEOPLE. INSPIRING RESULTS.
COMPANY OVERVIEW
![Page 3: Jaganathan - An Inclusive Approach to Information Security - Interop Mumbai 2009](https://reader033.vdocuments.us/reader033/viewer/2022042623/54b384444a7959d8128b45ab/html5/thumbnails/3.jpg)
INTERNAL
INSPIRED PEOPLE. INSPIRING RESULTS.
EXECUTIVE SUMMARY
Industry leader in offshore healthcare billing and revenue cycle management
Proven track record:
� We process claims with a gross value of over $3 Billion, code 3 million charts and collect
over $1 Billion in cash annually
� Over 1700 domain experts
� Long term partnerships and retention of clients
Seasoned Team and Quality Processes
� Employees come from organizations such as Deloitte, EDS, McKesson, NDC Health etc.
� Strong management bench and training capabilities; ability to scale
![Page 4: Jaganathan - An Inclusive Approach to Information Security - Interop Mumbai 2009](https://reader033.vdocuments.us/reader033/viewer/2022042623/54b384444a7959d8128b45ab/html5/thumbnails/4.jpg)
INTERNAL
INSPIRED PEOPLE. INSPIRING RESULTS.
� Ranked among the Top 100 Offshore Companies in the world by Managing
Offshore and Neo IT
� Identified as a ‘Rising Star’ by The International Association of Outsourcing
Professionals (IAOP), in The Global Outsourcing 100 list and published by
Fortune Magazine
� Ranked #1 as The Top Healthcare Revenue Cycle Management Outsourcing
Vendor by The Black Book of Outsourcing
� Among The Best Employers in India (Hewitt Associates-The Economic Times)
INDUSTRY AWARDS & RECOGNITION
![Page 5: Jaganathan - An Inclusive Approach to Information Security - Interop Mumbai 2009](https://reader033.vdocuments.us/reader033/viewer/2022042623/54b384444a7959d8128b45ab/html5/thumbnails/5.jpg)
INTERNAL
INSPIRED PEOPLE. INSPIRING RESULTS.
� Among The Best Workplaces in India (Great Places to Work Institute
Inc, US - The Economic Times)
� Among Best BPO Employers in India (IDC – Dataquest)
� Among The Top Emerging Exciting Places to Work for (NASSCOM-
Grow Talent)
� Award for Excellence in Gender Inclusivity by NASSCOM
INDUSTRY AWARDS & RECOGNITION
![Page 6: Jaganathan - An Inclusive Approach to Information Security - Interop Mumbai 2009](https://reader033.vdocuments.us/reader033/viewer/2022042623/54b384444a7959d8128b45ab/html5/thumbnails/6.jpg)
INTERNAL
INSPIRED PEOPLE. INSPIRING RESULTS.
PEOPLEPROCESS
TECHNOLOGY
THE FOUR PILLARS OF OUR DELIVERY MODEL
INFR
ASTR
UCTU
RE
![Page 7: Jaganathan - An Inclusive Approach to Information Security - Interop Mumbai 2009](https://reader033.vdocuments.us/reader033/viewer/2022042623/54b384444a7959d8128b45ab/html5/thumbnails/7.jpg)
INTERNAL
INSPIRED PEOPLE. INSPIRING RESULTS.
AJUBA - INFORMATION SECURITY TRACK RECORD
� ISO27001:2005 certified
� HIPAA Certified
� FDCPA Certified
� SAS70 Type 1 Certified
We take Security and Compliance very
seriously
![Page 8: Jaganathan - An Inclusive Approach to Information Security - Interop Mumbai 2009](https://reader033.vdocuments.us/reader033/viewer/2022042623/54b384444a7959d8128b45ab/html5/thumbnails/8.jpg)
INTERNAL
INSPIRED PEOPLE. INSPIRING RESULTS.
CHALLENGES FOR AJUBA IN INFO SECURITY
� In an industry where Info. Security and
compliance is very critical to business. HIPAA
� Ajuba is continuously awarded as a `Best
Employer’ and widely known for `Employee
Friendly’ culture. Improper Security enforcement
has the potential to affect `Best Employer’ brand
equity. Judicious balance between Security
Management and Employee comfort required.
� Average age less than 30. Additional impetus to
security awareness required.
![Page 9: Jaganathan - An Inclusive Approach to Information Security - Interop Mumbai 2009](https://reader033.vdocuments.us/reader033/viewer/2022042623/54b384444a7959d8128b45ab/html5/thumbnails/9.jpg)
INTERNAL
INSPIRED PEOPLE. INSPIRING RESULTS.
IMPORTANT ASSET: PEOPLE CROSS FUNCTIONAL SECURITY TEAM
![Page 10: Jaganathan - An Inclusive Approach to Information Security - Interop Mumbai 2009](https://reader033.vdocuments.us/reader033/viewer/2022042623/54b384444a7959d8128b45ab/html5/thumbnails/10.jpg)
INTERNAL
INSPIRED PEOPLE. INSPIRING RESULTS.
TRADITIONAL SECURITY ORGANIZATION
Physical Security
IT Security Officer
Auditor
Info Security manager
CMOCSOCIO
CEO
![Page 11: Jaganathan - An Inclusive Approach to Information Security - Interop Mumbai 2009](https://reader033.vdocuments.us/reader033/viewer/2022042623/54b384444a7959d8128b45ab/html5/thumbnails/11.jpg)
INTERNAL
INSPIRED PEOPLE. INSPIRING RESULTS.
AJUBA SECURITY INFO ORGANIZATION
Sr. Manager Operations
ISM
Manager Corporate Comm.
Team Supervisor
Asst Manager
Manager Operations
Team Leader
Agents
Asst Manager
Sr. Manager operations
Manager HR
Team Supervisor
Asst Manager
Team Leader
Executive
Sr. Manager Finance
Asst Manager
Manager Tech
Team Leader
Executive
Sr. Manager Technology
Sr. Executive
ISMS
ISSC
President
Director Technology& ISSC
Chairperson
Director Finance &
HR
DirectorOperations
Sr. Manager Operations
ISM
Manager Corporate Comm.
Team Supervisor
Asst Manager
Manager Operations
Team Leader
Agents
Asst Manager
Sr. Manager operations
Manager HR
Team Supervisor
Asst Manager
Team Leader
Executive
Sr. Manager Finance
Asst Manager
Manager Tech
Team Leader
Executive
Sr. Manager Technology
Sr. Executive
ISMS
ISSC
President
Director Technology& ISSC
Chairperson
Director Finance &
HR
DirectorOperations
Asst Manager
Team Supervisor
Agents
![Page 12: Jaganathan - An Inclusive Approach to Information Security - Interop Mumbai 2009](https://reader033.vdocuments.us/reader033/viewer/2022042623/54b384444a7959d8128b45ab/html5/thumbnails/12.jpg)
INTERNAL
INSPIRED PEOPLE. INSPIRING RESULTS.
INFORMATION SECURITY FORUM CROSS FUNCTIONAL TEAMS
ISSC : Information Security Steering
Committee� Management team to guide and steer security
implementation
ISTF: Information Security Task Force� Responsible for implementing and managing
Information Security implementation.
IRT: Incident Response Team� Responsible for Incident Response and
Resolution
IAT: Internal Audit Team� Responsible for Internal and External Audits
ERT: Emergency Response Team� Responsible for response to emergency
conditions and drills
![Page 13: Jaganathan - An Inclusive Approach to Information Security - Interop Mumbai 2009](https://reader033.vdocuments.us/reader033/viewer/2022042623/54b384444a7959d8128b45ab/html5/thumbnails/13.jpg)
INTERNAL
INSPIRED PEOPLE. INSPIRING RESULTS.
� For a total Ajuba staff strength of 1700
ISSC = 4
ISTF = 20
IRT = 12
IAT = 40
ERT = 63
Total 139 ie 8.2 % of total staff strength
Extended Security Focus possible because of unique model followed
![Page 14: Jaganathan - An Inclusive Approach to Information Security - Interop Mumbai 2009](https://reader033.vdocuments.us/reader033/viewer/2022042623/54b384444a7959d8128b45ab/html5/thumbnails/14.jpg)
INTERNAL
INSPIRED PEOPLE. INSPIRING RESULTS.
![Page 15: Jaganathan - An Inclusive Approach to Information Security - Interop Mumbai 2009](https://reader033.vdocuments.us/reader033/viewer/2022042623/54b384444a7959d8128b45ab/html5/thumbnails/15.jpg)
INTERNAL
InfoSec – Focus Shift
TRADITIONAL APPROACH REPLACED BY
Central Security Team Centrally Enabled Participative Team
CSO Steering Committee coordinate by a Chairperson
Policy Enforcement Participation & Peer Pressure
Vigilance, Monitoring Peer Reporting & Health Check
Disciplinary Action Incident Resolution
Internal Audit Peer Review
ISMS I Support Maintaining Security!
Ajuba Security Approach – Terminology Used
![Page 16: Jaganathan - An Inclusive Approach to Information Security - Interop Mumbai 2009](https://reader033.vdocuments.us/reader033/viewer/2022042623/54b384444a7959d8128b45ab/html5/thumbnails/16.jpg)
INTERNAL
INSPIRED PEOPLE. INSPIRING RESULTS.
SOME BEST PRACTICES
PEOPLE INVOLVEMENT
� Second Week of every December is
Celebrated as ISMS Week
� ISMS week Includes Various Competitions
for staff
� Periodic spot checks and “ Best Compliant
team” awarded annually
� Weekly ISMS quiz in intranet
� Monthly ISMS newsletter
� Transparent & Open security escalations
![Page 17: Jaganathan - An Inclusive Approach to Information Security - Interop Mumbai 2009](https://reader033.vdocuments.us/reader033/viewer/2022042623/54b384444a7959d8128b45ab/html5/thumbnails/17.jpg)
INTERNAL
INSPIRED PEOPLE. INSPIRING RESULTS.
SOME BEST PRACTICESPROCESS
� Automated Incident Registration, Tracking &
Resolution
� Anonymous Incident Registration possible
� Weekly Security Posture Review
� Standard and structured disciplinary matrix
known to all staff
� Security Responsibility is part of everyone’s Job
Description
� Measurable KRAs for Security Team
� Security Conformance part of every employee’s
HR track record.
� Electronic NDA as part of onboarding
![Page 18: Jaganathan - An Inclusive Approach to Information Security - Interop Mumbai 2009](https://reader033.vdocuments.us/reader033/viewer/2022042623/54b384444a7959d8128b45ab/html5/thumbnails/18.jpg)
INTERNAL
INSPIRED PEOPLE. INSPIRING RESULTS.
SOME BEST PRACTICES
PEOPLE SECURITY
� Trendsetter in Transport Security – Last
Drop Confirmation
� Quarterly ERT training
� Surprise ERT drills
![Page 19: Jaganathan - An Inclusive Approach to Information Security - Interop Mumbai 2009](https://reader033.vdocuments.us/reader033/viewer/2022042623/54b384444a7959d8128b45ab/html5/thumbnails/19.jpg)
INTERNAL
INSPIRED PEOPLE. INSPIRING RESULTS.
INFO SECURITY LIFE CYCLE IN AJUBA
INFO SECURITY IS A COMPLETE LIFE CYCLEINVOLVEMENT
IN AJUBA
![Page 20: Jaganathan - An Inclusive Approach to Information Security - Interop Mumbai 2009](https://reader033.vdocuments.us/reader033/viewer/2022042623/54b384444a7959d8128b45ab/html5/thumbnails/20.jpg)
INTERNAL
INSPIRED PEOPLE. INSPIRING RESULTS.
0
2
4
6
8
10
12
14
16
18
20
2007 2008 2009 2007 2008 2009 2007 2008 2009 2007 2008 2009
Access Rights Violations
Camera Phone Violation
Non Compliance with IS Policies
Physical Security
Violation
12
9
7
10 10
2
20
1211
54
1
Total Incident
Security Incident Category -->
Info Security Metrics
![Page 21: Jaganathan - An Inclusive Approach to Information Security - Interop Mumbai 2009](https://reader033.vdocuments.us/reader033/viewer/2022042623/54b384444a7959d8128b45ab/html5/thumbnails/21.jpg)
INTERNAL
INSPIRED PEOPLE. INSPIRING RESULTS.
RISK MODEL – COMPLETE FEEDBACK
![Page 22: Jaganathan - An Inclusive Approach to Information Security - Interop Mumbai 2009](https://reader033.vdocuments.us/reader033/viewer/2022042623/54b384444a7959d8128b45ab/html5/thumbnails/22.jpg)
INTERNAL
INSPIRED PEOPLE. INSPIRING RESULTS.
SUMMARY
AJUBA UNIQUE INFOSEC MODEL
� Ajuba model brings People to the forefront and weaves Technology and Process around People
� No Compromise on Process and Technology
� Works very well for Ajuba
� Should work well for any company. May require little customization to suit the organization.
� Efficient security implementation at minimum cost
![Page 23: Jaganathan - An Inclusive Approach to Information Security - Interop Mumbai 2009](https://reader033.vdocuments.us/reader033/viewer/2022042623/54b384444a7959d8128b45ab/html5/thumbnails/23.jpg)
INTERNAL
INSPIRED PEOPLE. INSPIRING RESULTS.
THANK YOU