The boom in the virtual world seems to have caught legislators on the wrong
foot the world over. Much as they try to get on with the work of regulating
technology, there will always be loopholes to exploit. Yet, we must regulate and
learn from each other's mistakes. Jurists, academicians and thinkers who
gathered in the Capital for a two-day seminar were unanimous in their opinion
that although countries that have taken the initiative in legislating IT laws
need to be applauded, there was still this urgent need to plug the loopholes.
The seminar–Information Security and its Managerial and Technological
Challenges–was organized by Forum Engelberg of Switzerland in collaboration
with the Management Development Institute, IIM, Lucknow, and the National
Institute of Urban Affairs.
Speaking at the inaugural session of the seminar, N Vittal, Chief Vigilance
Commissioner of the Government of India, warned that most of the security lapses
in organizations were due to their own employees. Thus, a very important
screening point is the hiring process. Besides looking at the qualification and
background of the employees, it was very important to assess the technical
expertise and the integrity of new people. Related to this is the issue of
employee retention. A lot of information gets leaked due to the natural
migration of employees outside the organization. As these are closely linked to
security, the approach to security has to be holistic. The other aspect to
security is the issue of technological investment. It is essential that we make
sure that these investments are future-proof. With the rapid development of
technology, it may not always be possible to protect investments, nonetheless it
is important to invest in open systems where at least upgradation is possible.
The first day of the seminar had two sessions, the first of which focused on
the technological aspect while the second session focused on the regulatory
aspect. The first session was on the technology choices and challenges in
information security while the second topic focused on the legal and regulatory
aspects of information security.