Industry gives a Thumbs Up to ITA 2008
Data Security Council of India (DSCI) has released the results of a study
on the State of Data Security and Privacy in the Indian Industry, conducted
in association with KPMG and CERT-In with about 150 organizations
participating in the survey from both IT and non IT industry.
While a copy of the detailed report is
available here, some of the notable observations are highlighted here.
It appears that at least for the purpose of the Survey, respondents do
confirm providing "Top" or "Critical" priority to Information Security and
data Privacy and providing an independent management structure for
implementation of security.
It is notable that over 95% of the respondents suggest that a CXO level
oversight is provided for approval and implementation of security
initiatives. More than 89% report having conducted IS audits.
Amongst the concerns expressed, "Employee Non Seriousness" is listed as the
highest concern with 64% of respondents highlighting the same. 50% express
that "Business Exigencies" override security requirements.
Amongst the "Drivers", the Client/Customer's concerns about Data Privacy is
listed as the most important with "Data Privacy being a differentiator", a
In what could be an indicator of job prospects in the area, more than 37%
of the large companies (turnover more than Rs 1000 crores) employ over 10
persons in the IS department. Even amongst smaller companies (Turnover less
than 50 crores), 43% employ at least 5 or more persons in the IS
An important aspect of the survey is an effort to understand how the Legal
Compliance environment has been perceived by the respondents.
According to the survey, 86% of the respondents consider that ITA 2008 will
establish a strong data protection regime. This is a big thumbs up given to
ITA 2008. This is a very positive reaction. 77% also consider that it
provides assurance to its International partners. These perceptions support
the two major drivers recognized by the industry namely the Customer
Requirements and Business differentiation.
An interesting pointer of how the Industry perceives the role of CERT-In is
the survey finding that only a third of the respondents plan to interact
with CERT-In to report incidents that they may encounter.
In the light of the above findings,
we may expect more action in the industry towards ITA 2008 compliance in
the coming year. Some key action points would be
1. Creating better employee seriousness through "Cyber Ethics" training
2. Conducting specific ITA 2008 compliance audits and initiating a
It may be noted that Naavi is already in the forefront of a "Techno Legal
Information Security Movement" to address these two implementation
requirements. During 2010, more thrust would be added to address some
of the concerns indicated in this report.
January 5, 2010
Comments are Welcome at