|
 | Help |
| You are here: Rediff Home » India » Business » Interviews » Akhilesh Tuteja, Head, Technology Advisory, KPMG |
|
| ||||||||||||||||||||||||||||||||||||||||||||
 Advertisement | ||||||||||||||||||||||||||||||||||||||||||||
|
| ||||||||||||||||||||||||||||||||||||||||||||
One of the key jobs of Akhilesh Tuteja, who heads Technology Advisory at KPMG, is to spot e-risks in organisations, and plug them. While private companies are becoming proactive in managing such risks, much more needs to be done in the government sector, he tells in this interview with Vandana Gombar.
How vulnerable are the various Indian government web sites to attacks?
All websites are potentially vulnerable to risk of defacement, if not well protected at all times. The maturity level of e-security for each department determines the extent of exposure.
But there are security guidelines in place for the government sites, and India also has a computer emergency response team in place, dubbed CERT-IN.
The guidelines mandate risk assessment and vulnerability testing through a third party once every year (KPMG is one of the third parties authorised to do these assessments). However, this alone is not enough.
There are companies, which update security patches on their web servers every week, keeping in mind the growing number of threats on the Internet. You need to understand that no site is hack-proof, given unlimited time and unlimited resources.
What is your take on preparedness of corporate India to withstand e-attacks, especially e-commerce enabled sites, which also undertake financial transactions?
As far as the payment systems are concerned (read payment gateways), we are as secure as the best global businesses are, because we use the same standards. However, sections on product catalogues and shopping carts expose these sites to tremendous risks.
On a vulnerable website, an intelligent user may be able to change the product price before proceeding to payment system, resulting in under-payment. When clients have requested us to undertake what is called penetration testing (or ethical hacking) or an overall vulnerability assessment, in most cases we have been able to identify
serious vulnerabilities.
And these clients are largely from which sectors?
Financial services and outsourcing companies (BPOs).
Can you elaborate on the vulnerability assessments? Has there been an increase in demand for these assessments over the last 12 months or so?
There has been an increase in demand for assessments, about 40 per cent year-on-year. In the last few months, we have carried out reviews for over 50 large corporations. The cost varies between Rs 3-20 lakh, and it takes three days to a couple of weeks to assess the controls.
So, India is gearing up for e-security?
Powered by
More Interviews
 Email this Article  Print this Article |
|
|
| © 2008 Rediff.com India Limited. All Rights Reserved. Disclaimer | Feedback |