eGov-Sept-2011-[32]-Managing Information-Arvind Mehrotra

Page 1

information management and security

Key Challenges

Managing Information A structured approach towards addressing information management challenges is immediately needed

T RET TURNS

Old Criteria

Paradigm Shift

New EFFORT / TIME

Paradigm Shift in Security & Risk Management

32

Events Logs

Millions Raw event data Distributed Heterogeneous

Event Management Event Management 9 Explicit event collection & Log Analysis

Events Events Threats Threat Analysis

Incidents Threats

I id t Incidents

Thousands Relevant Events

egov / www.egovonline.net / September 2011

aspects appropriately so that the security of our information assets is not compromised.

Key Challenges There are four sets of challenges that we need to address in order to put in place an effective information management system. Managing datasets is the first challenge. We need to manage different datasets that need to be integrated. The present egovernance model talks of more and more public facing systems that can increase transparency and reduce costs besides creating trust among the people. In order to ensure reliable service delivery, there is a critical need to manage data, guard against unauthorised intrusions and create audit trails that can help in forensic analysis of any untoward event. The next challenge is a macro-level view of risk management in governance. While the RBI has mandated corporates to adopt risk management and corporate governance norms under Clause 49, the risk management

Mana

• Com chan • Defi Secu rem

Macr

• Pres evall • Ther acce • Own

Multi Enviro

Hundreds Prioritized lists Actionable items

Key Challenges

New Criteria Mandatory • Mandatory • Competitive Advantage • Proactive • Risk Driven • On‐Demand

ss Based

Log Archival

Security Data

Reporting & Forensics Incident Response

DISCONTINUITY CURVE

• Optional • Health of Business • Reactive • Meet Regulation • On‐Premises

9 Intelligent Down S Stream Suppression

Structured Process

he principle of PDCA (Plan, Do, Check and Act) is an important paradigm In information management and security. Although a lot of work has gone in planning and evolving policy structures for egovernance, implementation can only be as successful as the strength of the monitoring mechanism. We thus need to strengthen our monitoring abilities to manage information and ensure security of data in a more robust and effective manner. Challenge for Indian security environment is largely coming from the threat of loss of reputation that arises from attack on websites that are your public face. About 270 Indian official sites have been hacked in recent times. So far, we have not really tried to undertake forensic analysis of the incidents and close the loopholes. With the changing forms of attacks, we need to be &Risk Management proactive and deal with policy and administrative

grated

Data Management

Noise Reduction

Correlation & Visualization

By Arvind Mehrotra, President APAC,

s Critical ies ‐‐ Apps ies

Intrusion Protection

framework in governments is still weak. I am yet to come across any govt in India that has adopted an ISMS (Integrated Security Management Policy) policy. This needs to be addressed on a priority basis. The third challenge is that as we adopt ICT in governance, we are increasingly deploying multiple sets of technology without knowing exact roles of each set. Consequently, there might be multiple systems performing the same function. In the absence of a data analysis engine that can collate and analyse data across systems, and manage the dataset, this might go undetected. In addition, in the absence of a centralised analytics system, the information being generated from diverse deployments often goes unutilised. This too needs to be addressed. Lastly, we also need to address the absence of proper controls and an assessment and risk mitigation strategy. At present, there is no process that can judge the performance of a technology deployment against pre-defined performance criteria and against its adherence to policy guidelines. There is similarly no proper framework to analyse whether or not the technology is able to adequately protect the data assets. All this needs to change. The earlier model of governance working in unconnected silos is being replaced by a new paradigm of interconnected applications and integrated datasets. We now need a process view that addresses all issues in an integrated manner. A Security Operating Centre dealing with security incident management services and adoption of the CTO/CIO model in governments for better management of our information assets need to be adopted with urgency.

• A on wide • Diffe envi

Insuff Risk M

• Insu I susc • Ther cont


Turn static files into dynamic content formats.

Create a flipbook
Issuu converts static files into: digital portfolios, online yearbooks, online catalogs, digital photo albums and more. Sign up and create your flipbook.