talk lking ing poin ints ts for r keynote ote speech dr
play

Talk lking ing Poin ints ts for r Keynote ote Speech Dr. - PowerPoint PPT Presentation

Talk lking ing Poin ints ts for r Keynote ote Speech Dr. Parito itosh sh Basu, , Senio ior Prof ofes essor sor NMIMS IMS Univ iver ersity sity Schoo ool l of Busine iness ss Management ement Introspection with Informed


  1. Talk lking ing Poin ints ts for r Keynote ote Speech Dr. Parito itosh sh Basu, , Senio ior Prof ofes essor sor NMIMS IMS Univ iver ersity sity Schoo ool l of Busine iness ss Management ement

  2. Introspection with Informed Judgment Common Objectives – Business and IT Leadership Group  Time to disambiguate the generic expression IT with  IS – Information System  BIS – Business Information System  IT Leadership Group (CIO + CDO + CISO ) + Technology Partner  Be ready to transform BIS function into a  Co-creator of strategies with CEO and CFO and Executors  Profit Center from Cost Center – Sustainable Value Innoventor TM  Primary service provider from auxiliary – Partner of the first step  Be ready to build and generate knowledge for  Weaving business strategies with IT Strategies & Maxims  Minimisation of value destruction and maximization of value creation  Redefining standards to ‘ Next-in-Class ’ beyond the known boundaries  Coming out of cocoon of maintenance function and Innovent TM  Strengthening the bridge between We (IT) and They (User) Let Innoventionism be the mantra for tomorrow 2

  3. Tech Developments – Map Entity Requirements & Achieve Readiness IT Leadership Group is expected to ▪ Look through the windows, ▪ Reflect on markets, customers, opportunities, and then ▪ Co-create and execute product and operating strategies to derive competitive advantages Source: Twitter

  4. Green Information Technology with 4P Bottom Line Green IT (GIT) is a set of practical measures to ensure that IT (BIS) is developed, delivered and used in a way that is environmentally friendly, sustainable and energy efficient. Green IT is a set of strategic and tactical initiatives that directly reduces the carbon footprint of an organisation’s computing operation … Green IT is also focused on using the services of Information and Communication Technology to help reduce the organisation’s overall carbon footprint. Read More: http://www.aboutgreenit.co.uk/what-is-green-it/ 4 http://www.greenict.org.uk/what-is-green-ict

  5. Key Finding from a Research Report of Capgemini Acknowledgement: The presenter is using this information only for propagation of Knowledge Source: 5 http:// www.slideshare.net/capgemini/information-security-benchmarking-20 1 4

  6. Key Questions for IS – A Key Part of REPM and Sustainability Management (Ten commandments for REPM - IS Management & Audit)  Does the Audit Committee review Information Security (IS) Risks and management systems at periodical intervals  Is IS at the top of the agenda for the CEO and CFO  Is IS Risk an integrated item of the Risk Register and ERM Framework  Are business goals aligned with goals for IS process  Is there adequate financial commitment for introducing IS Systems commensurating with size and expanse of the organisation  Are security risks ignored by business decision makers  Is there a proper training, communication and change management system related to any BIS initiatives of any stature  Do IS Managers have predefined KRAs and KPIs for their deliverables  Is there structured IS awareness system throughout organisational hierarchy  Is IS Management a part of Sustainability Management Information Security should be a part of the DNA of any Organisation 6

  7. Benchmarking Information Security – RAGE Analysis to Create Next-in-Class Learning Points form Capgemini’s Research added with Present Author’s Thought Lines Strategy and Ogranisation and Process Technology Governance People • Firewalls and Host to • Identity & Access • Business Strategy Host Connectivity • Ogranisation Structure Management • Remote User Access • Aligning IT Strategy • Roles and • Threat and with Business Responsibilities • Web-based Apps Vulnerability Mgt. Strategy. • Aligning both Goals of asdfasfsa • Patch Mngt. • Malicious Content • Governance People and Orgn. Protection Structure • Information • Employee Training and Classification • Network Inclusion • Compliance Awareness Protection • Sourcing and Management Vendor Management • Security Expert • Wireless Network • Enterprise Risk Training • Secure Application Management (ERM) • Data base Security Development • Security Service • Opnl. Vs. Mngt • Server and System Improvement • Backup Planning and Security • Mobile Devices Control • Co-operation with • Last Mile Device Corporate Security • Retention and Security • BCM & DRM Investigation of Data • Relationship with • Application Security • Audits – Internal & Business Units • Cloud Computing Management • Physical Content • Social Media • User Access Mngt. • Data Privacy Security • Change • Security Incident • Data Corruption Sec. Management 7 Reporting

  8. In-house Ethical Hacking Should it be a compulsory item in Scope for IT Security Audit? The Ethical Hacker should have a quarantined computing device strictly to be used for hacking purpose only. Note: Adequate measures must be taken to ensure that such inclusion in no way violates any legal or 8 regulatory provision in vogue.

  9. IT Jurisprudence for All Facets of IT Function 9

  10. IT Jurisprudence – What and Why What  Jurisprudence is the theory and philosophy of law. Helps to gain deep understanding about  Nature of Law  Legal reasoning, systems, institutions, applications and implications for non-obeyance  Contemporary philosophy of Law addresses two groups of questions  Internal to law and legal systems  Of law as a particular institution - Political and Social  Answers to such questions are found in  Natural Law – Accessible to human reasons  Legal Positivism – Force of law coming from basic social evidences  Legal Realism – The real world practice determines what law is  Critical Legal Studies –  Law is largely contradictory,  Can best be analysed as an expression of the dominant social group English – Jurisprudence, Latin – Jurisprudentia = Knowledge of Law`

  11. IT and Jurisprudence – Why You are here and now to work with reference or relation to any of the following Acts Rules and Regulations and hence Ensuring Compliance is a must 1. Information Technology Act, 2000 2. IT (Use of Electronic Records and Digital Signatures) Rules, 2004 3. IT (Other Standards) Rules, 2003 4. IT (Certifying Authorities) Rules, 2000 5. IT (Certifying Authority) Regulations, 2001 6. The Cyber Regulations Appellate Tribunal (Procedure ...) Rules, 2003 7. Blocking of Websites Order, 2003 8. IT (Security Procedure) Rules, 2004 9. The Indian Penal Code (as amended by the IT Act) 10. The Indian Evidence Act (as amended by the IT Act) 11. The Code of Criminal Procedure and the IT Act. 12. Information Technology (Amendment) Act, 2008 13. The Income Tax Act, 1961 and all Acts for Indirect Taxes (Proposed GST) 14. The Companies Act, 2013 15. Intellectual Property Act, 2003 Doctors receive structured knowledge on Medical Jurisprudence 11

  12. IT and Jurisprudence – Why more in a paperless environment  Maintenance of books of accounts at the place of business  Movements of data / information from one country to other  Permanent establishment (Tax Jurisdiction) issues arising from  Hosting of data and software  Accessing working systems from other countries  Reviewing reports by users of other countries  Legal evidences (Business User)  History of transactions and events  Reports and documents  Software configuration  Access rights for defined roles and positions  Proceedings of video and audio conferences  White board print out for meeting records Is there any Substitute of applying 7WH Principle for Internal Audit? (What, Why, When, Who, Whom, Which, Where and How) In contemporary Digital World IT Jurisprudence is not Nice but Must to Have 12

  13. IT and Jurisprudence – Why …3  Legal evidences (BIS Team)  Right for configuration and codification  QC clearance  Right for modification software or master data  Purging-off and / or archival of records (Destruction of evidence)  Mails Movements electronic records  Data and records and  Tele-caller / recipient as per HLR and VLR of a Telco “ Spend time with corporate counsel to understand thoroughly the requirements of any new or evolving regulations that affect your business ” * The New CIO Leader Setting the Agenda and Delivering Results by Marianne Broadbent and Ellen S. Kitzis * The Presenter’s view is to first make it a subject of study for IT curriculum 13

  14. Let’s look forward to an exciting trip to the Confluence of Knowledge – The Big CIO Show Thank you

Recommend


More recommend