| 16 Dec 2013
The Data Security Council of India (DSCI), a NASSCOM® body, has been setup as an independent self-regulatory organization to promote data protection, develop security / privacy best practices & standards, and encourage the Indian industries to implement the same.
DSCI has developed best practices for data protection in the form of two frameworks –
In this blog post, we will discuss the DSCI Security Framework (DSF) and its relevance for ISO 27001 implementers. We will discuss the Privacy Framework in a subsequent article.
The DSF has been developed in the form of 16 disciplines across 4 layers, each of which needs to be implemented / established in order to help organizations implement information security. The discipline centric approach helps in aligning an organization’s thought process to the market and helps in putting up a maturity based approach for both implementation and assessments.
The 16 disciplines are as follows –
The four layers in which each discipline has been divided into are –
DSF and ISO 27001
For ISMS implementers, the framework puts up important guidance towards implementation. This means that the DSF can be used to implement an ISO 27001:2005 compliant ISMS. A partial mapping table of DSF disciplines vis-à-vis ISO 27001 has been presented below. This is not an exhaustive list and has been provided as an illustration.
|S. No||ISO 27001 Control||DSD Dicipline|
|1||Security Policy||Security Strategy and Policy (SSP)|
|2||Organization of Information Security||Security Organizations (SEO), Third Party Security Management (TSM), Governance Risk and Compliance (GRC)|
|3||Asset Management||Asset Management (ASM), Data Security (DSC)|
|4||Human Resources Security||Personnel Security (PES)|
|5||Physical and Environmental Security||Physical and Environmental Security (PEN), Third Party Security Management (TSM)|
|6||Communications and Operations Management||Infrastructure Security (INS), Third Party Security Management (TSM)|
|7||Access Control||Secure Content Management (SCM), User Access and Privilege Management (UAP), Data Security (DSC)|
|8||Informations Systems Acquisition, Development and Maintenance||Application Security (APS), Threat and Vulnerability Management (TVM)|
|9||Information Security Incident Management||Security Monitoring and Incident Management (MIM)|
|10||Business Continuity Management||Business Continuity and Disaster Recovery Management (BDM)|
|11||Compliance||Governance Risk and Compliance (GRC), Security Audit and Testing (SAT), Data Security (DSC)|
This article has also appeared in the August 2013 edition of the CHMag Journal.
The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.