Strategic Information Security for TCS Limited

Discuss about the Strategic Information Security for TCS Limited.

Introduction:

TCS in the last few decades had become a global leader in providing technology services and consultation. It is established in 50 countries covering all over the world. It provides strategies for the digital transformation of the companies. In today’s era, every business is transforming from traditional client-server model to internet based applications. In the designing of the application, the unrestricted accessing of the website should be provided to the users. This is the main cause of threat of attack. “The hackers usually take the advantage of global accessing and gain the unauthorized access over the website information”( Singh, 2013). The normal procedure of the application can be disturbed. When dealing with the security concern of the organization, the preventive steps should be taken of two things which can be categorized as violation of information and unauthorized accessing of the information. The security associated with the application is comprised of four things which are named as privacy, authorization, integration, non repudiation. The privacy of the data should be provided to the users which mean providing protection to the confidential data from unauthorized access.” Authentication is the process of identifying the users. Only authorized persons should be given permission of reading, writing, and deleting the information” (Muruthy, 2008). The non repudiation compels the user to admit that they have done the transaction of information.

Mission:

The TCS is working in providing the technological services and consultation to variety of companies. In this paper, we will focus on the security challenges which are faced by the organization and solution and remedies provided by the company to overcome the security issues.

Values:

“The TCS focuses on the change management, integration, individual values, knowledge sharing and excellence” (Buhalis, 2014).

Direction of the research:

• In providing scalability to the network
• Security provided to the data at fight and data at rest
• The privacy of the user data should be preserved
• Interoperability among the data sources
• Visualization and the real time rich analytics.

Objective of providing security:

“The testing of the security helps in providing verification and validation that the security requirement of the application is fulfilled or not” (Butt, 2014). It also helps in the identification of the vulnerabilities which are associated with the application.

Security issues:

For checking the security issues of an application, it is necessary to list out the requirements which are needed by the application. “Since the security issues are raised with the advanced development of the application it is necessary to provide fine grained security to the application” (Dewanjee, 2010). The first level of security checking focuses on the users of the application. To check the security issues it is necessary to list out all the security issues which are associated with an application. The next step is to identify the sub parameters of the issues. All the sub parameters should be tested separately. The last step is to provide priority to the security issues associated with the sub parameters. “When dealing with the security concern of the organization, the preventive steps should be taken of two things which can be categorized as violation of information and unauthorized accessing of the information” (Devi, 2013). “Firstly, the collection of requirement of security issues, secondly analyzing and designing the scenarios for testing the security, thirdly testing after implementation, and lastly interpretation of the test report” (Bhatia, 2013).

No.	Parameters	Dimension	Dimension	Dimension	Dimension	Dimension	Priority
1	Authentication	No authentication	Based on password	Based on smart card and PIN	Based on Biometric	Based on Digital certificates	9
2	Authorization	No authorization	Based on role	Based on User	Based on electronic signature	Based on role and user	8
3	Access Control	No access control	Based on context	Based on user	Based on role	All the three	6
4	Non repudiation	No non repudiation	Based on digital signature	Based on encryption and digital signature	-	-	4
5	Audit control	No audit control	Based on firewalls and VPN logs	Based on custom based logs	Based on employ managed security services	-	6

Risk and Security management unit of TCS:

Infosys is the multinational company which helps in managing risks associated with the organizations, give assurance about the regulatory compliance, prepares strategies for empowering the risk, works on achieving cyber resilience, and helps in recovery from the security issues which are encountered within the organization. “From the survey, it was determined that the track record of TCS is impressive in giving solution to the organization all over the world” (Turn, 2009). The processes which are robust in nature help in providing security services to more than 6000 security associates. The main focus of the Infosys is to develop centers for the management of vulnerability, solution for cyber security, forensic labs, and many others. The company provides aligned solution with the requirement of the client organization. “The consultants of TCS organization are categorized as centers for security operations and the organization for the vulnerability management” (Kunnauthur, 2008).

Problems faced by the TCS:

• Management of the devices
• Diversity in the devices and interoperability
• Integration of the multiple sources for collecting data
• Improving the scale, volume of the data, and performance of the organization
• Flexibility in the new or existing application
• In maintaining the privacy of the data
• Single security services are not provided by the organization
• Peer to peer security is not provided by the organization
• Smaller programs are developed to deal with the security threats
• Services of security providing at lower cost associated with the features like reusability, simplification, and automation is the key challenge for the organization
• Shared services are not provided by the centers for security operation

Potency of the TCS organization:

• “The centers for security operation of the Infosys organization deal in the direction of providing and proper management of the requirement raised by the client organizations” (Maheshwari, 2014).
• The management of security is handled by number of accelerators of the organization which fulfills all the requirement of the clients.
• The security management system of the organization is converted from reactive to proactive
• Penetration testers are available to check the security system of the organization
• Services provided in the growth of IT infrastructure is flourishing

Planning for Security Management:

• It is established in 50 countries covering all over the world. It provides strategies for the digital transformation of the companies.
• The development of cyber hub and the centers for security operation is in progress to overcome the problem of end to end security.
• “The main focus of the Infosys is to develop centers for the management of vulnerability, solution for cyber security, forensic labs, and many others” (Dhawale,2013).
• The company is working efficiently in the area of providing security to the cloud computing by the development of accelerators and other associated tools.
• The framework of security have been developed for improving the threat intelligence
• For providing services reusable and automated tools are provided for overcoming the problem of security issues.

Current Working Scenario of the TCS organization:

TCS is working in the direction of maintaining the quality management system. “The quality management system of the organization should be associated with the features like vibrant, process driven strategies, integration, people oriented strategies, and focusing on customer demand” (NelsonHall, 2015). The number of technologies which are used by the organization to measure and monitor the security issues, management of the log, incident management, and the services provided for remedies. It is also associated with the number of accelerators for example dashboard, reporting templates and threat intelligence. “The services which are provided by the organization in focus network security are like network intrusion detection and prevention, managing the firewall to restrict the entrance of the intrusion, providing remote accessing security, IPS management, the gateway of the email and web should be secured, and controlling of the network access from the unauthorized users” (Oshri, 2011). This type of security mechanism is working on managing the anti-virus, host intrusion prevention, protection from monitoring and integration, management of application, advancement in the technologies used for detecting the threats, protection from mobilization of the enterprise, and the security mechanism for hypervisor. This type of management system provides services for the complete development of the application, network platform and mobile devices. The services offers for managing the vulnerabilities are the collection of managing the vulnerabilities throughout the development of the application, services offered for security, and the threat intelligence security service. “Data security and privacy is the collection of encryption technologies or procedures, prevention from the data leakage, and services offered for key management” (Kulandaivel, 2013). The services for assessment, development of design, and implementation are also provided by the organization. The organization provides solutions which are the combination of evaluation of the solution and its road mapping. It works on developing the program and technologies which works on overcoming security issues which are associated with the organization. The services provided by the government and the identity federation are also accessed by the organization. It works on developing the lifecycle management for overcoming the security issues.

Risk associated with the organization:

The security team of the TCS organization works in providing the automation to the programs and processes which are designed for monitoring the deviation which occurs in the management of risk, governance, and the requirement associated with the resilience of the organization.

The metric stream and the open pages are the services provided by the organization. The multiple framework strategies are working on controlling the critical path associated with the security mechanism associated with the organization. The frameworks are associated in providing increased level of defense, prevention from the threats, risk maturity, and recovery from the attack. The stages which are associated with the framework are summarized as Risk awareness focuses on the automation of the governance process and risk associated with the development of instruments and risk management is the process of handling the risk by the integration of the governance and security operations which are associated with the system.

Strategy or solution:

“Network security protocols for example, Wi-Fi protected access 2 should be used for securing the network for the wireless connectivity framework” (Raghuwanshi, 2014). The public key infrastructure is used for providing peer to peer consultation and implementation of the services. To check the security issues it is necessary to list out all the security issues which are associated with an application. The next step is to identify the sub parameters of the issues. “All the sub parameters should be tested separately. The attribute based access control is used for mitigating from the security risk associated with the data connection and the devices” (David, 2013). It should be implemented on peer to peer controlling of devices, network, and the data. “The designing of the architecture should give the clear perspective view of the security controls and postures, new security application can be developed, and the existing application can be implemented by the security model” (Michigan, 2014). The security concern should follow the following key fields:

• Sensors should be secured: Wireless sensors which are used for providing long distance connectivity can be disturbed by the human intervention. For the implementation of smart services it is important periodically physical checks should be done and the devices which are providing gateway to the vulnerabilities and attacks should be replaced.
• Safeguarding of the Network: “Network security protocols for example, wi-fi protected access 2 should be used for securing the network for the wireless connectivity framework” (Daya, 2014). The communication of the client with their desired destination access point the key security step which should be taken for securing the network is making use of non suggestive service set identifier.
• Protection of the data which is captured by the sensor: The data encryption policies are not well suitable for securing the network system. “The problem of memory limitation can be solved by forwarding the contextual data to the sink nodes which act as a gateway devices for increasing the capacity of the memory storage” (Hutchings, 2012).
• “Ensuring the security to the data stored at cloud: Analytics and application based processing sent their data over the cloud by the help of sensor” (She, 2007). The data leakages and breaches should be prevented by ensuring effective identification of the data owner.
• “Peer to peer controlling of devices, network, data, and the information: For ensuring the security to the connected devices it is necessary to keep the track and control of the interconnected devices” (Appari, 2009). The attribute based access control is used for mitigating from the security risk associated with the data connection and the devices. It should be implemented on peer to peer controlling of devices, network, and the data.

The level of security can be improved:

The security concern can be raised in the implementation and operation of organizational activities in the summarized manner:

• Peer to peer security should be provided
• Network level security should also be provided
• Data level security should be provided
• The level of security should be improved in respect to event management and information gathering
• The level of security should improved with respect to vulnerability management
• The level of security should improved with respect to access management
• The level of security should improved with respect to vulnerability management
• The level of security should improved with respect to user provision
• The level of security should improved with respect to infrastructure in identification of potential attack
• The level of security should improved with respect to monitoring the threat
• The level of security should improved with respect to vulnerability management
• Multi vendor tools and Firewalls should be taken into consideration for security purpose
• “Intrusion detection system, installation of the antivirus, simple mail transfer protocol, identification management system, web filtering, network access tools, and others are the advanced tools which are used for security purposes” (Michael, 2014)

Enhancement in the level of security:

Security is main concern for any organization. The security system can be categorized in the four main categories which are summarized below:

• “Identification: The identity of the devices helps in the identification of the owner. The data and the services which reveal the identity of the owner should be kept confidential” (Gordon, 2013).
• Location: “The data which is useful for identification of the identity of the user and the location of the owner should be kept confidential” (Ristov, 2014).
• Searching of the query: Searching of the query gives the information about the IP address of the person who initiated the search.
• Digital foot prints: “The data which is traceable on the internet is called digital footprint. The security protocols should be used for preventing the accumulation of the digital footprints. The operational privacy can be secured by the invasion of cookie on the devices” (Bob, 2013).

The table below gives the detail of new business model with the improved version of security:

Industry	Services or solution offered	Sensors or devices used	Analytics	Interfaces	Result
Utilities	Real time collection of the data should be done Prediction for the demand and supply	Energy, water and the gas meter can be used	Prediction of the usage and demand and supply	Any internet can be used for accessing	Consumers can focus on cost saving
Manufacturing	Remote monitoring Automation in the production line	Data acquisition and supervisory control	Detection of the anomaly in the devices   Predictive Maintenance	Mobile terminals can be used for connection with the remote consultation	Improved efficiency of the operation
Health care	Real time collection of the data should be done Management of chronic disease	Mobile phones and personal medical devices	Detection of the anomaly in the medical data	Tele consultation with the remote specialist	Improvement in the health of the patient at lower cost.

Flowchart of the activities

Conclusion:

Tata consultancy service is an organization which offers IT services, consultation and strategies to the enterprise for making it a global organization. It provides the platform to the services and infrastructure for the world of IT technology.  For the implementation of smart services it is important periodically physical checks should be done and the devices which are providing gateway to the vulnerabilities and attacks should be replaced. When dealing with the security concern of the organization, the preventive steps should be taken of two things which can be categorized as violation of information and unauthorized accessing of the information. The data leakages and breaches should be prevented by ensuring effective identification of the data owner. Data security and privacy is the collection of encryption technologies or procedures, prevention from the data leakage, and services offered for key management. In this paper, we focus on improving the security concern of the Tata consultancy services.

References:

Singh, A. (2013). A Parametric Approach for Security Testing of Internet Applications. 1st ed. [ebook] Available at: https://www.infosys.com/it-services/validation-solutions/white-papers/documents/security-testing-internet.pdf [Accessed 14 Aug. 2016].

NelsonHall, F. (2015). IT outsourcing vendor profile of TCS managed security services. 1st ed. [ebook] Available at: http://www.tcs.com/SiteCollectionDocuments/Analyst%20Reports/NelsonHall-TCS-MSS-0915-1.pdf [Accessed 14 Aug. 2016].

Muruthy, N. (2008). TCS Sustainability Report. 1st ed. [ebook] Available at: https://www.infosys.com/sustainability/Documents/infosys-sustainability-report-0809.pdf [Accessed 14 Aug. 2016].

Buhalis, S. (2014). TCS Code of Conduct and Ethics. 1st ed. [ebook] Available at: https://www.infosys.com/investors/corporate-governance/Documents/CodeofConduct.pdf [Accessed 14 Aug. 2016].

Dewanjee, R. (2010). TCS Annual report. 1st ed. [ebook] Available at: https://www.infosys.com/investors/reports-filings/annual-report/annual/Documents/Infosys-AR-05.pdf [Accessed 14 Aug. 2016].

Oshri, I. (2011). Managing Dispersed Expertise in IT offshore Outsourcing: from tata consultancy services. 1st ed. [ebook] Available at: http://www.juliakotlarsky.com/MISQExecutiveOshriKotlarskyWillcocks2007.pdf [Accessed 14 Aug. 2016].

Bhatia, R. (2013). Grid Computing and Security Issues. 1st ed. [ebook] Available at: http://www.ijsrp.org/research-paper-0813/ijsrp-p2094.pdf [Accessed 14 Aug. 2016].

Turn, R. (2009). Privacy and security issues in information system. 1st ed. [ebook] Available at: https://www.rand.org/content/dam/rand/pubs/papers/2008/P5684.pdf [Accessed 14 Aug. 2016].

Kunnauthur, A. (2008). Information Security Issues In Global Supply Chain. 1st ed. [ebook] Available at: http://www.utoledo.edu/business/ISCMIA/documents/IS_Issues_In_Global_SCM_Draft_.pdf [Accessed 14 Aug. 2016].

Dhawale, F. (2013). Document Security and Compliance Enterprise Challenges and Opportunities. 1st ed. [ebook] Info trends. Available at: http://www.nuance.com/ucmprod/groups/imaging/@web-enus/documents/collateral/nc_027979.pdf [Accessed 14 Aug. 2016].

Maheshwari, R. (2014). Tata Consultancy Services. [Blog] Money Control. Available at: http://www.moneycontrol.com/competition/tataconsultancyservices/comparison/TCS [Accessed 14 Aug. 2016].

Murugappan, M. (2015). Leveraging CMMI framework for engineering services. 1st ed. [ebook] Available at: http://www.tcs.com/SiteCollectionDocuments/White%20Papers/EIS_Whitepaper_Leveraging_CMMI_Framework_Engineering_Services_0212-1.pdf [Accessed 14 Aug. 2016].

Raghuwanshi, K. (2014). Privacy and Cyber Security Emphasizing privacy protection in cyber security activities. 1st ed. [ebook] Available at: https://www.priv.gc.ca/information/research-recherche/2014/cs_201412_e.pdf [Accessed 14 Aug. 2016].

Butt, D. (2014). erprise security and risk management solution and services. 1st ed. [ebook] Available at: http://www.tcs.com/SiteCollectionDocuments/Brochures/ESRM-0914-1.pdf [Accessed 14 Aug. 2016].

Kulandaivel, P. (2013). Design strategy for hardware accelerators for wireless broadband systems. 1st ed. [ebook] Available at: http://www.tcs.com/SiteCollectionDocuments/White%20Papers/EIS_Whitepaper_Design-Strategies-of-Hardware-Accelerators-for-wireless-broadband_11_2009.pdf [Accessed 14 Aug. 2016].

Michigan, P. (2014). Information Security Plan. 1st ed. [ebook] Available at: http://www.security.mtu.edu/policies-procedures/information-security-plan.pdf [Accessed 14 Aug. 2016].

Daya, B. (2014). Network Security: History, Importance, and Future. 1st ed. [ebook] Available at: http://web.mit.edu/~bdaya/www/Network%20Security.pdf [Accessed 16 Aug. 2016].

Hutchings, A. (2012). Computer security threats faced by small businesses in Australia. 1st ed. [ebook] Available at: http://aic.gov.au/media_library/publications/tandi_pdf/tandi433.pdf [Accessed 16 Aug. 2016].

David, J. (2013). Cyber security and fraud: The impact on small businesses. 1st ed. [ebook] Available at: http://www.fsb.org.uk/docs/default-source/fsb-org-uk/policy/assets/publications/fsb_cyber_security_and_fraud_paper_final.pdf?sfvrsn=0 [Accessed 16 Aug. 2016].

She, W. (2007). Security For enterprise resource planning. 1st ed. [ebook] Available at: https://www.utdallas.edu/~bxt043000/Publications/Technical-Reports/UTDCS-33-07.pdf [Accessed 16 Aug. 2016].

Appari, A. (2010). Information security and privacy in healthcare: current state of research. 1st ed. [ebook] Available at: http://www.ists.dartmouth.edu/library/501.pdf [Accessed 16 Aug. 2016].

Michael, A. (2014). Cisco IoT System Security: Mitigate Risk, Simplify Compliance, and Build Trust. 1st ed. [ebook] Available at: http://www.cisco.com/c/dam/en/us/products/collateral/se/internet-of-things/iot-system-security-wp.pdf [Accessed 16 Aug. 2016].

Gordon, J. (2013). Business Opportunities in the Security Industry New paths to success in a changing market. 1st ed. [ebook] Available at: http://Business Opportunities in the Security Industry New paths to success in a changing market [Accessed 16 Aug. 2016].

Ristov, S. (2014). C LOUD C Omputing S Ecurity In B Usiness I Nformation S Ystems. 1st ed. [ebook] Available at: https://arxiv.org/ftp/arxiv/papers/1204/1204.1140.pdf [Accessed 16 Aug. 2016].

Bob, H. (2016). Cyber security: Planning Guide. 1st ed. [ebook] Available at: https://transition.fcc.gov/cyber/cyberplanner.pdf [Accessed 16 Aug. 2016].

MyAssignmentHelp.co.uk is not a new name in the field of essay writing services. For almost a decade MyAssignmentHelp.co.uk has provided the students in the UK with the essential essay help whenever requested and still continues to do so with the same enthusiasm. In fact, their custom essay writing help is specially designed to serve the specific requirements of every student in the country.