Financial Daily from THE HINDU group of publications
Thursday, Dec 23, 2004

Cross Currency

Group Sites

Opinion - Accountancy
Columns - Books of Account

IS security is no overhead

D. Murali

ALMOST one in two Indian organisations are unaware of the technique used for breaching their security. This is almost double of what prevailed about a year ago, and substantially higher than the global percentage, according to IS Security Survey 2004 from PricewaterhouseCoopers and Confederation of Indian Industry.

"Information security — the assurance of system availability, data confidentiality, and integrity — has become a serious concern in today's more open and interconnected business environment. However, the need to resolve this concern presents a clear challenge for enterprises," briefs the executive summary.

The survey used a sample of about 600 organisations, identified from the CII and other industry databases.

As a sign of relevance, for 90 per cent of the respondents, IT was "a critical enabler" for business. Size seems to matter for awareness, because "over 75 per cent of the corporates who have over 500 employees accord high priority to security as compared to less than 33 per cent in case of small corporates with less than 100 employees."

Visible proof is in demand, since 40 per cent of respondents plan to obtain security certification. There is "a marked preference to obtaining BS7799/ISO 17799 certifications as compared to other certifications such as CMM or COBIT." This can be an area where there can be focus by the Institute of Chartered Accountants of India.

There is some drubbing for the insurance industry. "Insurance companies have increasingly excluded risks associated with security incidents from general security policies."

What has been the effect of this? "This has created uncertainty within many businesses as to whether they must subscribe to insurance cover. In some cases, it has effectively moved organisations from a state of risk transfer to implicit risk acceptance."

An alarming number of four out of five Indian businesses reported a security breach during the 12 months surveyed; global percentage is 64.

About 42 per cent of Indian organisations that had suffered a security breach reported three or more incidents, "including 18 per cent with six or more breaches." Not mere nuisance, notes the report, there was "overwhelming financial burden" too.

Despite anti-virus software on all servers/desktops to scan all incoming mail, 61 per cent of respondents reported `malicious code', indicating gaps in updates.

The survey recommends the deploying of multi-layered anti-virus defence mechanism synchronised with enterprise wide patch management system.

"Human error rather than flawed technology is the root cause of most security breaches. So, the challenge for many organisations is to create a security-aware culture."

It may be tough to believe that 23 per cent of the breaches have occurred due to unintended error in configuration of systems.

What is the most important barrier to information security enhancement in India? Capital expenditure.

As a sign of misplaced priorities, "security is often seen as an overhead rather than an investment."

Also, exposing flawed thinking, senior management often regards security as "a forced expenditure rather than something that can bring positive business benefits."

The publication makes `security technology forecasts' for 2004-05. Among these is one about security infrastructure:

"Softening of the perimeter, occurring as more applications use network ports, will cause increased internal focus on infrastructure security, placing protection closer to the information."

A book that you can keep closer to your systems.

Tribunal talk

SELECTED Orders of ITAT or SOT is the new baby from Taxmann Allied Services P Ltd ( It is billed as "a monthly journal reporting orders of ITAT not published in ITD."

CAs know that ITAT is short for Income-Tax Appellate Tribunal, and ITD is Income-tax Tribunal Decisions, another publication from Taxmann.

"An activity carried on with the predominant object of earning profit will be an activity for profit, though it may be carried on in advancement of charitable purpose of trust or institution," reads the note to the first case in the new publication, Muslim Imdadi Society vs Deputy Commissioner of Income-tax, before the ITAT Delhi.

What follows is the Ashwin Ramesh Mansharamani case from Mumbai where the Tribunal ruled there was no bar on buying properties as investment even where the assessee was engaged in the business of dealing in properties.

Another case that involved DLF's chairman Ch Raghavendra Singh is about a house that the builder company took on lease for Singh and his relatives. DLF constructed a swimming pool and a sauna bath in that house and stated that the same were part of a health club for the use of senior executives.

The taxman felt that the facility was for the exclusive use of Singh and his family and so valued the advantage as benefit accruing to Singh.

"It was not digestible that the Chairman or the MD of a big group will lose his privacy and open a health club in his own house," said the Tribunal. "The whole arrangement of health club is merely a cloak to benefit the appellant and his family members."

Healthy poolside read!

More Stories on : Accountancy | Books | Security | Books of Account

Article E-Mail :: Comment :: Syndication :: Printer Friendly Page

Stories in this Section
A review act

There's a shared stake in arresting managerial diversion
IS security is no overhead
Can over-confidence trip Lalu Prasad?
Laughter in the House
Complexities of monetary policy-making
Recovery in fits and starts
Society and development
Fiscal management

The Hindu Group: Home | About Us | Copyright | Archives | Contacts | Subscription
Group Sites: The Hindu | Business Line | Sportstar | Frontline | The Hindu eBooks | The Hindu Images | Home |

Copyright 2004, The Hindu Business Line. Republication or redissemination of the contents of this screen are expressly prohibited without the written consent of The Hindu Business Line