Delhi, security awareness, and pragmatic reporting

Clearing customs and getting out of the airport at Delhi last night was actually quicker than most of my recent experiences at Heathrow. In fairness I was travelling light and it was 2:30am before the aircraft took it’s gate so the terminal was pretty empty by the time I passed through it.

It’s been good to finally visit the company office, located in a new “Cyber City” on the outskirts of Delhi itself. I’m here to review and report on information security, but I also took the opportunity to give a security awareness themed presentation. Instead of running through the usual PowerPoint based pontifications, I presented some topics for debate. For instance, I asked the two dozen or so people in the room about their perceptions of the best way to protect confidential data stored in Excel or Word document formats: passwords on the documents, access permissions on network file shares, hard-drive encryption, or disguising the file names? I know many of you reading this will propose alternative options but the objective of the exercise was not to see who in the room was the cleverest but to discuss the pros and cons of each of the options on the screen.

We went through the same exercise relating to malware threat vectors and also discussed secure ways to send confidential data to recipients outside of the organisation.

The format of the presentation seemed to go down well and I think the audience appreciated being engaged with rather than being talked at.

As for the review itself, it’s easy to pick up on issues wherever you go. The trick is to keep things in perspective, take into account local factors such as acceptable ways of doing business, laws and regulations, and focus on risk. Hopefully, what you are left with is a decent and workable report with some achievable action items. I’m working on that right now.