Wednesday, February 25, 2009

Indian Information Security Incidents Gallery

I was recently on the phone with Dinesh O'Bareja and he mentioned a blog he started sometime back to document Indian Information Security Incidents. I think its a great initiative on his part and one that we definitely require in the Indian IT Security space.

As anyone who has been involved in the Indian IT industry can tell you, for most organizations security is always a low priority. One of the reasons for this is the lack of corporate liability for the loss of customer data.

Most companies that are faced with a breach use the hush-hush approach and sweep the incident under the rug. This causes consumers who have had their personal information compromised to be left in the dark until their next statement shows up with fraudulent transactions.

In other countries, there are Security Breach Notifications Laws in place to ensure that the consumer is well informed and the responsible company either compensates the victim or subscribes them to an identity monitoring service.

Coming back to the India InfoSec: Incidents Hall of Shame / Fame Gallery Blog, I think Dinesh has definitely taken the right step. Only when we have more attention given to Security Incidents will we see companies dealing with them in a more responsible/liable manner.

So if anyone out there has witnessed any security incidents, go ahead drop Dinesh an e-mail.