Guidelines on Information Security Practices: CERT-In

Context:

Recently, the Indian Computer Emergency Response Team (CERT-In)  issued “Guidelines on Information Security Practices” for government entities for a safe and trusted Internet.

About: Guidelines on Information Security Practices: CERT-In

  • Aim: To ensure an open, safe and trusted and accountable Internet for its users.
  • Need: India’s digital landscape has witnessed tremendous growth, with over 80 crore Indians (Digital Nagriks) actively utilizing the Internet and cyberspace.
  • Applicability: 
    • All Ministries, Departments, Secretariats, and Offices specified in the First Schedule to the Government of India (allocation of business) Rules, 1961, along with their attached and subordinate offices.
    • Public sector enterprises
  • Appointment of Chief Information Security Officer: Government organizations should appoint a Chief Information Security Officer (CISO) along with a dedicated cybersecurity team, independent of the IT operations team.
  • Password Management and Browser Security Guidelines: The guidelines recommend the use of complex passwords with a minimum length of 8 characters.
  • Comprehensive Security Domains Covered: The guidelines include various security domains such as network security, identity and access management, application security, data security, third-party outsourcing, hardening procedures, security monitoring, incident management, and security auditing.
  • Data Encryption and Protection: Organizations should identify and encrypt sensitive data during transmission and storage.
  • Threat Analysis and Mitigation: Organizations must analyze potential threats and adopt strategies to counter them.
  • Vulnerability Assessment: Conducting vulnerability assessments helps identify weaknesses in devices, systems, and potential threats related to specific ports and services.
  • Mandatory Cybersecurity Incident Reporting: All government and private agencies, including internet service providers, social media platforms, and data centers, must report cybersecurity breaches to the appropriate authority within six hours of detection.
Significance: 
  • Roadmap for Government and Industry: These guidelines are a roadmap for government entities and industry to reduce cyber risk, protect citizen data, and continue to improve the cyber security ecosystem in the country. 
  • Facilitating Audits for Security Assessment: They will serve as a fundamental document for audit teams, including internal, external, and third-party auditors, to assess an organization’s security posture against the specified cybersecurity requirements.
Additional Information:

About CERT-In 

  • CERT-In is the national nodal agency for responding to computer security incidents as and when they occur.
  • Mandate:
    • Collection, analysis and dissemination of information on cyber incidents.
    • Forecast and alerts of cyber security incidents
    • Emergency measures for handling cyber security incidents
    • Coordination of cyber incident response activities.

News Source: Times of India

To get PDF version, Please click on "Print PDF" button.

Need help preparing for UPSC or State PSCs?

Connect with our experts to get free counselling & start preparing

THE MOST
LEARNING PLATFORM

Learn From India's Best Faculty

      
Quick Revise Now !
AVAILABLE FOR DOWNLOAD SOON
UDAAN PRELIMS WALLAH
Comprehensive coverage with a concise format
Integration of PYQ within the booklet
Designed as per recent trends of Prelims questions
हिंदी में भी उपलब्ध
Quick Revise Now !
UDAAN PRELIMS WALLAH
Comprehensive coverage with a concise format
Integration of PYQ within the booklet
Designed as per recent trends of Prelims questions
हिंदी में भी उपलब्ध

<div class="new-fform">







    </div>

    Subscribe our Newsletter
    Sign up now for our exclusive newsletter and be the first to know about our latest Initiatives, Quality Content, and much more.
    *Promise! We won't spam you.
    Yes! I want to Subscribe.