Information Security specialists often lament that proper  attention is not given to their requirements by top management. At the same time top management in some companies are worried that the cost of inforamtion security is too high for comfort and hence they would rather like to take a chance and see how it goes with minimal security.

There is therefore a crying need for the industry to develop cost effective information security services that enable global quality security at affordable prices. This can be achieved only if more players enter the Inforamtion Security business.

In order to highlight the “Business Propspects of Information Security”, Naavi spoke at the two day International Conference on Security and Identity Management at IIM Ahmedabad (SIM 09) on the topic of “Information Security as a new Business Paradigm”.

One of the points highlighted by Naavi was that today there is an inadequate appreciation of the need to look at Information Security from the “Techno Legal Perspective” rather than the “Technical Perspective”. As a result there is no proper demand estimate of the business potential in the area. Business prospects for Techno legal Information Security products and services are extremely attractive.

The concept of “Information Security” has now evolved from being a “Techno Legal Security” aimed at securing the “information” to “Techno legal security” aimed at securing not only the information from risks of loss due to  unauthorized access or otherwise but also provide security to the “Information owner” from any liability arising out of a security breach. The requirements of ITA 2008, SOX, Clause 49 of SEBI listing regulations, laws such as HIPAA or GLBA etc have also made  top management directly responsible for security breaches making it necessary for CEOs to include Information Security as a top “Strategic Requirement” for Business Management. 

Since security breach incidents have serious implications on HR, Finance or Marketing, most of the organizations today consider IS as a “Top Management” responsibility often supervised by a committee of senior executives drawn from IT, HR, Marketing and Finance. With this new found status of “Information Security” as a top management function with multi discipline approach, the stakes in IS have increased.

Companies have started recognizing that investments in IS are no longer a “Discretion” but a “Necessity”. The laws of various countries including ITA 2008 in India (Proposed amended form of ITA 2000 due for notification) also have moved in the direction of making Cyber Security mandatory for companies failing which there could be civil and criminal liabilities to the top executives.

At the same time, the complexities of IS management with the raise of organized Cyber Crimes, Cyber Terrorism and Cyber Wars have made many CEOs wonder if their internal resources are good enough to meet the IS requirements of the day. This has opened a new “Window of Opportunity” for Companies specializing in “Information Security Management”.

Such opportunities arise in the form of Information Security Products, and/or services geared to meet the security needs of clients. Such specialized service providers help in making the cost of Information Security affordable without sacrificing the quality.

This is extremely important for SMEs and more so in a recessionary economy where cost cutting is essential but security cannot be compromised.

An entire new industry in “Cyber Crime Risk Insurance” is waiting on the wings to jump into the Information Security industry if the foundation in terms of “Quantification of Risk Assessment”, “Development of Appropriate Information Security Standards”, “Assessment of Financial Impact of the Risks” etc. 

India which is globally competitive in IT is also having the potential to develop into a leader in Information Security on a global scale. There is already thoughts on development of a “National Cyber Security Infrastructure” in which Governments at the Center and the States are planning huge investments in Public-Private partnership ventures built around Information Security.

In this background, “Information Security” offers itself as a new Strategic business thought for entrepreneurs seeking to break out of the current  mould of building an IT industry around “Development of Software on Project Basis”.

If India has to break out of the global recession, it is necessary for Corporate Leaders to think of “Information Security as a New Business Paradigm”. 

Naavi  urged corporate managers to give a serious look at this area as a “Parity Breaker” in a competitive business environment reeling under a recessionary trend as well.  

Be Sociable, Share!