Please use this identifier to cite or link to this item: https://repository.iimb.ac.in/handle/123456789/9404
DC FieldValueLanguage
dc.contributor.advisorVenkatgiri, S.
dc.contributor.advisorMathur, S S
dc.contributor.authorKumar, Anish
dc.date.accessioned2017-08-30T12:53:10Z
dc.date.accessioned2019-03-18T06:36:00Z-
dc.date.available2017-08-30T12:53:10Z
dc.date.available2019-03-18T06:36:00Z-
dc.date.issued2011
dc.identifier.urihttp://repository.iimb.ac.in/handle/123456789/9404
dc.description.abstractInformation Security is for sure, one of the most critical element in any information system and its management. Indian Railway has so far not adopted a very robust and comprehensive information security policy all across the country. Railway has created a dedicated organization called CRIS (Centre of Railway Information System), which mostly looks after Passenger Reservation System (PRS), Freight Operation Information System (FOIS), e-tendering/e-procurement related issues etc. etc. On top tier, Indian Railway has an IT Directorate at railway board level, which mainly looks after the policy issues. One of the major objective of carrying out this research is to analyze the different kind of vulnerabilities and attacks that can be mounted upon railways information assets and find out ways and means for its e-security, and also come up with a comprehensive frame work policy, technically and administratively suitable for Indian Railways. In this research, an effort has been made towards incorporating the best practices prevalent all over the world, related with data, network and web application securities. This policy includes how to deal with different type of attacks on network, data and web applications, and how to secure information/data flow. Special emphasis has been given on legal aspects arising out of adoption of electronic transactions (both data/message and monetary transaction), contract formulation and electronic archiving. Indian Railway doesn t have a well defined policy for establishing a full fledged etender/e-procurement cell at all its zonal and divisional level, which can take care of compliances issues related with ISO 17799 standards, impart in house training, increase awareness within and outside the organization (for more industrial participation) and can also conduct audit. IR also doesn t have any definite policy for digital archiving, well planned e-tender box opening strategy and payment gateway integration policy with different banks and revenue department. In this thesis, an attempt has been made towards addressing these issues.
dc.language.isoen_US
dc.publisherIndian Institute of Management Bangalore
dc.relation.ispartofseriesCPP_PGPPM_P11_15
dc.subjectSecurity policy
dc.subjectRailways
dc.titleTowards an ungraded information security policy for Indian railways
dc.typePolicy Paper-PGPPM
dc.pages159p.
dc.identifier.accnE35707
Appears in Collections:2011
Files in This Item:
File SizeFormat 
DIS_PGPPM_P11_15_E35707.pdf2.46 MBAdobe PDFView/Open    Request a copy
Show simple item record

Google ScholarTM

Check


Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.