“I suggest vendors to design solutions which are easy to adapt by a common man even”
I started my career from a call center (Fine Edge India) as a Technical support executive, though it was only for a few months but it immersed me in the concepts of networking. Then I moved to Wipro and was placed as an All India IT helpdesk coordinator onsite at (Carrier Aircon Gurgaon) where I got my brain cells adapted to immense work pressure and finally moved to my present ocean of challenges and learning at – Snap-on Tools Pvt. Ltd. In the past 9 years I under took number of challenges and delivered them as desired. I came across situations where I had to learn new technologies and find out new ways to smoothen the business processes.
Information Security as a profession
Information security is a gigantic term, not every aspect of it can be touched by a single person. I have tried my best to keep the essentials in place (It’s not just about protecting something form unauthorized access, there is a lot to it). Confidentiality, integrity and availability are the base of Information security. Every organization requires them in a different ratio and to determine this ratio is a challenge. And accepting challenges is my favourite past-time, therefore I chose to be a part of Information Security domain.
Biggest challenges CISOs facing today
I feel the main challenge for a CISO is the people, everything else can be planted. People need to understand what information they are creating or floating in. What is to be secured and what information doesn’t need the time & investment of the organization. Developing a sense of information security among people is a big challenge. CISOs need to make each individual understand the importance of data being created or managed by him/her. It might not be of importance to the beholder but lots of eyes are in the hunt. Another challenge is the lowering cost of storage drives/devices. Everyday everyone is creating so much of data that it is hard to classify what is important and what is not and it will continue to grow.
Information security outsourcing
I personally do not believe in Information outsourcing, Information is not a currency or a precious metal which can be kept with someone who can secure it better that you. Merely knowing about the data is also an information leak.
Data privacy Vs Data security
Data privacy to me is the right to access the information to the owner or someone who has the permission of the owner, whereas, data security is more of securing it physically, logically and over the wire.
Suggestions to Information Security vendors
I suggest them to design solutions which are easy to adapt by a common man and at the same time keeping the organizations objective safe. For a geek every complex process is easy to understand but a layman doesn’t think that way. It should also empower the enablers to configure it to every individual need at different levels in the organization.