In Today's scenario, the corporate security function cannot be worried only about controls. We need to be seen as adding value to the business. I believe that the ability to provide innovative solutions for complex business problems is what will be the true worth of the function. For instance, our business process outsourcing business handles many accounts in which a person's health care data or credit card number is processed. Our agents work on client applications that are legacy and may not have role-based security. What this means is that even if the customer care representatives do not need to see customer's personal information, the application screen can still display this information. We are working with IBM's Research Lab to develop a data masking tool that can be confgured to block sensitive information based on an individual's role.

Given the importance of the ITeS industry to the Indian economy, it's very important for the government, academia and the private sector to collaborate in the area of information security. While the Data Security Council of India is moving in the right direction, more support and skilled resources are required.

Being a CISO has impacted my thought process: subconsciously, I start noticing and looking for the 'not so obvious'. While social networking provides an excellent platform to find old friends and make new ones, I am careful as to what I share and how I safeguard personal information.

I have benefted immensely from IBM's mentoring program. My mentors have provided me several deep insights, not only on my domain, but also on a wide variety of technical areas as well as on leadership aspects. My mentees too have provided a different perspective on issues that either they or I am faced with. I may have had a discussion at one time with my mentees on issues like cloud computing, security, fraud, online privacy – and at a later point of time when I have an opportunity to do something on one of these issues, I am able to apply the thoughts and learning into the implementation plan. At other times, based on their interest and capability, I involve them on a project that I am working on. They take on this project as a stretch assignment and I am able to leverage their interest and capabilities.

BY Nandita Mahajan Chief Privacy & ISO, IBM India/South Asia & IBM Daksh .

The Author is a CISM and has more than 24 years of experience in systems analysis, IT consultancy and infosec domains.