On Tuesday, The Government of India released the National Cyber Security Policy 2013 to safeguard both physical and business assets of the country. The policy aims to serve as an umbrella framework for defining and guiding the actions related security of cyberspace.
The mission of this policy is to protect information and information infrastructure in cyberspace, build capabilities to prevent and respond to cyber threats , reduce vulnerabilities and minimize damage from cyber incidents through a combination of institutional structures, people , processes, technology and cooperation.
To meet with the various objectives of the cyber security policy, here are the strategy that will be put in place.
- Policy aims at creating a national level nodal agency that will co-ordinate all matters related to cyber security in the country
- It will encourage organizations to develop their own security policies as per international best practices.
- The policy will ensure that all organizations earmark a specific budget to implement their security policies and initiatives.
- Policy plans to offer various schemes and incentives to ensure that proactive actions are taken for security compliance.
- To create an assurance framework, policy will create conformity assessment and certification of compliance to cyber security best practices, standards and guidelines
- Policy aims at encouraging open standards that facilitate interoperability and data exchange among different IT products and services.
- A legal framework will be created to address cyber security challenges arising out of technological developments in cyber space.
- The policy also plans to enforce a periodic audit and evaluation of adequacy and effectiveness of security of Information infrastructure in India.
- The policy will create mechanisms to get early warnings in case of security threats, vulnerability management and response to the security threats thereof
- A 24X7 operational national level computer emergency response team (CERT-in) will function as an umbrella organization that will handle all communication and coordination in deal with cyber crisis situations.
- To secure e-governance services, policy will take various steps like encouraging wider usage of Public Key Infrastructure (PKI) standards in communications and engagement of expert security professionals / organizations to assist in e-governance.
- The policy will encourage and mandate use of tested, validated and certified IT products in all sensitive security areas
- The policy also plans to undertake and invest in various R&D programs in area of national cyber security
Source: Economic Times