presentation on 25th april_new
TRANSCRIPT
-
8/7/2019 Presentation on 25th April_new
1/15
DEVELOPING INFORMATION SECURITY
AUDIT TOOL/FRAMWORK FOR BPO AND
RELATED SECTOR
Rahul Gupta
Project Associate(RS 05)
IIIT-Allahabad
1
Supervisor: Dr. M.D.Tiwari
Co-Supervisor: Dr. Anurika Vaish
-
8/7/2019 Presentation on 25th April_new
2/15
Background
Motivation
Problem Formulation
Literature Survey
Proposed Methodology
Conclusion
Other Important Reference
Flow of Presentation
2
-
8/7/2019 Presentation on 25th April_new
3/15
Background
It has been witnessed that the society is undergoing advent changeswhether in their ethics, behavior, life style or technological usage due to
the fast pace of life.
Data is generated on a large scale
The way of processing of data has improved and latest technological
advancements are used to manage the data
Security data issues are now prime.
Information Security is being stressed upon
3
-
8/7/2019 Presentation on 25th April_new
4/15
Motivation
The data being generated with the fast pace of life is in huge
quantum and due to this processing of data is being outsourced to
certain third parties or BPOs
Organizations and people involved with the data collection and data
processing, misused the personal information of individuals.
Biggest threat started when data was outsourced to BPOs where in
due course of time some major frauds happened in India and other
parts of the world.
The information Security issues gave me a motivation to curb the
misuse of the data collected & data processing particularly in BPOs
4
-
8/7/2019 Presentation on 25th April_new
5/15
Cyber Threat Evolution
Virus
Breaking
Web Sites
Malicious
Code
(Melissa)
Advanced Worm /
Trojan (I LOVE
YOU)
Identity Theft
(Phishing)
Organised Crime
Data Theft, DoS /
DDoS
1995 2000 2003-04 2005-06 2007-081977
Dr. Gulshan Rai, Director, CE
RT-IN, Govt. of India, 8THFE
B 2009
-
8/7/2019 Presentation on 25th April_new
6/15
Problem Formulation
The problem was thus taken up with reference toThe BPOs, which are involved as 3rd party
As a result the threat to security was generated
To find a solution for the BPOs to mitigate these frauds
To solve the deepening pockets of problems in the BPO
industry
Developing an Information Security Audit Tool/ Framework
for BPO and related sectors.
6
-
8/7/2019 Presentation on 25th April_new
7/15
Literature Review
The literature reviewwas divided in two aspects:
1. For motivation & problem formulation (Part 1)
2. Base model on which the PhD Thesis was set up (part 2)
7
-
8/7/2019 Presentation on 25th April_new
8/15
Detailed Literature Survey( For motivation & problem formulation)
Theliterature survey was done to study the following aspects of my research:
1.Understanding security and its real importance
2.Information system framework for within the companies & expectation of security
from outsourced company3.Different standards & control on outsourcing and securitization.
4.Privacy & Data protection provisions for business
5.Evaluating internal structure of BPO organization, Information flow bottleneck &
third party involvement
6.E
stablishing risk to Information in BPO setup7.Assessing a general compliance criteria for BPO organization of Indian origin as
per the servicing client country
8
-
8/7/2019 Presentation on 25th April_new
9/15
Base Model Proposed to be Developed
9
My
Proposed
Framework
DPA Framework Study
Legal Compliance Framework
SOX, HIPPA, GLBA
Service Delivery Framework
SOA, ITIL
Outsourcing issues & Security
Framework
-
8/7/2019 Presentation on 25th April_new
10/15
Base model on which the PhD Thesis was set up
NASSCOM DSCI - KPMG Survey on Information Security and
Data Privacy
Akhilesh Tuteja, Executive Director KPMG, December 2008
Network Magazine, March 2005
http://www.networkmagazineindia.com/200503/coverstory02.shtml
ITES-BPO Handbook
Indian ITES-BPO Industry Fact Sheet (INDIAN ITES-BPO INDUSTRY
: NASSCOM ANALYSIS)
Indian Security Environment Fact Sheet (INFORMATION SECURITYENVIRONMENT IN INDIA :NASSCOM ANALYSIS)
10
-
8/7/2019 Presentation on 25th April_new
11/15
DSCI SECURITY FRAMEWORK, DATA SECURITY COUNCIL OF
INDIA, November, 2009
DSCI FRAMEWORK FOR DATA PROTECTION, DATA SECURITY
COUNCIL OF INDIA, November, 2009
DSCI PRIVACY FRAMEWORK, DATA SECURITY COUNCIL OF
INDIA,August, 2009
New Impacts on Outsourcing in 2009, Outsourcing Journal, ByKathleen Goolsby, http://www.outsourcing-journal.com/nov2008-
outsourcing.html
Upcoming Changes in IT Infrastructure Outsourcing
By Kathleen Goolsby, Senior Writer, Outsourcing Journal 2009
11
-
8/7/2019 Presentation on 25th April_new
12/15
Proposed Methodology
The methodology proposed after the literature survey was:
Development of Questionnaires to get the views of
different levels of users.
Applying various statistical analysis software to process
the response to the floated questionnaires.
12
-
8/7/2019 Presentation on 25th April_new
13/15
RESEARCH ACTIVITIES TAKEN UP
Key areas to be focused in BPO information security
Assessment and know how of prevalent audit
mechanism and tools and their applied impact in the
industry
Frame work of prior research and knowledge in the area
of direct and indirect interest to BPO audit and Information
security through Literature Survey & Review
Various compliance laws prevalent in different client
industry were accessed to gain first hand information to
current practices and statutes.
13
-
8/7/2019 Presentation on 25th April_new
14/15
Conclusion
I am trying my level best to create a solution to
the burning issue of Information Security in the
BPO and its related sectors through my PhD
I firmly believe that this endeavor of mine will
definitely prove to be fruitful
14
-
8/7/2019 Presentation on 25th April_new
15/15
THANKS
15