Case Study on Information Security and it's agglication Information Security Requirements Since Case A operates in Software develogment, wole applications And moleile Agglications develogment Wousiness, Any information 1055 (2.9, losing codes, Software progedins, agplications, etc.) 6 crucial for the Company And its operations Information Security Policy There is no documented information security golicy in Case A. The information Security voles And responsibilities of employees are not defined Tnformation Security Training There 16 no Formal information security training grogrammes Lor employees (Case Ar-neither at the time of jining the company wor later Information Security Awareness In the alosence of any information security training grogramnmes, Pengloy20s in Case A found to 2 vary 1255 aware about various information security threats and countermeasures Information Security Audit There iS no mechanism of information Security audit in Case A. Organization does not conduct Any internal or exteenal information seeurity audits, Asset Management As a part of inventory, Case A kegs record of the Company's IT And non-IT assets. Assets are not classified based on visk o criticality. PCs and lagtors ave generally used on shaved basis, So it 16 hard to fix the accountability. Information Security Incident Management During interviews, it was found that Case A has no defined information Security incident management glan, Employees ave not aware of the consequences of notFollowing information Security processes or practices Information Security Management Ef£ectiveness Although the tog management, managers And other employees of Case A acknowledge the fact that information security is a critical asgect of theiv business, The i66U2 hAS given very low griovity im the orqanization. In Alosence of any information security Policy or qBidelinds, there Ave no defined processes or Systems Lor TSM in the oraQnization. We to lack of training o- AWArEndss Rrogrdmmds, AmploYOes Ave Gnevally UndWare About various visks to the information And information assets that they ave dealing with. In the cowrse of interview, this has come-ue very clearly that because of the. carelessness And reluctance, often data apt lost, dnd this affects the overall productivity of the organization. In Some 6052S, Such incidents have delayed Project delivery that vasulted into Adverse outcomes in terms of Finducial 105505, 1055 of lousiness And even losing client Discussion Fast pacing technological Advancements grovide new And innovative ways to lousinesses to conduct their daily operations, Such a5 collalsoration, coordination, product /service-desiqn, development and delivery, And providing alternate ways to Conndct And communicate with different stakeholders. In this pursuit, modern day organizations have become over degendent on LT/ECT for their various lousiness Lunctions. In case of Some lousinesses, it bAS become nearly imgossilole to conduct daily operations without proper functioning of their information Systems. In Such O Scenario, protecting lusiness information And velated assets Leon Oxt@rnal AS well AS internal threats have become a matter of gAKAMoUnt importance for orqanizations. To deal with this situation, on one band, organizations Ave relying more And move on the USAEe of Advance technological Solutions, the management i625 Ave often overlooked (Pricewaterhouse Coopers, 10IL). ConclusionThe present Study adogts a qualitative research aggrdch to Understand and 2xAmind the LSM practices of two LT-develogment And Services companies in India. Semi-structured interviews and descvigtive analysis methodolaay followed Loy SAP-LAP method of inquiry have been used to analyse the cases Under Study. Findings of the Study ave limited to the two case organizations Under study And Cannot (oe generalized. However, this cOn be useful Lor organizations like im domain with Similae nature of work o Functions. Further, Similar Studies Can le conducted For organizations From across different industries Sectors,