CHAPTER 3: INFORMATION SECURITY IN ONGC

INFORMATION SECURITY MANAGEMENT SYSTEM (ISMS)

Information Security:-

Information is an asset that like other important business asset is

essential to an organisation business and consequently need to be
suitablyu protected. In today's increasingly interconnected
comples business environment it has got far reaching implications.
And because of this complex interconnectivity, information is now
exposed to a growing number and wide variety of threats and
vulnerabilities.

Information security is protection of information from wide range

of threats in order to achieve business continuity, minimize
business risk and maximize the ROI and bussiness opportunities.

ISMS is achieved by impelemnting a suitable set of controls,

including policies, processes, procedures, organisational structures
and software and hardware functions. these controls are
established, implemented, monitored, reviewed and improved,
wherever required.

There are three basic tenets of Information Security:-

1. Confidentiality

2. Integrity

3. Availability

It is required by the official to prevent disclosure of information to

unauthorized individuals and any violation of message is actively
modified in transit.

In case of the damage of hardware, the information must be

available or recovered back, because of the risk of information lost
cannot be tolerated as it is very crucial.

Some measures taken by ONGC FOR information security:-

·1 "Gate Pass" system to enter the premises.

·2 Only authorised external drives (pen drives) are allowed in

the premises.

·3 Only licensed software are installed in PC's, to ensure the

cyber security.
ITIMMS (IT Infrastructure Maintenance & Management System )

IT Infrastructure Maintenance & Management System (ITIMMS)

contract is a kind of contract issued by ONGC to fulfill
requirements of hardware managemant and maintenance, which
has its own terms and conditions.

Recently this contract is given to TATA TCS, and this contract is

revised in every 3 years.

There are two categories of services provided under this contract:-

4. Maintenaince Support Services (MSS): Comprehensive

maintenance and repair of all IT hardware to keep the
system operational. Minimum number of service engineers
are appointed for respective number of hardware's to check
upon. there are total 4229 number of hardware in
Ahmedabad asset, which is working in proper situation
 everyday by the help of MSS.

5. Facility Management Service (FMS): Comlete network and

server management, internet, antivirus, gateway, vender
management. Under this service, contractors are bounded
to perform their work timely.
Under the ITIMMS contract, to fulfill the requirement of
above two services various centers are established i.e.
Network Operational Centre (NOC): It is set up at Delhi with
Software like CA (computer associates) tools.

This software includes various features:-

6. Traffic accounting.

7. Network performance.

8. Network fault management.

For, Network management, Reporting and analysis of data NOC is

establised.

Call MAnagement- 37 locations configure as help desk in service

desk. They are established to attend calls and resolve problem in
required time.

Apart from all this, there is also a provision of penalty to the

contractors under this contract.

There is provision of SLR (Service Level Requirement), under which

overly quarterly availability is 99%. To insure the calls
encountered, they are put under three categories:-

9. Critical 1:- L3 Switch, Router, OFC etc.

 10. Critical 2:- Individual User, slowness etc.

11. Critical 3:- view software upgradation.

The terms Response time and Resolution time are usual among
calls, if they are exeed then there is provision of penalty under
Non-performance Detection (NPD). To avoid penalty standby
hardware must be present, i.e. 10% of annual MSS value for spare,
minimum 2% of NOS of desktop, Printer, UPS and 1% laptop for
standby.