SlideShare una empresa de Scribd logo

National cyber security policy final

Descargar como PPTX, PDF
I
Indian Air Force

kjghcj

Educación
1 de 22
NATIONAL CYBER SECURITY POLICY “FOR SECURE COMPUTING ENVIRONMENT AND ADEQUATE TRUST & CONFIDENCE IN ELECTRONIC TRANSACTIONS ”
IT’S A CYBER GENERATION NOW DUDE!!!
LOOK N LAUGH!!!!
GROUP MEMBERS:  Aadesh Rai  Ajay Jha  Anu Jain  Dipak Zala  Jaykrishnan VK  Omprakash Singh  Pooja  Remya P  Renbi Jami  Supriya Sarkar
GLIMPSE OF CYBER SECURITY POLICY  Headed by a national cyber security coordinator, who reports to the NSA, the policy has three components that demarcate task and authority. The existing Indian Computer Emergency Response Team (CERT-IN) will be tasked to handle the commercial aspects of cyber security, including 24x7 proactive responses to hackers, cyber-attacks, intrusions and restoration of affected systems.  As of now, cyber criminals seem to have no real threat of prosecution. Our job is to create a climate of fear of effective prosecution, as in other types of crime.  For the first time since the advent of dedicated computer networks in the Indian government, the National Security Council Secretariat (NSCS) has come up with a comprehensive cyber security policy for upgrading the security of systems and preventing them from being hacked, attacked with malware, or intruded upon.
WHY THIS POLICY IS REQUIRED?  To Prevent cyber attacks against the country’s critical information infrastructures  To Reduce national vulnerability to cyber attacks  To Minimize damage and recovery time from cyber attacks  For creation of a technical-professional body that certifies the security of a network to ensure the overall health of government systems.  While NSCS is advocating that initially the certification of networks could be done by private agencies, the long term plan is to create a technical body of professionals, all under 40, who will form the backbone of Indian cyber security.
WHY CYBER SECURITY HAS BECOME ESSENTIAL NOW?  Mischievous activities in cyber space have expanded from novice geeks to organized criminal gangs that are going Hi-tech  Growing threat to national security - web espionage becomes increasingly advanced, moving from curiosity to well-funded and well-organized operations aimed at not only financial, but also political or technical gain  Increasing threat to online services – affecting individuals and industry because of growth of sophistication of attack techniques  Emergence of a sophisticated market for software flaws – that can be used to carry out espionage and attacks on Govt. and Critical information infrastructure. Findings indicate a blurred line between legal and illegal sales of software vulnerabilities
• Internet has become an weapon for political, military and economic espionage • Organized cyber attacks have been witnessed in last few years • Pentagon, US in 2007 • Estonia in April 2007 • Computer systems of German Chancellery and three Ministries • E-mail accounts at National Informatics Centre, India • Highly classified Govt. computer networks in New Zealand & Australia • The software used to carry out these attacks indicate that they were clearly designed & tested with much greater resources than usual individual hackers • Most Govt. agencies and companies around the world use common computing technologies & systems that are frequently penetrated by criminal hackers and malware • Traditional protective measures are not enough to protect against attacks such as those on Estonia, as the complexity and coordination in using the botnets was totally new. National networks with less sophistication in monitoring and defense capabilities could face serious problems to National security
• Online services are becoming prime targets for cyber criminals • Cyber criminals continue to refine their means of deceit as well as their victims In summary, the global threats affecting users in 2008 are: • New & sophisticated forms of attacks • Attacks targeting new technologies, such as VoIP (vishing – phishing via VoIP & phreaking – hacking tel networks to make free long distance calls) and peer-to-peer services • Attacks targeting online social networks • Attacks targeting online services, particularly online banking services • There is a new level of complexity in malware not seen before. These are more resilient, are modified over and over again and contain highly sophisticated functionality such as encryption (Ex. Nuwar also known as ‘Zhelatin’ and ‘Storm’ worm’ – with a new variant appearing almost daily) • As a trend we will see an increase in threats that hijack PCs with bots. Another challenging trend is the arrival of self-modifying threats • Given the exponential growth in social networking sites, social engineering may shortly become the easiest & quickest way to commit ID theft
WHO IS RESPONSIBLE FOR ENSURING VIRTUAL SPACE FREE OF CYBER THREAT?  Government  Private sector  Users  Academicians
ACTION NEEDEDTOBE TAKEN AT DIFFERENT LEVELS At country level:  Policy directives on data security and privacy protection - Compliance, liabilities and enforcement (ex. Information Technology Act 2000)  Standards and guidelines for compliance (ex: ISO 27001, ISO 20001 & CERT-In guidelines)  Conformity assessment infrastructure (enabling and endorsement actions concerning security product – ISO 15408, security process – ISO 27001 and security manpower – CISA, CISSP, ISMS-LA, DISA etc.)  Security incident - early warning and response (National cyber alert system and crisis management)
• Information sharing and cooperation (MoUs with vendors and overseas CERTs and security forums). • Pro-active actions to deal with and contain malicious activities on the net by way of net traffic monitoring, routing and gateway controls • Lawful interceptions and Law enforcement. • Nation wide security awareness campaign. • Security research and development focusing on tools, technology, products and services.
ACTIONS AT NETWORK LEVEL  Compliance to security best practices (ex. ISO27001), service quality (ISO 20001) and service level agreements (SLAs) and demonstration.  Pro-active actions to deal with and contain malicious activities, ensuring quality of services and protecting average end users by way of net traffic monitoring, routing and gateway controls  Keeping pace with changes in security technology and processes to remain current (configuration, patch and vulnerability management)  Conform to legal obligations and cooperate with law enforcement activities including prompt actions on alert/advisories issued by CERT- In.  Use of secure product and services and skilled manpower.  Crisis management and emergency response.
ACTIONS AT CORPORATE LEVEL:  Compliance to security best practices (ex. ISO27001), and demonstration.  Pro-active actions to deal with and contain malicious activities, and protecting average end users by way of net traffic monitoring, routing and gateway controls  Keeping pace with changes in security technology and processes to remain current (configuration, patch and vulnerability management)  Conform to legal obligations and cooperate with law enforcement activities including prompt actions on advisories issued by CERT-In.  Use of secure product and services and skilled manpower.  Crisis management and emergency response.  Periodic training and up gradation of skills for personnel engaged in security related activities  Promote acceptable users’ behavior in the interest of safe computing both within and outside.
ACTIONS AT SMALL USER LEVEL:  Maintain a level of awareness necessary for self-protection.  Use legal software and update at regular intervals.  Beware of security pitfalls while on the net and adhere to security advisories as necessary.  Maintain reasonable and trust-worthy access control to prevent abuse of computer resources
HOW THIS POLICY CAN CHECK CYBER CRIMES?
BY FACILITATING INTERNATIONALCOOPERATIONARRANGEMENTS  It is an inevitable reality that some countries will become safe havens for cyber criminals and international pressure to crack down won’t work.  It is believed that in next few years Govts are likely to get aggressive and pursue action against the specific individuals/groups/companies, regardless of location  It is also likely that Govts will start putting pressure on intermediary bodies that have the skills and resources, such as banks, ISPs and software vendors to protect the public from malware, hacking and social engineering  We may see industry sector codes of practice demanding improved security measures, backed probably by assurance and insurance schemes  Greater connectivity, more embedded systems and less obvious perimeters  Compliance regulations will drive upgrades and changes and also increase system complexity and legal wrangles – increase in civil suits for security breaches  Massive data storing patterns that ensure data never goes away – a boon to law enforcement agencies
• Enabling Govt. as a key stakeholder in creating appropriate environment/conditions by way of policies and legal/regulatory framework to address important aspect of data security and privacy protection concerns. National Cyber Security policy will ensure amendments to Indian IT Act and designing security and privacy assurance framework, crisis management plan (CMP) etc. • Enabling User agencies in Govt. and critical sectors to improve the security posture of their IT systems and networks and enhance their ability to resist cyber attacks and recover within reasonable time if attacks do occur. Formulation of security standards/ guidelines, empanelment of IT security auditors, creating a network & database of points-of-contact and CISOs of Govt & critical sector organizations for smooth and efficient communication to deal with security incidents and emergencies, CISO training programs on security related topics and CERT-In initiatives, cyber security drills and security conformity assessment infrastructure covering products, process and people.
• Enabling CERT-In to enhance its capacity and outreach and to achieve force multiplier effects to serve its constituency in an effective manner as a `Trusted referral agency’. Specific actions include – National cyber security strategy (11th Five Year Plan), National Cyber Alert system, MoUs with vendors, MoUs with CERTs across the world, network of sectoral CERTs in India, membership with international/regional CERT forums for exchange of information and expertise & rapid response, targeted projects and training programs for use of and compliance to international best practices in security and incident response. • Public Communication & Contact programs to increase cyber security awareness and to communicate Govt. policies on cyber security.
SUGGESTIONS FOR FORTIFICATION OF CYBER SECURITY POLICY:  Social economic political and technological background should be taken into account while finalizing this policy.  As India is a developing country hence it should be considered not in continuum with developed world while finalization of this policy.  Short and long term consistent realistic objectives should be there in the policy.  Fundamental root issues should be addressed in order to be able to sustain secondary issues.  Policy should consider available resources and their budgeting to support the short and long term objective.  Policy should not be static in nature. So as to be tuned to the changing needs. There must be a provision for a constant review in order to improve the policy and remove the impediments if any.
FINALLY IT IS REQUIRED TO CREATE A SECURITY ASSURANCE LADDER!!!  Security control emphasis depends on the kind of environment • Low risk : ‘Awareness’ – know your security concerns and follow best practices • Medium risk: ‘Awareness & Action’ – Proactive strategies leave you better prepared to handle security threats and incidents • High risk: ‘Awareness, Action and Assurance’ – Since security failures could be disastrous and may lead to unaffordable consequences, assurance (basis of trust & confidence) that the security controls work when needed most is essential.
“WISHYOUREMAINSAFE FROMCYBER THREAT” THANK YOU!!!

Recomendados

Information Security Policies and Standards
Information Security Policies and StandardsInformation Security Policies and Standards
Information Security Policies and Standards
Directorate of Information Security | Ditjen Aptika
 
Security policy
Security policySecurity policy
Security policy
Dhani Ahmad
 
Cybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationCybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your Organization
TriCorps Technologies
 
cyber security
cyber securitycyber security
cyber security
abithajayavel
 
Types of Threat Actors and Attack Vectors
Types of Threat Actors and Attack VectorsTypes of Threat Actors and Attack Vectors
Types of Threat Actors and Attack Vectors
LearningwithRayYT
 
Cyber security and demonstration of security tools
Cyber security and demonstration of security toolsCyber security and demonstration of security tools
Cyber security and demonstration of security tools
Vicky Fernandes
 
Cybercrime and Security
Cybercrime and SecurityCybercrime and Security
Cybercrime and Security
Noushad Hasan
 
Information security management system
Information security management systemInformation security management system
Information security management system
Arani Srinivasan
 

Recomendados

Information Security Policies and Standards
Information Security Policies and StandardsInformation Security Policies and Standards
Information Security Policies and Standards
Directorate of Information Security | Ditjen Aptika
 
Security policy
Security policySecurity policy
Security policy
Dhani Ahmad
 
Cybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationCybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your Organization
TriCorps Technologies
 
cyber security
cyber securitycyber security
cyber security
abithajayavel
 
Types of Threat Actors and Attack Vectors
Types of Threat Actors and Attack VectorsTypes of Threat Actors and Attack Vectors
Types of Threat Actors and Attack Vectors
LearningwithRayYT
 
Cyber security and demonstration of security tools
Cyber security and demonstration of security toolsCyber security and demonstration of security tools
Cyber security and demonstration of security tools
Vicky Fernandes
 
Cybercrime and Security
Cybercrime and SecurityCybercrime and Security
Cybercrime and Security
Noushad Hasan
 
Information security management system
Information security management systemInformation security management system
Information security management system
Arani Srinivasan
 
Cyber security
Cyber securityCyber security
Cyber security
vishakha bhagwat
 
Information security
Information securityInformation security
Information security
avinashbalakrishnan2
 
Network security
Network securityNetwork security
Network security
quest university nawabshah
 
Cyber security
Cyber securityCyber security
Cyber security
Dr. Kishor Nikam
 
Network Security ppt
Network Security pptNetwork Security ppt
Network Security ppt
SAIKAT BISWAS
 
Vulnerability assessment and penetration testing
Vulnerability assessment and penetration testingVulnerability assessment and penetration testing
Vulnerability assessment and penetration testing
Abu Sadat Mohammed Yasin
 
Threat Intelligence
Threat IntelligenceThreat Intelligence
Threat Intelligence
Deepak Kumar (D3)
 
Network security
Network securityNetwork security
Network security
Estiak Khan
 
Cyber security laws
Cyber security lawsCyber security laws
Cyber security laws
Sri Manakula Vinayagar Engineering College
 
CYBER SECURITY
CYBER SECURITYCYBER SECURITY
CYBER SECURITY
Mohammad Shakirul islam
 
Security & Compliance
Security & ComplianceSecurity & Compliance
Security & Compliance
Amazon Web Services
 
Network Security Fundamentals
Network Security FundamentalsNetwork Security Fundamentals
Network Security Fundamentals
Rahmat Suhatman
 
Cybersecurity 1. intro to cybersecurity
Cybersecurity 1. intro to cybersecurityCybersecurity 1. intro to cybersecurity
Cybersecurity 1. intro to cybersecurity
sommerville-videos
 
Cyber Security Vulnerabilities
Cyber Security VulnerabilitiesCyber Security Vulnerabilities
Cyber Security Vulnerabilities
Siemplify
 
Introduction To Information Security
Introduction To Information SecurityIntroduction To Information Security
Introduction To Information Security
belsis
 
Network Security and Firewall
Network Security and FirewallNetwork Security and Firewall
Network Security and Firewall
ShafeeqaFarsana
 
CYBER SECURITY
CYBER SECURITYCYBER SECURITY
CYBER SECURITY
PranjalShah18
 
VAPT Services by prime
VAPT Services by primeVAPT Services by prime
VAPT Services by prime
Prime Infoserv
 
Cyber security
Cyber securityCyber security
Cyber security
Aman Pradhan
 
Cyber Security Best Practices
Cyber Security Best PracticesCyber Security Best Practices
Cyber Security Best Practices
Evolve IP
 
Global Cyber Security Outlook - Deloitte (Hotel_Digital_Security_Seminar_Sept...
Global Cyber Security Outlook - Deloitte (Hotel_Digital_Security_Seminar_Sept...Global Cyber Security Outlook - Deloitte (Hotel_Digital_Security_Seminar_Sept...
Global Cyber Security Outlook - Deloitte (Hotel_Digital_Security_Seminar_Sept...
XEventsHospitality
 
Malaysia's National Cyber Security Policy
Malaysia's National Cyber Security PolicyMalaysia's National Cyber Security Policy
Malaysia's National Cyber Security Policy
Directorate of Information Security | Ditjen Aptika
 

Más contenido relacionado

La actualidad más candente

La actualidad más candente (20)

Cyber security
Cyber securityCyber security
Cyber security
 
Information security
Information securityInformation security
Information security
 
Network security
Network securityNetwork security
Network security
 
Cyber security
Cyber securityCyber security
Cyber security
 
Network Security ppt
Network Security pptNetwork Security ppt
Network Security ppt
 
Vulnerability assessment and penetration testing
Vulnerability assessment and penetration testingVulnerability assessment and penetration testing
Vulnerability assessment and penetration testing
 
Threat Intelligence
Threat IntelligenceThreat Intelligence
Threat Intelligence
 
Network security
Network securityNetwork security
Network security
 
Cyber security laws
Cyber security lawsCyber security laws
Cyber security laws
 
CYBER SECURITY
CYBER SECURITYCYBER SECURITY
CYBER SECURITY
 
Security & Compliance
Security & ComplianceSecurity & Compliance
Security & Compliance
 
Network Security Fundamentals
Network Security FundamentalsNetwork Security Fundamentals
Network Security Fundamentals
 
Cybersecurity 1. intro to cybersecurity
Cybersecurity 1. intro to cybersecurityCybersecurity 1. intro to cybersecurity
Cybersecurity 1. intro to cybersecurity
 
Cyber Security Vulnerabilities
Cyber Security VulnerabilitiesCyber Security Vulnerabilities
Cyber Security Vulnerabilities
 
Introduction To Information Security
Introduction To Information SecurityIntroduction To Information Security
Introduction To Information Security
 
Network Security and Firewall
Network Security and FirewallNetwork Security and Firewall
Network Security and Firewall
 
CYBER SECURITY
CYBER SECURITYCYBER SECURITY
CYBER SECURITY
 
VAPT Services by prime
VAPT Services by primeVAPT Services by prime
VAPT Services by prime
 
Cyber security
Cyber securityCyber security
Cyber security
 
Cyber Security Best Practices
Cyber Security Best PracticesCyber Security Best Practices
Cyber Security Best Practices
 

Destacado

Cybercrime.ppt
Cybercrime.pptCybercrime.ppt
Cybercrime.ppt
Aeman Khan
 
Cyber crime and security ppt
Cyber crime and security pptCyber crime and security ppt
Cyber crime and security ppt
Lipsita Behera
 
National cyber security policy
National cyber security policyNational cyber security policy
National cyber security policy
NextBigWhat
 
US Cyber Security Policy
US Cyber Security PolicyUS Cyber Security Policy
US Cyber Security Policy
barbeejl
 
National Cyber Security Policy-2013
National Cyber Security Policy-2013National Cyber Security Policy-2013
National Cyber Security Policy-2013
Vidushi Singh
 
Firmitas Cyber Solutions - Inforgraphic - Mirai Botnet - A few basic facts on...
Firmitas Cyber Solutions - Inforgraphic - Mirai Botnet - A few basic facts on...Firmitas Cyber Solutions - Inforgraphic - Mirai Botnet - A few basic facts on...
Firmitas Cyber Solutions - Inforgraphic - Mirai Botnet - A few basic facts on...
Rafel Ivgi
 
State of the State IT Workforces
State of the State IT WorkforcesState of the State IT Workforces
State of the State IT Workforces
Chris Brady
 

Destacado (20)

Global Cyber Security Outlook - Deloitte (Hotel_Digital_Security_Seminar_Sept...
Global Cyber Security Outlook - Deloitte (Hotel_Digital_Security_Seminar_Sept...Global Cyber Security Outlook - Deloitte (Hotel_Digital_Security_Seminar_Sept...
Global Cyber Security Outlook - Deloitte (Hotel_Digital_Security_Seminar_Sept...
 
Malaysia's National Cyber Security Policy
Malaysia's National Cyber Security PolicyMalaysia's National Cyber Security Policy
Malaysia's National Cyber Security Policy
 
Cyber Crime and Security
Cyber Crime and SecurityCyber Crime and Security
Cyber Crime and Security
 
Cybercrime.ppt
Cybercrime.pptCybercrime.ppt
Cybercrime.ppt
 
Cyber crime and security ppt
Cyber crime and security pptCyber crime and security ppt
Cyber crime and security ppt
 
National cyber security policy
National cyber security policyNational cyber security policy
National cyber security policy
 
US Cyber Security Policy
US Cyber Security PolicyUS Cyber Security Policy
US Cyber Security Policy
 
Review of national cyber security policy 2013 by chintan pathak
Review of national cyber security policy 2013 by chintan pathakReview of national cyber security policy 2013 by chintan pathak
Review of national cyber security policy 2013 by chintan pathak
 
National cyber security policy 2013
National cyber security policy 2013National cyber security policy 2013
National cyber security policy 2013
 
INDIAN NATIONAL CYBER SECURITY POLICY (NCSP-2013)
INDIAN NATIONAL CYBER SECURITY POLICY (NCSP-2013)INDIAN NATIONAL CYBER SECURITY POLICY (NCSP-2013)
INDIAN NATIONAL CYBER SECURITY POLICY (NCSP-2013)
 
National Cyber Security Policy-2013
National Cyber Security Policy-2013National Cyber Security Policy-2013
National Cyber Security Policy-2013
 
Symantec cyber-resilience
Symantec cyber-resilienceSymantec cyber-resilience
Symantec cyber-resilience
 
Tackling today's cyber security challenges - WISER Services & Solutions
Tackling today's cyber security challenges - WISER Services & SolutionsTackling today's cyber security challenges - WISER Services & Solutions
Tackling today's cyber security challenges - WISER Services & Solutions
 
National Cyber Security Policy 2013 (NCSP)
National Cyber Security Policy 2013 (NCSP)National Cyber Security Policy 2013 (NCSP)
National Cyber Security Policy 2013 (NCSP)
 
Information security fasit-cait-20150129_v04
Information security fasit-cait-20150129_v04Information security fasit-cait-20150129_v04
Information security fasit-cait-20150129_v04
 
Firmitas Cyber Solutions - Inforgraphic - Mirai Botnet - A few basic facts on...
Firmitas Cyber Solutions - Inforgraphic - Mirai Botnet - A few basic facts on...Firmitas Cyber Solutions - Inforgraphic - Mirai Botnet - A few basic facts on...
Firmitas Cyber Solutions - Inforgraphic - Mirai Botnet - A few basic facts on...
 
Understanding Cyber Crime and Cyber Security by Sajibe Kanti
Understanding Cyber Crime and Cyber Security by Sajibe Kanti Understanding Cyber Crime and Cyber Security by Sajibe Kanti
Understanding Cyber Crime and Cyber Security by Sajibe Kanti
 
State of the State IT Workforces
State of the State IT WorkforcesState of the State IT Workforces
State of the State IT Workforces
 
Cyber security awareness for students
Cyber security awareness for studentsCyber security awareness for students
Cyber security awareness for students
 
Prikaz 1362 ot 30122016
Prikaz 1362 ot 30122016Prikaz 1362 ot 30122016
Prikaz 1362 ot 30122016
 

Similar a National cyber security policy final

Global Perspective Cyberlaw, Regulations and Compliance
Global Perspective Cyberlaw, Regulations and ComplianceGlobal Perspective Cyberlaw, Regulations and Compliance
Global Perspective Cyberlaw, Regulations and Compliance
ijtsrd
 
WCIT 2014 Som Mittal - Managing risks in an interdependent economy risks rela...
WCIT 2014 Som Mittal - Managing risks in an interdependent economy risks rela...WCIT 2014 Som Mittal - Managing risks in an interdependent economy risks rela...
WCIT 2014 Som Mittal - Managing risks in an interdependent economy risks rela...
WCIT 2014
 
An Analytical Study on Attacks and Threats in Cyber Security and its Evolving...
An Analytical Study on Attacks and Threats in Cyber Security and its Evolving...An Analytical Study on Attacks and Threats in Cyber Security and its Evolving...
An Analytical Study on Attacks and Threats in Cyber Security and its Evolving...
ijtsrd
 
ISACA - China Cybersecurity Law Presentation - Kyle Lai - v3.2
ISACA - China Cybersecurity Law Presentation - Kyle Lai - v3.2ISACA - China Cybersecurity Law Presentation - Kyle Lai - v3.2
ISACA - China Cybersecurity Law Presentation - Kyle Lai - v3.2
Kyle Lai
 
Securityandethicalchallengesofinfornationtechnology 090902132631-phpapp02
Securityandethicalchallengesofinfornationtechnology 090902132631-phpapp02Securityandethicalchallengesofinfornationtechnology 090902132631-phpapp02
Securityandethicalchallengesofinfornationtechnology 090902132631-phpapp02
anjalee990
 

Similar a National cyber security policy final (20)

Indian perspective of cyber security
Indian perspective of cyber securityIndian perspective of cyber security
Indian perspective of cyber security
 
Unit 4 e security
Unit 4 e securityUnit 4 e security
Unit 4 e security
 
Cyber security for Developers
Cyber security for DevelopersCyber security for Developers
Cyber security for Developers
 
Cyber security general perspective a
Cyber security general perspective aCyber security general perspective a
Cyber security general perspective a
 
Cybersecurity
CybersecurityCybersecurity
Cybersecurity
 
Achieving Caribbean Cybersecuirty
Achieving Caribbean CybersecuirtyAchieving Caribbean Cybersecuirty
Achieving Caribbean Cybersecuirty
 
All About Network Security & its Essentials.pptx
All About Network Security & its Essentials.pptxAll About Network Security & its Essentials.pptx
All About Network Security & its Essentials.pptx
 
Cyber Security – Indian Perspective.pptx
Cyber Security – Indian Perspective.pptxCyber Security – Indian Perspective.pptx
Cyber Security – Indian Perspective.pptx
 
REPORT USE OF CYBERSECURITY.pptx
REPORT USE OF CYBERSECURITY.pptxREPORT USE OF CYBERSECURITY.pptx
REPORT USE OF CYBERSECURITY.pptx
 
Global Perspective Cyberlaw, Regulations and Compliance
Global Perspective Cyberlaw, Regulations and ComplianceGlobal Perspective Cyberlaw, Regulations and Compliance
Global Perspective Cyberlaw, Regulations and Compliance
 
WCIT 2014 Som Mittal - Managing risks in an interdependent economy risks rela...
WCIT 2014 Som Mittal - Managing risks in an interdependent economy risks rela...WCIT 2014 Som Mittal - Managing risks in an interdependent economy risks rela...
WCIT 2014 Som Mittal - Managing risks in an interdependent economy risks rela...
 
Module 1- Introduction to Cybercrime.pptx
Module 1- Introduction to Cybercrime.pptxModule 1- Introduction to Cybercrime.pptx
Module 1- Introduction to Cybercrime.pptx
 
CYBER Crime Cyber Security Cyber Law INDIA
CYBER Crime Cyber Security Cyber Law INDIACYBER Crime Cyber Security Cyber Law INDIA
CYBER Crime Cyber Security Cyber Law INDIA
 
Cyber crime
Cyber crimeCyber crime
Cyber crime
 
Emerging Threats and Trends in Cybersecurity: A Comprehensive Analysis
Emerging Threats and Trends in Cybersecurity: A Comprehensive AnalysisEmerging Threats and Trends in Cybersecurity: A Comprehensive Analysis
Emerging Threats and Trends in Cybersecurity: A Comprehensive Analysis
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
 
CYBER SECURITY.pptx
CYBER SECURITY.pptxCYBER SECURITY.pptx
CYBER SECURITY.pptx
 
An Analytical Study on Attacks and Threats in Cyber Security and its Evolving...
An Analytical Study on Attacks and Threats in Cyber Security and its Evolving...An Analytical Study on Attacks and Threats in Cyber Security and its Evolving...
An Analytical Study on Attacks and Threats in Cyber Security and its Evolving...
 
ISACA - China Cybersecurity Law Presentation - Kyle Lai - v3.2
ISACA - China Cybersecurity Law Presentation - Kyle Lai - v3.2ISACA - China Cybersecurity Law Presentation - Kyle Lai - v3.2
ISACA - China Cybersecurity Law Presentation - Kyle Lai - v3.2
 
Securityandethicalchallengesofinfornationtechnology 090902132631-phpapp02
Securityandethicalchallengesofinfornationtechnology 090902132631-phpapp02Securityandethicalchallengesofinfornationtechnology 090902132631-phpapp02
Securityandethicalchallengesofinfornationtechnology 090902132631-phpapp02
 

Último

The basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptxThe basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptx
heathfieldcps1
 

Último (20)

Fostering Friendships - Enhancing Social Bonds in the Classroom
Fostering Friendships - Enhancing Social Bonds in the ClassroomFostering Friendships - Enhancing Social Bonds in the Classroom
Fostering Friendships - Enhancing Social Bonds in the Classroom
 
Holdier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfHoldier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdf
 
HMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptx
HMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptxHMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptx
HMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptx
 
Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)
 
Single or Multiple melodic lines structure
Single or Multiple melodic lines structureSingle or Multiple melodic lines structure
Single or Multiple melodic lines structure
 
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
 
FSB Advising Checklist - Orientation 2024
FSB Advising Checklist - Orientation 2024FSB Advising Checklist - Orientation 2024
FSB Advising Checklist - Orientation 2024
 
This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.
 
ICT role in 21st century education and it's challenges.
ICT role in 21st century education and it's challenges.ICT role in 21st century education and it's challenges.
ICT role in 21st century education and it's challenges.
 
The basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptxThe basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptx
 
ICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptxICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptx
 
Python Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docxPython Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docx
 
SOC 101 Demonstration of Learning Presentation
SOC 101 Demonstration of Learning PresentationSOC 101 Demonstration of Learning Presentation
SOC 101 Demonstration of Learning Presentation
 
Spatium Project Simulation student brief
Spatium Project Simulation student briefSpatium Project Simulation student brief
Spatium Project Simulation student brief
 
Wellbeing inclusion and digital dystopias.pptx
Wellbeing inclusion and digital dystopias.pptxWellbeing inclusion and digital dystopias.pptx
Wellbeing inclusion and digital dystopias.pptx
 
How to setup Pycharm environment for Odoo 17.pptx
How to setup Pycharm environment for Odoo 17.pptxHow to setup Pycharm environment for Odoo 17.pptx
How to setup Pycharm environment for Odoo 17.pptx
 
Towards a code of practice for AI in AT.pptx
Towards a code of practice for AI in AT.pptxTowards a code of practice for AI in AT.pptx
Towards a code of practice for AI in AT.pptx
 
Food safety_Challenges food safety laboratories_.pdf
Food safety_Challenges food safety laboratories_.pdfFood safety_Challenges food safety laboratories_.pdf
Food safety_Challenges food safety laboratories_.pdf
 
Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...
Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...
Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...
 
How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17
 

National cyber security policy final

  • 1. NATIONAL CYBER SECURITY POLICY “FOR SECURE COMPUTING ENVIRONMENT AND ADEQUATE TRUST & CONFIDENCE IN ELECTRONIC TRANSACTIONS ”
  • 2. IT’S A CYBER GENERATION NOW DUDE!!!
  • 4. GROUP MEMBERS:  Aadesh Rai  Ajay Jha  Anu Jain  Dipak Zala  Jaykrishnan VK  Omprakash Singh  Pooja  Remya P  Renbi Jami  Supriya Sarkar
  • 5. GLIMPSE OF CYBER SECURITY POLICY  Headed by a national cyber security coordinator, who reports to the NSA, the policy has three components that demarcate task and authority. The existing Indian Computer Emergency Response Team (CERT-IN) will be tasked to handle the commercial aspects of cyber security, including 24x7 proactive responses to hackers, cyber-attacks, intrusions and restoration of affected systems.  As of now, cyber criminals seem to have no real threat of prosecution. Our job is to create a climate of fear of effective prosecution, as in other types of crime.  For the first time since the advent of dedicated computer networks in the Indian government, the National Security Council Secretariat (NSCS) has come up with a comprehensive cyber security policy for upgrading the security of systems and preventing them from being hacked, attacked with malware, or intruded upon.
  • 6. WHY THIS POLICY IS REQUIRED?  To Prevent cyber attacks against the country’s critical information infrastructures  To Reduce national vulnerability to cyber attacks  To Minimize damage and recovery time from cyber attacks  For creation of a technical-professional body that certifies the security of a network to ensure the overall health of government systems.  While NSCS is advocating that initially the certification of networks could be done by private agencies, the long term plan is to create a technical body of professionals, all under 40, who will form the backbone of Indian cyber security.
  • 7. WHY CYBER SECURITY HAS BECOME ESSENTIAL NOW?  Mischievous activities in cyber space have expanded from novice geeks to organized criminal gangs that are going Hi-tech  Growing threat to national security - web espionage becomes increasingly advanced, moving from curiosity to well-funded and well-organized operations aimed at not only financial, but also political or technical gain  Increasing threat to online services – affecting individuals and industry because of growth of sophistication of attack techniques  Emergence of a sophisticated market for software flaws – that can be used to carry out espionage and attacks on Govt. and Critical information infrastructure. Findings indicate a blurred line between legal and illegal sales of software vulnerabilities
  • 8. • Internet has become an weapon for political, military and economic espionage • Organized cyber attacks have been witnessed in last few years • Pentagon, US in 2007 • Estonia in April 2007 • Computer systems of German Chancellery and three Ministries • E-mail accounts at National Informatics Centre, India • Highly classified Govt. computer networks in New Zealand & Australia • The software used to carry out these attacks indicate that they were clearly designed & tested with much greater resources than usual individual hackers • Most Govt. agencies and companies around the world use common computing technologies & systems that are frequently penetrated by criminal hackers and malware • Traditional protective measures are not enough to protect against attacks such as those on Estonia, as the complexity and coordination in using the botnets was totally new. National networks with less sophistication in monitoring and defense capabilities could face serious problems to National security
  • 9. • Online services are becoming prime targets for cyber criminals • Cyber criminals continue to refine their means of deceit as well as their victims In summary, the global threats affecting users in 2008 are: • New & sophisticated forms of attacks • Attacks targeting new technologies, such as VoIP (vishing – phishing via VoIP & phreaking – hacking tel networks to make free long distance calls) and peer-to-peer services • Attacks targeting online social networks • Attacks targeting online services, particularly online banking services • There is a new level of complexity in malware not seen before. These are more resilient, are modified over and over again and contain highly sophisticated functionality such as encryption (Ex. Nuwar also known as ‘Zhelatin’ and ‘Storm’ worm’ – with a new variant appearing almost daily) • As a trend we will see an increase in threats that hijack PCs with bots. Another challenging trend is the arrival of self-modifying threats • Given the exponential growth in social networking sites, social engineering may shortly become the easiest & quickest way to commit ID theft
  • 10. WHO IS RESPONSIBLE FOR ENSURING VIRTUAL SPACE FREE OF CYBER THREAT?  Government  Private sector  Users  Academicians
  • 11. ACTION NEEDEDTOBE TAKEN AT DIFFERENT LEVELS At country level:  Policy directives on data security and privacy protection - Compliance, liabilities and enforcement (ex. Information Technology Act 2000)  Standards and guidelines for compliance (ex: ISO 27001, ISO 20001 & CERT-In guidelines)  Conformity assessment infrastructure (enabling and endorsement actions concerning security product – ISO 15408, security process – ISO 27001 and security manpower – CISA, CISSP, ISMS-LA, DISA etc.)  Security incident - early warning and response (National cyber alert system and crisis management)
  • 12. • Information sharing and cooperation (MoUs with vendors and overseas CERTs and security forums). • Pro-active actions to deal with and contain malicious activities on the net by way of net traffic monitoring, routing and gateway controls • Lawful interceptions and Law enforcement. • Nation wide security awareness campaign. • Security research and development focusing on tools, technology, products and services.
  • 13. ACTIONS AT NETWORK LEVEL  Compliance to security best practices (ex. ISO27001), service quality (ISO 20001) and service level agreements (SLAs) and demonstration.  Pro-active actions to deal with and contain malicious activities, ensuring quality of services and protecting average end users by way of net traffic monitoring, routing and gateway controls  Keeping pace with changes in security technology and processes to remain current (configuration, patch and vulnerability management)  Conform to legal obligations and cooperate with law enforcement activities including prompt actions on alert/advisories issued by CERT- In.  Use of secure product and services and skilled manpower.  Crisis management and emergency response.
  • 14. ACTIONS AT CORPORATE LEVEL:  Compliance to security best practices (ex. ISO27001), and demonstration.  Pro-active actions to deal with and contain malicious activities, and protecting average end users by way of net traffic monitoring, routing and gateway controls  Keeping pace with changes in security technology and processes to remain current (configuration, patch and vulnerability management)  Conform to legal obligations and cooperate with law enforcement activities including prompt actions on advisories issued by CERT-In.  Use of secure product and services and skilled manpower.  Crisis management and emergency response.  Periodic training and up gradation of skills for personnel engaged in security related activities  Promote acceptable users’ behavior in the interest of safe computing both within and outside.
  • 15. ACTIONS AT SMALL USER LEVEL:  Maintain a level of awareness necessary for self-protection.  Use legal software and update at regular intervals.  Beware of security pitfalls while on the net and adhere to security advisories as necessary.  Maintain reasonable and trust-worthy access control to prevent abuse of computer resources
  • 16. HOW THIS POLICY CAN CHECK CYBER CRIMES?
  • 17. BY FACILITATING INTERNATIONALCOOPERATIONARRANGEMENTS  It is an inevitable reality that some countries will become safe havens for cyber criminals and international pressure to crack down won’t work.  It is believed that in next few years Govts are likely to get aggressive and pursue action against the specific individuals/groups/companies, regardless of location  It is also likely that Govts will start putting pressure on intermediary bodies that have the skills and resources, such as banks, ISPs and software vendors to protect the public from malware, hacking and social engineering  We may see industry sector codes of practice demanding improved security measures, backed probably by assurance and insurance schemes  Greater connectivity, more embedded systems and less obvious perimeters  Compliance regulations will drive upgrades and changes and also increase system complexity and legal wrangles – increase in civil suits for security breaches  Massive data storing patterns that ensure data never goes away – a boon to law enforcement agencies
  • 18. • Enabling Govt. as a key stakeholder in creating appropriate environment/conditions by way of policies and legal/regulatory framework to address important aspect of data security and privacy protection concerns. National Cyber Security policy will ensure amendments to Indian IT Act and designing security and privacy assurance framework, crisis management plan (CMP) etc. • Enabling User agencies in Govt. and critical sectors to improve the security posture of their IT systems and networks and enhance their ability to resist cyber attacks and recover within reasonable time if attacks do occur. Formulation of security standards/ guidelines, empanelment of IT security auditors, creating a network & database of points-of-contact and CISOs of Govt & critical sector organizations for smooth and efficient communication to deal with security incidents and emergencies, CISO training programs on security related topics and CERT-In initiatives, cyber security drills and security conformity assessment infrastructure covering products, process and people.
  • 19. • Enabling CERT-In to enhance its capacity and outreach and to achieve force multiplier effects to serve its constituency in an effective manner as a `Trusted referral agency’. Specific actions include – National cyber security strategy (11th Five Year Plan), National Cyber Alert system, MoUs with vendors, MoUs with CERTs across the world, network of sectoral CERTs in India, membership with international/regional CERT forums for exchange of information and expertise & rapid response, targeted projects and training programs for use of and compliance to international best practices in security and incident response. • Public Communication & Contact programs to increase cyber security awareness and to communicate Govt. policies on cyber security.
  • 20. SUGGESTIONS FOR FORTIFICATION OF CYBER SECURITY POLICY:  Social economic political and technological background should be taken into account while finalizing this policy.  As India is a developing country hence it should be considered not in continuum with developed world while finalization of this policy.  Short and long term consistent realistic objectives should be there in the policy.  Fundamental root issues should be addressed in order to be able to sustain secondary issues.  Policy should consider available resources and their budgeting to support the short and long term objective.  Policy should not be static in nature. So as to be tuned to the changing needs. There must be a provision for a constant review in order to improve the policy and remove the impediments if any.
  • 21. FINALLY IT IS REQUIRED TO CREATE A SECURITY ASSURANCE LADDER!!!  Security control emphasis depends on the kind of environment • Low risk : ‘Awareness’ – know your security concerns and follow best practices • Medium risk: ‘Awareness & Action’ – Proactive strategies leave you better prepared to handle security threats and incidents • High risk: ‘Awareness, Action and Assurance’ – Since security failures could be disastrous and may lead to unaffordable consequences, assurance (basis of trust & confidence) that the security controls work when needed most is essential.