DSCI Excellence Award for Security in IT Services Company (Large
advertisement
DSCI Excellence Award for Security in IT Services Company (Large), 2011 DSCI Excellence Awards 2011 DSCI Excellence Award for Security in IT Services Company (Large), 2011 Process Partner DSCI Excellence Awards 2011 Page 1 DSCI Excellence Award for Security in IT Services Company (Large), 2011 About the Awards In line with its objective to raise the level of security and privacy of IT and BPO service providers to assure their clients and other stakeholders that India is a secure destination for global sourcing and also promote data protection in domestic industry segments like Banking, Telecom and E- governance, DSCI is pleased to announce the institution of ‘DSCI Excellence Awards’ to annually reward organizations and individuals who have shown high level of preparedness and have excelled in the area of information security. Objectives of the Awards The objectives of DSCI Excellence Awards are as follows: 1. Recognition & Honour: Recognize, honour and reward organizations and individuals who have taken strategic, proactive and innovative security efforts to help the organization address real risks, build resilience, increase trustworthiness and create a conducive environment for doing business and thus enable the organization to harness security as a lever for business growth. 2. Elevate the role of Security function: Highlight the importance of security function and its contribution in the overall business ecosystem of an organization. 3. Awareness and knowledge: Bring about awareness towards the need for Information Security within organizations and society at large. Important Dates Events Dates Opening Call for Nominations: Thursday, April 21, 2011 Nominations Deadline: Friday, May 20, 2011 DSCI Excellence Awards Ceremony: Friday, July 22, 2011 DSCI Excellence Awards 2011 Page 2 DSCI Excellence Award for Security in IT Services Company (Large), 2011 Eligibility Criteria • Applicant must be an IT services company, operating for a minimum of five years in India with a turnover of more than INR 1000 crores for the financial year 2010 – 2011. • Applicant can nominate itself only in one award category. Guidelines for completing the Nomination form • Each question must be answered completely as each response will be evaluated on its merit and completeness. • Please provide your response with respect to the initiatives /activities carried out in last one year i.e. 2010 unless specified otherwise in the questions. • An organization can nominate itself or it can be nominated by its clients/third parties /suppliers or other known references. • Please provide examples, live cases, practical insights for building your case; Attach relevant artifacts to support your response; Ensure that all the required aspects are covered in your response (you may go beyond the listed aspects) as these will be used for evaluating your response. Confidentiality Statement Information provided in this form or collected during the course of the evaluation might be confidential in nature. Both, DSCI and PwC, shall take due care that the confidential information is shared only with the designated stakeholders for evaluation purposes only. DSCI Excellence Awards 2011 Page 3 DSCI Excellence Award for Security in IT Services Company (Large), 2011 Nominator Contact Information Data Fields with Asterisk are mandatory Enter Data in this Column First Name* Last Name* Designation/Role* Company/ Organization Name* Mailing Address* City* State* Zip Office Phone* (include area code) Mobile Phone* Email* DSCI Excellence Awards 2011 Page 4 DSCI Excellence Award for Security in IT Services Company (Large), 2011 Nominee Information Data Fields with Asterisk are mandatory Enter Data in this Column Company/ Organization Name* Parent Company Name (if any) Brief description about the company Service Offerings Geographies Served* No. of Employees* Certifications Mailing Address* City* State* Zip Office Phone* (include area code) Mobile Phone* website* DSCI Excellence Awards 2011 Page 5 DSCI Excellence Award for Security in IT Services Company (Large), 2011 Questions Section 1. Security Strategy Does your organization have a security strategy? Please cover the following aspects of the security strategy in your response in maximum 1000 words: i. ii. iii. Core components of your security strategy; its coverage and extent Efforts for alignment of security strategy with business / organizational goals and its integration with IT strategy Processes followed for defining, implementing, operationalizing, communicating, measuring & improving security strategy 2. Compliance Please provide details of the compliance process followed by the organization covering following aspects in your response in maximum 1000 words: i. ii. iii. iv. v. vi. Establishment of compliance processes and structure in terms of compliance function, compliance organization, standards and frameworks adopted , mechanisms deployed for compliance processes, tools adopted Stakeholder involvement such as involvement of business functions; involvement of compliance function in business / client meetings Management of compliance related knowledge Understanding, interpretation and applicability of legal terms; awareness creation Tracking, Reporting, Management, Mapping, and Monitoring of compliance requirements Measurement and reporting of maturity of compliance processes DSCI Excellence Awards 2011 Page 6 DSCI Excellence Award for Security in IT Services Company (Large), 2011 3. Awareness & Culture How does your organization imbibe information security into its culture? Please elaborate on the following aspects in maximum 1000 words: i. ii. iii. iv. v. vi. Identification of security awareness requirements Target audiences covered by the security training program; Ensuring that the content developed for security training is relevant for the target audience Assessing the effectiveness of security and privacy awareness of the organization (KPIs) Training platforms and channels used for imparting security awareness & training; Using corporate messaging for spreading awareness Incentivizing employees to undergo security trainings and improving security awareness Alignment of your organization’s awareness program with your clients’ awareness requirements or programs 4. Security Organization What is your organization’s strategic roadmap for building a responsive, competent and business-centric security organization that helps an organization efficiently DSCI Excellence Awards 2011 Page 7 DSCI Excellence Award for Security in IT Services Company (Large), 2011 manage the growing complexity of security? Please elaborate covering the following aspects in maximum 1000 words: i. ii. iii. iv. v. Alignment of security organization to business goals; Positioning & reporting of security organization Skill development program to ensure competency and adequacy of security resources; Sourcing model to supplement security organization Spread of the Security Organization across strategic, tactical and operational layers ; Categorization of Chief Information Security Officer (CISO)’s (or equivalent ) role across these layers Working relationship between security organization and all horizontals and verticals of your organization Distribution of security related roles and responsibilities; business involvement in security initiatives and vice-versa. 5. Data Centric Initiatives How does your information security program address the data specific requirements and challenges? Please elaborate covering the following aspects in maximum 1000 words: i. ii. iii. iv. v. Process for discovering & identifying the critical data elements; data classification techniques used Scope and extent of data security initiatives – structured & unstructured data, data on external media, archived data, data on mobile computing devices, data on production / non-production systems, etc Efforts for maintaining granular visibility over data Architectural treatment to data security initiatives; solutions and processes deployed for data security Ensuring strength of countermeasures is commensurate with the sensitivity of data to be protected DSCI Excellence Awards 2011 Page 8 DSCI Excellence Award for Security in IT Services Company (Large), 2011 vi. vii. viii. Awareness on how data is managed across its lifecycle including at the client end Maintaining uniformity of controls when data moves across environments including clients’ environment Involvement of business owners / functions in data centric initiatives 6. Domain Specific Security Initiatives Please provide details of Lines of Service (Custom Application Development, Remote Infrastructure Management, etc.) specific security initiatives taken by your organization in maximum 1000 words. 7. Collaboration How does collaboration fits into your organization’s security strategy? Please elaborate covering the following aspects in maximum 1000 words: DSCI Excellence Awards 2011 Page 9 DSCI Excellence Award for Security in IT Services Company (Large), 2011 i. Collaboration with External Stakeholders Identification of external stakeholders (agencies like CERT-In, Security vendor community, security forums, industry associations, etc. ) with whom the security collaborates Types of collaborations along with their objectives The value these collaborations bring to your organization The value these collaborations bring to the industry / nation Operationalizing, sustaining and measuring the effectiveness of such collaborative efforts; Mechanisms and tools used ii. Collaboration with Internal Stakeholders Identification of internal stakeholders (IT, HR, Compliance, etc.) with whom the security collaborates Types of collaboration along with their objectives The value these collaborations bring to your organization Operationalizing, sustaining and measuring the effectiveness of such collaborative efforts; Mechanisms and tools used 8. Security Operationalization What means and mechanisms have been deployed for operationalizing your organization’s security strategy and policy? Please elaborate your response based on the following in maximum 1000 words: i. ii. Items, elements, tactics and tools used for operationalization of security strategy and policy goals Adequacy of efforts and resources to achieve operational goals - management and monitoring of security solutions, security testing, incident management, sourcing model, etc. DSCI Excellence Awards 2011 Page 10 DSCI Excellence Award for Security in IT Services Company (Large), 2011 iii. iv. v. vi. Operationalization strategy for new security competence (solution & process) – fitment, integration, maintenance, support, etc. Integration with IT operations Organization’s dynamism for proactive defense Metrics to assess and measure maturity of security operations 9. Value Creation i. How does your organization generate value through security? (e.g. contribution to new business propositions / opportunities)? Is security considered as a cost centre or business enabler? (Maximum 500 words) ii. Describe the security investment culture of an organization. How do you ensure that investment optimization in security is achieved? What are the mechanisms to calculate ROI, Budget - total percentage of information security budget as compared to overall IT budget? (Maximum 500 words) DSCI Excellence Awards 2011 Page 11 DSCI Excellence Award for Security in IT Services Company (Large), 2011 10. i. ii. Implementation Briefly describe the processes and technology measures adopted by your organization in information security in maximum 1000 words What are the major problems (maximum three) faced by your organization in recent past? How were these problems resolved? Please illustrate your response in the following format: Problem Definition Business Impact 1) Criticality – High Medium Low 2) Type of impact – (Financial, Reputational, etc.) 3) Stakeholders impacted – internal/external (Numbers.) Business Case (Justification for investment ) 1) Identification : Solution (Process/Technology) 2) Evaluation : 3) Proof of Concept : 4) Selection : 5) Procurement : 6) Implementation : 7) Integration : Implementation Challenges DSCI Excellence Awards 2011 Page 12 DSCI Excellence Award for Security in IT Services Company (Large), 2011 Value proposition Organization Learnings 11. Innovation Please provide details of innovative ideas and measures adopted by your organization in the field of security (maximum 3). Please illustrate your response in the following format: Details of Innovation Category of Innovation (tick applicable options) Process Technology Implementation Monitoring mechanism Awareness Any other, please specify___________ a. Please elaborate on why organization classifies this as an innovation and how it is different from conventional approach. b. Please explain the reasons for adopting such innovation. c. How does this innovation bring value to the organization? DSCI Excellence Awards 2011 Page 13 DSCI Excellence Award for Security in IT Services Company (Large), 2011 12. Recognition Please provide details of the recognitions that your organization / security function has received in recent past in Information Security. These recognitions can be classified under the following: i. ii. iii. Recognitions received by your organization for its contribution to industry or community Appreciation received from Clients, Industry Associations, or regulatory bodies Any recognition awarded to the security function by your organization (internal to the organization) DSCI Excellence Awards 2011 Page 14 DSCI Excellence Award for Security in IT Services Company (Large), 2011 Contact Information DSCI Excellence Awards 2011 Address: Niryat Bhawan, 3rd Floor Rao Tula Ram Marg, New Delhi – 110057 Contact No: +91 11 26155071 Email: awards@dsci.in Website: www.dsci.in Page 15
