Due to the increasingly liberalized nature of the economy, rapidly changing technology and newer business models taking advantage of the process of globalization, IT has become central in fulfilling organizational mission. However, most organizations, whether large or medium size, continue to deploy and operate systems to meet their business objectives without fully appreciating the need for effectively governing enterprise-wide information security (IS). Businesses continue to drive IT operations, which in turn try to sustain existing systems, often at the cost of security. Customers, on the other hand, are demanding more security as their worries about cyber crimes, privacy and identity theft grow.  In the networked world, business partners, suppliers, and vendors also demand assurance of essential and adequate security when they inter-operate to share information and business data for faster and cost-effective transactions. Regulatory and law-enforcement agencies, on the other hand, require proof of compliance with a plethora of security regulations.

E-Governance applications are becoming more and more pervasive in India. They are beginning to touch citizens’ lives in many ways – be it railways reservation, passport issuance, immigration control, driving license or vehicle registration certificate; filing of income tax returns; land records, and many more. Many of these could be categorized as mission critical. Networks are being rolled out for all these projects. Data security requires that only authorized users have access to them, and that unauthorized persons are kept out. While access control is critical, it is the overall enterprise security program as part of security governance plan that is essential to secure information assets. Securing information systems is an enormous task that places ongoing responsibilities on both the government user agencies as also on the service providers who must act as their partners in secure delivery of services, to authenticated users with assurance for integrity of data. 

While the government has taken several steps to promote Information Security such as the setting up of CERT-In, industry on its own has taken important measures to mitigate risks. For example, NASSCOM has been promoting its Trusted Sourcing initiative, under the 4E framework. This has given rise to innovative concepts, such as establishment of Cyber Labs for training of police officers, the National Skills Registry for a trustworthy workforce in the IT/BPO industry and the setting up of Data Security Council of India (DSCI) to establish and enforce data protection best practices and standards.