Frameworks

Data Protection is emerging as a major corporate and Government concern worldwide. The focus is on secure handling of data so as to ensure privacy of customer data and that of corporate data. In recent years, security has been established as an important function in an organization’s ecosystem. Ever increasing security challenges and expanding threat landscape are challenging established understanding and practices. The very concept of security is going through a critical review, contributing to, as well as challenging established understanding and approaches. Technology solutions, on the other hand, are driving the security market and defining characteristics of an organization’s security. The security profession – representing technical, management and operational streams of security – is contributing to new approaches, solutions and techniques for solving specific and generic security problems. The security functions have been expanding, as also the security roles, for all of the three layers of organization – strategic, tactical and operational. Security organization has undergone changes; its structure continues to evolve, but it is more visible in an organization and its responsibilities continue to expand.

DSCI studied most of the approaches and technological trends that shaped the concepts of security; organization structure and tactical security controls for enhanced security. DSCI approach was not to satisfy compliance regulations like PCIDSS, GLBA, HIPAA, which specify stringent requirements for security of data, but to address security of data that has emerged as a key concern for organizations. This demanded a relook at security priorities, preparedness and architecture. DSCI believes that an organization’s security initiatives need to be realigned to achieve the end goal of data security.

Areas such as application security, infrastructure security, business continuity and disaster management, user access management security monitoring and incident management have established themselves as intensive disciplines of security. New understanding, approaches, technical solutions and services have emerged that are specific to these disciplines.

When it comes to Privacy, different countries have enacted laws to deal with Data Protection and Data Privacy. While the European Union views privacy of personal information as a fundamental right, the United States has sector specific laws on privacy of customer data. These include laws for protecting health information, and financial information. While, regulatory requirements generally drive the privacy initiatives of an organization. In a complex global environment and expanded corporate operations, organizations need to have a complete Visibility over the Personal Information (VPI) that is being collected, transmitted and processed within their boundaries. There should be a mechanism to continuously update this visualization. A dedicated Privacy Organization is required to share the responsibility of privacy initiatives. Their relationship with other functions needs to be clearly defined in order to fix the accountability of privacy related activities (POR). Based on the type of information collected, the way information is processed and ownership of information and the corresponding compliance requirements, privacy principles of an organization can be defined. DSCI has defined 9 Privacy Principles namely – Notice, Choice and Consent, Collection Limitations, Use limitation, Access and Correction, Security, Disclosure to third parties, Openness and Accountability.

DSCI Framework Principles