I am in Hyderabad attending the DSCI (Data Security Council of India) conference (http://www.nasscom.in/Nasscom/Templates/CustomEvents.aspx?id=54143). Aujas also did one day training on Application Security which was well received.

Naturally recent unfortunate events in Mumbai have formed the backdrop for lot of speeches, offline discussions and dinner conversations.

One of the recurring theme in the conference and the security industry is the people being the weakest link. It could be lack of awareness, lack of empowerment or lack of responsibility. Enterprise security cannot be complete without this aspect.

Taking it to the national level it is becoming apparent that it is high time for common people to join hands with the government for national security. Heartening is the fact that there is strong urge among security professionals to contribute in some way to the national security. This makes sense given that the patterns of digital security and national security is very similar.

In the given instance, one can easily draw analogies between digital security and national security.

     · Perimeter security (Sea Route),

     · Intrusions detection (Terrorists stayed inside without detection),

     · Deep packet inspection, Incident Response (Delayed response),

     · Management commitment (Lack of political will),

     · Employee Awareness (Suspicious activity was not informed to anyone),

     · Background checks, Business Intelligence and Correlation (Co-operation among intelligence agencies)

     · The RISK Management (National Security policy)

have all become more significant than ever before. Moreover Digital world is more advanced as it is easier to attack and hence security mechanisms have evolved with attacks. So far digital world mimicked the real world, but given the evolution, is it time for real world to mimic the digital world?