New paradigm of IT Risk –Where do you stand?

Narayan NeelakantanAssociate Vice-PresidentHead IT Risk and Compliance & CISONational Stock Exchange Of India

The Views expressed in this presentation are those of the presenter and do not necessarily reflect the views of National Stock Exchange

NSE at a Glance• NSE is the nerve center of the Indian Economy• NSE is the largest exchange in the world in terms of equity

trade volumes• Today’s operational requirements of Exchange• Real Time Online trading• Availability of Information• Full Transparency• Nation Wide Reach• Guaranteed Settlement Cycles

• IT enabled

Reliability ChallengeNSE Today• Nationwide Reach via High Resiliency High

Bandwidth and Secure Backbone Infrastructure• 6,000+ connections (Both Terrestrial and Satellite)• 1,500+ Locations• 1,000+ Members• 2,20,000+ Terminals• Processing close to One Billion transactions every

day• COLO – Colocation for High Frequency Trading

Digital business trends

*Source: www.wearesocial.sg

• Average cost of a data breach has reached whopping $3.79 million

• In the past five years, data breaches have cost companies & individuals nearly $150 billion

• 34.2% of user computers were subjected to at least one web attack over last year.

• More than 30% of attacks to organizations last year were driven by internal employees

• 1510+ DDoS attacks reported on Akamai routed networks alone, in Q3 2015

• India stands first in a list of countries where DDoS originates and cybercriminals can get DDoS attacks on hire for Rs. 300 for a three-minute assault.

• More than 4 Financial Institutions faced DDoS in last 6 months in India.

IT Risk Trends

Increased Attack Surface

Network/Storage/Database

Application Weakness

User Privilege

Top Fast Growing Threats

MOBILEWARESPEAR PHISHING

INTERNET OF THINGS SECURITY

RANSOMWARE

CLOUD SECURITY

HACKTIVISM

New Paradigm Requires Differential Approach

Business Value Of Risk

*Source: The Gartner Strategic Risk Evaluation Approach for Digital Business

Organizations must shift focus from Technology to Business Information Governance

Strategic Risk Evaluation Approach

*Source: The Gartner Strategic Risk Evaluation Approach for Digital Business

• Security needs to possess an end-to-end property, else security breaches are possible at the interfaces

• Baseline security controls for entire ecosystem• More stringent controls and countermeasures for

business critical systems• Safeguarding information from point of origin to

point of destination in a communication system.

End-To-End IT Security

End-To-End IT Security

Governance Risk &

Compliance

IT Policies & Metrics

Support to Security IT Audits

Regulatory Compliance

Audits

Third Party Risk Assessments

Business Continuity

Management

Training & Awareness

Systems Security

Threat Modeling

Security Architecture

Social Engineering

Vulnerability Assessment &

Mgmt

Penetration Tests

Secure SDLC

Identity & Access

Management

Access Management Life

Cycle

Entitlement Reviews

IDM Platform Implementation

Privilege Identity Management

Security Operations

Cyber Security Command Center

Data Protection

IDS/IPS/Firewall Monitoring

Anomaly Detection

Security Intelligence

Forensics

Cloud Security

Business Assessment

Architecture Design

Security Testing & Validation

Assessing Compliance

Requirements

• Strategic alignment with business

• Security as a business enabler and differentiator

• IT GRC and cyber security must work in unison

• End to End Security

• Integrated Situational Awareness

Summary

QUESTIONS?