|
Jury View
One step at a time
 Gulshan Rai, Director, CERT-IN and ERNET,
Ministry of Communications & IT, Department of IT,
Govt. of India, believes that a comprehensive security
strategy cannot be achieved overnight. It has to be
planned and deployed systematically .
Planning for information security is a
complex task. One has to look at the nature of the work
being carried out by the organisation, its prospective
plans, information assets to be secured, how long these
need to be secured, and what is the content
(information) that has to be secured.
A good strategist plans his security
strategy after considering all these factors. While
performing this task he has to ensure that whatever he
plans is carried forward, is compatible, and that the
technology is available. He should be able to implement
it in a well-defined manner and as soon as possible with
the stress on simple operations. These are the principal
components of a good strategy. A CIO who plans after
taking all these factors into account is a good
strategist.
The entire implementation of security
strategy is process-oriented. It is not
manpower-intensive, but process-intensive. It cannot be
done overnight, but has to be planned and performed
systematically. This is akin to building a brick wall,
one step at a time.
Information security involves more
than technology—it is a process. One has to follow the
process, and keep the processes and logs intact. This is
essential to ensure that you can look back and check
later if required. In the case of information security,
it happens that most of the time you first see what you
have implemented, improve on it, and then proceed.
Along with the technology and the
processes, it is important to stress on user education
in a good security strategy. User education is an
important component in implementing information
security. If there is no trained manpower or awareness
in the area of information security, then the
implementation of security becomes difficult.
Firstly, the manpower needs to be
trained to create a mindset oriented towards information
security. The need for information security, its
implementation and the overall vision have to be
emphasised as part of an awareness programme. Other
factors to remember when doing this include the
integration of information security with e-governance,
the organisation’s philosophy, nature of business, as
well as future technology and business requirements.
Resources must be trained in all these requirements.
Training in just one area may not help. Comprehensive
integrated training and manpower orientation towards
information security is essential.
The state of awareness about
information security in India is improving. Today,
various requirements are being enforced and
organisations are slowly becoming aware of these.
The Security Strategist Awards are
creating awareness and competition among organisations
to implement security practices. It is a good effort
that The Indian Express has undertaken. I appreciate The
Indian Express for initiating this kind of an award.
It will go a long way in proving and
creating awareness of information security in organisations.
Institution of Security Strategist Awards by The Indian
Express will accelerate and catalyse the awareness about
information security in India.
| 
|| Feedback
|| Subscribe-
