Customers | Partners | Knowledge Center | Careers   
   
 
  About Netsol
  Overview
  Offerings
  Management Team
  Press Release
  Netsol Watch
 

 

Netsol empanelled by CERT-IN for Security Audits

By Sudha Nagaraj

TIMES NEWS NETWORK                                         April 22, 2005

NEW DELHI : Are you the head of a government-run entity or the chief information officer at a public or private sector organization in the “critical infrastructure” (power and telecom) arena?

If so, you had better secure your information technology systems and network. Not only would they be audited, but annual reports on compliance with security norms would have to be filed with the National Information Bureau under the National Security Adviser through the Computer Emergency Response Team-India (CERT-IN).

In the face of increasing cyber crimes, the government plans to announce a National Security Compliance Assurance Framework that would require implementation of security controls and reporting of incidents that breach IT security. This was revealed by BJ Srinath, scientist, CERT-IN, at a cyber security seminar organized by the department of information technology (DIT) under the auspices of the Indo-US Security Forum.

The development assumes greater significance in the light of the cyber drug racket that has just been unearthed and was traced back to Agra . All countries are forming their own CERTs to tackle cyber crimes which know no borders. And unless these CERTs provide norms for security compliance and ensure implementation, there would be “weak links” in the global effort, says Mr. Srinath.

According to the security compliance guidelines that have been drafted by CERT-In under the DIT, all government and critical infrastructure organisations — both public and private — must have a security policy, implement it and be subject to annual security audits.

To conduct the audits, a team of 18 auditors has been finalised by the government, including Network Solutions.

KK Bajaj, director, CERT-IN told ET, “the list of to-be-empanelled auditors will be announced shortly for third-party audits.” Draft guidelines are ready and IT self-assessment tools, security products and parameters would be in consonance with ISMS standards like ISO 15408, IS 15150 and BS 1799.

The security assurance initiative is very much on the lines of the Federal Information Security Management Act ‘02 of the US . While this is a law and fixes ultimate responsibility for information security on the CIO or the agency head, India has opted to stipulate guidelines and may ask organisations to identify one person responsible for IT security.

As a source in the DIT put it, “The US has increased its cyber space so much that it has to take extreme security measures. In India , within organisations, some systems are identified for internet connectivity while some are protected from cyber space. So the risks are not as great and there is no need to raise the bar on security features”.

Accordingly, organisations would be categorised as low-risk (where awareness of security norms would suffice), medium risk (where awareness and action is required) and high-risk (where awareness, action and assurance is mandated).


< Main Next >>

 
 Site Map | Disclaimer | Privacy Policy © Copyright IBM Corp. 2005, 2007. ALL RIGHTS RESERVED. Site best viewed in 1024x768 resolution