A stronger commitment to data security

Data Theft in India is one of the most severe threat to the businesses and organisations. This has resulted in various losses also. To overcome this, the concept of standardisation of data security has been introduced in India. Rules and policies have been framed first time in this direction in a recently concluded workshop at Nashik. The workshop was organised with the initiative by University of Pune.

Sir VIsvesvarayya Memorial College of Engineering in Chincholi, dist. Nashik had organised this workshop with the sponsorship by University of Pune. A major development from this event was a consesus to follow the international standards ‘BS 7799’ and ‘ISO 27001’ for Indian companies. This standards give an outline to keep the electronically stored data secure in corporate organisations, businesses and industries. Prominent companies from the state have come forward to implement these standards.

Data Security Officer

These standards can be implemented without any fees. Also, once this standards comes into force, companies will have the posts of Data Security Officer. He will be responsible for implementation of the standards.  

The Standards

Guidelines for data security were laid first time in 1999 titled « Information Security Management Systems – Specification with guidance for use. » They focused on how to implement an Information security management system (ISMS), referring to the information security management structure and controls. BS 7799 Part 2 was adopted by ISO as ISO/IEC 27001 in November 2005.

Part 3 was published in 2005, covering risk analysis and management. It aligns with ISO/IEC 27001. ISO 27001mainly covers following aspects: Risk assessment, Security policy – management direction, Organization of information security, Asset management, Human resources security, Physical and environmental security, Communications and operations management, Access control, Information systems acquisition, development and maintenance, Information security incident management, Business continuity management, Compliance.

The Incidences

28 Dec 2007

Anita Sharma, a former engineer with Pune-based  3DPLM Software Solutions, was charged with transferring vital data worth $12 million from her company days before she quit her job.

Sharma allegedly passed on vital data and the source code of programs developed by her company to her husband through an IBM email ID while Sharma was working with the company. Sharma was privy to the source of code of InterOp software, a French company with which 3 DPLM was dealing in the development of software.

12 Oct 2006

The police booked an employee of an insurance company for allegedly attempting to 
steal data from another prominent insurance company.
Rohit Kotwal, a former employee of Bagic working with another insurance firm as general manager, was booked under the stringent norms of the Information Technology Act, 2000. 

Further reading :

Tags: ,

Déposez un commentaire