Indian financial major IDFC held a group-wide information security awareness initiative in February 2012 that gave a twist to the way such exercises go. Christened I-SAW 2012, this initiative was the brain child of IDFC’s IT team spear-headed by Uma Ramani, the vice president for information technology at IDFC. Ramani devised a novel method to elicit voluntary involvement from the employees by enlisting Pune-based e-learning firm Netex to design an interactive portal. Designed akin to a Mafia don’s den, the portal featured objects linking to information security resources and news compiled by the in-house team.
Requires Membership to View
To gain access to this and all member only content, please provide the following information:
By submitting your registration information to searchSecurity.in you agree to receive email communications from the TechTarget network of sites, and/or third party content providers that have relationships with TechTarget, based on your topic interests and activity, including updates on new content, event notifications, new site launches and market research surveys. Please verify all information and selections above. You may unsubscribe at any time from one or more of the services you have selected by editing your profile, unsubscribing via email or by contacting us here
- Your use of searchSecurity.in is governed by our Terms of Use
- We designed our Privacy Policy to provide you with important disclosures about how we collect and use your registration and other information. We encourage you to read the Privacy Policy, and to use it to help make informed decisions.
- If you reside outside of the United States, by submitting this registration information you consent to having your personal data transferred to and processed in the United States.
Response to many of these activities, including the last day’s speaker session, was really inspiring...
Sunil Kakar, Chief Financial Officer(CFO), IDFC
According to Ramani, different approaches had been considered for this information security awareness initiative. The IDFC team required a theme based method which captured user interest and created information security awareness — in a manner enjoyed by employees. V C Kumanan, the senior director for IT at IDFC explains that information security awareness initiatives are usually mandatory. The use of a lecture-based approach which seeks to dispense ‘Gyan’ fails to generate interest or enthusiasm for security. This sets back the creation of information security awareness.
Ramani’s team created a storyboard, where the portal’s information was woven around a comic strip. Mr. Gobo, the strip’s main character, is a ‘reformed guy’ reminiscent of Kevin Mitnick, says Kumanan. This became a hit with IDFC’s end users, as Mr. Gobo became the information security awareness initiative’s mascot. Mr. Gobo and his cohorts set challenges to be cleared at the end of each story. Each day was given a theme which included passwords, social engineering, social networks, physical security, blackhat hacking and malware.
In addition to these games, daily quizzes related to information security awareness were also conducted along with prizes. Other information security awareness activities during the week included a daily half-hour open forum called the ‘Technology Sabha’, where employees were encouraged to participate in panel discussions on the day’s topic. This was shown as a Webcast across all IDFC locations. D Sivanandan, the ex-DGP of Maharashtra police was a guest speaker on the final day. “Response to many of these activities, including the last day’s speaker session, was really inspiring,” says Sunil Kakar, the chief financial officer (CFO) at IDFC.
According to Kumanan, the initiative saw spectacular success, with the involvement of close to 70% of IDFC’s 600 strong workforce. While initiatives have been held previously, this was the first time that information security awareness happened on this scale at IDFC, adds Kumanan. The occasion was also used to get user feedback through a survey, which received close to 30% response. Kumanan says some of these suggestions might be put into effect in the coming months.
The team signed off with a mailer that highlighted areas of improvement in IDFC’s security posture. The team intends to address these individually to disseminate information in concentrated doses. Kumanan is in the process of formulating a strategy to capitalize on and sustain the awareness and interest generated by this information security awareness exercise.