- Worried about sensitive information making its way into the Internet, the Home Ministry is upgrading policy to secure government data and control access to it.
- Home Minister had recently presided over a meeting to review the evolving cyberthreats and directed that the National Information Security Policy and Guidelines (NISPG) be upgraded and updated for the government sector.
The National Information Security Policy and Guidelines
- Ministry of Home Affairs (MHA) has been entrusted with the responsibility of coordinating and overseeing information security initiatives of public as well as private sector.
- It is empowered to create a National Information Security Policy and Guidelines (NISPG), define procedures for handling information and issue guidelines for security of classified information assets.
- Accordingly, a Cyber Security Committee was formed for this purpose.
- However, draft guidelines on protection of information in cyberspace and codification and classification (of electronic documents), prepared by this committee was not found to be comprehensive.
- Some 3.24 million records were stolen, lost or exposed in India in 2017, according to Breach Level Index study by digital security firm Gemalto. This number has increased by a whopping 783% over the previous year.
- Earlier cyber security was the sole preserve of the Home Ministry but in 2013, cyber security was moved to the National Security Council Secretariat (NSCS) under the Prime Minister’s Office.
- The critical infrastructure was moved to the National Technical Research Organisation and the non-critical part to the Ministry of Electronics and Information Technology.
- Basically, the whole policing system in India that began in 1860 is now being replicated in cyberspace.
- The new guidelines will also take care of evolving the policing system in cyberspace gradually.
- In 2017, according to a report by security solutions provider Symantec, India emerged as the third most vulnerable country in terms of risk of cyber threats, such as malware, spam and ransomware.
What are Cyberthreats?
- A cyber threat is deemed any malicious act that attempts to gain access to a computer network without authorization or permission from the owners. For example Torjans, phishing, Ransomware, Intellectual property theft etc.
What is Cybersecurity?
- Cybersecurity, computer security or IT security is the protection of computer systems from theft of or damage to their hardware, software or electronic data, as well as from disruption or misdirection of the services they provide.
- Cybersecurity includes controlling physical access to system hardware, as well as protecting against harm that may be done via network access, malicious data and code injection.
- In a computing context, security comprises cybersecurity and physical security — both are used by enterprises to protect against unauthorized access to data centers and other computerized systems.
- Information security, which is designed to maintain the confidentiality, integrity and availability of data, is a subset of cybersecurity.
Physical security issues
- Protection of personnel, hardware, software, networks and data from physical actions and events that could cause serious loss or damage to an enterprise, agency or institution.
- This includes protection from fire, flood, natural disasters, burglary, theft, vandalism and terrorism.
- If information is riding on a commercially available one, then you will have to make sure that guidelines are complied with.