How secure is your outsourced operations

Tactical guidelines

Information security is not so much an issue of technology as of governance. A comprehensive information security needs a complete solution involving governance, technology and people. It also requires defining a security behaviour in the company to establish confidence in security systems.

• Governance will encompass:
• Top managements commitment;
• Security architecture and design with policy framework involving disaster recovery, business continuity, risk mitigation, business process workarounds;
• Clear business objectives with realistic expectations;
• Regular revision and training on active policies and procedures;
• Rigorous and regular auditing (physical and electronic) and monitoring process; and
• Appropriate back-ups with back-up facilities provision; Stringent standards for information storage and data disposal (electronic physical).

• Technology will encompass:
• Appropriate firewalls/access protocols/restrictions defined and implemented for controlling access to the network, workstations and other equipment;
• Application-specific network access security measures, encryption;
• Restricted Internet access and removable storage mediums like floppy, CD-ROM/ USB drives etc. disabled;
• Monitoring of system procedures and areas of risk, logging and reviewing events, clock synchronisation, event logging process;
• Screen savers with passwords, power on passwords to ensure boot protection; and
• Restricted access based entry/exit, compulsory logging all the entries, incessant supervision round the clock by security personnel using CCTV cameras.

• People
• Frisking of Employees during entry/exit;
• Appropriate training to security policies and procedures;
• User authentication by means of a user ID and password;
• Compulsory reference and background checks for employees; and
• Dedicated resources approved by customers with non-disclosure and confidentiality agreement signed with each employee.

The threat to security can be internal or external. The risk of external threat can be mitigated by ensuring good systems and strict implementation of the security policy. Companies lay down procedure and norms and follow them through the induction of an employee.

But what if a person decides to commit an act of fraud? We have been seeing instances of such frauds which are not limited to just the outsourced service providers but happen within the company by the companys own trusted employees. Is honesty still the best policy?

Ultimately all operations are handled by humans and human values play a far greater part in day-to-day behaviour of an individual.

The governing mantra

Swadharme nidhan shreya para dharmo bhayapaha. The Bhagvad Gita says that it is better to die than give up ones own dharma. Perhaps we may have to go down to the roots of negative behaviour which lies in anger, greed, hatred, etc. Human values and beliefs are the basis of Hindu philosophy of dharma.

While pre-emptive security procedures and policies are essential to blunt security concerns, the litmus test of security deals with the integral part of an organization: the human factor.

How well we address this will ensure the key to the success of an organization, and the macroeconomic effects of such behaviour impacts the progress of the country as well.

Page 1, Page 2