NASSCOM, which is
According to Shymal Ghosh, chairman of DSCI, 'it will be an independent organization, at arms length from NASSCOM.'
What is important in order to combat inadequate controls surrounding information security, is to ensure that there is a body of information security standards that companies are expected to follow. This ensures process standardization, industry comparisons as well as enables accreditations/certifications. These standards would encompass
- encryption standards,
- physical controls,
- logical controls (especially user access controls, interface controls, restriction over the use of Instant Messaging etc.)
- other infrastructure related standards.
Best practices dictate establishing an information security policy and a data classification policy. Data that has been classified as critical, sensitive or public data, automatically becomes much more organized and it is easy to see which data should be given priority for security.
Although we have seen incidents of internal control violations (data theft, cheating, passing on confidential information) in recent years, the core of the outsourcing business in
Maybe, an initiative like DSCI will be the first successful step towards achieving formal governance in corporate