Who is responsible for Information Security at Infosys?
a. Information Security Group (ISG)
b. Infosys IT Team
c. Employees
d. Every individual for the information within their capacity
The correct answer and explanation is :
Correct Answer: d. Every individual for the information within their capacity
Explanation (300 words):
At Infosys, information security is a shared responsibility, and the correct answer is “Every individual for the information within their capacity.” While there are specialized teams like the Information Security Group (ISG) and the Infosys IT Team who play a critical role in maintaining infrastructure, policies, and compliance, the overarching philosophy of Infosys is that every employee must be accountable for protecting the information they access, process, or transmit.
This decentralized model ensures that security is embedded into the culture of the organization. It recognizes that technical defenses alone (like firewalls or encryption) are not enough — human behavior is a crucial line of defense. A single lapse in judgment, such as clicking a phishing email or mishandling client data, can lead to significant breaches. Therefore, all individuals, from entry-level staff to senior leadership, are trained and expected to uphold the company’s security standards.
Infosys conducts regular training programs and awareness initiatives to educate employees on security best practices, regulatory requirements, and internal policies. These efforts aim to empower individuals to make informed decisions and respond appropriately to potential threats.
The Information Security Group (ISG) is responsible for developing and implementing the company’s information security policies, performing risk assessments, and ensuring compliance with standards such as ISO 27001 and client-specific requirements. Meanwhile, the Infosys IT Team supports this mission by managing secure IT infrastructure and access controls.
However, no security policy can be truly effective unless each individual takes responsibility for protecting sensitive data, whether it’s client information, internal documentation, or intellectual property. This people-centric approach to security ensures that everyone becomes a stakeholder in safeguarding Infosys’s digital environment.
In conclusion, while ISG and IT provide frameworks and tools, it is every individual’s responsibility to uphold information security within their role and access level.