India’s National Cyber-security Policy – A Perspective and Analysis

Aug 1, 2013 2:35:10 AM | by lfxvideoblog

Siddharth Aggarwal, Lead Consultant, Information Risk Advisory Services

In the recent years, there has been an increasing focus on cyberspace as a vulnerable strategic space. A number of publically accessible official servers belonging to various Government agencies and private companies, defense establishment, intelligence agencies etc. have come under attacks from hackers operating from unknown locations. A number of security controls have been implemented to protect strategically important data against attacks from a variety of external state and non-state actors. The release of National Cyber Security Policy will prove to be landmark decision in the journey of Indian organizations towards building a robust and secure cyberspace.

Realizing the importance of Cyberspace, many countries across globe have released their National Cyber Security Policy. However India envisages incorporating increased Cyber Security by mandating organizations to have strategies on the following areas:-

  1. Usage of certified and validated IT security products.
  2. Encouraging the development of indigenous security tools through cutting edge R&D.
  3. Standards and mechanisms to secure information flow.
  4. Promotion for consortium between Public and Private sector organization.
  5. In order to provide flexibility government has suggested a combination of market and regulatory driven approaches.
  6. Focus on building testing infrastructure and facilities for IT security product evaluation
  7. Implementation of mechanism to safeguard the privacy of citizen data.

The policy takes a holistic view of the existing and possible challenges and risks of operating in cyberspace, and details out strategies to address them. The policy points out a complete ecosystem by virtue of which a secure computing environment can be created in India. It takes into consideration many latest developments and discussions that are taking place internationally in the area of cyber security. The challenge, however, is in implementation of the policy and defining the specifics. Nevertheless the policy is good starting point to build a secure cyberspace in India.

Below are some of the policy requirement and corresponding Information security Services.

S.No Policy Requirements Information Security Services
1. Standards and mechanisms to secure information flow Data protection services
2. Implement global best practices, business continuity management and cyber crisis management BCMS implementation consultancy services
3. Secure application development Secure SDLC framework development
4. Develop information security policy ISMS consultancy services
5. Risk management for critical information infrastructure facilities and assets Risk management consultancy services
6. Create an assessment framework for periodic verification of compliance Compliance audit services
7. Security audit of critical infrastructure on periodic basis Information security audit services


For the ease of the organizations we have created a matrix and mapped the policy requirements applicable to them.

download-now

Topics: Risk management