We put constant efforts to improve our internal ISMS policies: Vinod Pol, Mphasis

As a leading IT services firm, Mphasis has taken a holistic view of its enterprise security policy, and has taken proactive and constant efforts to improve its internal ISMS policies and procedures followed at the user and system level. In an interaction with EC, Vinod Pol, AVP and Lead, CIO – Enterprise IT Infrastructure Services, Mphasis shares his perspective on how his organization is handling insider threats

Some edited excerpts:

Insiders have more access to information and their activities can go undetected longer than external threats. What kind of processes do you have in place to prevent unauthorized use of information?

Information breach is equally possible form insider (trusted) and external (untrusted) parties, in fact insiders are more prone for information leakage and center of attraction…as a human element. Confidential Information breach can happen as intentional or unintentional base on behavior of employee while handling information activities. Insider activities within an organization needs constant monitoring and actions when information is on move or stored within organizational infrastructure.

We take multiple stages, as process to prevent unauthorized use of information which can put our organization in risk with respect to liability and reputation.

a. Effective Information Security management services (ISMS)

We have established a measurement process to be able to measure and assess how effective the controls are at protecting our information assets. An example might be to measure how good the controls are that have been implemented to avoid insider threats, such as the effectiveness of the access control methods that are being used, separation of duties, monitoring the misuse of system resources, hardening of systems, controlled access, intricate passwords. We put constant efforts to improve our internal ISMS policies and procedures followed at user and system level validating them and measuring effectiveness.

b. Incident response and handling (SOC):

Allowing an insider threat to exploit an organizational vulnerability results in an information security incident. we follow comprehensive incident handling management process aligned with ISO/IEC 27001 standards. This process involves:
• Identification, detection and reporting incidents.
• Analysis and evaluation of incident.
• Responding to the incident.
• Recovery and cleanup of the incident.
• Learning from the incident.

c. Monitor and review 
Within organization we monitor user, administrator level activities, system audit trails collecting centrally and triggering suspicious detection as an incident.

d. Information security audits
Regular internal and third party audits are integral part of organizational process to assess maturity of information security policies and improve them better.

e. Employee awareness
Human element is weakest chain into security practice, no matter you put all possible technology to detect and prevent. Information security awareness is must and essential part of while security model. We set certain mandatory trainings for people to learn and follow business specific activities to keep information integrity so it cannot be misused targeting them. We attract people to learn security measures, keep information physically secure and communicate only what is needed to authorized persons only.

f. Access control and information handling
Identity specific access to information is provided to people to perform their duties. Rights on information is managed so that data cannot be leaked in read and write format. It is physically secured and segregated, backed up for critical data.

What kind of technologies/solutions do you use to prevent theft or leakage of information from insiders?
In our organization we have deployed form user desk till the system where data is stored, every hop best possible security measures to monitor, prevent and act. Security technology technologies which we used and prevent data leak are consistently deployed:
a. Role based physical separation, and logical separation with VLANs and VRF at network level
b. Data storage encryption, external storage access removal, limited desktop access based on role
c. Systems protected with regular patch management, antivirus, HIPS, Data leak prevention (DLF) agents as end point security
d. Data encryption in motion and access through proxies and CITRIX kind of environments
e. Centralize SIEM solution to collect system logs and monitor them to react through SOC
f. DLP at proxy and e-mail level along with e-mail policies while sending information out
g. SOX and PCI level controls at network level with firewall DMZ deployments
h. Regular VAPT on internal infrastructure and asses report to mitigate them.

There is a possibility of employees mistakenly sharing or leaking information. How do you ensure that unintended leakage of information does not happen in your organization?
We have deployed primarily Data leak prevention (DLP) at endpoint, web proxy, network and e-mail gateway level which are exits to move data put from organization. Various techniques under DLP, matching data, figure printing helps us to define our policy while handling data from user till network level. It provides visibility and policy based blockage for employee to share data mistakenly. User awareness programs and certain HR actions are defined on repetitive incidents to control and manage.

In case a breach happens, how prepared is your organization to deal with such a situation? What kind of processes do you have in place to look for forensic evidence, to ensure that the evidence stands in court against the perpetrator?
We are well prepared to deal with incidents which is identified as security data breach. There is dedicated team under CRO office who does security forensic by collecting log information to understand complication and impact on business and company reputation. Typically following process is defined and followed to reduce impact,
• Make an initial assessment
• Communicate the incident
• Contain the damage and minimize the risk
• Identify the type and severity of the compromise
• Protect evidence
• Notify external agencies if appropriate
• Recover systems
• Compile and organize incident documentation
• Assess incident damage and cost
• Take internal legal opinion to initiate appropriate actions against the perpetrator following state, country information security laws
• Review the response and update policies.

CIOEnterprise SecurityMphasisVinod Pol
Comments (0)
Add Comment