Prelims cum Mains

Guidelines for chief information security officers

Details :

The news:

  • The Ministry of Electronics and Information Technology has issued best practices guidelines to ensure a safe and secure cyber environment.

 

News summary:

Report on digital security:

  • According to a report by digital security firm Gemalto, in 2017:
    • Sector wise incidents: Among the data breach incidents in India, 28 per cent were in the government sector followed by retail, education and healthcare at 21 per cent, 17 per cent and 7 per cent, respectively.
    • Type of theft: Identity theft was the leading type of data breach, accounting for 77 per cent of all incidents. The second most prevalent type of breach was access to government data.
    • Rise in theft: The number of malicious outsiders increased the most for nuisance type of data breaches (a 488 per cent rise) which constituted 98 per cent of all compromised data.
    • Record stolen: a total of 3.24 million records were stolen or compromised in India.
  • Recommendations:
    • In the event that the confidentiality, or privacy, of the data is breached, an organisation must have controls, such as encryption, key management and user access management, in place to ensure that integrity of the data isn’t tampered with and it can still be trusted.
    • Regardless of any concerns around manipulation, these controls would protect the data in situ and render it useless the moment it’s stolen.

 

About the guidelines:

  • The aim of the guidelines is to spread awareness about the growing cyber threats to data stored by the government
  • Guidelines issued to the chief information security officers (CISO) posted in every department of the government.
  • In its guidelines the IT ministry has eight key best practices for the CISOs to follow. These are:
    1. To know the IT environment by undertaking an inventory check of the computers and networked devices and knowing types of data managed by the department.
    2. Educating and training the employees on types of cyber attacks and safe cyber practices such as strong passwords, multi-factor authentication, secure internet browsing, social media safety, use of USB devices, etc.
    3. To review and improve information security policy for the department.
    4. To procure genuine software and hardware and keep operating systems updated on a regular basis.
    5. To implement and enforce a formal cybersecurity policy framework that includes governance, risk management, compliance, data back-up, enforcement and usage policy statements.
    6. To drive strong device protection with encryption and prevent data leakage apart from maintaining logs.
    7. To conduct regular and comprehensive cybersecurity reviews.
    8. To use tools for monitoring and detecting anomalies in systems processes coupled with a cyber-response strategy involving.

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: