CERT-IN issued guidelines on information security practices

 

Latest Context:

Recently, the Indian Computer Emergency Response Team (CERT-IN) issued guidelines on information security practices for government entities.

More about the news:

• These guidelines are issued by CERT-In under section 70B of the Information Technology (IT) Act, 2000.
• Basically, these guidelines will apply to all the Ministries, Departments, Secretariats, and Offices mentioned in the 1^st Schedule to Government of India (Allocation of Business) Rules, 1961, along with their attached and subordinate offices.
• These guidelines will act as a roadmap for government entities and industry to reduce the cyber risk, protect citizen’s data and to improve cybersecurity ecosystem in the country.

Key highlights of the guidelines are:

• To nominate a Chief Information Security Officer (CISO) for IT Security.
• To develop a cyber security policy and assign roles and responsibilities to CISO and to form a dedicated cyber security functional team.
• To conduct internal and external audit of entire ICT infrastructure and to place appropriate security controls based on audit outcome.
• To ensure proper physical isolation of sensitive and wireless networks.
• To form data backup policy and should be implemented in a proper way.

About the Indian Computer Emergency Response Team (CERT-IN)

• CERT-IN is a national nodal agency responsible for handling cybersecurity incidents in India.
• It operates under the Ministry of Electronics and Information Technology (MeitY) and was established in 2004.
• It serves as a proactive coordination center for incident response, capacity building, and cybersecurity awareness in the country.

The primary objectives of CERT-IN are as follows:

• Incident Response and Handling: CERT-IN is responsible for responding to cybersecurity incidents, coordinating with various stakeholders and providing technical assistance and advice to organizations affected by such incidents.
• Vulnerability Management: CERT-IN identifies vulnerabilities in the information technology infrastructure of India and disseminates alerts and advisories to relevant organizations to help them secure their systems.
• Security Threat Assessment and Early Warning: CERT-IN continuously monitors the cyberspace for emerging threats and provides early warnings to government departments, critical infrastructure agencies, and other stakeholders to help them proactively address potential risks.
• Cybersecurity Policy and Guidelines: CERT-IN assists in the formulation and review of cybersecurity policies, guidelines, and frameworks for the government, organizations, and individuals to promote a secure digital ecosystem.
• Capacity Building and Awareness: CERT-IN conducts training programs, workshops, and awareness campaigns to enhance the cybersecurity skills and knowledge of individuals, organizations, and law enforcement agencies.
• International Cooperation: CERT-IN collaborates with international organizations, Computer Emergency Response Teams (CERTs) of other countries and other relevant entities to exchange information, best practices, and expertise in the field of cybersecurity.

 

 

Must Check: IAS Coaching Centre In Delhi