IT audit firm linked to ex-Mumbai CP didn’t red-flag NSE server breach: CBI
The CBI, which registered a case in 2018 in the NSE co-location scam, is probing how an audit company incorporated in 2001 by Sanjay Pandey, who last week retired as Commissioner of Police, Mumbai, did not red flag that the NSE servers were compromised. The compromise had allowed one of the trading companies to get unfair access to the system, resulting in windfall profits.
When the firm iSec Services Pvt Ltd was incorporated in March 2001, Pandey was not in service. He quit the directorship in May 2006, with his mother Santosh and son Armaan becoming directors in the company. Based out of Oshiwara in Andheri, it was one of the IT companies tasked with conducting security audits at NSE during 2010 to 2015 when the co-location scam is believed to have taken place. The CBI has recorded the statement of one of the company employees, a source said.
The CBI’s investigation over the course of the last four years long had led to the arrest of former NSE managing director Chitra Ramkrishna and its former group operating officer Anand Subramanian.
“The security audit company should have been able to detect the breaches in the NSE system during the period when the scam took place. We are looking into the processes followed by the company to test the security of the systems,” a source added, speaking of iSec Services Pvt Ltd.
However, sources close to the company said that iSec was merely responsible for conducting audits of the devices used by the brokers who were using the co-location facility provided by the NSE, to check if they had proper Internet connection, firewall facility, among other technical aspects. A source said, “iSec did not have any access to the NSE servers, so there was no way they could detect that the system had been compromised and a co-location scam was underway.”
An expert told The Sunday Express that an IT auditor is responsible for analysing and assessing an organisation’s technological infrastructure to find problems with efficiency, risk management and compliance. An IT auditor also identifies any IT issues that fall under the audit, specifically those related to security and risk management. The audit process can extend to networks, software, programmes, communication systems, security systems and any other services that rely on the company’s technological infrastructure.
IT audits are important for evaluating internal control and processes in an effort to keep the organisation and its data secure from external or internal threats.
“Audits are meant to examine controls on client-connected servers and networks. An audit examines current technology in the organisation and future technologies that will need to be adopted. Any step against regulation and compliance must be red flagged by IT auditors as they are the watchdogs of internal and external information flows,” the expert said.
Lottery Box-India’s most professional lottery interactive community.dear lottery online