Advertisement Advertisement

Implementation of hardware or software infrastructure if gone wrong can fall prey to security hazards

Fire Side Chat

The fire side chat session witnessed Dr. Deepak Kumar Sahu, Chief Editor, VARINDIA sharing the dais with Dr Herald D’ costa, Director, Intelligent Quotient Security and taking his insights on the legal implications and ramifications for an organization for not keeping the network secured, and the security parameters that needs to be built in to stop any kind of third party access.   
 

An excerpt from his insights -  

“I have been working on many audits of the corporate sector; last year itself I had audited 26 organizations. They have been companies in the 50-11,000 crore bracket, and many of these organizations have invested in hardware and software. At the time of implementation, however they do not abide by any security guidelines. For instance, I was auditing a 250 crore turnover chemical company that has invested into both hardware and software but from the implementation point of view, they were not up to the mark. And as a result I could find many of their digital assets on the public domain. There have also been many instances where I have discovered many third party access & intrusions into the network and some criminal activities have been done using this organization’s network. There is a provision in the Information Technology Act which clearly says that negligence in having proper security practices in place is an offence. It is both a civil and a criminal liability. From civil liability, it is up to Rs. 1 crore liability to the victims affected and in criminal liability it can be up to 3 years of imprisonment which is a cognizable but a bailable offence. So this could be the legal ramifications for a partner for not keeping his client’s network secure. 


The judicial field has a shortage of technical people. The IT Act 2011 states that intermediary rules and regulations are to be followed by any organization which holds any personal or confidential information. So if you have any client that is dealing with some sensitive information, it is a must to have proper security practices in place. Those security practices can be a cyber compliance audit, information security audit, a vulnerability & Assessment penetration testing (VAPT), and having the policy guidelines which are put on board to be implemented. While talking of intermediary, one should be aware that government organizations are not a part of the intermediary, but every organization, whether small or big is an intermediary.”