INTERNET & ONLINE
/photo.cms?msid=27963949
Tuesday, April 12, 2005| Updated at 17:28hrs IST
Search in
Indiatimes>The Economic Times> News By Industry > Infotech> Internet & Online> Article
Home
News
News By Industry
Auto
Cons. Products
Energy
Finance / Insurance
Healthcare / Biotech
Ind'l Goods / Svs
Infotech
Hardware
Software
Internet & Online
ITeS
Telecom
Media / Entertainment
Services
Telecom
Transportation
Companies A-Z
Economy
Politics/Nation
International Business
ET Headlines
Most Read Articles
Money Matters
Mutual Funds
Insurance
Savings Centre
Loan Centre
Credit Cards
Tax Centre
Markets
Real Estate
Stocks
Forex
Debt / Money
Commodities
Hot Links
ET Networks
e-paper
RSS feeds
Business Families
BPO
Jobs
Cars
Earnings
Law
Corporate Law
Tax Law
Business Law
Personal Law
Property Law
Notifications
Magazines
The Sunday ET
Big Bucks: Inv. Guide
Brand Equity
Corporate Dossier
ET Travel
Financial Times
Strategic Marketing
Gen. Mgmt. Review
Times b2b
For NRIs
NRI Finance
Remit2India
Opinion
Columnists
Editorial
Letters to Editor
Services
Tenders
Portfolio Tracker
Portfolio in Email
Expert Aid
Invest Online
Archives
Transact
Medianet
E-Commerce
Biz Solutions
Auctions
Shopping
Classifieds
Travel Booking
      
India raises the security bar to rein in e-crime Add to Clippings
SUDHA NAGARAJ

TIMES NEWS NETWORK[ FRIDAY, APRIL 22, 2005 11:48:26 PM]
 
NEW DELHI: Are you the head of a government-run entity or the chief information officer at a public or private sector organisation in the “critical infrastructure” (power and telecom) arena?

If so, you had better secure your information technology systems and network. Not only would they be audited, but annual reports on compliance with security norms would have to be filed with the National Information Bureau under the National Security Adviser through the Computer Emergency Response Team-India (CERT-In).

In the face of increasing cyber crimes, the government plans to announce a National Security Compliance Assurance Framework that would require implementation of security controls and reporting of incidents that breach IT security. This was revealed by BJ Srinath, scientist, CERT-In, at a cyber security seminar organised by the department of information technology (DIT) under the auspices of the Indo-US Security Forum.

The development assumes greater significance in the light of the cyber drug racket that has just been unearthed and was traced back to Agra. All countries are forming their own CERTs to tackle cyber crimes which know no borders. And unless these CERTs provide norms for security compliance and ensure implementation, there would be "weak links" in the global effort, says Mr Srinath.

According to the security compliance guidelines that have been drafted by CERT-In under the DIT, all government and critical infrastructure organisations — both public and private — must have a security policy, implement it and be subject to annual security audits.

To conduct the audits, a team of 18 auditors has been finalised by the government, including Tata Consultancy Services, Sify, PricewaterhouseCoopers, Mahindra-British Telecom, Satyam Computer Services, SecureSynergy, Network Security Solutions, STQC Directorate, Ramco Systems, CyberQ Consulting, Haribhakti & Co, Paladion Networks, Information Systems Auditors & Consultants, Indusface Consulting, AUDITime Information Systems, Network Solutions, AAA Technologies and Sysman Computers.

KK Bajaj, director, CERT-In told ET, "the list of to-be-empanelled auditors will be announced shortly for third-party audits." Draft guidelines are ready and IT self-assessment tools, security products and parameters would be in consonance with ISMS standards like ISO 15408, IS 15150 and BS 1799.

The security assurance initiative is very much on the lines of the Federal Information Security Management Act ‘02 of the US. While this is a law and fixes ultimate responsibility for information security on the CIO or the agency head, India has opted to stipulate guidelines and may ask organisations to identify one person responsible for IT security.

As a source in the DIT put it, ”The US has increased its cyber space so much that it has to take extreme security measures. In India, within organisations, some systems are identified for internet connectivity while some are protected from cyber space. So the risks are not as great and there is no need to raise the bar on security features.”

Accordingly, organisations would be categorised as low-risk (where awareness of security norms would suffice), medium risk (where awareness and action is required) and high-risk (where awareness, action and assurance is mandated).
   
   
RATE THIS ARTICLE
12345
1=Poor, 3=Average, 5=Outstanding
............................................................


COMMENTS ON THIS ARTICLE
No comment has been posted for this article yet.
   
    
INTERNET & ONLINE
HEADLINES
AOL, XM to launch online radio service
First spammer convicted gets 9 years
Trojan horse reaches your PC a la Microsoft update
Google top honchos cut their salaries to $1
Software to nab child pornographers
Yahoo provides aid to Wikipedia
And here's a key to combat hacking
Over 1 lakh .IN registrations
Internet giants sued over click fraud
Now, you can Google satellite pics
     
TOP
About Us| For reprint rights:Times Syndication Service
Copyright © 2005 Times Internet Limited. All rights reserved. |Advertise with Us| http://careers.indiatimes.com/| Terms of Use| Privacy Policy| Feedback| Sitemap