Case Study on Information Security and it's agglication
Information Security Requirements
Since Case A operates in Software develogment, wole applications And moleile
Agglications develogment Wousiness, Any information 1055 (2.9, losing codes,
Software progedins, agplications, etc.) 6 crucial for the Company And its
operations
Information Security Policy
There is no documented information security golicy in Case A. The information
Security voles And responsibilities of employees are not defined
Tnformation Security Training
There 16 no Formal information security training grogrammes Lor employees
(Case Ar-neither at the time of jining the company wor later
Information Security
Awareness In the alosence of any information security training grogramnmes,
Pengloy20s in Case A found to 2 vary 1255 aware about various information
security threats and countermeasures
Information Security Audit There iS no mechanism of information Security audit
in Case A. Organization does not conduct Any internal or exteenal information
seeurity audits,
Asset Management As a part of inventory, Case A kegs record of the
Company's IT And non-IT assets. Assets are not classified based on visk o
criticality. PCs and lagtors ave generally used on shaved basis, So it 16 hard to fix
the accountability.
Information Security Incident Management
During interviews, it was found that Case A has no defined information Security
incident management glan, Employees ave not aware of the consequences of notFollowing information Security processes or practices
Information Security Management
Ef£ectiveness Although the tog management, managers And other employees of
Case A acknowledge the fact that information security is a critical asgect of
theiv business, The i66U2 hAS given very low griovity im the orqanization. In
Alosence of any information security Policy or qBidelinds, there Ave no defined
processes or Systems Lor TSM in the oraQnization. We to lack of training o-
AWArEndss Rrogrdmmds, AmploYOes Ave Gnevally UndWare About various visks to
the information And information assets that they ave dealing with. In the
cowrse of interview, this has come-ue very clearly that because of the.
carelessness And reluctance, often data apt lost, dnd this affects the overall
productivity of the organization. In Some 6052S, Such incidents have delayed
Project delivery that vasulted into Adverse outcomes in terms of Finducial 105505,
1055 of lousiness And even losing client
Discussion
Fast pacing technological Advancements grovide new And innovative ways to
lousinesses to conduct their daily operations, Such a5 collalsoration, coordination,
product /service-desiqn, development and delivery, And providing alternate ways to
Conndct And communicate with different stakeholders. In this pursuit, modern
day organizations have become over degendent on LT/ECT for their various
lousiness Lunctions. In case of Some lousinesses, it bAS become nearly imgossilole
to conduct daily operations without proper functioning of their information
Systems. In Such O Scenario, protecting lusiness information And velated assets
Leon Oxt@rnal AS well AS internal threats have become a matter of gAKAMoUnt
importance for orqanizations. To deal with this situation, on one band,
organizations Ave relying more And move on the USAEe of Advance technological
Solutions, the management i625 Ave often overlooked (Pricewaterhouse Coopers,
10IL).
ConclusionThe present Study adogts a qualitative research aggrdch to Understand and
2xAmind the LSM practices of two LT-develogment And Services companies in
India. Semi-structured interviews and descvigtive analysis methodolaay followed
Loy SAP-LAP method of inquiry have been used to analyse the cases Under Study.
Findings of the Study ave limited to the two case organizations Under study And
Cannot (oe generalized. However, this cOn be useful Lor organizations like im
domain with Similae nature of work o Functions. Further, Similar Studies Can le
conducted For organizations From across different industries Sectors,