0
NATIONAL CYBER
SECURITY POLICY - 2013
SANTOSH KAHDASRE
PREAMBLE
SANTOSH KHADSARE 2
Complex environment of integrations between people,
software and services
Common pool used by citizens, businesses , criti...
Caters to the whole spectrum of ICT users and
providers and is an evolving process
IT SERVES AS AN UMBRELLA FRAMEWORK FOR
...
TO BUILD A SECURE AND RESILIENT
CYBERSPACE FOR CITIZENS,
BUSINESSES AND GOVERNMENT
SANTOSH KHADSARE 5
VISION
SANTOSH KHADSARE 6
MISSION
SANTOSH KHADSARE 7
OBJECTIVES
Create a secure
cyber ecosystem
Create an assurance
framework
Strengthen the
regulatory
fram...
SANTOSH KHADSARE 8
OBJECTIVES
Est infrastructure
for testing &
validation of
security of such
products
Create workforce of...
Designate a national nodal agency to coordinate matters(cyber
security) with clearly defined roles and responsibilities
de...
Provide fiscal schemes and initiatives to encourage entities to
install and upgrade info infrastructure fro cyber security...
Promote adoption of global best practices in info security and
compliance.
Create infrastructure for conformity assessment...
Encourage secure appln/software devp processes.
Create conformity assessment framework for periodic
verification of compli...
Encourage use of open standards to facilitate interoperability
and data exchange among different products and services.
Pr...
Devp dynamic and legal framework and its periodic review to
address Cyber security challenges.
To mandate periodic audit a...
To create National lvl sys , processes, structures and
mechanisms to generate situational scenario of
existing and potenti...
Operationalise 24x7 sectorial CERTs.
Implement Crisis Mgt plan for dealing with incidents impacting
critical national proc...
To mandate implementation of global security best practices,
business continuity mgt and cyber crisis mgt plan for all e-
...
To devp plan for protection of CII.
To operate 24x7 National Critical Information Infrastructure
Protection Centre(NCIIPC)...
To mandate security audit of CII on periodic basis.
To mandate certification of all security roles right from CISO
/CSO to...
To undertake R&D programs aimed at short term, medium term
and long term goals.
To encourage R&D to produce cost effective...
To set up Centre of Excellence in areas of strategic importance
for the point of security of cyber space .
To collaborate ...
To create and maintain testing infrastructure and facilities of IT
security product evaluation and compliance verification...
To foster education and trg programs both in formal and
informal sectors to support the nation’s cyber security needs
and ...
To promote and launch a comprehensive national awareness
program on security of cyber space.
To sustain security literacy ...
To facilitate collaboration and cooperation among stakeholder
entities.
To create models of collaborations and engagement ...
INFO SHARING AND COOPERATION (among security agencies,
CERTs, defence agencies, Law enforcement agencies and judicail
syst...
THANK YOU
SANTOSH KHADSARE 27
Upcoming SlideShare
Loading in...5
×

INDIAN NATIONAL CYBER SECURITY POLICY (NCSP-2013)

305

Published on

National Cyber Security Policy -2013

Published in: Education
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
305
On Slideshare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
37
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Transcript of "INDIAN NATIONAL CYBER SECURITY POLICY (NCSP-2013)"

  1. 1. NATIONAL CYBER SECURITY POLICY - 2013 SANTOSH KAHDASRE
  2. 2. PREAMBLE SANTOSH KHADSARE 2
  3. 3. Complex environment of integrations between people, software and services Common pool used by citizens, businesses , critical information infrastructure ,military and groups Vulnerable to a wide range of incidents, whether intentional or accidental, manmade or natural, and the info can be exploited by both nation states and non state actors SANTOSH KHADSARE 3 CYBERSPACE IS…..
  4. 4. Caters to the whole spectrum of ICT users and providers and is an evolving process IT SERVES AS AN UMBRELLA FRAMEWORK FOR DEFINING AND GUIDING THE ACTIONS RELATED TO SECURITY OF CYBER SPACE It also enables the individual sectors and org in designing appropriate cyber security polices to suit their needs SANTOSH KHADSARE 4 CYBER SECURITY POLICY
  5. 5. TO BUILD A SECURE AND RESILIENT CYBERSPACE FOR CITIZENS, BUSINESSES AND GOVERNMENT SANTOSH KHADSARE 5 VISION
  6. 6. SANTOSH KHADSARE 6 MISSION
  7. 7. SANTOSH KHADSARE 7 OBJECTIVES Create a secure cyber ecosystem Create an assurance framework Strengthen the regulatory framework Enhance and create national and sectorial level 24x7 mechanisms for info gathering Enhance protection and resilience of CII by operating 24x7 NCIIPC Develop indigenous security technologies
  8. 8. SANTOSH KHADSARE 8 OBJECTIVES Est infrastructure for testing & validation of security of such products Create workforce of 500,000 professionals in next five years Fiscal benefits to businesses for adoption of std security practices and processes Enable effective prevention , investigation and prosecution of cyber crime Create culture of cyber security Develop public pvt partnerships and enhance global cooperation
  9. 9. Designate a national nodal agency to coordinate matters(cyber security) with clearly defined roles and responsibilities designate CISO in every org who will be responsible for cyber security efforts and initiatives Org to devp info security policies and implement them as per international best practices Org to earmark a specific budget for cyber security SANTOSH KHADSARE 9 STRATEGIES : CREATING A SECURE CYBER ECO SYSTEM
  10. 10. Provide fiscal schemes and initiatives to encourage entities to install and upgrade info infrastructure fro cyber security Prevent occurrence and recurrence of cyber incidents (proactive actions) Est mechanism for sharing info Procurement of trustworthy indigenously manufactured ICT products SANTOSH KHADSARE 10 STRATEGIES : CREATING A SECURE CYBER ECO SYSTEM
  11. 11. Promote adoption of global best practices in info security and compliance. Create infrastructure for conformity assessment and certification of compliance to cyber security best practices, std and guidelines (e.g ISO 27001 ISMS certification). Enable implementation of global security best practices for risk management. Identify and classify info infrastructure facilities and assets. SANTOSH KHADSARE 11 STRATEGIES : CREATING A ASSURANCE FRAMEWORK
  12. 12. Encourage secure appln/software devp processes. Create conformity assessment framework for periodic verification of compliance to best practices, std and guidelines on cyber security. Encourage all entities tom periodically test and evaluate the adequacy and effectiveness of tech and op security measures implemented in IT sys and networks . SANTOSH KHADSARE 12 STRATEGIES : CREATING A ASSURANCE FRAMEWORK
  13. 13. Encourage use of open standards to facilitate interoperability and data exchange among different products and services. Promote a consortium of Govt and private sector to enhance availability of tested and certified IT products on open standards. SANTOSH KHADSARE 13 STRATEGIES : ENCOURAGING OPEN STANDARDS
  14. 14. Devp dynamic and legal framework and its periodic review to address Cyber security challenges. To mandate periodic audit and evaluation. To enable, educate and facilitate awareness of the regulatory framework. SANTOSH KHADSARE 14 STRATEGIES : STRENGTHENING THE REGULATORY FRAMEWORK
  15. 15. To create National lvl sys , processes, structures and mechanisms to generate situational scenario of existing and potential threats and enable timely info sharing for proactive, preventive and protective actions. To operate 24x7 CERT-in to function as a Nodal Agency for coordination of all efforts for cyber security emergency response and crisis mgt (Umbrella org). SANTOSH KHADSARE 15 STRATEGIES : CREATING MECHANISMS FOR EARLY WARNING , VULNERABILITY MGT & RESPONSE
  16. 16. Operationalise 24x7 sectorial CERTs. Implement Crisis Mgt plan for dealing with incidents impacting critical national processes or endangering public safety and security of the nation. To conduct and facilitate regular cyber security drills and exercises at National, sectorial and entity levels. SANTOSH KHADSARE 16 STRATEGIES : CREATING MECHANISMS FOR EARLY WARNING , VULNERABILITY MGT & RESPONSE
  17. 17. To mandate implementation of global security best practices, business continuity mgt and cyber crisis mgt plan for all e- Governance initiatives . To encourage wider usage of PKI within Govt. for trusted communication and transactions. To engage info security professionals / org to assist . SANTOSH KHADSARE 17 STRATEGIES : SECURING E- GOVERNANCE SERVICES
  18. 18. To devp plan for protection of CII. To operate 24x7 National Critical Information Infrastructure Protection Centre(NCIIPC) to function as Nodal agency for CII protection. To facilitate identification, prioritisation, assessment, remediation and protection of CII and key recourses. To encourage and mandate as appropriate, the use of validated and certified IT products. SANTOSH KHADSARE 18 STRATEGIES : PROTECTION AND RESILIENCE OF CRITICAL INFO INFRASTRUCTURE
  19. 19. To mandate security audit of CII on periodic basis. To mandate certification of all security roles right from CISO /CSO to those involved in operation of CII. To mandate secure appl /software devp process. SANTOSH KHADSARE 19 STRATEGIES : PROTECTION AND RESILIENCE OF CRITICAL INFO INFRASTRUCTURE
  20. 20. To undertake R&D programs aimed at short term, medium term and long term goals. To encourage R&D to produce cost effective, tailor-made and indigenous security solutions . To facilitate transition, diffusion. And commercialisation of outputs of R&D into commercial products and services for use in public and private sectors. SANTOSH KHADSARE 20 STRATEGIES : PROMOTION OF R&D IN CYBER SECURITY
  21. 21. To set up Centre of Excellence in areas of strategic importance for the point of security of cyber space . To collaborate in joint R&D projects with industry and academia in frontline technologies and solution oriented research. SANTOSH KHADSARE 21 STRATEGIES : PROMOTION OF R&D IN CYBER SECURITY
  22. 22. To create and maintain testing infrastructure and facilities of IT security product evaluation and compliance verification. To build trust relationships with product / system vendors and service providers for improving end-to-end supply chain security visibility. To create awareness of the threats, vulnerabilities and consequences of breach of security related to IT procurement. SANTOSH KHADSARE 22 STRATEGIES : REDUCIN SUPPLY CHAIN RISKS
  23. 23. To foster education and trg programs both in formal and informal sectors to support the nation’s cyber security needs and build capacity. To est cyber security trg infrastructure across the country by way of public private partnership arrangements. To est cyber security concept labs for awareness and skill devp in key areas. To est institutional mechanisms for capacity building for Law Enforcement Agencies. SANTOSH KHADSARE 23 STRATEGIES : HRD
  24. 24. To promote and launch a comprehensive national awareness program on security of cyber space. To sustain security literacy awareness and publicity campaign through electronic media. To conduct, support and enable cyber security workshops / seminars and certifications. SANTOSH KHADSARE 24 STRATEGIES : CREATING CYBER SECURITY AWARENESS
  25. 25. To facilitate collaboration and cooperation among stakeholder entities. To create models of collaborations and engagement with all relevant stakeholders. To create a think tank for cyber security inputs, discussion and deliberations. SANTOSH KHADSARE 25 STRATEGIES : DEVP EFFECTIVE PUBLIC PVT PARTNERSHIPS
  26. 26. INFO SHARING AND COOPERATION (among security agencies, CERTs, defence agencies, Law enforcement agencies and judicail systems). PRIORTIZED APPROACH FOR IMPLEMENTATION. SANTOSH KHADSARE 26 OTHER STRATEGIES
  27. 27. THANK YOU SANTOSH KHADSARE 27
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×