CII-SJCE-STEP holds session on IT security, compliance management

The Confederation of Indian Industry Mysuru Chapter and SJCE-STEP had organised a session on IT security and compliance management at SJCE on Wednesday.

Bhaskar Kalale, Convenor, IT Panel, CII Mysuru, deliberated upon curbing cybercrime and encouraged the gathering to treat it as a continuous evaluation process. The stakeholders were informed regarding pivotal role played by IT security in securing IP, financial and other interests of a company. In the 21st century, knowledge is power and he highlighted this in understanding the importance of securing data.

Jayanth Varma, CEO, SocView Solutions Pvt Ltd informed the gathering about data breach and its impact on any IT based company. Contemplating upon various data breach incidents in 2016 alone, he said that reasons to tighten IT security was innumerable including hacking, malware, espionage, national security threat inter alia. The gathering was informed about cyber kill chain to understand a cyber-attack better.

He explained the tips of monitoring system traffic to track a cyber-breach and case studies on phishing was used to explain how a system gets compromised. He spoke about information of data breach management including identifying and forming breach management team, containment, recovery, assess risk, notification of breach, evaluation and response.

He advised the companies to identify their assets and services and to list critical systems and data to isolate possible cyber breach and to come up with security policies and incident response plans. He laid emphasis on vulnerability management and patch management as the most important key to secure data irrespective of the breach time. He highlighted testing incident response plans and social engineering awareness as a way to tackle the problem of cyber breach.

M D Padmini, Senior Manager, PMO & Compliance, Theorem Inc., Mysuru explained the importance of information security system. She highlighted the benefits of information security system includes integration of information security risk, framework for regulatory compliance, business friendly, a market differentiator, furnishes a mechanism for monitoring and reporting risks, structure to efficiency and effectively integrate people, process and technology.

Speaking about information security policies, she enlightened the gathering regarding incident management, risk management, information security, classification, labelling, robust change management, virus and malware control, mobile computing, vulnerability and penetration assessment inter alia. Several options of risk treatment were deliberated upon to strategize the best policy.

More than 80 companies participated at the event.

Leave a Reply



Related Articles