Welcome!

News Feed Item

ISACA Releases Guidance on Securing Sensitive Personal Data

ISACA, a non-profit global association of more than 100,000 IT audit, security, risk and governance professionals, today released a guide to help Indian enterprises secure sensitive data and comply with India’s IT Act. Titled Securing Sensitive Personal Data or Information Under India’s IT Act Using COBIT 5, the book will educate business and IT leaders and other key stakeholders on the importance of securing sensitive personal data or information (SPDI) as required by India’s Information Technology Amendment Act, 2008. The guide is freely available in ISACA’s Knowledge Center at www.isaca.org/spdi.

The book provides a structured approach to comply with the Indian IT Act by using the COBIT 5 framework, the only business framework for the governance and management of enterprise information technology. It helps business leaders understand how to secure SPDI from risk mitigation, operational and implementation perspectives. Additionally, the book provides guidance to map the enterprise’s stakeholders with their specific needs on securing SPDI, using COBIT 5.

Commenting on the launch of the guide, Mr. Avinash Kadam, CISA, CISM, CGEIT, CRISC, advisor to ISACA’s India Task Force, said, “This guidance will surely act as a convenient code of good practices and guide for decision makers in enterprises to meet the requirements of Indian IT Act provisions on Sensitive Personal Data Protection.

“In today’s world, SPDI is used in every aspect of a business. It is used by very small organisations as well as very large enterprises. Securing SPDI cannot be done in isolation; the entire enterprise needs to be involved. The approach should be holistic as well as customisable to suit the size and nature of the business of the organisation, and COBIT 5 helps enable that.”

The Indian IT Act has a specific category, “sensitive personal data or information,” which consists of password, financial information (including bank account, credit card, debit card or other payment details), physical, physiological and mental health conditions, sexual orientation, medical records, and biometric information. This category in the Indian IT Act legally obligates all stakeholders (i.e., any individual or organisation that collects, processes, transmits, transfers, stores or deals with sensitive personal data) to adhere to its requirements. Some of the largest stakeholders could include owners of websites, banks, insurance companies, financial institutions, hospitals, educational institutions, service providers, travel agents, payment gateway providers and social media platforms, among many other entities.

According to India’s IT Act, the accountability for SPDI is with the governing body, which could be the chairman, board of directors, owner, proprietor, partner, head of an association or head of an institute.

The book discusses how COBIT 5 can help an enterprise meet the requirements of the IT Act by providing appropriate governance and management guidance and direction for securing SPDI, thus, also achieving the enterprise governance objective of risk optimization. It equips enterprises in India to govern and manage IT in a holistic manner, using the full, end-to-end business and IT functional areas of responsibility, and considering the IT-related interests of internal and external stakeholders.

ISACA also offers resources for Indian enterprises in its Knowledge Center. The India topic (www.isaca.org/topic-india) includes links, resources and discussions for IT and business professionals in India.

Additional information on Securing Sensitive Personal Data or Information Under India’s IT Act Using COBIT 5 is available at www.isaca.org/spdi.

About ISACA

With 100,000 members in 180 countries, including more than 6,000 members in India, ISACA® (www.isaca.org) is a global provider of knowledge, certifications, community, advocacy and education on information systems assurance and security, enterprise governance and management of IT, and IT-related risk and compliance. Founded in 1969, the nonprofit, independent ISACA advances and attests IT skills and knowledge through the Certified Information Systems Auditor® (CISA®), Certified Information Security Manager® (CISM®), Certified in the Governance of Enterprise IT® (CGEIT®) and Certified in Risk and Information Systems Control (CRISC) designations. ISACA also continually updates and expands the practical guidance and product family based on the COBIT® framework.

Follow ISACA on Twitter: https://twitter.com/ISACANews

More Stories By Business Wire

Copyright © 2009 Business Wire. All rights reserved. Republication or redistribution of Business Wire content is expressly prohibited without the prior written consent of Business Wire. Business Wire shall not be liable for any errors or delays in the content, or for any actions taken in reliance thereon.

Latest Stories
Given the popularity of the containers, further investment in the telco/cable industry is needed to transition existing VM-based solutions to containerized cloud native deployments. The networking architecture of the solution isolates the network traffic into different network planes (e.g., management, control, and media). This naturally makes support for multiple interfaces in container orchestration engines an indispensable requirement.
In his session at @ThingsExpo, Arvind Radhakrishnen discussed how IoT offers new business models in banking and financial services organizations with the capability to revolutionize products, payments, channels, business processes and asset management built on strong architectural foundation. The following topics were covered: How IoT stands to impact various business parameters including customer experience, cost and risk management within BFS organizations.
Internet of @ThingsExpo, taking place October 31 - November 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA, is co-located with 21st Cloud Expo and will feature technical sessions from a rock star conference faculty and the leading industry players in the world. The Internet of Things (IoT) is the most profound change in personal and enterprise IT since the creation of the Worldwide Web more than 20 years ago. All major researchers estimate there will be tens of billions devic...
While some vendors scramble to create and sell you a fancy solution for monitoring your spanking new Amazon Lambdas, hear how you can do it on the cheap using just built-in Java APIs yourself. By exploiting a little-known fact that Lambdas aren’t exactly single-threaded, you can effectively identify hot spots in your serverless code. In his session at @DevOpsSummit at 21st Cloud Expo, Dave Martin, Product owner at CA Technologies, will give a live demonstration and code walkthrough, showing how ...
The question before companies today is not whether to become intelligent, it’s a question of how and how fast. The key is to adopt and deploy an intelligent application strategy while simultaneously preparing to scale that intelligence. In her session at 21st Cloud Expo, Sangeeta Chakraborty, Chief Customer Officer at Ayasdi, will provide a tactical framework to become a truly intelligent enterprise, including how to identify the right applications for AI, how to build a Center of Excellence to ...
SYS-CON Events announced today that Elastifile will exhibit at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 - Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Elastifile Cloud File System (ECFS) is software-defined data infrastructure designed for seamless and efficient management of dynamic workloads across heterogeneous environments. Elastifile provides the architecture needed to optimize your hybrid cloud environment, by facilitating efficient...
As DevOps methodologies expand their reach across the enterprise, organizations face the daunting challenge of adapting related cloud strategies to ensure optimal alignment, from managing complexity to ensuring proper governance. How can culture, automation, legacy apps and even budget be reexamined to enable this ongoing shift within the modern software factory?
There is only one world-class Cloud event on earth, and that is Cloud Expo – which returns to Silicon Valley for the 21st Cloud Expo at the Santa Clara Convention Center, October 31 - November 2, 2017. Every Global 2000 enterprise in the world is now integrating cloud computing in some form into its IT development and operations. Midsize and small businesses are also migrating to the cloud in increasing numbers. Companies are each developing their unique mix of cloud technologies and service...
SYS-CON Events announced today that Golden Gate University will exhibit at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Since 1901, non-profit Golden Gate University (GGU) has been helping adults achieve their professional goals by providing high quality, practice-based undergraduate and graduate educational programs in law, taxation, business and related professions. Many of its courses are taug...
@DevOpsSummit at Cloud Expo taking place Oct 31 - Nov 2, 2017, at the Santa Clara Convention Center, Santa Clara, CA, is co-located with the 21st International Cloud Expo and will feature technical sessions from a rock star conference faculty and the leading industry players in the world. The widespread success of cloud computing is driving the DevOps revolution in enterprise IT. Now as never before, development teams must communicate and collaborate in a dynamic, 24/7/365 environment. There is ...
DevOps at Cloud Expo, taking place October 31 - November 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA, is co-located with 21st Cloud Expo and will feature technical sessions from a rock star conference faculty and the leading industry players in the world. The widespread success of cloud computing is driving the DevOps revolution in enterprise IT. Now as never before, development teams must communicate and collaborate in a dynamic, 24/7/365 environment. There is no time to w...
SYS-CON Events announced today that DXWorldExpo has been named “Global Sponsor” of SYS-CON's 21st International Cloud Expo, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Digital Transformation is the key issue driving the global enterprise IT business. Digital Transformation is most prominent among Global 2000 enterprises and government institutions.
SYS-CON Events announced today that Grape Up will exhibit at SYS-CON's 21st International Cloud Expo®, which will take place on Oct. 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Grape Up is a software company specializing in cloud native application development and professional services related to Cloud Foundry PaaS. With five expert teams that operate in various sectors of the market across the U.S. and Europe, Grape Up works with a variety of customers from emergi...
With Cloud Foundry you can easily deploy and use apps utilizing websocket technology, but not everybody realizes that scaling them out is not that trivial. In his session at 21st Cloud Expo, Roman Swoszowski, CTO and VP, Cloud Foundry Services, at Grape Up, will show you an example of how to deal with this issue. He will demonstrate a cloud-native Spring Boot app running in Cloud Foundry and communicating with clients over websocket protocol that can be easily scaled horizontally and coordinate...
From 2013, NTT Communications has been providing cPaaS service, SkyWay. Its customer’s expectations for leveraging WebRTC technology are not only typical real-time communication use cases such as Web conference, remote education, but also IoT use cases such as remote camera monitoring, smart-glass, and robotic. Because of this, NTT Communications has numerous IoT business use-cases that its customers are developing on top of PaaS. WebRTC will lead IoT businesses to be more innovative and address...