Strategic Information Security for TCS Limited

Author: George Lynch

March 26th, 2021

Discuss about the Strategic Information Security for TCS Limited.

Introduction:

TCS in the last few decades had become a global leader in providing technology services and consultation. It is established in 50 countries covering all over the world. It provides strategies for the digital transformation of the companies. In today’s era, every business is transforming from traditional client-server model to internet based applications. In the designing of the application, the unrestricted accessing of the website should be provided to the users. This is the main cause of threat of attack. “The hackers usually take the advantage of global accessing and gain the unauthorized access over the website information”( Singh, 2013). The normal procedure of the application can be disturbed. When dealing with the security concern of the organization, the preventive steps should be taken of two things which can be categorized as violation of information and unauthorized accessing of the information. The security associated with the application is comprised of four things which are named as privacy, authorization, integration, non repudiation. The privacy of the data should be provided to the users which mean providing protection to the confidential data from unauthorized access.” Authentication is the process of identifying the users. Only authorized persons should be given permission of reading, writing, and deleting the information” (Muruthy, 2008). The non repudiation compels the user to admit that they have done the transaction of information.

Mission:

The TCS is working in providing the technological services and consultation to variety of companies. In this paper, we will focus on the security challenges which are faced by the organization and solution and remedies provided by the company to overcome the security issues.

Values:

“The TCS focuses on the change management, integration, individual values, knowledge sharing and excellence” (Buhalis, 2014).

Direction of the research:

In providing scalability to the network
Security provided to the data at fight and data at rest
The privacy of the user data should be preserved
Interoperability among the data sources
Visualization and the real time rich analytics.

Objective of providing security:

“The testing of the security helps in providing verification and validation that the security requirement of the application is fulfilled or not” (Butt, 2014). It also helps in the identification of the vulnerabilities which are associated with the application.

Security issues:

For checking the security issues of an application, it is necessary to list out the requirements which are needed by the application. “Since the security issues are raised with the advanced development of the application it is necessary to provide fine grained security to the application” (Dewanjee, 2010). The first level of security checking focuses on the users of the application. To check the security issues it is necessary to list out all the security issues which are associated with an application. The next step is to identify the sub parameters of the issues. All the sub parameters should be tested separately. The last step is to provide priority to the security issues associated with the sub parameters. “When dealing with the security concern of the organization, the preventive steps should be taken of two things which can be categorized as violation of information and unauthorized accessing of the information” (Devi, 2013). “Firstly, the collection of requirement of security issues, secondly analyzing and designing the scenarios for testing the security, thirdly testing after implementation, and lastly interpretation of the test report” (Bhatia, 2013).

No.	Parameters	Dimension	Dimension	Dimension	Dimension	Dimension	Priority
1	Authentication	No authentication	Based on password	Based on smart card and PIN	Based on Biometric	Based on Digital certificates	9
2	Authorization	No authorization	Based on role	Based on User	Based on electronic signature	Based on role and user	8
3	Access Control	No access control	Based on context	Based on user	Based on role	All the three	6
4	Non repudiation	No non repudiation	Based on digital signature	Based on encryption and digital signature	–	–	4
5	Audit control	No audit control	Based on firewalls and VPN logs	Based on custom based logs	Based on employ managed security services	–	6

Risk and Security management unit of TCS:

Infosys is the multinational company which helps in managing risks associated with the organizations, give assurance about the regulatory compliance, prepares strategies for empowering the risk, works on achieving cyber resilience, and helps in recovery from the security issues which are encountered within the organization. “From the survey, it was determined that the track record of TCS is impressive in giving solution to the organization all over the world” (Turn, 2009). The processes which are robust in nature help in providing security services to more than 6000 security associates. The main focus of the Infosys is to develop centers for the management of vulnerability, solution for cyber security, forensic labs, and many others. The company provides aligned solution with the requirement of the client organization. “The consultants of TCS organization are categorized as centers for security operations and the organization for the vulnerability management” (Kunnauthur, 2008).

Problems faced by the TCS:

Management of the devices
Diversity in the devices and interoperability
Integration of the multiple sources for collecting data
Improving the scale, volume of the data, and performance of the organization
Flexibility in the new or existing application
In maintaining the privacy of the data
Single security services are not provided by the organization
Peer to peer security is not provided by the organization
Smaller programs are developed to deal with the security threats
Services of security providing at lower cost associated with the features like reusability, simplification, and automation is the key challenge for the organization
Shared services are not provided by the centers for security operation

Potency of the TCS organization:

“The centers for security operation of the Infosys organization deal in the direction of providing and proper management of the requirement raised by the client organizations” (Maheshwari, 2014).
The management of security is handled by number of accelerators of the organization which fulfills all the requirement of the clients.
The security management system of the organization is converted from reactive to proactive
Penetration testers are available to check the security system of the organization
Services provided in the growth of IT infrastructure is flourishing

Planning for Security Management:

It is established in 50 countries covering all over the world. It provides strategies for the digital transformation of the companies.
The development of cyber hub and the centers for security operation is in progress to overcome the problem of end to end security.
“The main focus of the Infosys is to develop centers for the management of vulnerability, solution for cyber security, forensic labs, and many others” (Dhawale,2013).
The company is working efficiently in the area of providing security to the cloud computing by the development of accelerators and other associated tools.
The framework of security have been developed for improving the threat intelligence
For providing services reusable and automated tools are provided for overcoming the problem of security issues.

Current Working Scenario of the TCS organization:

TCS is working in the direction of maintaining the quality management system. “The quality management system of the organization should be associated with the features like vibrant, process driven strategies, integration, people oriented strategies, and focusing on customer demand” (NelsonHall, 2015). The number of technologies which are used by the organization to measure and monitor the security issues, management of the log, incident management, and the services provided for remedies. It is also associated with the number of accelerators for example dashboard, reporting templates and threat intelligence. “The services which are provided by the organization in focus network security are like network intrusion detection and prevention, managing the firewall to restrict the entrance of the intrusion, providing remote accessing security, IPS management, the gateway of the email and web should be secured, and controlling of the network access from the unauthorized users” (Oshri, 2011). This type of security mechanism is working on managing the anti-virus, host intrusion prevention, protection from monitoring and integration, management of application, advancement in the technologies used for detecting the threats, protection from mobilization of the enterprise, and the security mechanism for hypervisor. This type of management system provides services for the complete development of the application, network platform and mobile devices. The services offers for managing the vulnerabilities are the collection of managing the vulnerabilities throughout the development of the application, services offered for security, and the threat intelligence security service. “Data security and privacy is the collection of encryption technologies or procedures, prevention from the data leakage, and services offered for key management” (Kulandaivel, 2013). The services for assessment, development of design, and implementation are also provided by the organization. The organization provides solutions which are the combination of evaluation of the solution and its road mapping. It works on developing the program and technologies which works on overcoming security issues which are associated with the organization. The services provided by the government and the identity federation are also accessed by the organization. It works on developing the lifecycle management for overcoming the security issues.

Risk associated with the organization:

The security team of the TCS organization works in providing the automation to the programs and processes which are designed for monitoring the deviation which occurs in the management of risk, governance, and the requirement associated with the resilience of the organization.

The metric stream and the open pages are the services provided by the organization. The multiple framework strategies are working on controlling the critical path associated with the security mechanism associated with the organization. The frameworks are associated in providing increased level of defense, prevention from the threats, risk maturity, and recovery from the attack. The stages which are associated with the framework are summarized as Risk awareness focuses on the automation of the governance process and risk associated with the development of instruments and risk management is the process of handling the risk by the integration of the governance and security operations which are associated with the system.

Strategy or solution:

“Network security protocols for example, Wi-Fi protected access 2 should be used for securing the network for the wireless connectivity framework” (Raghuwanshi, 2014). The public key infrastructure is used for providing peer to peer consultation and implementation of the services. To check the security issues it is necessary to list out all the security issues which are associated with an application. The next step is to identify the sub parameters of the issues. “All the sub parameters should be tested separately. The attribute based access control is used for mitigating from the security risk associated with the data connection and the devices” (David, 2013). It should be implemented on peer to peer controlling of devices, network, and the data. “The designing of the architecture should give the clear perspective view of the security controls and postures, new security application can be developed, and the existing application can be implemented by the security model” (Michigan, 2014). The security concern should follow the following key fields:

Sensors should be secured: Wireless sensors which are used for providing long distance connectivity can be disturbed by the human intervention. For the implementation of smart services it is important periodically physical checks should be done and the devices which are providing gateway to the vulnerabilities and attacks should be replaced.
Safeguarding of the Network: “Network security protocols for example, wi-fi protected access 2 should be used for securing the network for the wireless connectivity framework” (Daya, 2014). The communication of the client with their desired destination access point the key security step which should be taken for securing the network is making use of non suggestive service set identifier.
Protection of the data which is captured by the sensor: The data encryption policies are not well suitable for securing the network system. “The problem of memory limitation can be solved by forwarding the contextual data to the sink nodes which act as a gateway devices for increasing the capacity of the memory storage” (Hutchings, 2012).
“Ensuring the security to the data stored at cloud: Analytics and application based processing sent their data over the cloud by the help of sensor” (She, 2007). The data leakages and breaches should be prevented by ensuring effective identification of the data owner.
“Peer to peer controlling of devices, network, data, and the information: For ensuring the security to the connected devices it is necessary to keep the track and control of the interconnected devices” (Appari, 2009). The attribute based access control is used for mitigating from the security risk associated with the data connection and the devices. It should be implemented on peer to peer controlling of devices, network, and the data.

The level of security can be improved:

The security concern can be raised in the implementation and operation of organizational activities in the summarized manner:

Peer to peer security should be provided
Network level security should also be provided
Data level security should be provided
The level of security should be improved in respect to event management and information gathering
The level of security should improved with respect to vulnerability management
The level of security should improved with respect to access management
The level of security should improved with respect to vulnerability management
The level of security should improved with respect to user provision
The level of security should improved with respect to infrastructure in identification of potential attack
The level of security should improved with respect to monitoring the threat
The level of security should improved with respect to vulnerability management
Multi vendor tools and Firewalls should be taken into consideration for security purpose
“Intrusion detection system, installation of the antivirus, simple mail transfer protocol, identification management system, web filtering, network access tools, and others are the advanced tools which are used for security purposes” (Michael, 2014)

Enhancement in the level of security:

Security is main concern for any organization. The security system can be categorized in the four main categories which are summarized below:

“Identification: The identity of the devices helps in the identification of the owner. The data and the services which reveal the identity of the owner should be kept confidential” (Gordon, 2013).
Location: “The data which is useful for identification of the identity of the user and the location of the owner should be kept confidential” (Ristov, 2014).
Searching of the query: Searching of the query gives the information about the IP address of the person who initiated the search.
Digital foot prints: “The data which is traceable on the internet is called digital footprint. The security protocols should be used for preventing the accumulation of the digital footprints. The operational privacy can be secured by the invasion of cookie on the devices” (Bob, 2013).

The table below gives the detail of new business model with the improved version of security:

Industry	Services or solution offered	Sensors or devices used	Analytics	Interfaces	Result
Utilities	Real time collection of the data should be done Prediction for the demand and supply	Energy, water and the gas meter can be used	Prediction of the usage and demand and supply	Any internet can be used for accessing	Consumers can focus on cost saving
Manufacturing	Remote monitoring Automation in the production line	Data acquisition and supervisory control	Detection of the anomaly in the devices Predictive Maintenance	Mobile terminals can be used for connection with the remote consultation	Improved efficiency of the operation
Health care	Real time collection of the data should be done Management of chronic disease	Mobile phones and personal medical devices	Detection of the anomaly in the medical data	Tele consultation with the remote specialist	Improvement in the health of the patient at lower cost.

Flowchart of the activities

Conclusion:

Tata consultancy service is an organization which offers IT services, consultation and strategies to the enterprise for making it a global organization. It provides the platform to the services and infrastructure for the world of IT technology. For the implementation of smart services it is important periodically physical checks should be done and the devices which are providing gateway to the vulnerabilities and attacks should be replaced. When dealing with the security concern of the organization, the preventive steps should be taken of two things which can be categorized as violation of information and unauthorized accessing of the information. The data leakages and breaches should be prevented by ensuring effective identification of the data owner. Data security and privacy is the collection of encryption technologies or procedures, prevention from the data leakage, and services offered for key management. In this paper, we focus on improving the security concern of the Tata consultancy services.

References:

Singh, A. (2013). A Parametric Approach for Security Testing of Internet Applications. 1st ed. [ebook] Available at: https://www.infosys.com/it-services/validation-solutions/white-papers/documents/security-testing-internet.pdf [Accessed 14 Aug. 2016].

NelsonHall, F. (2015). IT outsourcing vendor profile of TCS managed security services. 1st ed. [ebook] Available at: http://www.tcs.com/SiteCollectionDocuments/Analyst%20Reports/NelsonHall-TCS-MSS-0915-1.pdf [Accessed 14 Aug. 2016].

Muruthy, N. (2008). TCS Sustainability Report. 1st ed. [ebook] Available at: https://www.infosys.com/sustainability/Documents/infosys-sustainability-report-0809.pdf [Accessed 14 Aug. 2016].

Buhalis, S. (2014). TCS Code of Conduct and Ethics. 1st ed. [ebook] Available at: https://www.infosys.com/investors/corporate-governance/Documents/CodeofConduct.pdf [Accessed 14 Aug. 2016].

Dewanjee, R. (2010). TCS Annual report. 1st ed. [ebook] Available at: https://www.infosys.com/investors/reports-filings/annual-report/annual/Documents/Infosys-AR-05.pdf [Accessed 14 Aug. 2016].

Oshri, I. (2011). Managing Dispersed Expertise in IT offshore Outsourcing: from tata consultancy services. 1st ed. [ebook] Available at: http://www.juliakotlarsky.com/MISQExecutiveOshriKotlarskyWillcocks2007.pdf [Accessed 14 Aug. 2016].

Bhatia, R. (2013). Grid Computing and Security Issues. 1st ed. [ebook] Available at: http://www.ijsrp.org/research-paper-0813/ijsrp-p2094.pdf [Accessed 14 Aug. 2016].

Turn, R. (2009). Privacy and security issues in information system. 1st ed. [ebook] Available at: https://www.rand.org/content/dam/rand/pubs/papers/2008/P5684.pdf [Accessed 14 Aug. 2016].

Kunnauthur, A. (2008). Information Security Issues In Global Supply Chain. 1st ed. [ebook] Available at: http://www.utoledo.edu/business/ISCMIA/documents/IS_Issues_In_Global_SCM_Draft_.pdf [Accessed 14 Aug. 2016].

Dhawale, F. (2013). Document Security and Compliance Enterprise Challenges and Opportunities. 1st ed. [ebook] Info trends. Available at: http://www.nuance.com/ucmprod/groups/imaging/@web-enus/documents/collateral/nc_027979.pdf [Accessed 14 Aug. 2016].

Maheshwari, R. (2014). Tata Consultancy Services. [Blog] Money Control. Available at: http://www.moneycontrol.com/competition/tataconsultancyservices/comparison/TCS [Accessed 14 Aug. 2016].

Murugappan, M. (2015). Leveraging CMMI framework for engineering services. 1st ed. [ebook] Available at: http://www.tcs.com/SiteCollectionDocuments/White%20Papers/EIS_Whitepaper_Leveraging_CMMI_Framework_Engineering_Services_0212-1.pdf [Accessed 14 Aug. 2016].

Raghuwanshi, K. (2014). Privacy and Cyber Security Emphasizing privacy protection in cyber security activities. 1st ed. [ebook] Available at: https://www.priv.gc.ca/information/research-recherche/2014/cs_201412_e.pdf [Accessed 14 Aug. 2016].

Butt, D. (2014). erprise security and risk management solution and services. 1st ed. [ebook] Available at: http://www.tcs.com/SiteCollectionDocuments/Brochures/ESRM-0914-1.pdf [Accessed 14 Aug. 2016].

Kulandaivel, P. (2013). Design strategy for hardware accelerators for wireless broadband systems. 1st ed. [ebook] Available at: http://www.tcs.com/SiteCollectionDocuments/White%20Papers/EIS_Whitepaper_Design-Strategies-of-Hardware-Accelerators-for-wireless-broadband_11_2009.pdf [Accessed 14 Aug. 2016].

Michigan, P. (2014). Information Security Plan. 1st ed. [ebook] Available at: http://www.security.mtu.edu/policies-procedures/information-security-plan.pdf [Accessed 14 Aug. 2016].

Daya, B. (2014). Network Security: History, Importance, and Future. 1st ed. [ebook] Available at: http://web.mit.edu/~bdaya/www/Network%20Security.pdf [Accessed 16 Aug. 2016].

Hutchings, A. (2012). Computer security threats faced by small businesses in Australia. 1st ed. [ebook] Available at: http://aic.gov.au/media_library/publications/tandi_pdf/tandi433.pdf [Accessed 16 Aug. 2016].

David, J. (2013). Cyber security and fraud: The impact on small businesses. 1st ed. [ebook] Available at: http://www.fsb.org.uk/docs/default-source/fsb-org-uk/policy/assets/publications/fsb_cyber_security_and_fraud_paper_final.pdf?sfvrsn=0 [Accessed 16 Aug. 2016].

She, W. (2007). Security For enterprise resource planning. 1st ed. [ebook] Available at: https://www.utdallas.edu/~bxt043000/Publications/Technical-Reports/UTDCS-33-07.pdf [Accessed 16 Aug. 2016].

Appari, A. (2010). Information security and privacy in healthcare: current state of research. 1st ed. [ebook] Available at: http://www.ists.dartmouth.edu/library/501.pdf [Accessed 16 Aug. 2016].

Michael, A. (2014). Cisco IoT System Security: Mitigate Risk, Simplify Compliance, and Build Trust. 1st ed. [ebook] Available at: http://www.cisco.com/c/dam/en/us/products/collateral/se/internet-of-things/iot-system-security-wp.pdf [Accessed 16 Aug. 2016].

Gordon, J. (2013). Business Opportunities in the Security Industry New paths to success in a changing market. 1st ed. [ebook] Available at: http://Business Opportunities in the Security Industry New paths to success in a changing market [Accessed 16 Aug. 2016].

Ristov, S. (2014). C LOUD C Omputing S Ecurity In B Usiness I Nformation S Ystems. 1st ed. [ebook] Available at: https://arxiv.org/ftp/arxiv/papers/1204/1204.1140.pdf [Accessed 16 Aug. 2016].

Bob, H. (2016). Cyber security: Planning Guide. 1st ed. [ebook] Available at: https://transition.fcc.gov/cyber/cyberplanner.pdf [Accessed 16 Aug. 2016].

MyAssignmentHelp.co.uk is
not a new name in the field of essay writing services. For almost a decade
MyAssignmentHelp.co.uk has provided the students in the UK with the essential essay help
whenever requested and still continues to do so with the same enthusiasm. In
fact, their custom essay writing
help is
specially designed to serve the specific requirements of every student in the
country.

Calculate the price

Make an order in advance and get the best price

Type of paper

Academic level

Deadline

Pages (550 words)

$0.00

*Price with a welcome 15% discount applied.

Pro tip: If you want to save more money and pay the lowest price, you need to set a more extended deadline.

We know how difficult it is to be a student these days. That's why our prices are one of the most affordable on the market, and there are no hidden fees.

Instead, we offer bonuses, discounts, and free services to make your experience outstanding.

How it works

Receive a 100% original paper that will pass Turnitin from a top essay writing service

step 1

Upload your instructions

Fill out the order form and provide paper details. You can even attach screenshots or add additional instructions later. If something is not clear or missing, the writer will contact you for clarification.

step 2

Control the process

Once you place an order with our professional essay writing services, we will email you login details to your account. There, you'll communicate with the writer and support team and track the writer's progress.

step 3

Download your paper on time

As soon as your work is ready, we’ll notify you via email. You'll then be able to download it from your account and request a revision if needed. Please note that you can also rate the writer's work in your account.

Pro service tips

How to get the most out of your experience with Boom Grades

One writer throughout the entire course

If you like the writer, you can hire them again. Just copy & paste their ID on the order form ("Preferred Writer's ID" field). This way, your vocabulary will be uniform, and the writer will be aware of your needs.

The same paper from different writers

You can order essay or any other work from two different writers to choose the best one or give another version to a friend. This can be done through the add-on "Same paper from another writer."

Copy of sources used by the writer

Our college essay writers work with ScienceDirect and other databases. They can send you articles or materials used in PDF or through screenshots. Just tick the "Copy of sources" field on the order form.

Testimonials

See why 20k+ students have chosen us as their sole writing assistance provider

Check out the latest reviews and opinions submitted by real customers worldwide and make an informed decision.

Medicine

Great content.

Customer 452549, February 8th, 2022

Public Health

Thank you so much !!

Customer 452589, November 28th, 2023

English 101

perfect! thanks!

Customer 452543, December 1st, 2021

Classic English Literature

Awesome Job... you are the best!

Customer 452531, November 27th, 2021

Classic English Literature

Absolutely LOVE the essay I received. I really appreciate it so much.

Customer 452529, October 25th, 2021

Gerontology

Thank you so much this looks great !!!!

Customer 452585, November 4th, 2023

Classic English Literature

Great Work as Usual. Thank you . I received an A on the paper!

Customer 452531, November 9th, 2021

Exercise Science

Thank you so much for your time.

Customer 452545, December 5th, 2021

world civilization

Thank you for the quick response

Customer 452509, June 27th, 2021

english comp

Thank you for all your hard time.

Customer 452509, June 27th, 2021

Religious studies

I recommend this service they always help. I got an A in this project thanks.

Customer 452507, October 5th, 2021

Literature

Absolutely LOVE having help especially from the person who wrote this last one. THANK YOU

Customer 452529, November 19th, 2021

11,595

Customer reviews in total

96%

Current satisfaction rate

3 pages

Average paper length

37%

Customers referred by a friend

OUR GIFT TO YOU

15% OFF your first order

Use a coupon FIRST15 and enjoy expert help with any task at the most affordable price.

Claim my 15% OFF Order in Chat