Professional Documents
Culture Documents
security policy
Security policy is the foundation of information
security in an organization. As with any
foundation, it must be well developed,
enforced and complied with to improve the
security of information, from both inside and
outside the organization. Compliance with the
security policy is not an easy task as it
involves translating the written policy into
actions. It requires careful planning and
participations of all the related parties.
vulnerabilities inherent in the code of a
Web-application itself (irrespective of
the technologies in which it is
implemented or the security of the Webserver/back-end database on which it is
built).
In the last few months, vulnerabilities
have been exploited with serious
consequences: Hackers have tricked ecommerce sites into shipping goods for
no charge, usernames and passwords
have been harvested, and confidential
Mission[edit]
To protect information and information
infrastructure in cyberspace, build capabilities
to prevent and respond to cyber threat, reduce
vulnerabilities and minimize damage from
cyber incidents through a combination of
institutional structures, people, processes,
technology and cooperation
In india
National Cyber Security Policy is
a proposed law by Department of Electronics
and Information Technology (DeitY), Ministry
of Communication and Information
Technology, Government of India. which is
due to be passed by parliament, aimed at
protecting the public and private infrastructure
from cyber attacks.[1] The policy also intends to
safeguard "information, such as personal
information (of web users), financial and
banking information and sovereign data". This
was particularly relevant in the wake of US
National Security Agency (NSA) leaks that
suggested the US government agencies are
spying on Indian users, who have no legal or
technical safeguards against it. Ministry of
Communications and Information Technology
(India) defines Cyberspace is a complex
environment consisting of interactions
Shortcomings[edit]
(1) The declared cyber security policy has
proved to be a paper work alone with no actual
implementation till date.[4]
(2) The cyber security trends and
developments in India 2013 (Pdf) provided by
Perry4Laws Techno Legal Base (PTLB) has
listed the shortcomings of Indian cyber
security policy in general and Indian cyber
security initiatives in particular.[5]
(3) Indian cyber security policy has failed to
protect civil liberties of Indians including
privacy rights.[6]
(4) Civil liberties protection in cyberspace has
been blatantly ignored by Indian government
and e-surveillance projects have been kept
intact by the Narendra Modi government.[7]
(5) The offensive and defensive cyber security
capabilities of India are still missing.[8]
(6) India is considered to be a sitting duck in
cyberspace and cyber security field and the
proposed cyber security policy has failed to
change this position.[9]
In short, India is not at all cyber
prepared [10] despite the contrary claims and
declared achievements and the cyber security
policy is just another policy document with no
actual implementation and impact.