From the security perspective, he mentioned that 7,000 Web sites with .in domains had been hacked. ONGC, BSNL and TRAI were among these. According to him, the major challenges were around false identities, legal status and channel consultation.
Web application security, LAN security and compliance, information security framework can help here. Organizations need to implement ISO-27001 covering the domains of security policy, asset management, compliance, access control, human resources security, communication & operational management, BCP plus information security & incident management.
Web application security is an area of concern. In this area, most of the attacks are based on SQL injection.
Looking at the nature of attacks, 90% of the time they can be taken care of. Organizations need to follow OWASP, integrate application security into the software development lifecycle, train developers, be PCI DSS compliant as well as develop and maintain secure systems and applications.
Many threats come from within and, in such a scenario, organizations can ensure that all machines are secured. “Organizations need to ensure that everything is secured at the endpoint. There have to be policies followed pre- and post-connect. One has to see what is going out of the network.” He concluded saying that organizations should also do scan incident analysis.