Issue dated - 23rd February 2004

-

Previous Issues
CURRENT ISSUE
INDIA NEWS
NASSCOM SPECIAL
COLUMNS
TECH FORUM

THE C# COLUMN
BETWEEN THE BYTES
TECHNOLOGY
SPECIALS <NEW>
Symantec Report
Security Headquarters
JobsDB
MINDPRINTS
HMA BANKBIZ
EC SERVICES
ARCHIVES/SEARCH
IT APPOINTMENTS
Openings At Jobstreet.com
WRITE TO US
SUBSCRIBE/RENEW
CUSTOMER SERVICE
ADVERTISE
ABOUT US
 Network Sites
  IT People
  Network Magazine
  Business Traveller
  Exp. Hotelier & Caterer
  Exp. Travel & Tourism
  Exp. Pharma Pulse
  Exp. Healthcare Mgmt.
  Express Textile
 Group Sites
  ExpressIndia
  Indian Express
  Financial Express

 
Front Page > India News > Story Print this Page|  Email this page

SISA implements OCTAVE at STPI Bangalore

Circuit EC / Bangalore

Dharshan Shanthamurthy

SISA Information Security has implemented OCTAVE, a risk assessment methodology, at STPI Bangalore in a span of 20 days. The company has a tie-up with the Software Engineering Institute (SEI), Carnegie Mellon University, for training and implementation of OCTAVE.

Said Dharshan Shanthamurthy, director, operations, SISA, “OCTAVE takes into account the maximum possible loss that an organisation may face in case of a disaster. It clearly positions where an organisation stands as far as security requirements and arrangements are concerned. The complete risk assessment exercise runs to a maximum of two months.”

The STPI Bangalore implementation kicked off with the formation of a core analysis team of five people—one from SISA and four from various departments of STPI (such as IT, finance and administration) who knew the processes well. The goal of the team was to assess risk vulnerabilities at the departmental level. A supplementary analysis team was also formed with one person from SISA and four from STPI with the aim of collecting information from various departments. The full analysis team was trained on the OCTAVE methodology. A number of workshops such as an operational management workshop and a senior management workshop were conducted by SISA, and the process of identifying critical assets for different departments of STPI Bangalore was begun. After the assets were identified and organisational vulnerabilities noted, the analysis team took up penetration testing. A risk mitigation plan was drawn up as part of the assessment.

STPI Bangalore NOC

B Sankarlingam, deputy director and IT head, STPI Bangalore, said, “STPI can be a role model for other organisations adopting OCTAVE. Through it we were able to identify critical processes within STPI and the security measures by which we can plug the loopholes in these processes. OCTAVE will go a long way towards protecting us against emerging threats associated with the service industry.”

SISA is the exclusive implementer of the OCTAVE methodology in the Asia-Pacific region. It is holding talks with four IT and BPO companies with a view to implementing this methodology at their premises in the near future.
<Back to top>


© Copyright 2003: Indian Express Group (Mumbai, India). All rights reserved throughout the world. This entire site is compiled in
Mumbai by The Business Publications Division of the Indian Express Group of Newspapers.
Please contact our Webmaster for any queries on this site.