SlideShare uma empresa Scribd logo

National Cyber Security Policy-2013

Transferir como PPTX, PDF
V
Vidushi Singh
1 de 25
National Cyber Security Policy- 2013
PREAMBLE  Cyberspace is a complex environment consisting of interactions between people, software and services, supported by worldwide distribution of information and communication technology devices and networks.  The cyberspace is used by citizens, businesses, critical information infrastructure, military and governments and is expected to grow more complex.  IT is one of the critical sectors of cyberspace and is responsible for contribution to socio-economic factors like employment, living standards and diversity.
 Plans for rapid social transformation and inclusive growth, creating secure computing environment and adequate trust and confidence in electronic transactions, software's, services, devices and networks, has become a priority for India.  Cyberspace is vulnerable to incidents, whether intentional or accidental, manmade or natural, and the data exchanged in the cyberspace can be exploited by nation- states and non-state actors. Some examples of cyber threats are identity theft, phishing, social engineering, hactivism, cyber terrorism, compromised digital certificates, persistent attacks, denial of service, bot nets, supply chain attacks, data leakage, etc.  Due to the dynamic nature of cyberspace, there is now a need for actions against all threats to be unified under a National Cyber Security Policy, with an integrated vision
 The cyber security policy is an evolving task and caters to home users and small, medium and large enterprises and Government and non-Government entities. It serves as an umbrella framework for defining and guiding actions relating to cyberspace security.
Vision “To build a secure and resilient cyberspace for citizens, businesses and Government.”
Mission To protect information and information infrastructure in cyberspace, build capabilities to prevent and respond to cyber threats, reduce vulnerabilities and minimize damage from cyber incidents through a combination of institutional structures, people, processes, technology and cooperation.
Objectives 1) To create a secure cyber ecosystem in the country, generate adequate trust and confidence in IT systems and transactions in cyberspace and thus enhance adoption of IT in all sectors. 2) To create an assurance framework for design of security policies 3) To strengthen the Regulatory framework for ensuring a secure cyberspace ecosystem. 4) To enhance and create National and Sectoral level 24 X 7 mechanisms for obtaining information regarding threats to ICT infrastructure, creating scenarios for responsive, resolution and crisis management through predictive, preventive, protective, response and recovery actions 5) Operating a 24 x 7 National Critical Information
7) To develop suitable indigenous security technologies through frontier technology research, solution oriented research, proof of concept, pilot development, transition, diffusion and commercialization. 8) To create a workforce of 500,000 professionals skilled in cyber security in the next 5 years through capacity building, skill development and training. 9) To provide fiscal benefits to businesses for adoption of standard security practices and processes. 10) To enable protection of information while in process, handling, storage and transit to safeguard citizen’s data. 11) To create a culture of cyber security and privacy enabling responsible user behavior and actions through effective communication and promotion. 12) To enhance global cooperation by promoting shared understanding and leveraging relationships for furthering the cause of security of cyberspace.
STRATEGIES A. Creating a secure cyber ecosystem 1. To designate a National nodal agency to coordinate all matters related to cyber security in the country. 2. To encourage all organizations, private and public to designate a member of senior management, as Chief Information Security Officer (CISO), responsible for cyber security efforts and initiatives. 3. To encourage all organizations to develop information security policies duly integrated with their business plans and implement such policies as per international best practices. 4. To ensure that all organizations earmark a specific
5) To provide fiscal schemes and incentives to encourage entities to install, strengthen and upgrade information infrastructure with respect to cyber security. 6) To prevent occurrence and recurrence of cyber incidents by way of incentives for technology development, cyber security compliance and proactive actions. 7) To establish a mechanism for sharing information and for identifying and responding to cyber security incidents and for cooperation in restoration efforts. 8) To encourage entities to adopt guidelines for procurement of trustworthy ICT products and provide for procurement of indigenously manufactured ICT products.
B. Creating an assurance framework 1. To promote adoption of global best practices in information security and compliance and thereby enhance cyber security posture. 2. To create infrastructure for conformity assessment and certification of compliance to cyber security test practices, standards and guidelines. 3. To enable implementation of global security best practices in formal risk assessment and risk management processes, business continuity management and cyber crisis management plan by all entities within Government and in critical sectors, to reduce the risk of disruption and improve the security posture. 4. To identify and classify information infrastructure facilities and assets at entity level with respect to risk perception for undertaking commensurate security protection measures. 5. To create conformity assessment framework to periodically
C. Encouraging Open Standards 1. To encourage use of open standards to facilitate interoperability and data exchange among different products or services. 2. To promote consortium of Government and private sector to enhance the availability of tested and certified IT products based on open standards.
D. Strengthening the Regulatory Framework 1. To develop a dynamic legal framework and its periodic review to address the cyber security challenges arising out of technological developments in cyber space and its harmonization with international frameworks including those related to Internet governance. 2. To mandate periodic audit and evaluation of the adequacy and effectiveness of security of information infrastructure as may be appropriate, with respect to regulatory framework. 3. To enable, educate, and facilitate awareness of the regulatory framework.
E. Creating mechanisms for security threat early warning, vulnerability management and response to security threats 1. To create National level systems, processes, structures and mechanisms to generate necessary situational scenario of existing and potential cyber security threats and enable timely information sharing for proactive, preventive and protective actions by the individual entities. 2. To operate a 24 X 7 National Level Computer Response Team (CERT) to function as a nodal Agency for coordination of all efforts for cyber security emergency response. 3. To operationalize 24x7 sectoral CERT’s for all
4) To implement Cyber Crisis Management Plan. 5) To conduct and facilitate regular cyber security drills and exercises at all levels.
F. Securing E-Governance Services 1. To mandate implementation of global security best practices, business continuity management, etc. 2. To encourage wider usage of Public Key Infrastructure (PKI) with Government for trusted communication and transaction. 3. To engage information security professionals/ organizations to assist e-Governance initiatives and ensure conformance to security best practices.
G. Protection and resilience of Critical Information Infrastructure 1. To develop a plan for protection of Critical Information Infrastructure and its integration with business plan at the entity level and implement such plan. 2. To operate a 24 x 7 National Critical Information Infrastructure Protection Centre (NCIIPC) to function as the nodal agency for information. 3. To facilitate identification, prioritization, assessment, remediation and protection of critical Infrastructure. 4. To mandate certification for all security roles right from CISO/CSO to those involved in critical information infrastructure.
H. Promotion of research and development in cyber security 1. To undertake research and development programs for addressing all aspects of development aimed at short term, medium term and long term goals. 2. To facilitate transition, diffusion and commercialization of the outputs of Research and Development. 3. To set up centers of excellence in areas of strategic importance for the point of security of cyber space. 4. To collaborate in joint Research and Development Projects with industry and academia in frontline technologies and solution oriented research.
I. Reducing Supply Chain Risks 1. To create and maintain testing information infrastructure and facilities for IT security product evaluation and compliance verification as per global standards. 2. To build trusted relationships with product/system vendors. 3. To create awareness of the threats, vulnerabilities and consequences of breach of security.
J. Human Resource Development 1. To foster education and training programs to both in formal and informal sectors to support cyber security threats. 2. To establish cyber security training infrastructure across the country. 3. To establish cyber security concept labs for awareness and skill development. 4. To establish institutional mechanisms for capacity building for Law Enforcement Agencies.
K. Creating cyber security awareness 1. To promote and launch a comprehensive national awareness program on security of cyberspace. 2. To sustain security literacy awareness and publicity campaign. 3. To conduct support and enable cyber security workshops/ seminars and certifications.
L. Developing effective Public Private Partnerships 1. To facilitate collaboration and cooperation among stakeholder entities including private sector, in the area of cyber security in general and protection of critical information infrastructure in particular for actions related to cyber threats, vulnerabilities, breaches, potential protective measures, and adoption of best practices. 2. To create models for collaborations and engagement with all relevant stakeholders. 3. To create a think tank for cyber security policy inputs, discussions and deliberations.
M. Information sharing and cooperation 1. To develop bilateral and multi-lateral relationships in the area of cyber security with other countries. 2. To enhance National and global cooperation among security agencies, CERT’s, defense agencies and forces, Law Enforcement Agencies and the judicial systems. 3. To create mechanisms for dialogue related to technical and operational aspects with industry in order to facilitate efforts in recovery and resilience of systems.
N. Prioritized Approach for implementation  To adopt a prioritized approach to implement the policy so as to address the most critical areas in the first instance.
O. Operationalization of the Policy  This policy shall be operational by way of detailed guidelines and plans of action at various levels as national, sectoral, state, ministry, department and enterprise, as may be appropriate, to Address the challenging requirements of security of the cyber space.

Recomendados

National Cyber Security Policy 2013 (NCSP)
National Cyber Security Policy 2013 (NCSP)National Cyber Security Policy 2013 (NCSP)
National Cyber Security Policy 2013 (NCSP)Gopal Choudhary
 
Cyber security standards
Cyber security standardsCyber security standards
Cyber security standardsVaughan Olufemi ACIB, AICEN, ANIM
 
Cyber crime types
Cyber crime typesCyber crime types
Cyber crime typeskiran yadav
 
Cyber Security: Threat and Prevention
Cyber Security: Threat and PreventionCyber Security: Threat and Prevention
Cyber Security: Threat and Preventionfmi_igf
 
Cyber crime and its types
Cyber crime and its typesCyber crime and its types
Cyber crime and its typesDINESH KAMBLE
 
Cyber security laws
Cyber security lawsCyber security laws
Cyber security lawsSri Manakula Vinayagar Engineering College
 
Cyber security and cyber laws
Cyber security and cyber lawsCyber security and cyber laws
Cyber security and cyber lawsDr. Prashant Vats
 
Cyber Space
Cyber SpaceCyber Space
Cyber SpaceKashif Latif
 

Recomendados

National Cyber Security Policy 2013 (NCSP)
National Cyber Security Policy 2013 (NCSP)National Cyber Security Policy 2013 (NCSP)
National Cyber Security Policy 2013 (NCSP)Gopal Choudhary
 
Cyber security standards
Cyber security standardsCyber security standards
Cyber security standardsVaughan Olufemi ACIB, AICEN, ANIM
 
Cyber crime types
Cyber crime typesCyber crime types
Cyber crime typeskiran yadav
 
Cyber Security: Threat and Prevention
Cyber Security: Threat and PreventionCyber Security: Threat and Prevention
Cyber Security: Threat and Preventionfmi_igf
 
Cyber crime and its types
Cyber crime and its typesCyber crime and its types
Cyber crime and its typesDINESH KAMBLE
 
Cyber security laws
Cyber security lawsCyber security laws
Cyber security lawsSri Manakula Vinayagar Engineering College
 
Cyber security and cyber laws
Cyber security and cyber lawsCyber security and cyber laws
Cyber security and cyber lawsDr. Prashant Vats
 
Cyber Space
Cyber SpaceCyber Space
Cyber SpaceKashif Latif
 
CYBER Crime Cyber Security Cyber Law INDIA
CYBER Crime Cyber Security Cyber Law INDIACYBER Crime Cyber Security Cyber Law INDIA
CYBER Crime Cyber Security Cyber Law INDIAAnish Rai
 
Cyber security awareness for students
Cyber security awareness for studentsCyber security awareness for students
Cyber security awareness for studentsKandarp Shah
 
Cybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationCybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationTriCorps Technologies
 
Cyber crime ppt new
Cyber crime ppt newCyber crime ppt new
Cyber crime ppt newOnkar1431
 
Cybersecurity: Public Sector Threats and Responses
Cybersecurity: Public Sector Threats and Responses Cybersecurity: Public Sector Threats and Responses
Cybersecurity: Public Sector Threats and Responses Directorate of Information Security | Ditjen Aptika
 
Cyber Security Awareness
Cyber Security AwarenessCyber Security Awareness
Cyber Security AwarenessRamiro Cid
 
Computer Crimes
Computer CrimesComputer Crimes
Computer CrimesIvy Rose Recierdo
 
Cyber crime ppt
Cyber crime pptCyber crime ppt
Cyber crime pptMOE515253
 
CYBER CRIME AND SECURITY
CYBER CRIME AND SECURITYCYBER CRIME AND SECURITY
CYBER CRIME AND SECURITYChaya Sorir
 
cyber crime
cyber crimecyber crime
cyber crimeMosuud jilani lipon
 
Cyber security
Cyber securityCyber security
Cyber securityBhavin Shah
 
E-Commerce security
E-Commerce security E-Commerce security
E-Commerce security Tawhid Rahman
 
Cyber Crime & Information technology Act 2000
Cyber Crime & Information technology Act 2000Cyber Crime & Information technology Act 2000
Cyber Crime & Information technology Act 2000V'vek Sharma
 
Cyber Crime and Security
Cyber Crime and SecurityCyber Crime and Security
Cyber Crime and SecurityMd Nishad
 
Cyber Terrorism
Cyber TerrorismCyber Terrorism
Cyber TerrorismSai praveen Seva
 
Computer crime
Computer crime Computer crime
Computer crimeAnika Rahman Orin
 
Hacking & its types
Hacking & its typesHacking & its types
Hacking & its typesSai Sakoji
 
Cyber security
Cyber securityCyber security
Cyber securityHarsh verma
 
Cyber Security and Cyber Awareness
Cyber Security and Cyber Awareness Cyber Security and Cyber Awareness
Cyber Security and Cyber Awareness Jay Nagar
 
Ppt
PptPpt
PptGeetu Khanna
 
INDIAN NATIONAL CYBER SECURITY POLICY (NCSP-2013)
INDIAN NATIONAL CYBER SECURITY POLICY (NCSP-2013)INDIAN NATIONAL CYBER SECURITY POLICY (NCSP-2013)
INDIAN NATIONAL CYBER SECURITY POLICY (NCSP-2013)Santosh Khadsare
 
US Cyber Security Policy
US Cyber Security PolicyUS Cyber Security Policy
US Cyber Security Policysuhlingse
 

Mais conteúdo relacionado

Mais procurados

CYBER Crime Cyber Security Cyber Law INDIA
CYBER Crime Cyber Security Cyber Law INDIACYBER Crime Cyber Security Cyber Law INDIA
CYBER Crime Cyber Security Cyber Law INDIAAnish Rai
 
Cyber security awareness for students
Cyber security awareness for studentsCyber security awareness for students
Cyber security awareness for studentsKandarp Shah
 
Cybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationCybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationTriCorps Technologies
 
Cyber crime ppt new
Cyber crime ppt newCyber crime ppt new
Cyber crime ppt newOnkar1431
 
Cyber Security Awareness
Cyber Security AwarenessCyber Security Awareness
Cyber Security AwarenessRamiro Cid
 
Cyber crime ppt
Cyber crime pptCyber crime ppt
Cyber crime pptMOE515253
 
CYBER CRIME AND SECURITY
CYBER CRIME AND SECURITYCYBER CRIME AND SECURITY
CYBER CRIME AND SECURITYChaya Sorir
 
E-Commerce security
E-Commerce security E-Commerce security
E-Commerce security Tawhid Rahman
 
Cyber Crime & Information technology Act 2000
Cyber Crime & Information technology Act 2000Cyber Crime & Information technology Act 2000
Cyber Crime & Information technology Act 2000V'vek Sharma
 
Cyber Crime and Security
Cyber Crime and SecurityCyber Crime and Security
Cyber Crime and SecurityMd Nishad
 
Hacking & its types
Hacking & its typesHacking & its types
Hacking & its typesSai Sakoji
 
Cyber Security and Cyber Awareness
Cyber Security and Cyber Awareness Cyber Security and Cyber Awareness
Cyber Security and Cyber Awareness Jay Nagar
 

Mais procurados (20)

CYBER Crime Cyber Security Cyber Law INDIA
CYBER Crime Cyber Security Cyber Law INDIACYBER Crime Cyber Security Cyber Law INDIA
CYBER Crime Cyber Security Cyber Law INDIA
 
Cyber security awareness for students
Cyber security awareness for studentsCyber security awareness for students
Cyber security awareness for students
 
Cybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationCybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your Organization
 
Cyber crime ppt new
Cyber crime ppt newCyber crime ppt new
Cyber crime ppt new
 
Cybersecurity: Public Sector Threats and Responses
Cybersecurity: Public Sector Threats and Responses Cybersecurity: Public Sector Threats and Responses
Cybersecurity: Public Sector Threats and Responses
 
Cyber Security Awareness
Cyber Security AwarenessCyber Security Awareness
Cyber Security Awareness
 
Computer Crimes
Computer CrimesComputer Crimes
Computer Crimes
 
Cyber crime ppt
Cyber crime pptCyber crime ppt
Cyber crime ppt
 
CYBER CRIME AND SECURITY
CYBER CRIME AND SECURITYCYBER CRIME AND SECURITY
CYBER CRIME AND SECURITY
 
cyber crime
cyber crimecyber crime
cyber crime
 
Cyber security
Cyber securityCyber security
Cyber security
 
E-Commerce security
E-Commerce security E-Commerce security
E-Commerce security
 
Cyber Crime & Information technology Act 2000
Cyber Crime & Information technology Act 2000Cyber Crime & Information technology Act 2000
Cyber Crime & Information technology Act 2000
 
Cyber Crime and Security
Cyber Crime and SecurityCyber Crime and Security
Cyber Crime and Security
 
Cyber Terrorism
Cyber TerrorismCyber Terrorism
Cyber Terrorism
 
Computer crime
Computer crime Computer crime
Computer crime
 
Hacking & its types
Hacking & its typesHacking & its types
Hacking & its types
 
Cyber security
Cyber securityCyber security
Cyber security
 
Cyber Security and Cyber Awareness
Cyber Security and Cyber Awareness Cyber Security and Cyber Awareness
Cyber Security and Cyber Awareness
 
Ppt
PptPpt
Ppt
 

Destaque

INDIAN NATIONAL CYBER SECURITY POLICY (NCSP-2013)
INDIAN NATIONAL CYBER SECURITY POLICY (NCSP-2013)INDIAN NATIONAL CYBER SECURITY POLICY (NCSP-2013)
INDIAN NATIONAL CYBER SECURITY POLICY (NCSP-2013)Santosh Khadsare
 
US Cyber Security Policy
US Cyber Security PolicyUS Cyber Security Policy
US Cyber Security Policysuhlingse
 
National cyber security policy
National cyber security policyNational cyber security policy
National cyber security policyNextBigWhat
 
Review of national cyber security policy 2013 by chintan pathak
Review of national cyber security policy 2013 by chintan pathakReview of national cyber security policy 2013 by chintan pathak
Review of national cyber security policy 2013 by chintan pathakChintan Pathak
 
Cyber law In India: its need & importance
Cyber law In India: its need & importanceCyber law In India: its need & importance
Cyber law In India: its need & importanceAditya Shukla
 
E mail security using Certified Electronic Mail (CEM)
E mail security using Certified Electronic Mail (CEM)E mail security using Certified Electronic Mail (CEM)
E mail security using Certified Electronic Mail (CEM)Pankaj Bhambhani
 
Speaker Kiersten E. Todt, President and Managing Partner, Liberty Group Ventu...
Speaker Kiersten E. Todt, President and Managing Partner, Liberty Group Ventu...Speaker Kiersten E. Todt, President and Managing Partner, Liberty Group Ventu...
Speaker Kiersten E. Todt, President and Managing Partner, Liberty Group Ventu...Investorideas.com
 
US Cyber Security Policy
US Cyber Security PolicyUS Cyber Security Policy
US Cyber Security Policybarbeejl
 
Misra, D.C. (2009) An E Governance Vision For India By 2020 Gvmitm 23.5.09
Misra, D.C. (2009) An E Governance Vision For India By 2020 Gvmitm 23.5.09Misra, D.C. (2009) An E Governance Vision For India By 2020 Gvmitm 23.5.09
Misra, D.C. (2009) An E Governance Vision For India By 2020 Gvmitm 23.5.09Dr D.C. Misra
 
Science of Security: Cyber Ecosystem Attack Analysis Methodology
Science of Security: Cyber Ecosystem Attack Analysis MethodologyScience of Security: Cyber Ecosystem Attack Analysis Methodology
Science of Security: Cyber Ecosystem Attack Analysis MethodologyShawn Riley
 
National cyber security policy 2013
National cyber security policy 2013National cyber security policy 2013
National cyber security policy 2013M P Keshava
 
Cyber Security PPT
Cyber Security PPTCyber Security PPT
Cyber Security PPTashish kumar
 
National cyber security policy final
National cyber security policy finalNational cyber security policy final
National cyber security policy finalIndian Air Force
 
Netiquette by Ankush Agrawal
Netiquette by Ankush AgrawalNetiquette by Ankush Agrawal
Netiquette by Ankush AgrawalAnkush Agrawal
 
Role of E-Governance In Bharat Nirman
Role of E-Governance In Bharat NirmanRole of E-Governance In Bharat Nirman
Role of E-Governance In Bharat NirmanShravan Bhumkar
 

Destaque (20)

INDIAN NATIONAL CYBER SECURITY POLICY (NCSP-2013)
INDIAN NATIONAL CYBER SECURITY POLICY (NCSP-2013)INDIAN NATIONAL CYBER SECURITY POLICY (NCSP-2013)
INDIAN NATIONAL CYBER SECURITY POLICY (NCSP-2013)
 
US Cyber Security Policy
US Cyber Security PolicyUS Cyber Security Policy
US Cyber Security Policy
 
National cyber security policy
National cyber security policyNational cyber security policy
National cyber security policy
 
Review of national cyber security policy 2013 by chintan pathak
Review of national cyber security policy 2013 by chintan pathakReview of national cyber security policy 2013 by chintan pathak
Review of national cyber security policy 2013 by chintan pathak
 
Malaysia's National Cyber Security Policy
Malaysia's National Cyber Security PolicyMalaysia's National Cyber Security Policy
Malaysia's National Cyber Security Policy
 
Cyber law In India: its need & importance
Cyber law In India: its need & importanceCyber law In India: its need & importance
Cyber law In India: its need & importance
 
Group Q
Group QGroup Q
Group Q
 
C3i Group Cyber Law
C3i Group Cyber LawC3i Group Cyber Law
C3i Group Cyber Law
 
E mail security using Certified Electronic Mail (CEM)
E mail security using Certified Electronic Mail (CEM)E mail security using Certified Electronic Mail (CEM)
E mail security using Certified Electronic Mail (CEM)
 
Speaker Kiersten E. Todt, President and Managing Partner, Liberty Group Ventu...
Speaker Kiersten E. Todt, President and Managing Partner, Liberty Group Ventu...Speaker Kiersten E. Todt, President and Managing Partner, Liberty Group Ventu...
Speaker Kiersten E. Todt, President and Managing Partner, Liberty Group Ventu...
 
US Cyber Security Policy
US Cyber Security PolicyUS Cyber Security Policy
US Cyber Security Policy
 
Misra, D.C. (2009) An E Governance Vision For India By 2020 Gvmitm 23.5.09
Misra, D.C. (2009) An E Governance Vision For India By 2020 Gvmitm 23.5.09Misra, D.C. (2009) An E Governance Vision For India By 2020 Gvmitm 23.5.09
Misra, D.C. (2009) An E Governance Vision For India By 2020 Gvmitm 23.5.09
 
Science of Security: Cyber Ecosystem Attack Analysis Methodology
Science of Security: Cyber Ecosystem Attack Analysis MethodologyScience of Security: Cyber Ecosystem Attack Analysis Methodology
Science of Security: Cyber Ecosystem Attack Analysis Methodology
 
National cyber security policy 2013
National cyber security policy 2013National cyber security policy 2013
National cyber security policy 2013
 
it act
it act it act
it act
 
Cyber Security PPT
Cyber Security PPTCyber Security PPT
Cyber Security PPT
 
Netiquette
NetiquetteNetiquette
Netiquette
 
National cyber security policy final
National cyber security policy finalNational cyber security policy final
National cyber security policy final
 
Netiquette by Ankush Agrawal
Netiquette by Ankush AgrawalNetiquette by Ankush Agrawal
Netiquette by Ankush Agrawal
 
Role of E-Governance In Bharat Nirman
Role of E-Governance In Bharat NirmanRole of E-Governance In Bharat Nirman
Role of E-Governance In Bharat Nirman
 

Semelhante a National Cyber Security Policy-2013

Singapore. industry 4.0 and cybersecurity
Singapore. industry 4.0 and cybersecurity Singapore. industry 4.0 and cybersecurity
Singapore. industry 4.0 and cybersecurity Yuri Anisimov
 
Cyber Security Strategy for Pakistan.docx
Cyber Security Strategy for Pakistan.docxCyber Security Strategy for Pakistan.docx
Cyber Security Strategy for Pakistan.docxfalknoor56
 
Protecting Critical Infrastructure: a multi-layered approach
Protecting Critical Infrastructure: a multi-layered approachProtecting Critical Infrastructure: a multi-layered approach
Protecting Critical Infrastructure: a multi-layered approachITU
 
UN Singapore Cyber Programme 15 july19
UN Singapore Cyber Programme 15 july19UN Singapore Cyber Programme 15 july19
UN Singapore Cyber Programme 15 july19consultancyss
 
STAYING SAFE AND SECURED ON TODAY AND TOMORROW’S AFRICA CYBERSPACE WORKSHOP 2017
STAYING SAFE AND SECURED ON TODAY AND TOMORROW’S AFRICA CYBERSPACE WORKSHOP 2017STAYING SAFE AND SECURED ON TODAY AND TOMORROW’S AFRICA CYBERSPACE WORKSHOP 2017
STAYING SAFE AND SECURED ON TODAY AND TOMORROW’S AFRICA CYBERSPACE WORKSHOP 2017Maurice Dawson
 
National Strategies against Cyber Attacks - Philip Victor
National Strategies against Cyber Attacks - Philip VictorNational Strategies against Cyber Attacks - Philip Victor
National Strategies against Cyber Attacks - Philip VictorKnowledge Group
 
Achieving Caribbean Cybersecuirty
Achieving Caribbean CybersecuirtyAchieving Caribbean Cybersecuirty
Achieving Caribbean CybersecuirtyShiva Bissessar
 
Un security-resolution 57 239
Un security-resolution 57 239 Un security-resolution 57 239
Un security-resolution 57 239 Genti79
 
Security5Security5 is an entry level certifi cation fo.docx
Security5Security5 is an entry level certifi cation fo.docxSecurity5Security5 is an entry level certifi cation fo.docx
Security5Security5 is an entry level certifi cation fo.docxbagotjesusa
 
Cyber Security India & Cyber Crime
Cyber Security India & Cyber CrimeCyber Security India & Cyber Crime
Cyber Security India & Cyber CrimeDeepak Kumar (D3)
 
Irene Moetsana-Moeng: Stakeholders in Cybersecurity: Collaborative Defence fo...
Irene Moetsana-Moeng: Stakeholders in Cybersecurity: Collaborative Defence fo...Irene Moetsana-Moeng: Stakeholders in Cybersecurity: Collaborative Defence fo...
Irene Moetsana-Moeng: Stakeholders in Cybersecurity: Collaborative Defence fo...itnewsafrica
 
The Importance of Cybersecurity for Digital Transformation
The Importance of Cybersecurity for Digital TransformationThe Importance of Cybersecurity for Digital Transformation
The Importance of Cybersecurity for Digital TransformationNUS-ISS
 
SECURITY AND SAFETY OF THE POWER GRID AND ITS RELATED COMPUTER INF.docx
SECURITY AND SAFETY OF THE POWER GRID AND ITS RELATED COMPUTER INF.docxSECURITY AND SAFETY OF THE POWER GRID AND ITS RELATED COMPUTER INF.docx
SECURITY AND SAFETY OF THE POWER GRID AND ITS RELATED COMPUTER INF.docxbagotjesusa
 
Insa cyber intelligence 2011
Insa cyber intelligence 2011Insa cyber intelligence 2011
Insa cyber intelligence 2011Mousselmal Tarik
 
Outline for an Enterprise IT Security PolicyNo NameJanuary 24, 201.docx
Outline for an Enterprise IT Security PolicyNo NameJanuary 24, 201.docxOutline for an Enterprise IT Security PolicyNo NameJanuary 24, 201.docx
Outline for an Enterprise IT Security PolicyNo NameJanuary 24, 201.docxalfred4lewis58146
 
ITU Cybersecurity Capabilities
ITU Cybersecurity CapabilitiesITU Cybersecurity Capabilities
ITU Cybersecurity CapabilitiesITU
 
Cultivating Proactive Cybersecurity Culture among IT Professional to Combat E...
Cultivating Proactive Cybersecurity Culture among IT Professional to Combat E...Cultivating Proactive Cybersecurity Culture among IT Professional to Combat E...
Cultivating Proactive Cybersecurity Culture among IT Professional to Combat E...AI Publications
 

Semelhante a National Cyber Security Policy-2013 (20)

Singapore. industry 4.0 and cybersecurity
Singapore. industry 4.0 and cybersecurity Singapore. industry 4.0 and cybersecurity
Singapore. industry 4.0 and cybersecurity
 
Cyber Security Strategy for Pakistan.docx
Cyber Security Strategy for Pakistan.docxCyber Security Strategy for Pakistan.docx
Cyber Security Strategy for Pakistan.docx
 
Protecting Critical Infrastructure: a multi-layered approach
Protecting Critical Infrastructure: a multi-layered approachProtecting Critical Infrastructure: a multi-layered approach
Protecting Critical Infrastructure: a multi-layered approach
 
UN Singapore Cyber Programme 15 july19
UN Singapore Cyber Programme 15 july19UN Singapore Cyber Programme 15 july19
UN Singapore Cyber Programme 15 july19
 
CSCSS ISC (INTERNATIONAL STRATEGY FOR CYBERSPACE)
CSCSS ISC (INTERNATIONAL STRATEGY FOR CYBERSPACE)CSCSS ISC (INTERNATIONAL STRATEGY FOR CYBERSPACE)
CSCSS ISC (INTERNATIONAL STRATEGY FOR CYBERSPACE)
 
Ethiopia reba paper
Ethiopia reba paperEthiopia reba paper
Ethiopia reba paper
 
STAYING SAFE AND SECURED ON TODAY AND TOMORROW’S AFRICA CYBERSPACE WORKSHOP 2017
STAYING SAFE AND SECURED ON TODAY AND TOMORROW’S AFRICA CYBERSPACE WORKSHOP 2017STAYING SAFE AND SECURED ON TODAY AND TOMORROW’S AFRICA CYBERSPACE WORKSHOP 2017
STAYING SAFE AND SECURED ON TODAY AND TOMORROW’S AFRICA CYBERSPACE WORKSHOP 2017
 
National Strategies against Cyber Attacks - Philip Victor
National Strategies against Cyber Attacks - Philip VictorNational Strategies against Cyber Attacks - Philip Victor
National Strategies against Cyber Attacks - Philip Victor
 
Achieving Caribbean Cybersecuirty
Achieving Caribbean CybersecuirtyAchieving Caribbean Cybersecuirty
Achieving Caribbean Cybersecuirty
 
Un security-resolution 57 239
Un security-resolution 57 239 Un security-resolution 57 239
Un security-resolution 57 239
 
Security5Security5 is an entry level certifi cation fo.docx
Security5Security5 is an entry level certifi cation fo.docxSecurity5Security5 is an entry level certifi cation fo.docx
Security5Security5 is an entry level certifi cation fo.docx
 
Cyber Security India & Cyber Crime
Cyber Security India & Cyber CrimeCyber Security India & Cyber Crime
Cyber Security India & Cyber Crime
 
Irene Moetsana-Moeng: Stakeholders in Cybersecurity: Collaborative Defence fo...
Irene Moetsana-Moeng: Stakeholders in Cybersecurity: Collaborative Defence fo...Irene Moetsana-Moeng: Stakeholders in Cybersecurity: Collaborative Defence fo...
Irene Moetsana-Moeng: Stakeholders in Cybersecurity: Collaborative Defence fo...
 
The Importance of Cybersecurity for Digital Transformation
The Importance of Cybersecurity for Digital TransformationThe Importance of Cybersecurity for Digital Transformation
The Importance of Cybersecurity for Digital Transformation
 
SECURITY AND SAFETY OF THE POWER GRID AND ITS RELATED COMPUTER INF.docx
SECURITY AND SAFETY OF THE POWER GRID AND ITS RELATED COMPUTER INF.docxSECURITY AND SAFETY OF THE POWER GRID AND ITS RELATED COMPUTER INF.docx
SECURITY AND SAFETY OF THE POWER GRID AND ITS RELATED COMPUTER INF.docx
 
Insa cyber intelligence 2011
Insa cyber intelligence 2011Insa cyber intelligence 2011
Insa cyber intelligence 2011
 
Session 5.3 Alexander Ntoko
Session 5.3 Alexander NtokoSession 5.3 Alexander Ntoko
Session 5.3 Alexander Ntoko
 
Outline for an Enterprise IT Security PolicyNo NameJanuary 24, 201.docx
Outline for an Enterprise IT Security PolicyNo NameJanuary 24, 201.docxOutline for an Enterprise IT Security PolicyNo NameJanuary 24, 201.docx
Outline for an Enterprise IT Security PolicyNo NameJanuary 24, 201.docx
 
ITU Cybersecurity Capabilities
ITU Cybersecurity CapabilitiesITU Cybersecurity Capabilities
ITU Cybersecurity Capabilities
 
Cultivating Proactive Cybersecurity Culture among IT Professional to Combat E...
Cultivating Proactive Cybersecurity Culture among IT Professional to Combat E...Cultivating Proactive Cybersecurity Culture among IT Professional to Combat E...
Cultivating Proactive Cybersecurity Culture among IT Professional to Combat E...
 

National Cyber Security Policy-2013

  • 1. National Cyber Security Policy- 2013
  • 2. PREAMBLE  Cyberspace is a complex environment consisting of interactions between people, software and services, supported by worldwide distribution of information and communication technology devices and networks.  The cyberspace is used by citizens, businesses, critical information infrastructure, military and governments and is expected to grow more complex.  IT is one of the critical sectors of cyberspace and is responsible for contribution to socio-economic factors like employment, living standards and diversity.
  • 3.  Plans for rapid social transformation and inclusive growth, creating secure computing environment and adequate trust and confidence in electronic transactions, software's, services, devices and networks, has become a priority for India.  Cyberspace is vulnerable to incidents, whether intentional or accidental, manmade or natural, and the data exchanged in the cyberspace can be exploited by nation- states and non-state actors. Some examples of cyber threats are identity theft, phishing, social engineering, hactivism, cyber terrorism, compromised digital certificates, persistent attacks, denial of service, bot nets, supply chain attacks, data leakage, etc.  Due to the dynamic nature of cyberspace, there is now a need for actions against all threats to be unified under a National Cyber Security Policy, with an integrated vision
  • 4.  The cyber security policy is an evolving task and caters to home users and small, medium and large enterprises and Government and non-Government entities. It serves as an umbrella framework for defining and guiding actions relating to cyberspace security.
  • 5. Vision “To build a secure and resilient cyberspace for citizens, businesses and Government.”
  • 6. Mission To protect information and information infrastructure in cyberspace, build capabilities to prevent and respond to cyber threats, reduce vulnerabilities and minimize damage from cyber incidents through a combination of institutional structures, people, processes, technology and cooperation.
  • 7. Objectives 1) To create a secure cyber ecosystem in the country, generate adequate trust and confidence in IT systems and transactions in cyberspace and thus enhance adoption of IT in all sectors. 2) To create an assurance framework for design of security policies 3) To strengthen the Regulatory framework for ensuring a secure cyberspace ecosystem. 4) To enhance and create National and Sectoral level 24 X 7 mechanisms for obtaining information regarding threats to ICT infrastructure, creating scenarios for responsive, resolution and crisis management through predictive, preventive, protective, response and recovery actions 5) Operating a 24 x 7 National Critical Information
  • 8. 7) To develop suitable indigenous security technologies through frontier technology research, solution oriented research, proof of concept, pilot development, transition, diffusion and commercialization. 8) To create a workforce of 500,000 professionals skilled in cyber security in the next 5 years through capacity building, skill development and training. 9) To provide fiscal benefits to businesses for adoption of standard security practices and processes. 10) To enable protection of information while in process, handling, storage and transit to safeguard citizen’s data. 11) To create a culture of cyber security and privacy enabling responsible user behavior and actions through effective communication and promotion. 12) To enhance global cooperation by promoting shared understanding and leveraging relationships for furthering the cause of security of cyberspace.
  • 9. STRATEGIES A. Creating a secure cyber ecosystem 1. To designate a National nodal agency to coordinate all matters related to cyber security in the country. 2. To encourage all organizations, private and public to designate a member of senior management, as Chief Information Security Officer (CISO), responsible for cyber security efforts and initiatives. 3. To encourage all organizations to develop information security policies duly integrated with their business plans and implement such policies as per international best practices. 4. To ensure that all organizations earmark a specific
  • 10. 5) To provide fiscal schemes and incentives to encourage entities to install, strengthen and upgrade information infrastructure with respect to cyber security. 6) To prevent occurrence and recurrence of cyber incidents by way of incentives for technology development, cyber security compliance and proactive actions. 7) To establish a mechanism for sharing information and for identifying and responding to cyber security incidents and for cooperation in restoration efforts. 8) To encourage entities to adopt guidelines for procurement of trustworthy ICT products and provide for procurement of indigenously manufactured ICT products.
  • 11. B. Creating an assurance framework 1. To promote adoption of global best practices in information security and compliance and thereby enhance cyber security posture. 2. To create infrastructure for conformity assessment and certification of compliance to cyber security test practices, standards and guidelines. 3. To enable implementation of global security best practices in formal risk assessment and risk management processes, business continuity management and cyber crisis management plan by all entities within Government and in critical sectors, to reduce the risk of disruption and improve the security posture. 4. To identify and classify information infrastructure facilities and assets at entity level with respect to risk perception for undertaking commensurate security protection measures. 5. To create conformity assessment framework to periodically
  • 12. C. Encouraging Open Standards 1. To encourage use of open standards to facilitate interoperability and data exchange among different products or services. 2. To promote consortium of Government and private sector to enhance the availability of tested and certified IT products based on open standards.
  • 13. D. Strengthening the Regulatory Framework 1. To develop a dynamic legal framework and its periodic review to address the cyber security challenges arising out of technological developments in cyber space and its harmonization with international frameworks including those related to Internet governance. 2. To mandate periodic audit and evaluation of the adequacy and effectiveness of security of information infrastructure as may be appropriate, with respect to regulatory framework. 3. To enable, educate, and facilitate awareness of the regulatory framework.
  • 14. E. Creating mechanisms for security threat early warning, vulnerability management and response to security threats 1. To create National level systems, processes, structures and mechanisms to generate necessary situational scenario of existing and potential cyber security threats and enable timely information sharing for proactive, preventive and protective actions by the individual entities. 2. To operate a 24 X 7 National Level Computer Response Team (CERT) to function as a nodal Agency for coordination of all efforts for cyber security emergency response. 3. To operationalize 24x7 sectoral CERT’s for all
  • 15. 4) To implement Cyber Crisis Management Plan. 5) To conduct and facilitate regular cyber security drills and exercises at all levels.
  • 16. F. Securing E-Governance Services 1. To mandate implementation of global security best practices, business continuity management, etc. 2. To encourage wider usage of Public Key Infrastructure (PKI) with Government for trusted communication and transaction. 3. To engage information security professionals/ organizations to assist e-Governance initiatives and ensure conformance to security best practices.
  • 17. G. Protection and resilience of Critical Information Infrastructure 1. To develop a plan for protection of Critical Information Infrastructure and its integration with business plan at the entity level and implement such plan. 2. To operate a 24 x 7 National Critical Information Infrastructure Protection Centre (NCIIPC) to function as the nodal agency for information. 3. To facilitate identification, prioritization, assessment, remediation and protection of critical Infrastructure. 4. To mandate certification for all security roles right from CISO/CSO to those involved in critical information infrastructure.
  • 18. H. Promotion of research and development in cyber security 1. To undertake research and development programs for addressing all aspects of development aimed at short term, medium term and long term goals. 2. To facilitate transition, diffusion and commercialization of the outputs of Research and Development. 3. To set up centers of excellence in areas of strategic importance for the point of security of cyber space. 4. To collaborate in joint Research and Development Projects with industry and academia in frontline technologies and solution oriented research.
  • 19. I. Reducing Supply Chain Risks 1. To create and maintain testing information infrastructure and facilities for IT security product evaluation and compliance verification as per global standards. 2. To build trusted relationships with product/system vendors. 3. To create awareness of the threats, vulnerabilities and consequences of breach of security.
  • 20. J. Human Resource Development 1. To foster education and training programs to both in formal and informal sectors to support cyber security threats. 2. To establish cyber security training infrastructure across the country. 3. To establish cyber security concept labs for awareness and skill development. 4. To establish institutional mechanisms for capacity building for Law Enforcement Agencies.
  • 21. K. Creating cyber security awareness 1. To promote and launch a comprehensive national awareness program on security of cyberspace. 2. To sustain security literacy awareness and publicity campaign. 3. To conduct support and enable cyber security workshops/ seminars and certifications.
  • 22. L. Developing effective Public Private Partnerships 1. To facilitate collaboration and cooperation among stakeholder entities including private sector, in the area of cyber security in general and protection of critical information infrastructure in particular for actions related to cyber threats, vulnerabilities, breaches, potential protective measures, and adoption of best practices. 2. To create models for collaborations and engagement with all relevant stakeholders. 3. To create a think tank for cyber security policy inputs, discussions and deliberations.
  • 23. M. Information sharing and cooperation 1. To develop bilateral and multi-lateral relationships in the area of cyber security with other countries. 2. To enhance National and global cooperation among security agencies, CERT’s, defense agencies and forces, Law Enforcement Agencies and the judicial systems. 3. To create mechanisms for dialogue related to technical and operational aspects with industry in order to facilitate efforts in recovery and resilience of systems.
  • 24. N. Prioritized Approach for implementation  To adopt a prioritized approach to implement the policy so as to address the most critical areas in the first instance.
  • 25. O. Operationalization of the Policy  This policy shall be operational by way of detailed guidelines and plans of action at various levels as national, sectoral, state, ministry, department and enterprise, as may be appropriate, to Address the challenging requirements of security of the cyber space.