Incident Response in India vs Global Practices - Where Are the Gaps?Security Leader Sapan Talwar on the Need For a Proactive Approach
While the goals for information security teams around the globe are the same, the approach often differs by geography - subject to cultural mores and the level of maturity and understanding of information security. Incident response is one such area that has matured significantly in more developed markets, but is still a function in nascent stages in India and parts of Asia. Among the several reasons for this is the reactive approach to security in India, believes Sapan Talwar, who is a security leader with a major Nasdaq listed software company (see: Jeff Buhl on the The Growing Role of Incident Response in Asia).
Talwar feels Indian practitioners do a poor job of managing incidents - the process being highly manual in nature, making it difficult to keep up with the pace of today's attacks. In this exclusive audio interview with Information Security Media Group, Talwar draws parallels between the global standards that he practices in his role and his take on how it compares with the approach to security in India. (see: Incident Response Must Come of Age).
"The first area where we [Indian practitioners] are lacking is that we are reactive and we don't learn from the incidents that we come across. It is very important and imperative that we tend to be proactive," Talwar says. If practitioners learn and apply those learnings back to their processes, they will be able to deal with any kind of incident much better, he says. "While organizations today are slowly investing in incident response, it is still something that is only taken seriously once the organization, or a function, or team is seriously impacted." (see: Does the CISO Need a Board Seat?).
Preparations need to be strategic and not after the fact, says Talwar. There is a need to sensitize the senior management and set up a process. Practitioners then need to follow up with regular exercises to gauge effectiveness, rather than waiting for incidents to happen, he advises (see: Why Continuous Vulnerability Assessment Is Essential).
Talwar recommends doing an analysis post incidents, to immediately identify root causes and try to put the relevant controls in place to improve processes. Most of the time, the focus is more on technology, he says. But it is equally important to focus on the process side of things, and then make people aware. "It is important to close the loop - all three aspects viz. people, process, and technology need to work in tandem." (see: Improving Incident Response in the Middle East).
Listen to this audio interview (player link below image), to learn more about:
- How security in India compares to contemporary practices in more mature markets;
- Recommendations for Indian/Asian security practitioners on incident response;
- Cultural aspects to the approach to InfoSec and breach notification in India.
Talwar is information risk and security management practitioner with 18-plus years of Industry experience in areas including IT risk management, information security, compliance, disaster recovery, data center management, mobile security, network security, application and infrastructure vulnerability management. His forte is working with stakeholders including legal, compliance, technology and security groups, both within and outside the organization, producing desired results to enable business growth while protecting the company's information assets.