A Critical Analysis of Information Security -A Case Study of Cognizant Technology Solutions

Abstract

Security was not a major concern of the past in Information Technology Organizations. Butpresently, due to the vast growth in fraud and hacking techniques, the security of organizationsis a great concern. Organizations usually spend millions every year just to protect theirenvironment and to maintain security. Yet, no company claims to be a hundred percent secureas fraudulent techniques are more tricky and latest. As the hackers are becoming hard andtricky, the major Information Technology (IT) Organizations are willing to pay a large sum ofmoney for providers offering services of enterprise security schemes. The hackers are alwaysready to intrude into the company's valuable information sources. As per the recent survey by'Security Week', nearly seventy percentages of respondents have faced a security threat whichended up in the loss of valuable information or the collapse of functioning last year. Anemployer of the company can indeed be a major attacker than an outside intruder. An employeeof the company is already having all privileges to use resources of the company while variousother ways are needed for an outer intruder for accessing the same company's network or data.Cisco, the networking giant has a major focus on Enterprise Security Policies. The companyhas seen a valuable improvement in the last few decades, which shows the importance ofsecurity. Cisco had recently released data that showed a lack of security policies in about 23percentages of companies worldwide. More than 70% of Information Technology persons saythat their organizations lack behind in areas of security policy. Large numbers of IT peoplefail to practice security policies as they are not easily understandable. For every organization,policies are the building blocks. They function as road maps which each employee of thecompany uses in various ways. Developing a well-defined policy requires artistic skill. Federalagencies have a Statutory obligation is available for federal agencies for maintaining day-today security policies. The primary Information Security Officer (ISO) is usually pledged forimplementing these policies and the Chief Executive Officer (CEO) of the Company as well.The best security policies consider the vision and mission of companies, the important assetsthat need security, and security threats imposed against certain factors. All these come underrisk management which needs defect identification by business impact policies. The weaknessof a company has to be identified to find the vulnerability ratio of that company. Designing asecurity policy is not a nightmare once the major scope of policy design is identified. Themajor challenge lies in identifying the scope and threat areas for security policy. The policy isnothing but a collection of guidelines and procedures on what and how it can be implemented.In this paper, we are analyzing how Cognizant Technology Solutions (CTS) maintaining itsstandards, policies, technologies, and management policies which are defined for securing dataof an organization.