Advertisment

Security is more complicated than buying a product

author-image
DQI Bureau
New Update

What kind of security compliance should businesses and industries need to

have?



Different industries have different requirements. If you are into

processing, transmitting, storing credit card information you have to observe

the compliance called payment card industry data security standards (PCI DSS).

If you are in financial industry like banks you have to observe Basel II

compliance. Basically, it includes operational and technological risks. So, I

think organizations and industries need to have to go for different security

compliances according to the industry s requirements and standards.

Advertisment

What is your view of the security compliance in Indian IT, and banking?



Lot of companies here understand the importance of information security and

management systems (ISMS), so they will have to document necessary controls to

adhere to the ISO27001 certification. However, I am a bit worried about those

Indian companies certified by ISO 27001 as there might be the forced perception

that they are secured but actually they are not. Security, unfortunately is more

complicated than buying an product.

What are your views on the global certifications and standards?



To a certain extent, ISO 27001 is a type of standard that is applicable

across different countries. But different industries behave differently. For the

payment card industry ISO 27001 is not sufficient for security of information.

So the card industry associations such as VISA, American Express and others have

built a new standard called PPI to specifically address the major concerns of

leaking of payment card data. Generally speaking, the ISO27001 would be a great

starting point but depending on specific industries and businesses you need

better security standards.

Advertisment

What is the awareness level about security compliance in India?



ISO 27001 certification is very big in India, about 450 companies are

certified. Its more matured than the US in terms of companies spending on

increasing security compliance and standards. But risk factors in different

countries are different. For instance in the US, you see huge number of hacking,

data losses or leakages. Whereas in India, companies are not viewing that kind

of risk exposures. Eventually the same risk exposures can be seen by Indian

companies. So its the matter of time, when Indian organizations wake up and say

that they need more protection than just ISO 27001.

Pankaj Maru/CMN



maildqindia@cybermedia.co.in

Advertisment