presentation on 25th april_new

8/7/2019 Presentation on 25th April_new

1/15

DEVELOPING INFORMATION SECURITY

AUDIT TOOL/FRAMWORK FOR BPO AND

RELATED SECTOR

Rahul Gupta

Project Associate(RS 05)

IIIT-Allahabad

1

Supervisor: Dr. M.D.Tiwari

Co-Supervisor: Dr. Anurika Vaish


2/15

Background

Motivation

Problem Formulation

Literature Survey

Proposed Methodology

Conclusion

Other Important Reference

Flow of Presentation

2


3/15

Background

It has been witnessed that the society is undergoing advent changeswhether in their ethics, behavior, life style or technological usage due to

the fast pace of life.

Data is generated on a large scale

The way of processing of data has improved and latest technological

advancements are used to manage the data

Security data issues are now prime.

Information Security is being stressed upon

3


4/15

Motivation

The data being generated with the fast pace of life is in huge

quantum and due to this processing of data is being outsourced to

certain third parties or BPOs

Organizations and people involved with the data collection and data

processing, misused the personal information of individuals.

Biggest threat started when data was outsourced to BPOs where in

due course of time some major frauds happened in India and other

parts of the world.

The information Security issues gave me a motivation to curb the

misuse of the data collected & data processing particularly in BPOs

4


5/15

Cyber Threat Evolution

Virus

Breaking

Web Sites

Malicious

Code

(Melissa)

Advanced Worm /

Trojan (I LOVE

YOU)

Identity Theft

(Phishing)

Organised Crime

Data Theft, DoS /

DDoS

1995 2000 2003-04 2005-06 2007-081977

Dr. Gulshan Rai, Director, CE

RT-IN, Govt. of India, 8THFE

B 2009


6/15

Problem Formulation

The problem was thus taken up with reference toThe BPOs, which are involved as 3rd party

As a result the threat to security was generated

To find a solution for the BPOs to mitigate these frauds

To solve the deepening pockets of problems in the BPO

industry

Developing an Information Security Audit Tool/ Framework

for BPO and related sectors.

6


7/15

Literature Review

The literature reviewwas divided in two aspects:

1. For motivation & problem formulation (Part 1)

2. Base model on which the PhD Thesis was set up (part 2)

7


8/15

Detailed Literature Survey( For motivation & problem formulation)

Theliterature survey was done to study the following aspects of my research:

1.Understanding security and its real importance

2.Information system framework for within the companies & expectation of security

from outsourced company3.Different standards & control on outsourcing and securitization.

4.Privacy & Data protection provisions for business

5.Evaluating internal structure of BPO organization, Information flow bottleneck &

third party involvement

6.E

stablishing risk to Information in BPO setup7.Assessing a general compliance criteria for BPO organization of Indian origin as

per the servicing client country

8


9/15

Base Model Proposed to be Developed

9

My

Proposed

Framework

DPA Framework Study

Legal Compliance Framework

SOX, HIPPA, GLBA

Service Delivery Framework

SOA, ITIL

Outsourcing issues & Security

Framework


10/15

Base model on which the PhD Thesis was set up

NASSCOM DSCI - KPMG Survey on Information Security and

Data Privacy

Akhilesh Tuteja, Executive Director KPMG, December 2008

Network Magazine, March 2005

http://www.networkmagazineindia.com/200503/coverstory02.shtml

ITES-BPO Handbook

Indian ITES-BPO Industry Fact Sheet (INDIAN ITES-BPO INDUSTRY

: NASSCOM ANALYSIS)

Indian Security Environment Fact Sheet (INFORMATION SECURITYENVIRONMENT IN INDIA :NASSCOM ANALYSIS)

10


11/15

DSCI SECURITY FRAMEWORK, DATA SECURITY COUNCIL OF

INDIA, November, 2009

DSCI FRAMEWORK FOR DATA PROTECTION, DATA SECURITY

COUNCIL OF INDIA, November, 2009

DSCI PRIVACY FRAMEWORK, DATA SECURITY COUNCIL OF

INDIA,August, 2009

New Impacts on Outsourcing in 2009, Outsourcing Journal, ByKathleen Goolsby, http://www.outsourcing-journal.com/nov2008-

outsourcing.html

Upcoming Changes in IT Infrastructure Outsourcing

By Kathleen Goolsby, Senior Writer, Outsourcing Journal 2009

11


12/15

Proposed Methodology

The methodology proposed after the literature survey was:

Development of Questionnaires to get the views of

different levels of users.

Applying various statistical analysis software to process

the response to the floated questionnaires.

12


13/15

RESEARCH ACTIVITIES TAKEN UP

Key areas to be focused in BPO information security

Assessment and know how of prevalent audit

mechanism and tools and their applied impact in the

industry

Frame work of prior research and knowledge in the area

of direct and indirect interest to BPO audit and Information

security through Literature Survey & Review

Various compliance laws prevalent in different client

industry were accessed to gain first hand information to

current practices and statutes.

13


14/15

Conclusion

I am trying my level best to create a solution to

the burning issue of Information Security in the

BPO and its related sectors through my PhD

I firmly believe that this endeavor of mine will

definitely prove to be fruitful

14


15/15

THANKS

15

presentation on 25th april_new

Documents