NCSP
National Cyber Security Policy 2013
Gopal Ram Choudhary
Trainee at Cyber Octet Pvt. Ltd.
Ahmedabad, Gujrat
Cyber Security
 National Cyber Security Policy is a proposed law by
Department of Electronics and Information Technology(...
Cyber Security
 Computer security (also known as cyber security or IT security)
is information security as applied to com...
Cyber Security
 This was particularly relevant in the wake of US National
Security Agency (NSA) leaks that suggested the ...
Gopal Ram Choudhary Trainee at
Cyber Octet Pvt. Ltd. Ahmedabad
Tuesday, July 15, 2014
National Cyber Security
Policy 2013
 “The legalization of digital signature would bring a new
revolution and adoption of digital signature was still at a
nas...
Vision
 To build a secure and resilient cyberspace for citizens,
businesses and Government
Tuesday, July 15, 2014
Gopal R...
Objective
 To create a secure cyber ecosystem in the country, generate
adequate trust and confidence in IT system and tra...
 To enhance and create National and Sectorial level 24X7
mechanism for obtaining strategic information regarding
threats ...
 To provide fiscal benefit to businesses for adoption of standard
security practices and processes.
 To enable Protectio...
Cyber Security Issues
 Security Policy Formulation and Implementation
 Governance Risk and Compliance
 Information Secu...
 Mobile Applications and Security
 Security Threats and Vulnerabilities
 The Nature of Web Application Hacking and New ...
Strategies
 Creating a secure Ecosystem.
 Creating an assurance framework.
 Encouraging Open Standards.
 Strengthening...
 Human Resource Development (fostering
education and training programs both in formal
and informal sectors to support Nat...
Creating a Secure Cyber
Ecosystem
Tuesday, July 15, 2014
Gopal Ram Choudhary Trainee at
Cyber Octet Pvt. Ltd. Ahmedabad
 ...
 To ensure that all organizations eamark a specific budget for
implementing cyber security initiatives and for meeting
em...
Creating an Assurance
Framework
Tuesday, July 15, 2014
Gopal Ram Choudhary Trainee at
Cyber Octet Pvt. Ltd. Ahmedabad
 To...
 To identify and classify information infrastructure facilities
and assets at entity level with respect to risk perceptio...
Encouraging Open
Standards
Tuesday, July 15, 2014
Gopal Ram Choudhary Trainee at
Cyber Octet Pvt. Ltd. Ahmedabad
 To enco...
Strengthening the
Regulatory Framework
Tuesday, July 15, 2014
Gopal Ram Choudhary Trainee at
Cyber Octet Pvt. Ltd. Ahmedab...
Creating mechanism for
Security Threats Early
Warning, Vulnerability
Management and
Response to Security
Threats
Tuesday, ...
 To create National Level systems, processes, structures and
mechanisms to generate necessary situational scenario of
exi...
 To implement Cyber Crisis Management Plan for dealing with
cyber related incidents impacting critical national processes...
Securing E-Governance
Services
Tuesday, July 15, 2014
Gopal Ram Choudhary Trainee at
Cyber Octet Pvt. Ltd. Ahmedabad
 To ...
Protection and resilience
of Critical Information
Infrastructure
Tuesday, July 15, 2014
Gopal Ram Choudhary Trainee at
Cyb...
 To facilitate identification, prioritization, assessment, remediation
and protection of critical infrastructure and key ...
Promotion of Research
and Development in cyber
security
Tuesday, July 15, 2014
Gopal Ram Choudhary Trainee at
Cyber Octet ...
 To facilitate transition, diffusion and commercialization of the
outputs of Research & Development into commercial
produ...
Reducing Supply Chain
Risk
Tuesday, July 15, 2014
Gopal Ram Choudhary Trainee at
Cyber Octet Pvt. Ltd. Ahmedabad
 To crea...
Human Resource
Development
Tuesday, July 15, 2014
Gopal Ram Choudhary Trainee at
Cyber Octet Pvt. Ltd. Ahmedabad
 To fost...
Creating Cyber Security
Awareness
Tuesday, July 15, 2014
Gopal Ram Choudhary Trainee at
Cyber Octet Pvt. Ltd. Ahmedabad
 ...
Developing Effective
Public Private
Partnerships
Tuesday, July 15, 2014
Gopal Ram Choudhary Trainee at
Cyber Octet Pvt. Lt...
Information Sharing and
Co-operation
Tuesday, July 15, 2014
Gopal Ram Choudhary Trainee at
Cyber Octet Pvt. Ltd. Ahmedabad...
Prioritized Approach for
Implementation
Tuesday, July 15, 2014
Gopal Ram Choudhary Trainee at
Cyber Octet Pvt. Ltd. Ahmeda...
Operationalization of the
Policy
Tuesday, July 15, 2014
Gopal Ram Choudhary Trainee at
Cyber Octet Pvt. Ltd. Ahmedabad
Thi...
References
 "Amid spying saga, India unveils cyber security policy". Times of
India. INDIA. 3 July 2013. Retrieved 24 Sep...
 "National Cyber Security Policy 2013". Department of
Information Technology, Ministry of Communications and
Information ...
Tuesday, July 15, 2014
Gopal Ram Choudhary Trainee at
Cyber Octet Pvt. Ltd. Ahmedabad
Upcoming SlideShare
Loading in...5
×

National Cyber Security Policy 2013 (NCSP)

785

Published on

About National Cyber Security Policy 2013

Published in: Law
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
785
On Slideshare
0
From Embeds
0
Number of Embeds
3
Actions
Shares
0
Downloads
87
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

National Cyber Security Policy 2013 (NCSP)

  1. 1. NCSP National Cyber Security Policy 2013 Gopal Ram Choudhary Trainee at Cyber Octet Pvt. Ltd. Ahmedabad, Gujrat
  2. 2. Cyber Security  National Cyber Security Policy is a proposed law by Department of Electronics and Information Technology(DeitY), Ministry of Communication and Information Technology, Government of India which is due to be passed by parliament, aimed at protecting the public and private infrastructure from cyber attacks.  The policy also intends to safeguard "information, such as personal information (of web users), financial and banking information and sovereign data". Gopal Ram Choudhary Trainee at Cyber Octet Pvt. Ltd. Ahmedabad Tuesday, July 15, 2014
  3. 3. Cyber Security  Computer security (also known as cyber security or IT security) is information security as applied to computing devices such as computers and smartphones, as well as computer networks such as private and public networks, including the Internet.  The field covers all the processes and mechanisms by which computer-based equipment, information and services are protected from unintended or unauthorized access, change or destruction, and is of growing importance in line with the increasing reliance on computer systems of most societies worldwide Gopal Ram Choudhary Trainee at Cyber Octet Pvt. Ltd. Ahmedabad Tuesday, July 15, 2014
  4. 4. Cyber Security  This was particularly relevant in the wake of US National Security Agency (NSA) leaks that suggested the US government agencies are spying on Indian users, who have no legal or technical safeguards against it. Ministry of Communications and Information Technology (India) defines Cyberspace is a complex environment consisting of interactions between people, software services supported by worldwide distribution of information and communication technology. Gopal Ram Choudhary Trainee at Cyber Octet Pvt. Ltd. Ahmedabad Tuesday, July 15, 2014
  5. 5. Gopal Ram Choudhary Trainee at Cyber Octet Pvt. Ltd. Ahmedabad Tuesday, July 15, 2014 National Cyber Security Policy 2013
  6. 6.  “The legalization of digital signature would bring a new revolution and adoption of digital signature was still at a nascent stage in India. It will also have a significant impact on green policies as we are moving towards paperless documentation or e-documentation,” Ms. Ghosh explained. Gopal Ram Choudhary Trainee at Cyber Octet Pvt. Ltd. Ahmedabad Tuesday, July 15, 2014
  7. 7. Vision  To build a secure and resilient cyberspace for citizens, businesses and Government Tuesday, July 15, 2014 Gopal Ram Choudhary Trainee at Cyber Octet Pvt. Ltd. Ahmedabad Mission  To protect information and information infrastructure in cyberspace, build capabilities to prevent and respond to cyber threats, reduce vulnerabilities and minimize damage from cyber incidents through a combination of institutional structures, people, processes, technology and co-operation.
  8. 8. Objective  To create a secure cyber ecosystem in the country, generate adequate trust and confidence in IT system and transactions in cyberspace and thereby enhance adoption of IT in all sectors of the economy.  To create an assurance framework for design of security policies and promotion and enabling actions for compliance to global security standards and best practices by way of conformity assessment (Product, process, technology & people).  To strengthen the Regulatory Framework for ensuring a SECURE CYBERSPACE ECOSYSTEM. Tuesday, July 15, 2014 Gopal Ram Choudhary Trainee at Cyber Octet Pvt. Ltd. Ahmedabad
  9. 9.  To enhance and create National and Sectorial level 24X7 mechanism for obtaining strategic information regarding threats to ICT infrastructure, creating scenarios for response, resolution and crisis management through effective predictive, preventive, protective response and recovery actions.  To improve visibility of integrity of ICT products and services by establishing infrastructure for testing & validation of security of such product.  To create workforce for 5,00,000 professionals skilled in next 5 years through capacity building skill development and training. Tuesday, July 15, 2014 Gopal Ram Choudhary Trainee at Cyber Octet Pvt. Ltd. Ahmedabad
  10. 10.  To provide fiscal benefit to businesses for adoption of standard security practices and processes.  To enable Protection of information while in process, handling, storage & transit so as to safeguard privacy of citizen's data and reducing economic losses due to cyber crime or data theft.  To enable effective prevention, investigation and prosecution of cybercrime and enhancement of low enforcement capabilities through appropriate legislative intervention. Tuesday, July 15, 2014 Gopal Ram Choudhary Trainee at Cyber Octet Pvt. Ltd. Ahmedabad
  11. 11. Cyber Security Issues  Security Policy Formulation and Implementation  Governance Risk and Compliance  Information Security Compliance, Regulations and Legislation  Cloud Computing and Security  Government Cyber Security Strategy  Cyber Security Trends  National Approaches and Policies in Cyber Security  Cyber conflicts: Models and Deterrence Mechanisms  Deep Understanding of and Practical Skills in Software Security  Infusing Information Security into the Software-Development Life Cycle  Web Application Security Solutions and Best Practices Tuesday, July 15, 2014 Gopal Ram Choudhary Trainee at Cyber Octet Pvt. Ltd. Ahmedabad
  12. 12.  Mobile Applications and Security  Security Threats and Vulnerabilities  The Nature of Web Application Hacking and New Security Trends  Computer Network Security  Mobile Smart Phone and Tablet Security  Secure Software Development  High Performance Cryptography  Visualizing Large Scale Security Data  Privacy Preserving Big Data Collection/Analytics  Web/Internet Security Tuesday, July 15, 2014 Gopal Ram Choudhary Trainee at Cyber Octet Pvt. Ltd. Ahmedabad
  13. 13. Strategies  Creating a secure Ecosystem.  Creating an assurance framework.  Encouraging Open Standards.  Strengthening The regulatory Framework.  Creating mechanism for Security Threats Early Warning, Vulnerability management and response to security threat.  Securing E-Governance services.  Protection and resilience of Critical Information Infrastructure.  Promotion of Research and Development in cyber security.  Reducing supply chain risks Tuesday, July 15, 2014 Gopal Ram Choudhary Trainee at Cyber Octet Pvt. Ltd. Ahmedabad
  14. 14.  Human Resource Development (fostering education and training programs both in formal and informal sectors to support Nation's cyber security needs and build capacity.  Creating cyber security awareness.  Developing effective Public Private Partnership.  To develop bilateral and multilateral relationship in the area of cyber security with other country. (Information sharing and cooperation)  Prioritized approach for implementation.  Operationalization of Policy. Tuesday, July 15, 2014 Gopal Ram Choudhary Trainee at Cyber Octet Pvt. Ltd. Ahmedabad
  15. 15. Creating a Secure Cyber Ecosystem Tuesday, July 15, 2014 Gopal Ram Choudhary Trainee at Cyber Octet Pvt. Ltd. Ahmedabad  To designate a National nodal agency to co-ordinate all matters related to cyber security in the country, with clearly defined roles and responsibilities.  To encourage all organizations, private and public to designate a member of senior management, as Chief Information Security Officer (CISO), responsible for cyber security efforts and initiatives.  To encourage all organizations to develop information security policies duly integrated with their business plans and implement such policies as per international best practices. Such policies should include establishing standards and mechanisms for secure information flow (while in process, handling, storage and transit), crisis management plan, proactive security posture assessment and forensically enabled information infrastructure.
  16. 16.  To ensure that all organizations eamark a specific budget for implementing cyber security initiatives and for meeting emergency response arising out of cyber incidents.  To provide fiscal schemes and incentives to encourage entities to install, strengthen and upgrade information infrastructure with respect to cyber security.  To prevent occurrence and recurrence of cyber incidents by way of incentives for technology development, cyber security compliance and proactive actions.  To establish a mechanism for sharing information and for identifying and responding to cyber security incidents and for co-operation in restoration efforts.  To encourage entities to adopt gridlines for procurement of trustworthy ICT products and provide for procurement of indigenously manufactured ICT that have security implications. Tuesday, July 15, 2014 Gopal Ram Choudhary Trainee at Cyber Octet Pvt. Ltd. Ahmedabad
  17. 17. Creating an Assurance Framework Tuesday, July 15, 2014 Gopal Ram Choudhary Trainee at Cyber Octet Pvt. Ltd. Ahmedabad  To promote adoption of global practices in information security and compliance and thereby enhance cyber security posture.  To create infrastructure for conformity assessment and certification of compliance and thereby enhance cyber security posture.  To enable implementation of global security best practices in formal risk assessment and risk management processes, business continuity management and cyber crisis management plan by all entities within Government and in Critical sectors, to reduce the risk of disruption and improve the security posture.
  18. 18.  To identify and classify information infrastructure facilities and assets at entity level with respect to risk perception for undertaking commensurate security protection measures.  To encourage secure application / software development processes based on global best practices.  To create conformity assessment framework for periodic verification of compliance to best practices, standards and guidelines on cyber security.  To encourage all entities to periodically test and evaluate the adequacy and effectiveness of technical and operational security control measures implemented in IT systems and in networks. Tuesday, July 15, 2014 Gopal Ram Choudhary Trainee at Cyber Octet Pvt. Ltd. Ahmedabad
  19. 19. Encouraging Open Standards Tuesday, July 15, 2014 Gopal Ram Choudhary Trainee at Cyber Octet Pvt. Ltd. Ahmedabad  To encourage use of open standards to facilitate interoperability and data exchange among different products or services.  To promate a consortium of Goverment and private sector to enhance the availability of tested and certified IT products based on open standards.
  20. 20. Strengthening the Regulatory Framework Tuesday, July 15, 2014 Gopal Ram Choudhary Trainee at Cyber Octet Pvt. Ltd. Ahmedabad  To develop a dynamic legal framework and its periodic review to address the cyber security challenges arising out of technological developments in cyber space (such as cloud computing, mobile computing, encrypted services and social media) and its harmonization with international frameworks including those related to Internet governance.  To mandate periodic audit and evaluation of the adequacy and effectiveness of security of information infrastructure as may be appropriate, with respect to regulatory framework.  To enable, educate and facilitate awareness of the regulatory framework.
  21. 21. Creating mechanism for Security Threats Early Warning, Vulnerability Management and Response to Security Threats Tuesday, July 15, 2014 Gopal Ram Choudhary Trainee at Cyber Octet Pvt. Ltd. Ahmedabad
  22. 22.  To create National Level systems, processes, structures and mechanisms to generate necessary situational scenario of existing and potential cyber security threats and enable timely information sharing for proactive, preventive and protective actions by individual entities.  To operate a 24x7 National Level Computer Emergency Response Team (CERT-In) to function as a Nodal Agency for co-ordination of all efforts for cyber security emergency response and crisis management. CERT-In will function as an umbrella organization in enabling creation and operationalization of sectoral CERTs as well as facilitating communication and co-ordination actions in dealing with cyber crisis situations.  To operationalize 24x7 sectoral CERTs for all co-ordination and communication actions within the respective sectors for effective incidence response and resolution and cyber crisis management. Tuesday, July 15, 2014 Gopal Ram Choudhary Trainee at Cyber Octet Pvt. Ltd. Ahmedabad
  23. 23.  To implement Cyber Crisis Management Plan for dealing with cyber related incidents impacting critical national processes or endangering public safety and security of the Nation, by way of well co-ordinated, multi disciplinary approach at the National, Sectoral as well as entity Levels.  To conduct and facilitate regular cyber security drills and exercises at National, sectoral and entity levels to enable assessment of the security posture and level of emergency preparedness in resisting and dealing with cyber security incidents. Tuesday, July 15, 2014 Gopal Ram Choudhary Trainee at Cyber Octet Pvt. Ltd. Ahmedabad
  24. 24. Securing E-Governance Services Tuesday, July 15, 2014 Gopal Ram Choudhary Trainee at Cyber Octet Pvt. Ltd. Ahmedabad  To mandate implementation of global security best practices, business continuity management and cyber crisis management plan for all E-Governance initiatives in the country, to reduce the risk of disruption and improve the security posture.  To encourage wider usages of Public Key Infrastructure (PKI) within Government for trusted communication and transactions.  To engage information security professionals / organizations to assist e-Governance initiatives and ensure conformance to security best practices.
  25. 25. Protection and resilience of Critical Information Infrastructure Tuesday, July 15, 2014 Gopal Ram Choudhary Trainee at Cyber Octet Pvt. Ltd. Ahmedabad  To develop a plan for protection of Critical Information Infrastructure and its integration with business plan at the entity level and implement such plan. The plans shall include establishing mechanisms for secure information flow (While in process, handling, storage and transit), guidelines and standards, crisis management plan, proactive security posture assessment and forensically enabled information infrastructure.  To operate a 24x7 National Critical Information Infrastructure Protection Center (NCIIPC) to function as the nodal agency for critical information infrastructure protection in the country.
  26. 26.  To facilitate identification, prioritization, assessment, remediation and protection of critical infrastructure and key resources based on the plan for protection of critical information infrastructure.  To mandate implementation of global security best practices, business continuity management and cyber crisis management plan by all critical sector entities, to reduce the risk of disruption and improve the security posture.  To encourage and mandate as appropriate, the use of validated and certified IT products.  To mandate security audit of critical information infrastructure on a periodic basis.  To mandate certification for all security roles right from CISO / CSO to those involved in operation of critical information infrastructure.  To mandate secure application / software development process (from design through retirement) based on global best practices. Tuesday, July 15, 2014 Gopal Ram Choudhary Trainee at Cyber Octet Pvt. Ltd. Ahmedabad
  27. 27. Promotion of Research and Development in cyber security Tuesday, July 15, 2014 Gopal Ram Choudhary Trainee at Cyber Octet Pvt. Ltd. Ahmedabad  To undertake Research and Development programs for addressing all aspects of development aimed at short term, medium term and long term goals. The research and Development programs shall address all aspects including development of trustworthy systems, their testing, deployment and maintenance throughout the life cycle and include R&D on cutting edge security technologies.  To encourage Research and Development to produce cost- effective, tailor-made indigenous security solutions meeting a wider range of cyber security challenges and target for exploits markets.
  28. 28.  To facilitate transition, diffusion and commercialization of the outputs of Research & Development into commercial products and services for use in public and private sectors.  To set up Centers of Excellence in areas of strategic importance for the point of security of space.  To collaborate in joint Research and Development projects with industry and academia in frontline technologies and solution oriented research. Tuesday, July 15, 2014 Gopal Ram Choudhary Trainee at Cyber Octet Pvt. Ltd. Ahmedabad
  29. 29. Reducing Supply Chain Risk Tuesday, July 15, 2014 Gopal Ram Choudhary Trainee at Cyber Octet Pvt. Ltd. Ahmedabad  To create and maintain testing infrastructure and facilities for IT security product evaluation and compliance verification as per global standards and practices.  To build trusted relationships with product / system vendors and services providers for improving end-to-end supply chain security visibility.  To create awareness of the threats, vulnerabilities and consequences of breach of security among entities for managing supply chain risks related to IT (products, system or services) procurement.
  30. 30. Human Resource Development Tuesday, July 15, 2014 Gopal Ram Choudhary Trainee at Cyber Octet Pvt. Ltd. Ahmedabad  To foster education and training programs both in formal and informal sectors to support the Nation's Cyber security needs and build capacity.  To establish cyber security training infrastructure across the country by way of public private partnership arrangements.  To establish cyber security concept labs for awareness and skill development in key areas.  To establish institutional mechanisms for capacity building for Law Enforcement Agencies.
  31. 31. Creating Cyber Security Awareness Tuesday, July 15, 2014 Gopal Ram Choudhary Trainee at Cyber Octet Pvt. Ltd. Ahmedabad  To promote and launch a comprehensive national awareness program on security of cyber space.  To sustain security literacy awareness and publicity campaign through electronic media to help citizens to be aware of the challenges of cyber security.  To conduct, support and enable cyber security workshops / seminars and certifications.
  32. 32. Developing Effective Public Private Partnerships Tuesday, July 15, 2014 Gopal Ram Choudhary Trainee at Cyber Octet Pvt. Ltd. Ahmedabad  To facilitate collaboration and co-operation among stakeholder entities including private sector, in the area of cyber security in general and protection of critical information infrastructure in particular for actions related to cyber threats, vulnerabilities, breaches, potential protective measures and adoption of best practices.  To create models for collaborations and engagement with all relevant stack holders.  To create a think tank for cyber security policy inputs, discussion and deliberations.
  33. 33. Information Sharing and Co-operation Tuesday, July 15, 2014 Gopal Ram Choudhary Trainee at Cyber Octet Pvt. Ltd. Ahmedabad  To develop bilateral and multi-lateral relationships in the area of cyber security with other countries.  To enhance National and global co-operation among security agencies, CERTs, Defense agencies and forces, Law Enforcement Agencies and the judicial system.  To create mechanism for dialogue related to technical and operational aspects with industry in order to facilitate efforts in recovery and resilience of system including critical information infrastructure.
  34. 34. Prioritized Approach for Implementation Tuesday, July 15, 2014 Gopal Ram Choudhary Trainee at Cyber Octet Pvt. Ltd. Ahmedabad  To adopt a prioritized approach to implement the policy so as to address the most critical areas in the first instance.
  35. 35. Operationalization of the Policy Tuesday, July 15, 2014 Gopal Ram Choudhary Trainee at Cyber Octet Pvt. Ltd. Ahmedabad This policy shall be operationalized by way of detailed guidelines and plans of action at various levels such as national, sectoral, state, ministry, department and enterprise, as may be appropriate, to address the challenging requirements of security of the cyberspace.
  36. 36. References  "Amid spying saga, India unveils cyber security policy". Times of India. INDIA. 3 July 2013. Retrieved 24 September 2013.  "National Cyber Security Policy 2013: An Assessment". Institute for Defense Studies and Analyses. August 26, 2013. Retrieved 2013-09-24.  "For a unified cyber and telecom security policy". The Economic Times. 24 Sep 2013. Retrieved 2013-09-24.  http://en.wikipedia.org/wiki/National_Cyber_Security_Policy_2 013 Tuesday, July 15, 2014 Gopal Ram Choudhary Trainee at Cyber Octet Pvt. Ltd. Ahmedabad
  37. 37.  "National Cyber Security Policy 2013". Department of Information Technology, Ministry of Communications and Information Technology.  http://aict.info/2013/?page=callfor#sthash.CrcGO9Hd.dpbs Tuesday, July 15, 2014 Gopal Ram Choudhary Trainee at Cyber Octet Pvt. Ltd. Ahmedabad
  38. 38. Tuesday, July 15, 2014 Gopal Ram Choudhary Trainee at Cyber Octet Pvt. Ltd. Ahmedabad
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×