Upload
jaganathan-thirumalachari
View
645
Download
4
Embed Size (px)
DESCRIPTION
Case Study on a unique approach to information security implementation in a company called Ajuba Solutions
Citation preview
INTERNAL
INSPIRED PEOPLE. INSPIRING RESULTS.
INCLUSIVE APPROACH TO INFORMATION SECURITYSecurity Culture in the Corporate World
Jaganathan TISSC Chairperson
Ajuba Solutions India Pvt Ltd
INTERNAL
INSPIRED PEOPLE. INSPIRING RESULTS.
COMPANY OVERVIEW
INTERNAL
INSPIRED PEOPLE. INSPIRING RESULTS.
EXECUTIVE SUMMARY
Industry leader in offshore healthcare billing and revenue cycle management
Proven track record:
We process claims with a gross value of over $3 Billion, code 3 million charts and collect
over $1 Billion in cash annually
Over 1700 domain experts
Long term partnerships and retention of clients
Seasoned Team and Quality Processes
Employees come from organizations such as Deloitte, EDS, McKesson, NDC Health etc.
Strong management bench and training capabilities; ability to scale
INTERNAL
INSPIRED PEOPLE. INSPIRING RESULTS.
Ranked among the Top 100 Offshore Companies in the world by Managing
Offshore and Neo IT
Identified as a ‘Rising Star’ by The International Association of Outsourcing
Professionals (IAOP), in The Global Outsourcing 100 list and published by
Fortune Magazine
Ranked #1 as The Top Healthcare Revenue Cycle Management Outsourcing
Vendor by The Black Book of Outsourcing
Among The Best Employers in India (Hewitt Associates-The Economic Times)
INDUSTRY AWARDS & RECOGNITION
INTERNAL
INSPIRED PEOPLE. INSPIRING RESULTS.
Among The Best Workplaces in India (Great Places to Work Institute Inc,
US - The Economic Times)
Among Best BPO Employers in India (IDC – Dataquest)
Among The Top Emerging Exciting Places to Work for (NASSCOM-
Grow Talent)
Award for Excellence in Gender Inclusivity by NASSCOM
INDUSTRY AWARDS & RECOGNITION
INTERNAL
INSPIRED PEOPLE. INSPIRING RESULTS.
PEOPLEPROCESS
TECHNOLOGY
THE FOUR PILLARS OF OUR DELIVERY MODEL
INFR
ASTR
UC
TUR
E
INTERNAL
INSPIRED PEOPLE. INSPIRING RESULTS.
AJUBA - INFORMATION SECURITY TRACK RECORD
ISO27001:2005 certified
HIPAA Certified
FDCPA Certified
SAS70 Type 1 Certified
Self Assessment completed for PCI/DSS
We take Security and Compliance very
seriously
INTERNAL
INSPIRED PEOPLE. INSPIRING RESULTS.
INFO SECURITY IMPLEMENTATION IN AJUBA - CHALLENGES
In an industry where Info. Security and
compliance is very critical to business. HIPAA
Ajuba is continuously awarded as a `Best
Employer’ and widely known for `Employee
Friendly’ culture. Improper Security enforcement
has the potential to affect `Best Employer’ brand
equity. Judicious balance between Security
Management and Employee comfort required.
Not alienate employees
Average age less than 30. Additional impetus to
security awareness required.
INTERNAL
INSPIRED PEOPLE. INSPIRING RESULTS.
IMPORTANT ASSET: PEOPLE CROSS FUNCTIONAL SECURITY TEAM
INTERNAL
INSPIRED PEOPLE. INSPIRING RESULTS.
TRADITIONAL SECURITY ORGANIZATION
Physical Security
IT Security Officer
Auditor
Info Security manager
CMOCSOCIO
CEO
INTERNAL
INSPIRED PEOPLE. INSPIRING RESULTS.
President
Sr. Manager Operations
ISM
Manager Corporate Comm.
Team Supervisor
Asst Manager
Team Leader
Agents
Sr. Manager operations
Manager HR
Team Supervisor
Asst Manager
Team Leader
Executive
Sr. Manager Finance
Asst Manager
Manager Tech
Team Leader
Executive
Sr. Manager Technology
Sr. Executive
ISMS
Asst Manager
Team Supervisor
Agents
Manager operations
Sr. Manager Admin
Asst Manager
Executive
ISSC
Director Technology& ISSC Chairperson
Director Finance & HR
DirectorOperations
Asst Manager
Team Leader
Asst Manager
Manager SW
Executive
AJUBA SECURITY INFO ORGANIZATION
Manager Corporate Comm.
Team Supervisor
Asst Manager
Team Leader
Agents
Sr. Manager operations
Manager HR
Team Supervisor
Team Leader
Executive
Sr. Manager Finance
Asst Manager
Team Leader
Executive
Sr. Manager Technology
Asst Manager
Agents
Asst Manager
Executive
Sr. Manager Operations
ISM
President
ISSC
Director Technology& ISSC Chairperson
Director Finance & HR
DirectorOperations
Asst ManagerAsst
ManagerManager
Tech
Sr. Executive
ISMS
Team Supervisor
Manager operations
Sr. Manager Admin
Team Leader
Asst Manager
Manager SW
Executive
INTERNAL
INSPIRED PEOPLE. INSPIRING RESULTS.
INFORMATION SECURITY FORUM CROSS FUNCTIONAL TEAMS
ISSC : Information Security Steering Committee
Management team to guide and steer security implementation
ISTF: Information Security Task Force Responsible for implementing and managing
Information Security implementation.
IRT: Incident Response Team Responsible for Incident Response and
Resolution
IAT: Internal Audit Team Responsible for Internal and External Audits
ERT: Emergency Response Team Responsible for response to emergency
conditions and drills
INTERNAL
INSPIRED PEOPLE. INSPIRING RESULTS.
For a total Ajuba staff strength of 1700
ISSC = 4ISTF = 20IRT = 12IAT = 40ERT = 63
Total 139 ie 8.2 % of total staff strength
Extended Security Focus possible because of unique model followed
INTERNAL
INSPIRED PEOPLE. INSPIRING RESULTS.
INTERNAL
InfoSec – Focus Shift
TRADITIONAL APPROACH REPLACED BY
Central Security Team Centrally Enabled Participative Team
CSO Steering Committee coordinate by a Chairperson
Policy Enforcement Participation & Peer Pressure
Vigilance, Monitoring Peer Reporting & Health Check
Disciplinary Action Incident Resolution
Internal Audit Peer Review
ISMS I Support Maintaining Security!
Ajuba Security Approach – Terminology Used
INTERNAL
INSPIRED PEOPLE. INSPIRING RESULTS.
SOME BEST PRACTICES
PEOPLE INVOLVEMENT
Second Week of every December is
Celebrated as ISMS Week
ISMS week Includes Various Competitions
for staff
Periodic spot checks and “ Best Compliant
team” awarded annually
Weekly ISMS quiz in intranet
Monthly ISMS newsletter
Transparent & Open security escalations
INTERNAL
INSPIRED PEOPLE. INSPIRING RESULTS.
SOME BEST PRACTICES
PROCESS
Automated Incident Registration, Tracking &
Resolution
Anonymous Incident Registration possible
Weekly Security Posture Review
Standard and structured disciplinary matrix
known to all staff
Security Responsibility is part of everyone’s Job
Description
Measurable KRAs for Security Team
Security Conformance part of every employee’s
HR track record.
Electronic NDA and ISMS acceptance as part
of onboarding
Integrated Security / Compliance / Risk
Management
INTERNAL
INSPIRED PEOPLE. INSPIRING RESULTS.
SOME BEST PRACTICES
PEOPLE SECURITY
Trendsetter in Transport Security – Last Drop
Confirmation
Quarterly ERT training
Surprise ERT drills
INTERNAL
INSPIRED PEOPLE. INSPIRING RESULTS.
INFO SECURITY LIFE CYCLE IN AJUBA
INFO SECURITY IS A COMPLETE LIFE CYCLE INVOLVEMENTIN AJUBA
INTERNAL
INSPIRED PEOPLE. INSPIRING RESULTS.
0
2
4
6
8
10
12
14
16
18
20
2007 2008 2009 2007 2008 2009 2007 2008 2009 2007 2008 2009
Access Rights Violations
Camera Phone Violation
Non Compliance with IS Policies
Physical Security Violation
12
97
10 10
2
20
12 11
54
1
Total Incident
Security Incident Category -->
Info Security Metrics
INTERNAL
INSPIRED PEOPLE. INSPIRING RESULTS.
RISK MODEL – COMPLETE FEEDBACK
Risk Assessment done by the respective team with coordination / direction from ISMS team
INTERNAL
INSPIRED PEOPLE. INSPIRING RESULTS.
SUMMARY
AJUBA UNIQUE INFOSEC MODEL
Ajuba model brings People to the forefront and weaves Technology and Process around People
No Compromise on Process and Technology
Works very well for Ajuba
Should work well for any company. May require little customization to suit the organization.
Efficient security implementation at minimum cost
INTERNAL
INSPIRED PEOPLE. INSPIRING RESULTS.
THANK YOU