Security Governance and Data Privacy

A guest lecture was organised in the campus on 20th August, 2017, specifically targeting the InfoSec crowd in the college. Students who had opted for Information Security as an elective course benefitted the most from the lecture. Mr. Sandeep Godbole, General Manager, Syntel. Mr. Godbole talked at length about the various security governance policies and its management in the industry. He discussed about governance on value generation, delivering value, maximising benefits and minimising the risks. He highlighted how IT governance is crucial in situations of high advantages surrounded by a great potential for risks. He elaborated the relationship between relevance of governance and the size of the company. He helped the students to identify the 4 key pillars of governance management as – strategy, architecture, delivery and value.

Moving on in the session, Mr. Godbole spoke more about Data Privacy. He broke the myth and explained how security and privacy of data are not the same, and how one complements the other. While privacy is about individuals’ access to data, security is about protecting the data and maintaining the privacy defined on it. The speaker enlightened the students about the principles and concepts in data privacy, and their information classifications. He also threw light upon the current trends in data privacy. Shifting back to the beginning of the discussion, he stressed on IT governance and how to go about its implementation. He also mentioned about the risk management and other key aspects to be considered before venturing into IT governance. Gap analysis, policy management, risk assessment and internal/self assessment are some of the topics that the speaker touched upon during the session, in the purview of IT governance. The session came to a close, and took the students one step closer to mapping their classroom learnings to such expert industry understandings on InfoSecurity.