information management and security
Key Challenges
Managing Information A structured approach towards addressing information management challenges is immediately needed
T RET TURNS
Old Criteria
Paradigm Shift
New EFFORT / TIME
Paradigm Shift in Security & Risk Management
32
Events Logs
Millions Raw event data Distributed Heterogeneous
Event Management Event Management 9 Explicit event collection & Log Analysis
Events Events Threats Threat Analysis
Incidents Threats
I id t Incidents
Thousands Relevant Events
egov / www.egovonline.net / September 2011
aspects appropriately so that the security of our information assets is not compromised.
Key Challenges There are four sets of challenges that we need to address in order to put in place an effective information management system. Managing datasets is the first challenge. We need to manage different datasets that need to be integrated. The present egovernance model talks of more and more public facing systems that can increase transparency and reduce costs besides creating trust among the people. In order to ensure reliable service delivery, there is a critical need to manage data, guard against unauthorised intrusions and create audit trails that can help in forensic analysis of any untoward event. The next challenge is a macro-level view of risk management in governance. While the RBI has mandated corporates to adopt risk management and corporate governance norms under Clause 49, the risk management
Mana
• Com chan • Defi Secu rem
Macr
• Pres evall • Ther acce • Own
Multi Enviro
Hundreds Prioritized lists Actionable items
Key Challenges
New Criteria Mandatory • Mandatory • Competitive Advantage • Proactive • Risk Driven • On‐Demand
ss Based
Log Archival
Security Data
Reporting & Forensics Incident Response
DISCONTINUITY CURVE
• Optional • Health of Business • Reactive • Meet Regulation • On‐Premises
9 Intelligent Down S Stream Suppression
Structured Process
he principle of PDCA (Plan, Do, Check and Act) is an important paradigm In information management and security. Although a lot of work has gone in planning and evolving policy structures for egovernance, implementation can only be as successful as the strength of the monitoring mechanism. We thus need to strengthen our monitoring abilities to manage information and ensure security of data in a more robust and effective manner. Challenge for Indian security environment is largely coming from the threat of loss of reputation that arises from attack on websites that are your public face. About 270 Indian official sites have been hacked in recent times. So far, we have not really tried to undertake forensic analysis of the incidents and close the loopholes. With the changing forms of attacks, we need to be &Risk Management proactive and deal with policy and administrative
grated
Data Management
Noise Reduction
Correlation & Visualization
By Arvind Mehrotra, President APAC,
s Critical ies ‐‐ Apps ies
Intrusion Protection
framework in governments is still weak. I am yet to come across any govt in India that has adopted an ISMS (Integrated Security Management Policy) policy. This needs to be addressed on a priority basis. The third challenge is that as we adopt ICT in governance, we are increasingly deploying multiple sets of technology without knowing exact roles of each set. Consequently, there might be multiple systems performing the same function. In the absence of a data analysis engine that can collate and analyse data across systems, and manage the dataset, this might go undetected. In addition, in the absence of a centralised analytics system, the information being generated from diverse deployments often goes unutilised. This too needs to be addressed. Lastly, we also need to address the absence of proper controls and an assessment and risk mitigation strategy. At present, there is no process that can judge the performance of a technology deployment against pre-defined performance criteria and against its adherence to policy guidelines. There is similarly no proper framework to analyse whether or not the technology is able to adequately protect the data assets. All this needs to change. The earlier model of governance working in unconnected silos is being replaced by a new paradigm of interconnected applications and integrated datasets. We now need a process view that addresses all issues in an integrated manner. A Security Operating Centre dealing with security incident management services and adoption of the CTO/CIO model in governments for better management of our information assets need to be adopted with urgency.
• A on wide • Diffe envi
Insuff Risk M
• Insu I susc • Ther cont