Guidelines for chief information security officers

In its guidelines for govt CISOs, IT ministry highlights 8 best practices

Written by Pranav Mukul | New Delhi | Published: April 14, 2018 6:44:37 am
Union Minister for Electronics & Information Technology Ravi Shankar Prasad. 

With an aim to spread awareness about the growing cyber threats to the chief information security officers (CISO) posted in every department of the government, the Ministry of Electronics and Information Technology has issued best practices guidelines to ensure a safe and secure cyber environment when it comes to data stored by the government.

Notably, according to a report by digital security firm Gemalto, among the 29 data breach incidents in India in 2017, 28 per cent were in the government sector followed by retail, education and healthcare at 21 per cent, 17 per cent and 7 per cent, respectively. “Identity theft was the leading type of data breach, accounting for 77 per cent of all incidents in 2017. The second most prevalent type of breach was access to government data. The number of malicious outsiders increased the most for nuisance type of data breaches (a 488 per cent rise) which constituted 98 per cent of all compromised data.

In its guidelines the IT ministry has eight key best practices for the CISOs to follow. These are: to know the IT environment by undertaking an inventory check of the computers and networked devices and knowing types of data managed by the department; educating and training the employees on types of cyber attacks and safe cyber practices such as strong passwords, multi-factor authentication, secure internet browsing, social media safety, use of USB devices, etc; to review and improve information security policy for the department; to procure genuine software and hardware and keep operating systems updated on a regular basis; to implement and enforce a formal cybersecurity policy framework that includes governance, risk management, compliance, data back-up, enforcement and usage policy statements; to drive strong device protection with encryption and prevent data leakage apart from maintaining logs; to conduct regular and comprehensive cybersecurity reviews; and to use tools for monitoring and detecting anomalies in systems processes coupled with a cyber-response strategy involving.

According to Gemalto, during 2017, a total of 3.24 million records were stolen or compromised in India. “In the event that the confidentiality, or privacy, of the data is breached, an organisation must have controls, such as encryption, key management and user access management, in place to ensure that integrity of the data isn’t tampered with and it can still be trusted. Regardless of any concerns around manipulation, these controls would protect the data in situ and render it useless the moment it’s stolen,” Jason Hart, vice president and chief technology officer for data protection at Gemalto. Debate over data protection and privacy has taken centre stage after personal information of nearly 5.62 lakh people in India was “stolen” from Facebook.

For all the latest Business News, download Indian Express App

Share your thoughts