|
How the winners were selected
The method behind the selection of the winners of the Microsoft
Security Strategist Awards—and a peek at some of the people who worked
in the background to make it a grand success.
The Microsoft Security Strategist Awards (MSSA) 2006 symbolise the vital role
that a Security Strategist must play in his or her organisation.
The MSSA 2006 honours CIOs, CTOs or CSOs who have displayed outstanding leadership
and vision in the area of information Security (IS).
The awards were presented in three categories—Banking and Financial Services,
IT/ITES, and General Industry—at the Technology Senate 2006 ceremony on
the SuperStar Libra.
The screening process
|
Organisations, both big and small, need to be sanitised
to the importance of
information security. While technology can help build secure workplaces,
by itself it is not enough
|
The eligibility criterion stated that the applicant needed
to be in charge of his or her organisation’s information security policies
and set-up for 18 months, and that the organisation being represented had to
have a well-documented security policy.
Nominees filled a form that was available at the Technology
Senate Web site (www.technologysenate.com).
From the entries received, the top three nominees in each category were short-listed
by Indian Express (IE) and Ernst & Young (E&Y). The short-list was compiled
based on the scores tabulated by IMRB and the verification was done by the IE
management. IE contacted the CIO, directors and board of the company in question,
and verified the questionnaires. The results of the questionnaire and verification
done by IMRB and IE were presented to an independent jury to determine the winners.
The nominees presented their case to the jury and were grilled thoroughly. Finally,
the jury scored and ranked the nominees based on their presentations and the
Q&A session to select one winner in each category.
Evaluation and ratings
The evaluation process was structured with clearly defined parameters and ratings
to ensure that the jury members were all on the same page. Within the framework,
the jury were free to probe into various aspects of a nominee company’s
information security set-up, policies and processes.
The parameters for evaluation and rating were IS Governance, Asset Profiling,
Processes and Operational Practices, Technical Security Architecture, People
and Organisational Management, and Security Program Compliance and Reporting.
At the jury meet
In each category, three nominees were selected but when the time came for the
nominees to make their presentations to the jury, one company each in the BFSI
and IT/ITES categories was disqualified as it had not complied with the rules.
Hence, there were three nominees in the General Industries and two each in the
other segments.
The BFSI nominees were ICICI Bank and Bank of India; in IT/ITES it was CitiGroup
Global Services and Cognizant Technology Solutions, while in General Industries
it was Apollo Tyres, Hindustan Petroleum Corporation Limited (HPCL) and Hindalco.
Through the jury’s eyes
There were five jury members who played a major role in selecting the winner.
According to Sanjiv Mathur, Director, Enterprise Marketing, Microsoft, the results
were finally tabulated via a process devised by E&Y where the opinions of
all the jury members were taken into consideration.
Mitish Chitnavis, Group ISO of EDS Mphasis says, “In the IT/ITES category,
we selected Cognizant because Satish Das, the company’s CSO, demonstrated
the unique ability of integrating security into his company’s service delivery
model and business functions.”
|
Security is not just about technology but
has a human dimension. It is equally about policies and procedures,
their formulations and implementations.
|
Adds Bernard Menezes, Professor, IIT Bombay, “Organisations,
both big and small, need to be sanitised to the importance of information
security. While technology can help build secure workplaces, by
itself it is not enough. Security is not just about technology but
has a human dimension. It is equally about policies and procedures,
their formulations and implementations.” The presentations
and Q&A sessions with the CSOs helped determine the organisation’s
commitment to security as well as to investigate the importance
given to the role of the CSO in the company hierarchy. The jury
quizzed the nominees about the awareness programme that they had
developed, about system security and how security issues were handled,
and whether or not an escalation mechanism was in place and how
sophisticated that mechanism was.
Menezes believes that all or a part of the proceedings should be broadcast to
other CSOs so that security will receive the attention it deserves.
Comments Arvind Tawde, Senior Vice-president & CIO of Mahindra & Mahindra:
“Having the right processes and people orientation towards IS are critical
for the effectiveness of any IS program, and hence to me it was one of the important
areas to be looked into during interactions with the nominees.” As Tawde
pointed out, there are different approaches to Information Security across industries.
| |
 |
BFSI |
ICICI Bank
Murli Nambiar Head, Information Security Group, & Deputy General Manager |
I am very excited. It feels very good. What makes the difference here
is the jury. Especially the fact that they have a jury member from academia
makes it unbiased.
About the initiative: Security has to be looked at in a holistic
manner. Just having policies would not lead to anything unless they are
evaluated. Over a period of time, security has evolved. You have to improve
on a continuous base. We have an internal audit team to evaluate the various
metrics. At the end of the audit the results are defined and documented.
This gives us a complete view of things.
— M S Seetharaman, DGM, ICICI Bank (Seetharaman accepted
the award on behalf of Nambiar at Technology Senate 2006)
About ICICI Bank: ICICI Bank has a network of about 614 branches
and extension counters and over 2,200 ATMs. The bank offers a wide range
of banking products and financial services to corporate and retail customers.
|
 |
General Industries |
HPCL
M V Sreeram, GM
IT (Corporate)
|
This award means lot to me. It’s like a dream coming true. I have
been attending Tech Senate for the last four years. This is the first
time we gave our name for the nomination, and I feel very glad to win
this award at the first attempt itself.
About winning: It is the employees who can make a difference in
any organisation. We can buy the best-of-breed technology and solutions,
but if people are not made aware of it and not allowed to participate,
the technology won’t bring successful results. We followed this practice
and I think that’s why we won the award.
About HPCL: HPCL operates two major refineries
in India producing a wide variety of petroleum fuels and specialities.
The vast marketing network of the corporation consists of zonal offices
in the four metro cities and 85 regional offices facilitated by a supply
and distribution
infrastructure.
|
 |
IT / ITES |
Cognizant
Satish Das,
CSO |
It feels great to receive the award,
and I couldn’t have asked for anything better. The way we have implemented
the security system at Cognizant is now recognised by the industry.
Personally, I feel that educating users about the
risks of not complying with security policy should be the most important
initiative any Indian organisation can undertake. While doing so, one
has to make sure users know their security (information and physical)
role and responsibilities. I believe every user within the organisation
has a role when it comes to security.
About Cognizant: Cognizant, an IT service
provider, focusses on delivering strategic information technology solutions
that address the complex business needs of its clients.
|
| Category |
MSSA 2006 |
SSSA 2005 |
| BFSI |
ICICI Bank |
State Bank of India |
| IT/ITES |
Cognizant Technology |
Mphasis |
| General Industry |
Hindustan Petroleum Corporation Limited
|
Hindustan Lever |
|
|
Sanjiv Mathur |
Mathur is the director for enterprise
marketing at Microsoft. He has 18 years of experience in the IT industry,
and has been with Microsoft for over a decade. In previous roles, he has
headed Microsoft’s competitive strategy and marketing divisions, prior
to which he managed Microsoft’s business in Western and Eastern India.
Before joining Microsoft, Mathur worked with Oracle for a year and with
Wipro Systems for over four in a technical role. He started his career as
a developer, and has worked on platforms and technologies including Unix,
Unify, Oracle, Cobol and PC-based development systems. |
 |
Sunil Chandiramani |
Chandiramani is the country leader for
the risk & business solutions practice of Ernst & Young in India.
He has 17 years of experience in providing professional services in the
areas of IT strategy, security and risk management, corporate governance,
fraud prevention and investigation. He is a chartered accountant and a certified
information systems auditor. He serves on several committees with Nasscom,
IMC (IT cell), the Mapin Technical Committee constituted by SEBI, IIA, and
other professional bodies. |
 |
Mitish Chitnavis |
Chitnavis is the group ISO of EDS Mphasis.
He has 11 years of experience in the field of information security and is
responsible for his company’s security policies and procedures; information
risk management; security technology implementations including perimeter
and internal system defence; cyber investigations; computer forensics; general
information security awareness, and outside suppliers. He is certified on
industry-wide certifications such as CISA, CISM, BS7799 LA and CEH. He is
an associate member of Certified Fraud Examiners Organization. In recognition
of his continued leadership in the security field, he was the awarded the
Secure Synergy Security Strategist Award in 2005. |
 |
Bernard Menezes |
Menezes is a professor at the K R School
of Information Technology at IIT Bombay. He was a faculty member in the
electrical engineering department and the institute for advanced computer
studies at the University of Maryland at College Park where he specialised
in experimental parallel computing and reliability or performance issues.
He was also a visiting faculty member at the University of New Mexico, Albuquerque.
Menezes has taught over 15 courses in Computer Science and Information Technology,
and supervised over 40 MS, MTech and PhD students. His research interests
include smart e-business, time series forecasting, RFID, network security
and object-oriented software. Menezes earned a BTech (EE), MS (ECE) and
PhD (ECE) from IIT Bombay, University of Notre Dame and the University of
Texas at Austin respectively. |
|
|
Arvind Tawde |
Tawde, Senior Vice-president & CIO,
joined Mahindra & Mahindra in 1979 as Senior Executive. He is a graduate
in mechanical engineering and holds a post-graduate diploma in industrial
management and a masters in administrative management from Mumbai University.
During his career, he has handled various functions such as production &
material planning, vendor management, management audit, and project and
programme management. |
|
