DEBOPRIYO KAR

Name: Debopriyo Kar
Designation: Head – Information Security Practice with CyberQ Consulting Pvt. Ltd., India
Years with Firm: 6+ years
Nationality: Indian

-------------------------------------------------------------------------------------------

KEY QUALIFICATIONS:

With over 30 years of experience in the IT industry, Debopriyo has been involved in the IT industry since its early days in India, and has been part of its various stages of evolution. He had the opportunity to develop an all round managerial expertise while bringing up several start-up business ventures, and had been extensively involved in new Project Developments, setting up international tie-up’s and alliances, and initiating quality systems and processes.

EXPERTISE

• CISA
• Certified Lead Auditor for BS7799
• COBIT Foundation Certified
• Senior management experience in Indian IT industry
• Advisor to BPIAI (Back-office Process Industry Association of India) on Information Security

PAPERS PRESENTED

• Debopriyo had presented paper and had been a key speaker in Electronic Documentation & Records Management Conference at Kuala Lumpur, Malayasia, in December 2004
• His article, ‘Information Security – An Executive Brief’, was published on the Nasscom website in 2004
• “Information Security Regulatory & Compliance Requirements” – an article written by Debopriyo was published on the BPIAI website (www.bpiai.org) in 2007

ASSIGNMENTS – EXPERIENCE

Techbooks, New Delhi – Consultancy for BS7799

The client is a leader in the Indian BPO industry providing world's most technologically advanced and integrated content transformation solutions.  Because of the sensitive nature of the data being handled, the need for information security was critical and the journey to BS7799 ISMS implementation had to be done under a very tight schedule. Debopriyo Kar led and supervised the complete project. He handled training and audit activities while supervising the ISMS definition.  The client is presently migrating to ISO 27001. Conducting opening meetings, expectation setting, supervision of project, participating in the assignment in case of any problems, reviewing the status of the assignment.

The assignment includes:

• Initial Gap Identification of the existing system
• Identifying security requirements and risk assessment
• Awareness Training and facilitation on processes, reviewing the processes, revision and baselining them.
• Internal Audits and Facilitations
• Penetration Test
• Vulnerability Assessment

HCL Perot Systems, Noida and Bangalore -  Consultancy for BS7799

This client is a large JV between a large Systems Integrator based in the US, and one of the top three IT services companies in India.  It employs about 2000 people in its establishments situated in the NCR and Bangalore.  The initial audit was done towards BS 7799-2 specifications, and subsequently gaps were identified.  After certain progress was made towards compliance, three more interim audits were conducted. The client was successful in being certified as a BS7799 compliant organization without any time overrun.

The assignment includes:

• Initial Gap Identification of the existing system
• Identifying security requirements and risk assessment
• Awareness Training and facilitation on processes, reviewing the processes, revision and baselining them.
• Internal Audits and Facilitations
• Vulnerability Assessment

Xchanging, Gurgaon – Consultancy for BS7799

This assignment involved giving implementing BS7799 standard for the client.
The assignment includes:

• Initial Gap Identification of the existing system
• Identifying security requirements and risk assessment
• Awareness Training and facilitation on processes, reviewing the processes, revision and baselining them.
• Internal Audits and Facilitations
• Vulnerability Assessment

RMSI, Noida – Consultancy for ISO 27001

The client is largely into GIS. The client desired to implement Information Security Standard ISO 27001 for its IT Department to strengthen its ISMS and improve security (includes conducting vulnerability Assessment) and conduct Penetration Testing.
Debopriyo Kar led and supervised the complete project. Conducting opening meetings, expectation setting, supervision of project, participating in the assignment in case of any problems, reviewing the status of the assignment.

PCCW/SWD, Hong Kong Govt. – Security Audit

PCCW, Hong Kong had installed and implemented a complete IT infrastructure including WAN, LAN, Data Centre, Disaster Recovery site and Information Security Management System for its customer, Social Works Department (SWD), Hong Kong Government. As per the stipulations of the HK Govt., this IT infrastructure was to be audited, for compliance to the norms laid down.  The responsibility for this task was awarded to CyberQ.  Debopriyo led this audit team to perform Penetration Test and Vulnerability Assessment of this IT infrastructure consisting of more than 50 servers, 10 firewalls and number of routers, switches and workstations spread over many offices across Hong Kong and Kowloon.  All the security related policies and procedures, including Disaster Recovery Plan, were also verified for adequacy and implementation. This assignment involved about 30 man-days of work.

Degree of responsibility held:

• Lead the audit team
• All the security related policies and procedures, including Disaster Recovery Plan, were also verified for adequacy and implementation.

North Delhi Power Limited, Delhi, India – ISO 27001 Implementation

This is a government organization, which is into Power Generation and Distribution. The client wanted to improve its processes and upgrade the same for software process improvement and information security.
Debopriyo Kar led and supervised the complete project. Conducting opening meetings, expectation setting, supervision of project, participating in the assignment in case of any problems, reviewing the status of the assignment.

Tata Consultancy Services Ltd- PKI Pre-operative Audit

The client is the largest IT Corporation in India.  The assignment was a complete PKI audit covering CA implementation, physical infrastructure, processes, personnel, and technology.  Spread over a period of four months, it involved about 35 man-days of work, and was done at TCS’ facility at Hyderabad.
Subsequently CyberQ team, under the leadership of Debopriyo, has been retained by TCS-CA to do periodic audits of their CA operations covering

• Repository operations (every quarter)
• Security of operations (once in a year)
• Complete CA operations (once in a year)

Apart from this, he has also been involved in guiding TCS CA in the implementation of their Disaster Recovery (DR) site.

IDRBT CA – PKI Audit

IDRBT CA is a licensed Certifying Authority as per Indian IT Act 2000 and has the largest CA operation in India having issued more than 20,000 certificates till date out of about 30,000 issued by all the licensed certifying authorities put together.  IDRBT CA’s certificates and corresponding Digital Signatures are being used in Reserve Bank of India’s (India’s central bank) critical banking applications such as RTGS, NDS, SFMS, CFMS, etc. involving daily transaction turnover of tens of billions of Rupees.  Debopriyo has been involved as a leader of the team doing periodic PKI audits of IDRBT CA’s operations covering CA implementation, physical infrastructure, processes, personnel, and technology.  He has been actively involved in preoperative review of new versions of IDRBT CA’s CPS (Certification Practice Statement) as well as evaluating a Offline Certification process before they were put up to Controller of Certification Authorities (CCA) for final approval.

Reserve Bank of India, Registration Authority (RBI RA)

The assignment was to audit RBI RA with respect to its functions as an IDRBT-CA’s Registration Authority. The various areas covered in this audit were Compliance of security processes and controls in accordance with the IT Act, Fulfillment of RA obligations, Processes for key compromise, certificate and key expiration, Physical as well as logical security of the RA systems, Operational functions for approving request for certificate generation and revocation, Records maintained by RA.

MTNL-Trustline, New Delhi India – PKI Audit

He was leader of the audit team that did a Repository Audit for MTNL TL CA’s operations at their facility in New Delhi.

Techbooks, New Delhi – Migration from BS7799 to ISO 27001

This involves Risk Assessment, Process Modification, baselining of processes and conducting Internal Audit and providing facilitation to close the gaps. Debopriyo Kar is the project director for this assignment.

Motherson Sumi Infotech and Designs Limited (MIND), Noida, India  - ISO 27001 implementation

This client is a large JV between Motherson and Sumitomo.  The client desires to implement Information Security Standard ISO 27001 to strengthen its ISMS and improve security and conduct Penetration Test.
Debopriyo Kar led and supervised the complete project, conducting opening meetings, expectation setting, supervision of project, participating in the assignment in case of any problems, reviewing the status of the assignment.
The assignment includes

• Initial Gap Identification of the existing system
• Identifying security requirements and risk assessment
• Awareness Training and facilitation on processes, reviewing the processes, revision and baselining them.
• Internal Audits and Facilitations
• Penetration Test
• Vulnerability Assessment

Bharti Telesoft – Consultancy for ISO 27001, New Delhi and Bangalore

Bharti Telesoft caters to both internal clients and clients located outside India. To assure them of Information Security within their organization, Bharti Telesoft wants to implement ISO 27001 at its New Delhi and Bangalore facilities.
Debopriyo Kar led and supervised the complete project, conducting opening meetings, expectation setting, supervision of project, reviewing the status of the assignment.

The assignment includes

• Initial Gap Identification of the existing system
• Identifying security requirements and risk assessment
• Awareness Training and facilitation on processes, reviewing the processes, revision and baselining them.
• Internal Audits and Facilitations
• Penetration Test
• Vulnerability Assessment
• IT Soft, one of the largest software houses in Egypt, and Bank Danamon of Indonesia, Jakarta, are two overseas ISO 27001 consultancy projects being currently handled by Debopriyo.

-------------------------------------------------------------------------------------------

EDUCATION:

• CISA – 10th December 2004 - Certificate No. - 0438693
• BS7799 –25th March 2005–Certificate No.–ISM 01– 0508-0682
• COBIT Foundation Certified –Certificate No. IC 26945351

• Bachelor of Technology – Electronics and Communication Engineering
• Bachelor of Science (Honours) in Physics

-------------------------------------------------------------------------------------------

EXPERIENCE RECORD:

• 2001 till Date: CYBERQ CONSULTING PVT LTD
  • Location: NEW DELHI, INDIA
  • Designation: Head of Information Security
  • Location of Assignments:
    • Delhi, Mumbai, Kolkata, Bangalore, Hyderabad and many other places in India
    • Hong Kong
    • Dubai
    • Cairo
    • Jakarta
    • Mauritius
    • Kuwait

• 2000-2001: BURR BROWN (India) LTD
  • Location: NEW DELHI, INDIA        
  • Designation: CEO and MD
  • Activities performed: The company, specializing in Visual Computing, particularly in the areas of high-end Animation, Computer Graphics, Multimedia and Web Technologies.  The responsibilities included business strategy development, infrastructure, recruitment, and selection of technology, training and also international and domestic market development and tie-ups.
•  1997-2000: Information Technologies (India) LTD
  • Location: NEW DELHI, INDIA
  • Designation: CEO and MD
  • Activities performed: As the CEO and Managing Director of Information Technologies India Ltd (ITIL), he expanded its operations to USA, Canada, Australia and into several countries in Europe, in a short span of a few years.  During this time, he made major efforts in developing alliances overseas, in getting into new technology areas like mobile computing, Internet technologies and Multimedia, and in getting Quality assessment at SEI CMM level 4 and 5.  At the same time, he did considerable work on HR policies for recruitment and retention

• 1991-1997: Group Usha Corporate
• Location: NEW DELHI, INDIA
• Designation:  Vice President
• Activities performed: At the Corporate level, he was involved in critically evaluating various Business Strategies and expansion avenues available to the group in the New Technology areas.  It included grass-root market research, revenue projections, and often partner-search and alliance formation. It would be of interest to note that way back in 1995, he had visualized the potential of the Convergence technologies, and after attending a work-shop in Hong Kong, where officials from Singapore presented their country’s ambitious blue-prints, he was successful in getting the company’s board interested in a number of multimedia and communication ventures.
• 1983-1990: Usha Microprocess Controls Ltd
• Location: New Delhi, INDIA
• Designation: Head of Operations
• Activities performed: A green-field IT company of a large business house of India, he was instrumental in its spectacular growth to the 7th position in the Indian Computer industry, in a very short time. He was involved in several technology transfer arrangements with American and European companies, and also set-up a new manufacturing plant at Bhimtal, India.

Prior to this Debopriyo worked at DCM Data Products (79-83) was associated with development efforts of the first Microprocessor based computer ‘Spectrum’. He underwent training at the Tandy Corporation of USA.

He started his career with the Systronics Ltd (76–78) as an R&D Engineer.