Current Scenario

In the current climate of elevated risk created by the vulnerabilities of and threats to the Nations IT infrastructure, cyber security is not just a paperwork drill. Adversaries are capable of launching harmful attacks on IT systems, networks, and information assets. Such attacks could damage both the IT infrastructure and other critical infrastructures. Cyber security is slowly gaining wider adoption in many consumer products for a variety of reasons, due to appreciation of consequences of insecurity, the need for developing secure products, performance and cost penalties, improved user convenience, need for implementing and consistently maintaining security practices, and importance of assessing the value of security improvements. But consumer and enterprise concerns have been heightened by increasingly sophisticated hacker attacks and identity thefts, warnings of âcyber terrorism, and the pervasiveness of IT uses. Consequently, many in the industry and critical infrastructure organizations have come to recognize that their continued ability to gain consumer confidence will depend on improved software development, systems engineering practices and the adoption of strengthened security models and best practices.

In order to highlight the growing threat to information security in India and focus related actions, Government had set up an Inter Departmental Information Security Task Force (ISTF) with National Security Council as the nodal agency. The Task Force studied and deliberated on the issues such as

• National Information Security Threat Perceptions
• Critical Minimum Infrastructure to be protected
• Ways and means of ensuring Information Security including identification of relevant technologies
• Legal procedures required to ensure Information Security
• Awareness, Training and Research in Information Security

In line with the recommendations of the ISTF, the following initiatives have been taken by the Government

• Indian Computer Emergency Response Team (CERT-In) has been established to respond to the cyber security incidents and take steps to prevent recurrence of the same
• PKI infrastructure has been set up to support implementation of Information Technology Act and promote use of Digital Signatures
• Government has been supporting R&D activities through premier Academic and Public Sector Institutions in the country
• Information Security Policy Assurance Framework for the protection of Government cyberspace and critical infrastructure has been developed.
  • The Government has mandated implementation of Security Policy in accordance with the Information Security Standard ISO 27001
  • Currently in India 246 organisations have obtained certification against the Information Security Standard ISO 27001 as against total number of 2814 ISMS certificates issued worldwide. Majority of ISMS certificates issued in India belong to IT/ITES/BPO sectors.
  • Security Auditors have been empanelled for auditing, including vulnerability assessment & penetration testing of computer systems & networks of various organizations of the government, critical infrastructure organizations and those in other sectors of the Indian economy.
• Nation wide Information Security Education and Awareness Program has been launched