DSCI Excellence Award for Security in Captive BPO, 2011 DSCI

advertisement
DSCI Excellence Award for Security in Captive BPO, 2011
DSCI Excellence Awards 2011
DSCI Excellence Award for Security
in Captive BPO, 2011
Process Partner
DSCI Excellence Awards 2011
Page 1
DSCI Excellence Award for Security in Captive BPO, 2011
About the Awards
In line with its objective to raise the level of security and privacy of IT and BPO service
providers to assure their clients and other stakeholders that India is a secure destination
for global sourcing and also promote data protection in domestic industry segments like
Banking, Telecom and E- governance, DSCI is pleased to announce the institution of
‘DSCI Excellence Awards’ to annually reward organizations and individuals who have
shown high level of preparedness and have excelled in the area of information security.
Objectives of the Awards
The objectives of DSCI Excellence Awards are as follows:
1. Recognition & Honour: Recognize, honour and reward organizations and
individuals who have taken strategic, proactive and innovative security
efforts to help the organization address real risks, build resilience, increase
trustworthiness and create a conducive environment for doing business and thus
enable the organization to harness security as a lever for business growth.
2. Elevate the role of Security function: Highlight the importance of security
function and its contribution in the overall business ecosystem of an organization.
3. Awareness and knowledge: Bring about awareness towards the need for
Information Security within organizations and society at large.
Important Dates
Events
Dates
Opening Call for Nominations:
Thursday, April 21, 2011
Nominations Deadline:
Friday, May 20, 2011
DSCI Excellence Awards Ceremony:
Friday, July 22, 2011
DSCI Excellence Awards 2011
Page 2
DSCI Excellence Award for Security in Captive BPO, 2011
Eligibility Criteria
•
Applicant must have been operating for a minimum of two years in India,
providing BPO, LPO, KPO, etc. services to its own parent organization as a Captive
unit.
•
Applicant can nominate itself only in one award category.
Guidelines for completing the Nomination form
•
Each question must be answered completely as each response will be evaluated on its
merit and completeness.
•
Please provide your response with respect to the initiatives /activities carried out in
last one year i.e. 2010 unless specified otherwise in the questions.
•
An organization can nominate itself or it can be nominated by its clients/third
parties /suppliers or other known references.
•
Please provide examples, live cases, practical insights for building your case; Attach
relevant artifacts to support your response; Ensure that all the required aspects are
covered in your response (you may go beyond the listed aspects) as these will be used
for evaluating your response.
•
Wherever mentioned in this nomination form, term ‘Client’ may be referred to as
parent company / group companies / internal business functions.
Confidentiality Statement
Information provided in this form or collected during the course of the evaluation
might be confidential in nature. Both, DSCI and PwC, shall take due care that the
confidential information is shared only with the designated stakeholders for
evaluation purposes only.
DSCI Excellence Awards 2011
Page 3
DSCI Excellence Award for Security in Captive BPO, 2011
Nominator Contact Information
Data Fields with Asterisk are mandatory
Enter Data in this Column
First Name*
Last Name*
Designation/Role*
Company/ Organization Name*
Mailing Address*
City*
State*
Zip
Office Phone* (include area code)
Mobile Phone*
Email*
DSCI Excellence Awards 2011
Page 4
DSCI Excellence Award for Security in Captive BPO, 2011
Nominee Information
Data Fields with Asterisk are
mandatory
Enter Data in this Column
Company/ Organization
Name*
Parent Company Name (if
any)
Brief description about the
company
Service Offerings
Geographies Served*
No. of Employees*
Certifications
Mailing Address*
City*
State*
Zip
Office Phone* (include area
code)
Mobile Phone*
DSCI Excellence Awards 2011
Page 5
DSCI Excellence Award for Security in Captive BPO, 2011
website*
Questions Section
1. Security Strategy
Does your organization have a security strategy? Please cover the following aspects of
the security strategy in your response in maximum 1000 words:
i.
ii.
iii.
Core components of your security strategy; its coverage and extent
Efforts for alignment of security strategy with business / organizational goals
and its integration with IT strategy
Processes followed for defining, implementing, operationalizing,
communicating, measuring & improving security strategy
2. Compliance
Please provide details of the compliance process followed by the organization covering
following aspects in your response in maximum 1000 words:
i.
ii.
iii.
iv.
v.
Establishment of compliance processes and structure in terms of compliance
function, compliance organization, standards and frameworks adopted ,
mechanisms deployed for compliance processes, tools adopted
Stakeholder involvement such as involvement of business functions;
involvement of compliance function in business / client meetings
Management of compliance related knowledge
Understanding, interpretation and applicability of legal terms; awareness
creation
Tracking, Reporting, Management, Mapping, and Monitoring of compliance
requirements
DSCI Excellence Awards 2011
Page 6
DSCI Excellence Award for Security in Captive BPO, 2011
vi.
Measurement and reporting of maturity of compliance processes
3. Awareness & Culture
How does your organization imbibe information security into its culture? Please
elaborate on the following aspects in maximum 1000 words:
i.
ii.
iii.
iv.
v.
vi.
Identification of security awareness requirements
Target audiences covered by the security training program; Ensuring that the
content developed for security training is relevant for the target audience
Assessing the effectiveness of security and privacy awareness of the
organization (KPIs)
Training platforms and channels used for imparting security awareness &
training; Using corporate messaging for spreading awareness
Incentivizing employees to undergo security trainings and improving security
awareness
Alignment of your organization’s awareness program with your clients’
awareness requirements or programs
DSCI Excellence Awards 2011
Page 7
DSCI Excellence Award for Security in Captive BPO, 2011
4. Security Organization
What is your organization’s strategic roadmap for building a responsive, competent
and business-centric security organization that helps an organization efficiently
manage the growing complexity of security? Please elaborate covering the following
aspects in maximum 1000 words:
i.
ii.
iii.
iv.
v.
Alignment of security organization to business goals; Positioning & reporting
of security organization
Skill development program to ensure competency and adequacy of security
resources; Sourcing model to supplement security organization
Spread of the Security Organization across strategic, tactical and operational
layers ; Categorization of Chief Information Security Officer (CISO)’s (or
equivalent ) role across these layers
Working relationship between security organization and all horizontals and
verticals of your organization
Distribution of security related roles and responsibilities; business
involvement in security initiatives and vice-versa.
5. Data Centric Initiatives
How does your information security program address the data specific requirements
and challenges? Please elaborate covering the following aspects in maximum 1000
words:
i.
ii.
iii.
iv.
Process for discovering & identifying the critical data elements; data
classification techniques used
Scope and extent of data security initiatives – structured & unstructured data,
data on external media, archived data, data on mobile computing devices,
data on production / non-production systems, etc.
Efforts for maintaining granular visibility over data
Architectural treatment to data security initiatives; solutions and processes
deployed for data security
DSCI Excellence Awards 2011
Page 8
DSCI Excellence Award for Security in Captive BPO, 2011
v.
vi.
vii.
viii.
Ensuring strength of countermeasures is commensurate with the sensitivity of
data to be protected
Awareness on how data is managed across its lifecycle including at the client
end
Maintaining uniformity of controls when data moves across environments
including clients’ environment
Involvement of business owners / functions in data centric initiatives
6. Domain Specific Security Initiatives
Please provide details of Lines of Service (Customer Interaction & Support, Finance
& Accounting, Human Resource Management, etc.) specific security initiatives taken
by your organization in maximum 1000 words.
DSCI Excellence Awards 2011
Page 9
DSCI Excellence Award for Security in Captive BPO, 2011
7. Collaboration
How does collaboration fits into your organization’s security strategy? Please
elaborate covering the following aspects in maximum 1000 words:
i.
Collaboration with External Stakeholders
 Identification of external stakeholders (agencies like CERT-In, Security
vendor community, security forums, industry associations, etc. ) with
whom the security collaborates
 Types of collaborations along with their objectives
 The value these collaborations bring to your organization
 The value these collaborations bring to the industry / nation
 Operationalizing, sustaining and measuring the effectiveness of such
collaborative efforts; Mechanisms and tools used
ii.
Collaboration with Internal Stakeholders
 Identification of internal stakeholders (IT, HR, Compliance, etc.) with
whom the security collaborates
 Types of collaboration along with their objectives
 The value these collaborations bring to your organization
 Operationalizing, sustaining and measuring the effectiveness of such
collaborative efforts; Mechanisms and tools used
8. Security Operationalization
What means and mechanisms have been deployed for operationalizing your
organization’s security strategy and policy? Please elaborate your response based on
the following in maximum 1000 words:
DSCI Excellence Awards 2011
Page 10
DSCI Excellence Award for Security in Captive BPO, 2011
i.
ii.
iii.
iv.
v.
vi.
Items, elements, tactics and tools used for operationalization of security
strategy and policy goals
Adequacy of efforts and resources to achieve operational goals - management
and monitoring of security solutions, security testing, incident management,
sourcing model, etc.
Operationalization strategy for new security competence (solution & process)
– fitment, integration, maintenance, support, etc.
Integration with IT operations
Organization’s dynamism for proactive defense
Metrics to assess and measure maturity of security operations
9. Value Creation
i.
How does your organization generate value through security? (e.g.
contribution to new business propositions / opportunities)? Is security
considered as a cost centre or business enabler? (Maximum 500 words)
ii.
Describe the security investment culture of an organization. How do you
ensure that investment optimization in security is achieved? What are the
mechanisms to calculate ROI, Budget - total percentage of information
security budget as compared to overall IT budget? (Maximum 500 words)
DSCI Excellence Awards 2011
Page 11
DSCI Excellence Award for Security in Captive BPO, 2011
10.
i.
ii.
Implementation
Briefly describe the processes and technology measures adopted by your
organization in information security in maximum 1000 words
What are the major problems (maximum three) faced by your organization in
recent past? How were these problems resolved? Please illustrate your
response in the following format:
Problem
Definition
Business Impact
1) Criticality –
High
Medium
Low
2) Type of impact – (Financial, Reputational, etc.)
3) Stakeholders impacted – internal/external (Numbers.)
Business Case
(Justification for
investment )
1) Identification :
Solution
(Process/Technology)
2) Evaluation :
3) Proof of Concept :
4) Selection :
5) Procurement :
6) Implementation :
7) Integration :
Implementation
Challenges
DSCI Excellence Awards 2011
Page 12
DSCI Excellence Award for Security in Captive BPO, 2011
Value proposition
Organization
Learnings
11.
Innovation
Please provide details of innovative ideas and measures adopted by your organization in
the field of security (maximum 3). Please illustrate your response in the following
format:
Details of Innovation
Category of Innovation
(tick applicable options)
Process
Technology
Implementation
Monitoring mechanism
Awareness
Any other, please specify___________
a. Please elaborate on why organization classifies this as an innovation and how it is
different from conventional approach.
b. Please explain the reasons for adopting such innovation.
c. How does this innovation bring value to the organization?
DSCI Excellence Awards 2011
Page 13
DSCI Excellence Award for Security in Captive BPO, 2011
12.
Recognition
Please provide details of the recognitions that your organization / security function
has received in recent past in Information Security. These recognitions can be
classified under the following:
i.
ii.
iii.
Recognitions received by your organization for its contribution to industry or
community
Appreciation received from Clients, Industry Associations, or regulatory
bodies
Any recognition awarded to the security function by your organization
(internal to the organization)
DSCI Excellence Awards 2011
Page 14
DSCI Excellence Award for Security in Captive BPO, 2011
DSCI Excellence Awards 2011
Page 15
DSCI Excellence Award for Security in Captive BPO, 2011
Contact Information
DSCI Excellence Awards 2011
Address:
Niryat Bhawan, 3rd Floor
Rao Tula Ram Marg,
New Delhi – 110057
Contact No:
+91 11 26155071
Email:
awards@dsci.in
Website:
www.dsci.in
Page 16
Download