Strategic Information Security for TCS Limited

Discuss about the Strategic Information Security for TCS Limited.

Introduction:

TCS in the last few decades had become a global leader in providing technology services and consultation. It is established in 50 countries covering all over the world. It provides strategies for the digital transformation of the companies. In today’s era, every business is transforming from traditional client-server model to internet based applications. In the designing of the application, the unrestricted accessing of the website should be provided to the users. This is the main cause of threat of attack. “The hackers usually take the advantage of global accessing and gain the unauthorized access over the website information”( Singh, 2013). The normal procedure of the application can be disturbed. When dealing with the security concern of the organization, the preventive steps should be taken of two things which can be categorized as violation of information and unauthorized accessing of the information. The security associated with the application is comprised of four things which are named as privacy, authorization, integration, non repudiation. The privacy of the data should be provided to the users which mean providing protection to the confidential data from unauthorized access.” Authentication is the process of identifying the users. Only authorized persons should be given permission of reading, writing, and deleting the information” (Muruthy, 2008). The non repudiation compels the user to admit that they have done the transaction of information.

Mission:

The TCS is working in providing the technological services and consultation to variety of companies. In this paper, we will focus on the security challenges which are faced by the organization and solution and remedies provided by the company to overcome the security issues.

Values:

“The TCS focuses on the change management, integration, individual values, knowledge sharing and excellence” (Buhalis, 2014).

Direction of the research:

  • In providing scalability to the network
  • Security provided to the data at fight and data at rest
  • The privacy of the user data should be preserved
  • Interoperability among the data sources
  • Visualization and the real time rich analytics.

Objective of providing security:

“The testing of the security helps in providing verification and validation that the security requirement of the application is fulfilled or not” (Butt, 2014). It also helps in the identification of the vulnerabilities which are associated with the application.

Security issues:

For checking the security issues of an application, it is necessary to list out the requirements which are needed by the application. “Since the security issues are raised with the advanced development of the application it is necessary to provide fine grained security to the application” (Dewanjee, 2010). The first level of security checking focuses on the users of the application. To check the security issues it is necessary to list out all the security issues which are associated with an application. The next step is to identify the sub parameters of the issues. All the sub parameters should be tested separately. The last step is to provide priority to the security issues associated with the sub parameters. “When dealing with the security concern of the organization, the preventive steps should be taken of two things which can be categorized as violation of information and unauthorized accessing of the information” (Devi, 2013). “Firstly, the collection of requirement of security issues, secondly analyzing and designing the scenarios for testing the security, thirdly testing after implementation, and lastly interpretation of the test report” (Bhatia, 2013).

No.

Parameters

Dimension

Dimension

Dimension

Dimension

Dimension

Priority

1

Authentication

No authentication

Based on password

Based on smart card and PIN

Based on Biometric

Based on Digital certificates

9

2

Authorization

No authorization

Based on role

Based on User

Based on electronic signature

Based on role and user

8

3

Access Control

No access control

Based on context

Based on user

Based on role

All the three

6

4

Non repudiation

No non repudiation

Based on digital signature

Based on encryption and digital signature

4

5

Audit control

No audit control

Based on firewalls and VPN logs

Based on custom based logs

Based on employ managed security services

6

Risk and Security management unit of TCS:

Infosys is the multinational company which helps in managing risks associated with the organizations, give assurance about the regulatory compliance, prepares strategies for empowering the risk, works on achieving cyber resilience, and helps in recovery from the security issues which are encountered within the organization. “From the survey, it was determined that the track record of TCS is impressive in giving solution to the organization all over the world” (Turn, 2009). The processes which are robust in nature help in providing security services to more than 6000 security associates. The main focus of the Infosys is to develop centers for the management of vulnerability, solution for cyber security, forensic labs, and many others. The company provides aligned solution with the requirement of the client organization. “The consultants of TCS organization are categorized as centers for security operations and the organization for the vulnerability management” (Kunnauthur, 2008).

Problems faced by the TCS:

  • Management of the devices
  • Diversity in the devices and interoperability
  • Integration of the multiple sources for collecting data
  • Improving the scale, volume of the data, and performance of the organization
  • Flexibility in the new or existing application
  • In maintaining the privacy of the data
  • Single security services are not provided by the organization
  • Peer to peer security is not provided by the organization
  • Smaller programs are developed to deal with the security threats
  • Services of security providing at lower cost associated with the features like reusability, simplification, and automation is the key challenge for the organization
  • Shared services are not provided by the centers for security operation

Potency of the TCS organization:

  • “The centers for security operation of the Infosys organization deal in the direction of providing and proper management of the requirement raised by the client organizations” (Maheshwari, 2014).
  • The management of security is handled by number of accelerators of the organization which fulfills all the requirement of the clients.
  • The security management system of the organization is converted from reactive to proactive
  • Penetration testers are available to check the security system of the organization
  • Services provided in the growth of IT infrastructure is flourishing

Planning for Security Management:

  • It is established in 50 countries covering all over the world. It provides strategies for the digital transformation of the companies.
  • The development of cyber hub and the centers for security operation is in progress to overcome the problem of end to end security.
  • “The main focus of the Infosys is to develop centers for the management of vulnerability, solution for cyber security, forensic labs, and many others” (Dhawale,2013).
  • The company is working efficiently in the area of providing security to the cloud computing by the development of accelerators and other associated tools.
  • The framework of security have been developed for improving the threat intelligence
  • For providing services reusable and automated tools are provided for overcoming the problem of security issues.

Current Working Scenario of the TCS organization:

TCS is working in the direction of maintaining the quality management system. “The quality management system of the organization should be associated with the features like vibrant, process driven strategies, integration, people oriented strategies, and focusing on customer demand” (NelsonHall, 2015). The number of technologies which are used by the organization to measure and monitor the security issues, management of the log, incident management, and the services provided for remedies. It is also associated with the number of accelerators for example dashboard, reporting templates and threat intelligence. “The services which are provided by the organization in focus network security are like network intrusion detection and prevention, managing the firewall to restrict the entrance of the intrusion, providing remote accessing security, IPS management, the gateway of the email and web should be secured, and controlling of the network access from the unauthorized users” (Oshri, 2011). This type of security mechanism is working on managing the anti-virus, host intrusion prevention, protection from monitoring and integration, management of application, advancement in the technologies used for detecting the threats, protection from mobilization of the enterprise, and the security mechanism for hypervisor. This type of management system provides services for the complete development of the application, network platform and mobile devices. The services offers for managing the vulnerabilities are the collection of managing the vulnerabilities throughout the development of the application, services offered for security, and the threat intelligence security service. “Data security and privacy is the collection of encryption technologies or procedures, prevention from the data leakage, and services offered for key management” (Kulandaivel, 2013). The services for assessment, development of design, and implementation are also provided by the organization. The organization provides solutions which are the combination of evaluation of the solution and its road mapping. It works on developing the program and technologies which works on overcoming security issues which are associated with the organization. The services provided by the government and the identity federation are also accessed by the organization. It works on developing the lifecycle management for overcoming the security issues.

Risk associated with the organization:

The security team of the TCS organization works in providing the automation to the programs and processes which are designed for monitoring the deviation which occurs in the management of risk, governance, and the requirement associated with the resilience of the organization.

The metric stream and the open pages are the services provided by the organization. The multiple framework strategies are working on controlling the critical path associated with the security mechanism associated with the organization. The frameworks are associated in providing increased level of defense, prevention from the threats, risk maturity, and recovery from the attack. The stages which are associated with the framework are summarized as Risk awareness focuses on the automation of the governance process and risk associated with the development of instruments and risk management is the process of handling the risk by the integration of the governance and security operations which are associated with the system.

Strategy or solution:

“Network security protocols for example, Wi-Fi protected access 2 should be used for securing the network for the wireless connectivity framework” (Raghuwanshi, 2014). The public key infrastructure is used for providing peer to peer consultation and implementation of the services. To check the security issues it is necessary to list out all the security issues which are associated with an application. The next step is to identify the sub parameters of the issues. “All the sub parameters should be tested separately. The attribute based access control is used for mitigating from the security risk associated with the data connection and the devices” (David, 2013). It should be implemented on peer to peer controlling of devices, network, and the data. “The designing of the architecture should give the clear perspective view of the security controls and postures, new security application can be developed, and the existing application can be implemented by the security model” (Michigan, 2014). The security concern should follow the following key fields:

  • Sensors should be secured: Wireless sensors which are used for providing long distance connectivity can be disturbed by the human intervention. For the implementation of smart services it is important periodically physical checks should be done and the devices which are providing gateway to the vulnerabilities and attacks should be replaced.
  • Safeguarding of the Network: “Network security protocols for example, wi-fi protected access 2 should be used for securing the network for the wireless connectivity framework” (Daya, 2014). The communication of the client with their desired destination access point the key security step which should be taken for securing the network is making use of non suggestive service set identifier.
  • Protection of the data which is captured by the sensor: The data encryption policies are not well suitable for securing the network system. “The problem of memory limitation can be solved by forwarding the contextual data to the sink nodes which act as a gateway devices for increasing the capacity of the memory storage” (Hutchings, 2012).
  • “Ensuring the security to the data stored at cloud: Analytics and application based processing sent their data over the cloud by the help of sensor” (She, 2007). The data leakages and breaches should be prevented by ensuring effective identification of the data owner.
  • “Peer to peer controlling of devices, network, data, and the information: For ensuring the security to the connected devices it is necessary to keep the track and control of the interconnected devices” (Appari, 2009). The attribute based access control is used for mitigating from the security risk associated with the data connection and the devices. It should be implemented on peer to peer controlling of devices, network, and the data.

The level of security can be improved:

The security concern can be raised in the implementation and operation of organizational activities in the summarized manner:

  • Peer to peer security should be provided
  • Network level security should also be provided
  • Data level security should be provided
  • The level of security should be improved in respect to event management and information gathering
  • The level of security should improved with respect to vulnerability management
  • The level of security should improved with respect to access management
  • The level of security should improved with respect to vulnerability management
  • The level of security should improved with respect to user provision
  • The level of security should improved with respect to infrastructure in identification of potential attack
  • The level of security should improved with respect to monitoring the threat
  • The level of security should improved with respect to vulnerability management
  • Multi vendor tools and Firewalls should be taken into consideration for security purpose
  • “Intrusion detection system, installation of the antivirus, simple mail transfer protocol, identification management system, web filtering, network access tools, and others are the advanced tools which are used for security purposes” (Michael, 2014)

Enhancement in the level of security:

Security is main concern for any organization. The security system can be categorized in the four main categories which are summarized below:

  • “Identification: The identity of the devices helps in the identification of the owner. The data and the services which reveal the identity of the owner should be kept confidential” (Gordon, 2013).
  • Location: “The data which is useful for identification of the identity of the user and the location of the owner should be kept confidential” (Ristov, 2014).
  • Searching of the query: Searching of the query gives the information about the IP address of the person who initiated the search.
  • Digital foot prints: “The data which is traceable on the internet is called digital footprint. The security protocols should be used for preventing the accumulation of the digital footprints. The operational privacy can be secured by the invasion of cookie on the devices” (Bob, 2013).

The table below gives the detail of new business model with the improved version of security:

Industry

Services or solution offered

Sensors or devices used

Analytics

Interfaces

Result

Utilities

Real time collection of the data should be done

Prediction for the demand and supply

Energy, water and the gas meter can be used

Prediction of the usage and demand and supply

Any internet can be used for accessing

Consumers can focus on cost saving

Manufacturing

Remote monitoring

Automation in the production line

Data acquisition and supervisory control

Detection of the anomaly in the devices

 

Predictive Maintenance

Mobile terminals can be used for connection with the remote consultation

Improved efficiency of the operation

Health care

Real time collection of the data should be done

Management of chronic disease

Mobile phones and personal medical devices

Detection of the anomaly in the medical data

Tele consultation with the remote specialist

Improvement in the health of the patient at lower cost.

Flowchart of the activities

Flowchart of the activities

Conclusion:

Tata consultancy service is an organization which offers IT services, consultation and strategies to the enterprise for making it a global organization. It provides the platform to the services and infrastructure for the world of IT technology.  For the implementation of smart services it is important periodically physical checks should be done and the devices which are providing gateway to the vulnerabilities and attacks should be replaced. When dealing with the security concern of the organization, the preventive steps should be taken of two things which can be categorized as violation of information and unauthorized accessing of the information. The data leakages and breaches should be prevented by ensuring effective identification of the data owner. Data security and privacy is the collection of encryption technologies or procedures, prevention from the data leakage, and services offered for key management. In this paper, we focus on improving the security concern of the Tata consultancy services.

References:

Singh, A. (2013). A Parametric Approach for Security Testing of Internet Applications. 1st ed. [ebook] Available at: https://www.infosys.com/it-services/validation-solutions/white-papers/documents/security-testing-internet.pdf [Accessed 14 Aug. 2016].

NelsonHall, F. (2015). IT outsourcing vendor profile of TCS managed security services. 1st ed. [ebook] Available at: http://www.tcs.com/SiteCollectionDocuments/Analyst%20Reports/NelsonHall-TCS-MSS-0915-1.pdf [Accessed 14 Aug. 2016].

Muruthy, N. (2008). TCS Sustainability Report. 1st ed. [ebook] Available at: https://www.infosys.com/sustainability/Documents/infosys-sustainability-report-0809.pdf [Accessed 14 Aug. 2016].

Buhalis, S. (2014). TCS Code of Conduct and Ethics. 1st ed. [ebook] Available at: https://www.infosys.com/investors/corporate-governance/Documents/CodeofConduct.pdf [Accessed 14 Aug. 2016].

Dewanjee, R. (2010). TCS Annual report. 1st ed. [ebook] Available at: https://www.infosys.com/investors/reports-filings/annual-report/annual/Documents/Infosys-AR-05.pdf [Accessed 14 Aug. 2016].

Oshri, I. (2011). Managing Dispersed Expertise in IT offshore Outsourcing: from tata consultancy services. 1st ed. [ebook] Available at: http://www.juliakotlarsky.com/MISQExecutiveOshriKotlarskyWillcocks2007.pdf [Accessed 14 Aug. 2016].

Bhatia, R. (2013). Grid Computing and Security Issues. 1st ed. [ebook] Available at: http://www.ijsrp.org/research-paper-0813/ijsrp-p2094.pdf [Accessed 14 Aug. 2016].

Turn, R. (2009). Privacy and security issues in information system. 1st ed. [ebook] Available at: https://www.rand.org/content/dam/rand/pubs/papers/2008/P5684.pdf [Accessed 14 Aug. 2016].

Kunnauthur, A. (2008). Information Security Issues In Global Supply Chain. 1st ed. [ebook] Available at: http://www.utoledo.edu/business/ISCMIA/documents/IS_Issues_In_Global_SCM_Draft_.pdf [Accessed 14 Aug. 2016].

Dhawale, F. (2013). Document Security and Compliance Enterprise Challenges and Opportunities. 1st ed. [ebook] Info trends. Available at: http://www.nuance.com/ucmprod/groups/imaging/@web-enus/documents/collateral/nc_027979.pdf [Accessed 14 Aug. 2016].

Maheshwari, R. (2014). Tata Consultancy Services. [Blog] Money Control. Available at: http://www.moneycontrol.com/competition/tataconsultancyservices/comparison/TCS [Accessed 14 Aug. 2016].

Murugappan, M. (2015). Leveraging CMMI framework for engineering services. 1st ed. [ebook] Available at: http://www.tcs.com/SiteCollectionDocuments/White%20Papers/EIS_Whitepaper_Leveraging_CMMI_Framework_Engineering_Services_0212-1.pdf [Accessed 14 Aug. 2016].

Raghuwanshi, K. (2014). Privacy and Cyber Security Emphasizing privacy protection in cyber security activities. 1st ed. [ebook] Available at: https://www.priv.gc.ca/information/research-recherche/2014/cs_201412_e.pdf [Accessed 14 Aug. 2016].

Butt, D. (2014). erprise security and risk management solution and services. 1st ed. [ebook] Available at: http://www.tcs.com/SiteCollectionDocuments/Brochures/ESRM-0914-1.pdf [Accessed 14 Aug. 2016].

Kulandaivel, P. (2013). Design strategy for hardware accelerators for wireless broadband systems. 1st ed. [ebook] Available at: http://www.tcs.com/SiteCollectionDocuments/White%20Papers/EIS_Whitepaper_Design-Strategies-of-Hardware-Accelerators-for-wireless-broadband_11_2009.pdf [Accessed 14 Aug. 2016].

Michigan, P. (2014). Information Security Plan. 1st ed. [ebook] Available at: http://www.security.mtu.edu/policies-procedures/information-security-plan.pdf [Accessed 14 Aug. 2016].

Daya, B. (2014). Network Security: History, Importance, and Future. 1st ed. [ebook] Available at: http://web.mit.edu/~bdaya/www/Network%20Security.pdf [Accessed 16 Aug. 2016].

Hutchings, A. (2012). Computer security threats faced by small businesses in Australia. 1st ed. [ebook] Available at: http://aic.gov.au/media_library/publications/tandi_pdf/tandi433.pdf [Accessed 16 Aug. 2016].

David, J. (2013). Cyber security and fraud: The impact on small businesses. 1st ed. [ebook] Available at: http://www.fsb.org.uk/docs/default-source/fsb-org-uk/policy/assets/publications/fsb_cyber_security_and_fraud_paper_final.pdf?sfvrsn=0 [Accessed 16 Aug. 2016].

She, W. (2007). Security For enterprise resource planning. 1st ed. [ebook] Available at: https://www.utdallas.edu/~bxt043000/Publications/Technical-Reports/UTDCS-33-07.pdf [Accessed 16 Aug. 2016].

Appari, A. (2010). Information security and privacy in healthcare: current state of research. 1st ed. [ebook] Available at: http://www.ists.dartmouth.edu/library/501.pdf [Accessed 16 Aug. 2016].

Michael, A. (2014). Cisco IoT System Security: Mitigate Risk, Simplify Compliance, and Build Trust. 1st ed. [ebook] Available at: http://www.cisco.com/c/dam/en/us/products/collateral/se/internet-of-things/iot-system-security-wp.pdf [Accessed 16 Aug. 2016].

Gordon, J. (2013). Business Opportunities in the Security Industry New paths to success in a changing market. 1st ed. [ebook] Available at: http://Business Opportunities in the Security Industry New paths to success in a changing market [Accessed 16 Aug. 2016].

Ristov, S. (2014). C LOUD C Omputing S Ecurity In B Usiness I Nformation S Ystems. 1st ed. [ebook] Available at: https://arxiv.org/ftp/arxiv/papers/1204/1204.1140.pdf [Accessed 16 Aug. 2016].

Bob, H. (2016). Cyber security: Planning Guide. 1st ed. [ebook] Available at: https://transition.fcc.gov/cyber/cyberplanner.pdf [Accessed 16 Aug. 2016].

MyAssignmentHelp.co.uk is
not a new name in the field of essay writing services. For almost a decade
MyAssignmentHelp.co.uk has provided the students in the UK with the essential
essay help
whenever requested and still continues to do so with the same enthusiasm. In
fact, their custom
essay writing
help
is
specially designed to serve the specific requirements of every student in the
country.

Calculate the price
Make an order in advance and get the best price
Pages (550 words)
$0.00
*Price with a welcome 15% discount applied.
Pro tip: If you want to save more money and pay the lowest price, you need to set a more extended deadline.
We know how difficult it is to be a student these days. That's why our prices are one of the most affordable on the market, and there are no hidden fees.

Instead, we offer bonuses, discounts, and free services to make your experience outstanding.
How it works
Receive a 100% original paper that will pass Turnitin from a top essay writing service
step 1
Upload your instructions
Fill out the order form and provide paper details. You can even attach screenshots or add additional instructions later. If something is not clear or missing, the writer will contact you for clarification.
Pro service tips
How to get the most out of your experience with Boom Grades
One writer throughout the entire course
If you like the writer, you can hire them again. Just copy & paste their ID on the order form ("Preferred Writer's ID" field). This way, your vocabulary will be uniform, and the writer will be aware of your needs.
The same paper from different writers
You can order essay or any other work from two different writers to choose the best one or give another version to a friend. This can be done through the add-on "Same paper from another writer."
Copy of sources used by the writer
Our college essay writers work with ScienceDirect and other databases. They can send you articles or materials used in PDF or through screenshots. Just tick the "Copy of sources" field on the order form.
Testimonials
See why 20k+ students have chosen us as their sole writing assistance provider
Check out the latest reviews and opinions submitted by real customers worldwide and make an informed decision.
world civilization
Thank you for the quick response
Customer 452509, June 27th, 2021
Classic English Literature
Great Work as Usual. Thank you . I received an A on the paper!
Customer 452531, November 9th, 2021
Classic English Literature
Awesome Job... you are the best!
Customer 452531, November 27th, 2021
Classic English Literature
Absolutely LOVE the essay I received. I really appreciate it so much.
Customer 452529, October 25th, 2021
Medicine
Great content.
Customer 452549, February 8th, 2022
Gerontology
Thank you so much this looks great !!!!
Customer 452585, November 4th, 2023
Exercise Science
Thank you so much for your time.
Customer 452545, December 5th, 2021
English 101
perfect! thanks!
Customer 452543, December 1st, 2021
Public Health
Thank you so much !!
Customer 452589, November 28th, 2023
Literature
Absolutely LOVE having help especially from the person who wrote this last one. THANK YOU
Customer 452529, November 19th, 2021
English comp
Got a 94% thank you!
Customer 452509, June 27th, 2021
english comp
Thank you for all your hard time.
Customer 452509, June 27th, 2021
11,595
Customer reviews in total
96%
Current satisfaction rate
3 pages
Average paper length
37%
Customers referred by a friend
OUR GIFT TO YOU
15% OFF your first order
Use a coupon FIRST15 and enjoy expert help with any task at the most affordable price.
Claim my 15% OFF Order in Chat