Archive for August 9th, 2006

Information Security – A layered approach

August 9, 2006

It was an interesting knowledge sharing experience with Dr Mitta of e4e Labs, Vish of Infosys, Bala of Polaris, Raghu of Intel, Upadhyay of BSNL, Atul of Syndicate Bank, Jethin of Wipro, Anil of Intel, Bringi, CEO of IDG India and I invited by Vijay, Editor, CIO India for an informal yet focused discussion on corporate leaders approach to security particularly the layered approach. Interesting points to take home include

    It is good to learn from history; our forts and temples had “seven layers”; can we learn from them

    Internet is both a blessing and a curse (from security point); how to cope

    Intel as a platform company has started to address the issue at that level
    Laptops (that too of senior executives) pose maximum thrust

    Can we not use the idea of “security for all”, the way quality & integrity were imbibed by Indian corporates like Wipro in nineties?

    How do you cope with home workers?

    Can we take the view that anything other than data center is “outside”? Even those working inside offices? As most security breaches happen thru insiders (not always with malicious intentions) this appears promising

    Certification like BS 7799 must be starting point and not end point (most managements view it that way)

    Application security is woefully inadequate; most programmers are NOT trained to think thru security

All in all it was an enjoyable and enriching roundtable

(CIO Breakfast Roundtable at Bangalore on Aug 8, 2006)