|
|
Shared Information Security Infrastructure
(SISI)
Information Security has been recognised as a key requirement of any organization which is ICT enabled. Naavi.org has been advocating Techno Legal Information Security as the requirement of the day instead of only the Technical security measures.
Obviously, implementing effective techno legal information security requires a "CyLawCom audit" and implementation of the solutions which the auditor suggests. This is therefore often seen as a further burden on the organization in terms of costs. Hence unless there is a legal mandate, no user feels compelled to incur the costs required for the CyLawCom audit and enhancing the security to the required levels. Even in critical sectors like Banking, the many Co Operative Banks which are using sophisticated ICT based business solutions find it difficult to put in place an equally sophisticated information security practice.
In order to increase the prospect of "Voluntary Cyber Law Compliance" there is therefore a need to bring down the cost of compliance to affordable levels. This is more so in case of SMEs. Same is the case of non IT industries who feel that their exposure to IT is not as high as in the case of IT companies and hence are not prepared to budget the same kind of costs which an IT company may be able to do. As a result they may be bearing a higher than optimum risks in their business which can hurt them lethally any time.
Further, even in the BPO segment, there is a need to encourage a "Distributed Collaborative Architecture" where several "Entrepreneurial IT executives" can collaborate towards a common business goal. This again creates small units who have lower resources for deployment of security while the criticality of information security is no less than any other large firm.
Naavi.org therefore advocates that there is a responsibility for the community to develop affordable solutions which SMEs can implement to raise the information security to the internationally acceptable levels.
In view of this requirement Naavi's Cyber Law College recommends setting up of "Shared Information Security Infrastructure" (SISI) for virtual clusters of SMEs. These SISI s will address the needs of a group of clients who form clusters and provide a SISI data security server to manage the required security. These servers manage all aspects of logical security with the individual members required to manage only the physical security aspects. A technical team has been assigned under Ujvala Consultants Pvt Ltd to address such requirements for a group of small industries.
Creation of SISI centers will effectively create a "CyLawCom zone" and such zones at different parts of the country would provide confidence to the vendors who would like to outsource their business to India and more particularly to the non metro towns.
We suggest Karnataka Government to take up a pilot project of such nature in one or two centers outside Bengalooru and create a model for the country.
(For more details on the concept and how to implement them contact naavi@vsnl.com )
Naavi
August 12, 2007