INDIAN NATIONAL CYBER SECURITY POLICY (NCSP-2013)
-
Upload
santosh-khadsare-cehrhcsaccipgdbaops-mgt -
Category
Education
-
view
256 -
download
6
description
Transcript of INDIAN NATIONAL CYBER SECURITY POLICY (NCSP-2013)
NCSP
NATIONAL CYBER SECURITY POLICY - 2013
SANTOSH KAHDASRE
NCSP
SANTOSH KHADSARE 2
PREAMBLE
“..This policy, therefore, aims to create a cyber security
framework, which leads to specific actions and
programmes to enhance the security posture of country's
cyberspace…”
NCSP
SANTOSH KHADSARE 3
Complex environment of integrations between people, software and services
Common pool used by citizens, businesses , critical information infrastructure ,military and groups
Vulnerable to a wide range of incidents, whether intentional or accidental, manmade or natural, and the info can be exploited by both nation states and non state actors
CYBERSPACE IS…..
NCSP
SANTOSH KHADSARE 4
Caters to the whole spectrum of ICT users and providers and is an evolving process
IT SERVES AS AN UMBRELLA FRAMEWORK FOR DEFINING AND GUIDING THE ACTIONS RELATED TO SECURITY OF CYBER SPACE
It also enables the individual sectors and org in designing appropriate cyber security polices to suit their needs
CYBER SECURITY POLICY
NCSP
SANTOSH KHADSARE 5
TO BUILD A SECURE AND RESILIENT CYBERSPACE FOR CITIZENS, BUSINESSES AND GOVERNMENT
VISION
NCSP
SANTOSH KHADSARE 6
MISSION
Protect info and info infrastructure
Build capabilities to prevent and respond to cyber threats
Reduce vulnerabilities and minimize damage from cyber incidents through a combination of institutional structures, people, processes, tech and cooperation
NCSP
SANTOSH KHADSARE 7
OBJECTIVES
Create a secure cyber ecosystem
Create an assurance framework
Strengthen the regulatory framework
Enhance and create national and sectorial level 24x7 mechanisms for info gathering
Enhance protection and resilience of CII by operating 24x7 NCIIPC
Develop indigenous security technologies
NCSP
SANTOSH KHADSARE 8
OBJECTIVESEst infrastructure for testing & validation of security of such products
Create workforce of 500,000 professionals in next five years
Fiscal benefits to businesses for adoption of std security practices and processes
Enable effective prevention , investigation and prosecution of cyber crime
Create culture of cyber security
Develop public pvt partnerships and enhance global cooperation
NCSP
SANTOSH KHADSARE 9
Designate a national nodal agency to coordinate matters(cyber security) with clearly defined roles and responsibilities
designate CISO in every org who will be responsible for cyber security efforts and initiatives
Org to devp info security policies and implement them as per international best practices
Org to earmark a specific budget for cyber security
STRATEGIES : CREATING A SECURE CYBER ECO SYSTEM
NCSP
SANTOSH KHADSARE 10
Provide fiscal schemes and initiatives to encourage entities to install and upgrade info infrastructure fro cyber security
Prevent occurrence and recurrence of cyber incidents (proactive actions)
Est mechanism for sharing info
Procurement of trustworthy indigenously manufactured ICT products
STRATEGIES : CREATING A SECURE CYBER ECO SYSTEM
NCSP
SANTOSH KHADSARE 11
Promote adoption of global best practices in info security and compliance.
Create infrastructure for conformity assessment and certification of compliance to cyber security best practices, std and guidelines (e.g ISO 27001 ISMS certification).
Enable implementation of global security best practices for risk management.
Identify and classify info infrastructure facilities and assets.
STRATEGIES : CREATING A ASSURANCE FRAMEWORK
NCSP
SANTOSH KHADSARE 12
Encourage secure appln/software devp processes.
Create conformity assessment framework for periodic verification of compliance to best practices, std and guidelines on cyber security.
Encourage all entities tom periodically test and evaluate the adequacy and effectiveness of tech and op security measures implemented in IT sys and networks .
STRATEGIES : CREATING A ASSURANCE FRAMEWORK
NCSP
SANTOSH KHADSARE 13
Encourage use of open standards to facilitate interoperability and data exchange among different products and services.
Promote a consortium of Govt and private sector to enhance availability of tested and certified IT products on open standards.
STRATEGIES : ENCOURAGING OPEN STANDARDS
NCSP
SANTOSH KHADSARE 14
Devp dynamic and legal framework and its periodic review to address Cyber security challenges.
To mandate periodic audit and evaluation.
To enable, educate and facilitate awareness of the regulatory framework.
STRATEGIES : STRENGTHENING THE REGULATORY FRAMEWORK
NCSP
SANTOSH KHADSARE 15
To create National lvl sys , processes, structures and mechanisms to generate situational scenario of existing and potential threats and enable timely info sharing for proactive, preventive and protective actions.
To operate 24x7 CERT-in to function as a Nodal Agency for coordination of all efforts for cyber security emergency response and crisis mgt (Umbrella org).
STRATEGIES : CREATING MECHANISMS FOR EARLY WARNING , VULNERABILITY MGT & RESPONSE
NCSP
SANTOSH KHADSARE 16
Operationalise 24x7 sectorial CERTs.
Implement Crisis Mgt plan for dealing with incidents impacting critical national processes or endangering public safety and security of the nation.
To conduct and facilitate regular cyber security drills and exercises at National, sectorial and entity levels.
STRATEGIES : CREATING MECHANISMS FOR EARLY WARNING , VULNERABILITY MGT & RESPONSE
NCSP
SANTOSH KHADSARE 17
To mandate implementation of global security best practices, business continuity mgt and cyber crisis mgt plan for all e-Governance initiatives .
To encourage wider usage of PKI within Govt. for trusted communication and transactions.
To engage info security professionals / org to assist .
STRATEGIES : SECURING E-GOVERNANCE SERVICES
NCSP
SANTOSH KHADSARE 18
To devp plan for protection of CII.
To operate 24x7 National Critical Information Infrastructure Protection Centre(NCIIPC) to function as Nodal agency for CII protection.
To facilitate identification, prioritisation, assessment, remediation and protection of CII and key recourses.
To encourage and mandate as appropriate, the use of validated and certified IT products.
STRATEGIES : PROTECTION AND RESILIENCE OF CRITICAL INFO INFRASTRUCTURE
NCSP
SANTOSH KHADSARE 19
To mandate security audit of CII on periodic basis.
To mandate certification of all security roles right from CISO /CSO to those involved in operation of CII.
To mandate secure appl /software devp process.
STRATEGIES : PROTECTION AND RESILIENCE OF CRITICAL INFO INFRASTRUCTURE
NCSP
SANTOSH KHADSARE 20
To undertake R&D programs aimed at short term, medium term and long term goals.
To encourage R&D to produce cost effective, tailor-made and indigenous security solutions .
To facilitate transition, diffusion. And commercialisation of outputs of R&D into commercial products and services for use in public and private sectors.
STRATEGIES : PROMOTION OF R&D IN CYBER SECURITY
NCSP
SANTOSH KHADSARE 21
To set up Centre of Excellence in areas of strategic importance for the point of security of cyber space .
To collaborate in joint R&D projects with industry and academia in frontline technologies and solution oriented research.
STRATEGIES : PROMOTION OF R&D IN CYBER SECURITY
NCSP
SANTOSH KHADSARE 22
To create and maintain testing infrastructure and facilities of IT security product evaluation and compliance verification.
To build trust relationships with product / system vendors and service providers for improving end-to-end supply chain security visibility.
To create awareness of the threats, vulnerabilities and consequences of breach of security related to IT procurement.
STRATEGIES : REDUCIN SUPPLY CHAIN RISKS
NCSP
SANTOSH KHADSARE 23
To foster education and trg programs both in formal and informal sectors to support the nation’s cyber security needs and build capacity.
To est cyber security trg infrastructure across the country by way of public private partnership arrangements.
To est cyber security concept labs for awareness and skill devp in key areas.
To est institutional mechanisms for capacity building for Law Enforcement Agencies.
STRATEGIES : HRD
NCSP
SANTOSH KHADSARE 24
To promote and launch a comprehensive national awareness program on security of cyber space.
To sustain security literacy awareness and publicity campaign through electronic media.
To conduct, support and enable cyber security workshops / seminars and certifications.
STRATEGIES : CREATING CYBER SECURITY AWARENESS
NCSP
SANTOSH KHADSARE 25
To facilitate collaboration and cooperation among stakeholder entities.
To create models of collaborations and engagement with all relevant stakeholders.
To create a think tank for cyber security inputs, discussion and deliberations.
STRATEGIES : DEVP EFFECTIVE PUBLIC PVT PARTNERSHIPS
NCSP
SANTOSH KHADSARE 26
INFO SHARING AND COOPERATION (among security agencies, CERTs, defence agencies, Law enforcement agencies and judicail systems).
PRIORTIZED APPROACH FOR IMPLEMENTATION.
OTHER STRATEGIES
NCSP
SANTOSH KHADSARE 27
THANK YOU