-
NISPG has been prepared by MHA, based on experience of existing security standards and frameworks and global best practices and experience of implementation in the wake of expanding information security threat scenario.
-
It aims at improving information security posture of organization possessing any information, including classified information and does not restrict organizations from adopting additional stringent practices over and above these guidelines.
-
It elaborates baseline information security policy and highlights relevant security concepts and best practices, which government ministries, departments, and organizations must implement to protect their information.
Changes from the past
-
In 2013, cybersecurity, which was the sole preserve of the Home Ministry, was moved to the National Security Council Secretariat (NSCS) under the Prime Minister’s Office.
-
The critical infrastructure was moved to the National Technical Research Organisation and the non-critical part to the Ministry of Electronics and Information Technology.
What are the other issues with the digital mechanism?
-
There are issues relating to physical security of a computer. Like what happens if the device becomes obsolete? What about the hard disk, will it be destroyed before the computer is discarded?
-
Then there are issues relating to the network as well. If information is riding on own cyber cable, then everything can be encrypted, but if it is riding on a commercially available one, then you will have to make sure that guidelines are complied with
-
Basically, the whole policing system in India that began in 1860 is now being replicated in cyberspace. It will evolve gradually. The new guidelines will also take care of that.
-
If 50 people are accessing some data, it requires a wider security network. Audit trail has to be left, red flags should be raised. We need to take cognizance of the threats and accordingly upgrade the measures.