One of the key jobs of Akhilesh Tuteja, who heads Technology Advisory at KPMG, is to spot e-risks in organisations, and plug them. While private companies are becoming proactive in managing such risks, much more needs to be done in the government sector, he tells in this interview with Vandana Gombar.
How vulnerable are the various Indian government web sites to attacks?
All websites are potentially vulnerable to risk of defacement, if not well protected at all times. The maturity level of e-security for each department determines the extent of exposure.
But there are security guidelines in place for the government sites, and India also has a computer emergency response team in place, dubbed CERT-IN.
The guidelines mandate risk assessment and vulnerability testing through a third party once every year (KPMG is one of the third parties authorised to do these assessments). However, this alone is not enough.
There are companies, which update security patches on their web servers every week, keeping in mind the growing number of threats on the Internet. You need to understand that no site is hack-proof, given unlimited time and unlimited resources.
What is your take on preparedness of corporate India to withstand e-attacks, especially e-commerce enabled sites, which also undertake financial transactions?
As far as the payment systems are concerned (read payment gateways),
lock" id="div_arti_inline_advt">