Email Login| Link Exchange | Cyber News | Phishing Attack | SQL Injection | SEO | DOS Attack | Hacking Tools | |Hacking Tricks | Penetration Testing | Trojans & Keyloggers |Hacking Videos | General Discussion | Website Hacking | Session Hijacking | Social Engineering | Anonymous Surfing | Recover Passwords | Bypass Firewall | Hacking Books | Network Sniffers | Password Cracking | Enumerating & Fingerprinting | Movies & Songs

Share This Post With Your Friends

Wednesday, December 16, 2009

Free Link Exchange with freehacking.net


Affiliates of Free Hacking. Our Linking Partners are:
  2. Prohack- Your Technology Navigator
  4. Venturous Bikers

  6. Computer Hacking - Learn How to Hack
  9. TechChai.com - Your Ultimate Source of Technology Updates, News and Articles
  10. Esoteric Code
  11. Hack Guide 4 U- Learn How to Hack , Ethical Hacking Tutorials and Cyber Security Tips
  12. CompuFreaks
Procedure to add your blog into my blogroll: Add my link to your blogroll and contact me @
.
You can also use the following code if required.
Just copy and paste the code and let us know.


|
Geared by Amarjit Singh
For more articles similar to this post visit @ Link Exchange

Interview of Pawan Kumar Singh : The CISO of Tulip Telecom

Pawan Kumar Singh, the Chief Information Security Officer (CISO) of Tulip Telecom has an illustrious infosec career to his credit. Prior to his stint with Tulip Telecom, Singh was instrumental in setting up information security function and IS audit function for Indian industry leaders like Bharti Airtel. He shares lessons from his infosec career.

Q:How would you define the CISO's role in enhancing an organization's overall information security levels?

Pawan Kumar Singh: IT is a small factor in the whole scheme of information security. The person in charge of information security should understand every business aspect [like human resources (HR), administration and legal operations]. We need to convert technical lingo into financial risks for the management's understanding. CISO's role is to guide the management when it comes to risk aligned with the line of business. So CISOs can be viewed as consultants. A CISO faces various organizational bottlenecks, since you basically police every individual's activities and find loopholes in business functions. Buy-in for security initiatives come only when top management is committed to security.

Can you give some tips for infosec professionals on how to groom themselves to become CISOs?

Pawan Kumar Singh: Security per say cannot be taught. It is a mindset which you develop over a period of time. A security professional should have a mindset which is always be able to detect risk aligned with processes.

To build a career in infosec, you should thoroughly understand three aspects: security operations (IT network), processes and compliance. A thorough knowledge of technology is necessary, although you may not need to know every product. Also you should understand the difference between policy, processes, procedure and guidelines. These are often used interchangeably.

How far has your role as a CISO changed over the years?

Pawan Kumar Singh: Seven years back, I was quite hands-on with technology. After I moved to Bharti Airtel, I was responsible for establishment of the information security team and audit function. Internal audit is critical, as it helps the organization to understand third party performance. These audits face resistance, and third parties often hide information. We started seeing IT audit alignment after a few audit cycles.

When I joined to Tulip as the CISO, there was a larger change in my role. It required me to get out of operational mindsets and adopt a strategic outlook. The only way to learn was through observation and interaction. I had the right people around me. You should interact with the C-level to understand business objectives and how they perceive risk. Infosec is a field where you need to learn constantly.

Can you tell us about the infosec landscape at Tulip and your priorities for 2010?

Pawan Kumar Singh: At Tulip, security measures are being implemented a bit slowly but strategically. In the past, there were bottlenecks due to change of management, but things are stable now. I am seeing a positive change in the management's mindset; they are realizing that security should be imbibed in the organizational DNA. It will take a while to change a 12 year old organization.

With each passing day, we are getting more process oriented. My first priority is to align three critical functions — administrative, HR and IT. If you can get this alignment, you can be assured that 70% of your infosec requirements are complete. Although I am not making any specific demands in the 2010 security budget, I will ask for budgets to increase automation in the administrative and HR functions. We want to bring more control in these functions. I also take care of ISO certification for Tulip, which includes ISO 27001, ISO 9000, ISO 20000.

In 2010, I plan to deploy an end point security solution for our laptop and desktop users. We will further strengthen our perimeter security and audit functions. There will also be an increase in employee training and awareness session investments to change user mindsets.

You can catch him on Linkedin @

SOURCE: http://searchsecurity.techtarget.in
|
Geared by Amarjit Singh
For more articles similar to this post visit @ Hacking News
Newer Posts Older Posts Home
Subscribe to: Posts (Atom)