DSCI NEWS. Public Advocacy. NASSCOM-DSCI Report Securing Our Cyber Frontiers. April - June 2012 Vol. 3 No. 2. Upcoming Events

Transcription

1 Vol. 3 No. 2 DSCI NEWS DATA SECURITY COUNCIL OF INDIA A Initiative Our Vision Harness data protection as a lever for economic development of India through global integration of practices and standards conforming to various legal regimes. Our Mission To create trustworthiness of Indian companies as global sourcing service providers, and to assure clients worldwide that India is a secure destination for outsourcing where privacy and protection of customer data are enshrined in the global best practices followed by the industry. Our Objectives Public Advocacy on Data Protection and Cyber Security Capacity Building on Security and Privacy Thought Leadership through Best Practices Independent Oversight for Assurance & Dispute resolution through ADR towards Self-Regulation Cyber Crime Speedier Trial through training of Law Enforcement Agencies and Judiciary Upcoming Events DSCI Best Practices Meet 2012 on July 12 in Hotel Vivanta by Taj, Banagalore Pl refer: about/1021 Cyber Crime Awareness Workshop for Law Enforcement Agencies (LEA), on July 20-21, in Ahmedabad DSCI Excellence Awards: Nominations open from August 1, 2012 Editorial Board Kartik Korpal Asst. Manager Marketing & Communications, DSCI Rahul Jain Senior Consultant, DSCI Contact Us DATA SECURITY COUNCIL OF INDIA Niryat Bhawan, 3rd Floor, Rao Tula Ram Marg, New Delhi , India Phone: , Fax: info@dsci.in, Website: QUARTERLY NEWSLETTER OF DATA SECURITY COUNCIL OF INDIA Public Advocacy NASSCOM-DSCI Report Securing Our Cyber Frontiers Union Home Minister Shri. P Chidambaram released the NASSCOM-DSCI Report Securing Our Cyber Frontiers, on April 3, 2012 in New Delhi. Speaking on the occasion, Shri. Chidambaram said, From a national security point of view, this is an important report and law enforcement agencies should quickly scale up their capacity to deal with these new crimes. We look forward to working with NASSCOM-DSCI in implementing the recommendations of NASSCOM-DSCI Report- Securing Our Cyber Frontiers". The Report highlights cyber security issues at the national and global level; need for cooperation, and for information age response to the cyber challenge. It identifies priority areas for action, including 10 key Facebook: Linkedin: Twitter: DSCI Corporate Membership is open Visit: taxonomypage/105

2 recommendations in which the roles of government and the industry have been outlined. These recommendations take into consideration the ongoing global cyber security efforts and developments while keeping the Indian environment in context. India s current infrastructure development process is making greater use of IT applications, which makes it vulnerable to cyber attacks that can have serious implications for the nation and economy at large. Cyber security has direct bearing on national security since cyberspace merges seamlessly with the physical world and cyber attacks can disrupt critical infrastructure of the country producing effects similar to those of physical attacks on the infrastructure. Recognizing the fact that more and more critical infrastructure is being owned and operated by the private enterprises, NASSCOM-DSCI constituted the Cyber Security Advisory Group (CSAG), under the chairmanship of Mr. Rajendra Pawar, Chairman-NASSCOM Executive Council, with Dr. Kamlesh Bajaj, CEO, DSCI as Member Secretary and experts from public and private sector and law enforcement. The Group was mandated to come up with recommendations for consideration by the government on public-private partnership in capacity building and policy making. DSCI consolidated the preliminary recommendations provided by the CSAG members and also did an extensive study on polices and initiatives of developed countries and India s initiatives to develop its own recommendations. Finally, it emerged that the Committee should prioritize the existing recommendations to provide the government key priority areas for action, detailing the role of the industry in each such area. As a result, the Securing Our Cyber Frontiers has come out with ten key pragmatic and actionable recommendations which also detail the role of the government and industry. (We invite you to refer the report at Consultations with Dy. NSA DSCI is engaged with the Deputy NSA, Ms. Latha Reddy in defining the role of private sector in strengthening cybersecurity in the country. DSCI proposed specific areas for PPP including Critical Information Infrastructure, Testing Labs for Accreditation of ICT Products, Security Audits and Testing, Building Cyber Security Workforce, Capacity Building of LEAs. The consultations take forward the points of engagement highlighted in the NASSCOM-DSCI Report Securing Our Cyber Frontiers. Consultations with Ministry of Commerce DSCI held consultations with the concerned Joint Secretary, in the Ministry of Commerce for the ongoing Indo-EU Trade Negotiations, highlighting India's data protection regime and how it is commensurate with EU adequacy standard for Privacy protection. Consultations with Ministry of External Affairs DSCI provided inputs on Cyber Security Norms and Technology Related Issues to the Ministry of External Affairs. In particular, it highlighted the Emergence of Cyber Diplomacy Norms, Initiatives led by Russia and China, US International Strategy for Cyberspace, and emergence of the cyberspace as global commons. Thought Leadership Advisory Groups DSCI has set up 2 Advisory Groups - Privacy Assessment Advisory Group and Security Assessment Advisory Group - to guide DSCI in designing DSCI Privacy Assessment Framework and DSCI Security Assessment Framework respectively. The Groups comprise members from public and private enterprises, and draws on inputs from DSCI Frameworks DPF and DSF. Awarded project on e-security Index for India by Department of Information Technology DSCI has been awarded the project by DIT to develop an e- Security Index Framework for India. The project will cover: Study of similar existing models / frameworks developed internationally; Development of e-security Index Framework, including the statistical model; Testing of e-security Index Framework using test data Refinement of e-security Index Framework based on test results; and Development of a roadmap to take it forward. Engagements with Analysts In its efforts to reach out to the analysts firms to apprise them on the developments in data protection, DSCI updated Gartner analysts on DSCI Frameworks DSCI Privacy and Security Assessment, Privacy Law, encryption and outsourcing issues. rd EWI 3 Worldwide Cybersecurity Summit, Delhi EWI has partnered with NASSCOM and DSCI for 3rd Worldwide Cybersecurity Summit scheduled to be held in New Delhi on October DSCI is supporting EWI in the content development and organization of the Summit. 2

3 Outreach and Awareness This quarter saw DSCI organizing focused group discussions and workshops on various facets of data protection. 'Cyber Crimes & Computer Forensics Awareness Program' for the officers of a leading PSU Bank DSCI organized a 5 day training program for 16 officers from various departments of IT, Cyber Crime Monitoring cell, Law division, etc of a leading PSU Bank. Topics covered include Emerging Trends in Cyber Crimes, Economic offences- from a law enforcement perspec tive, I nformation Technology (Amendment) Act, 2008, Internet Banking issues and RBI guidelines on Internet Banking (Gopal Krishna committee recommendations), Dealing with Law Enforcement in the event of incident/criminal activity, Introduction to Computer & Mobile Forensic tools, Investigations and Information Rights Management, Banking frauds- Case studies and interactive session, among other issues relevant to Banks. Workshop on Indian Data Protection Regime 30 participants from various industry verticals and consulting firms attended DSCI Workshop on Indian Data Protection Regime. The Workshop focussed on IT (Amendment) Act, 2008 & issued clarifications: What it is and Why it's needed, and provided Clarity on existing rules and their applicability to businesses. NASSCOM half-a-day Session on Data Security DSCI presented strategies to address Concerns, Imperatives and Liabilities associated with the data, at the sessions held in Hyderabad and Visakhapatnam. DSCI-WebSense Data Security Strategy Series DSCI and WebSense have planned a series of RTCs as a Step Towards Creating Awareness in the Country. This quarter saw RTCs held in Mumbai, Bangalore, in month of May and June and another scheduled for Mumbai. The RTCs were attended by personnel from Public and Private enterprises and focused on comprehending the imperatives of data security, Understanding of regulatory ecosystem in India and those emerging across the globe & their impact, evaluating approaches for data security initiatives. DSCI-HP RTC on 'The Cyber Security Ecosystem DSCI and HP organized a RTC focused on developing the response to managing attacks on enterprise data consists of an entire cyber security ecosystem. It was attended by around 20 senior ranking officials from Government and Public departments and received speakers including Dr. Prescott Winter, CTO, Public Sector, Enterprise Security and Dr. Jaijit Bhattacharya, Director, Government Affairs, Global Government Affairs, HP. DSCI-Codenomicon RTC on Critical Components of National Cyber Security DSCI and Codenomicon organized a RTC on Critical Components of National Cyber Security focused on Cyber Threat Monitoring, Mitigation & Prevention and Situational Awareness. It was attended by around 40 senior ranking government officials and public departments. DSCI-Cisco Workshop on Common Criteria Countries are struggling to understand risks associated with Global ICT Supply Chains in an attempt to mitigate them. Governments are formulating policies to minimize such risks, especially in telecom, defence and critical infrastructure sectors. Common Criteria Labs are emerging as an assurance mechanism in this area. With this background DSCI and Cisco organized a Workshop on Common Criteria to develop an understanding of the Common Criteria, the developments in it, and the way forward. Senior officials from Cisco made presentations while CEO, DSCI provided the inaugural remarks. DSCI- Microsoft India Privacy Meet DSCI, Microsoft and Grey Head organized the India Privacy Meet to promote dialogue among all stakeholders: individuals, governments, businesses, NGOs and academics. CEO, DSCI provided the keynote address and the theme address was provided by Mr. Deepak Rout from Microsoft. The Meet featured 2 panel discussions on the contemporary topics of privacy: Consumer Privacy Creating the Right Balance and Citizen Privacy - Transparency, Accountability and Social Progress. Featuring senior leadership of government, including 3

4 Shri. Nirmaljeet Singh Kalsi, Jt. Secretary, MHA, Shri. A P Singh, DDG, Unique Identification Authority of India (UIDAI), and representation from IT service providers, telecom companies, consulting firms, the well defined discussions addressed some of the often raised queries on privacy of individuals as citizens of a nation and consumers of the services. Outreach through seminars organized by other associations/entities DSCI reached out to more number of stakeholders through conferences organized by other associations and through publications in leading journals. These include Institute of Defence Studies and Analyses' (IDSA) report on India's Cyber Security Challenges CEO, DSCI is a member of IDSA's Cyber Security Task Force. IDSA has come out with a report on India's cyber Security Challenges, which was released by National Security Advisor (NSA) Shri. Shiv Shankar Menon, on May 16, 2012 in New Delhi. The report discussed around the role of government and private sector in recognizing the aspects of cyber security and prioritized security and risk management plans jointly. While highlighting the need and relevance of the Report, NSA mentioned that the government will work with NASSCOM & DSCI in the areas of PPP, while Dy NSA referred to the NASSCOM-DSCI report. National Seminar on Information Security in Cloud Computing- Implications for MSMEs, organized by PHD Chambers of Commerce government and LEAs, covering the Privacy approaches of EU Data Protection Directive, US Sector-specific Approach, APEC Self-Regulation, and IT (Amendment) Act, Seminar on Cyber security and Information Assurance, organized by IIT Delhi The seminar feature presentations by IIT Delhi's research group covering various aspects of Cyber security at National level. Dr. Gulshan Rai, DG, CERT-In and Mr. Vinayak Godse, DSCI provided the keynote, while Wg Cdr MM Chaturvedi presented the highlights of National Cyber Security Index. 5th ASSOCHAM International Conference on Cyber & Network Security DSCI presented its views on the Security Policy, Compliance and Assurance, Security and Incident Early Warning & Responses. The highlights of the NASSCOM-DSCI Report Securing Our Cyber Frontiers were presented at the seminars organized by BSE and UBM DSCI Articles "Global Cyber Commons - Addressing Cyber Security Issues" (New Europe Post, June). Pl visit: Cyberspace Global Commons or a National Asset (DATAQUEST, April-May) Pl visit: DSCI presented on the Cloud Security, Policy, Privacy, Legal and Compliance challenges in it, and Indian Regulatory Regime & Implications for Cloud. It proposed recommendations for user organizations, cloud service providers and government, while providing an insight into The 7 top-level Categories of Service Measurement Index (SMI). Bangalore Cyber Security Summit 3rd Edition, organized by Government of Karnataka DSCI shared the perspectives on Privacy in a Connected World : The Indian Context. It highlighted the Privacy issues and challenges in India for individuals, businesses, technology, 4

5 Capacity Building Cyber labs LEA Training program Program Quarter 5 day Course 533 Short Course 796 Guest Lecture 27 LEA Support 59 Industry Support 2 Total day Level-II Cyber Crimes training at CBI Academy. 18 officers from CBI, State police, Dept of Public prosecution attended this program Assisted the CBI Academy in conducting 3 day cyber crime training for Himachal Pradesh Police. 27 police officers attended this program. Short courses on cyber crimes for Indian Navy and Corps of Military Police Cyber Crime Awareness Workshop for Law Enforcement Agencies (LEA) officers, Special Training programs Session on Information Technology Act 2000 & Usage of technology in detection of crimes at Karnataka Judicial Academy, Bangalore. 15 Judges attended this program 4 day training program on Cyber Crimes, Cyber law and Cyber forensics at MHA's North Eastern Police Academy, Meghalaya DSCI will carry out 2 awareness workshop in the state of Gujarat and Punjab for spreading awareness to police officers, Judiciary, Public Prosecutors, adjudicating officers for combating cyber crimes. The first workshop is planned to be carried out on July 20-21, 2012 This quarter also saw Level - II training material standardized and PRSG for DIT Project held at Pune 5 4 5