Cyber Security – CERTs, Policy, etc

CERT-In makes Annual Cybersecurity Audit Mandatory for Companies

Prelims Only | Security Issues | Mains Paper 3: Cyber Security

Why in the News?

The Indian Computer Emergency Response Team (CERT-In) has mandated annual third-party cybersecurity audits for both private and public-sector organisations operating digital infrastructure.

Cybersecurity Directive: Key Highlights:

  • Annual third-party cyber audits are mandatory for all digital infrastructure.
  • Sectoral regulators may require more frequent checks based on risk.
  • Audits must be risk-based, domain-specific, and aligned with business context.

About the Indian Computer Emergency Response Team (CERT-In):

  • Parent Ministry: Ministry of Electronics and Information Technology
  • Established: January 2004
  • Constituency: All entities operating in Indian cyberspace
  • Core Responsibilities:
    • Collect, analyse, and disseminate cybersecurity incident data
    • Forecast and alert about emerging cyber threats
    • Provide emergency response support to affected entities
    • Issue security guidelines, advisories, and best practices
  • International Role: Signs MoUs with other countries to:
    • Share real-time cyber threat intelligence
    • Collaborate on incident response and recovery
    • Exchange knowledge on global cybersecurity practices

India’s Cybersecurity Ecosystem:

  • Institutional Framework:
    • National Critical Information Infrastructure Protection Centre (NCIIPC): Protects key sectors like telecom, banking, and power
    • National Cyber Coordination Centre (NCCC): Monitors real-time cyber threats across public and private domains
    • National Cyber Security Coordinator (NCSC): Ensures coordination across ministries and departments
    • Sector-Specific Response Teams (CSIRTs): For domains like finance (CSIRT-Fin), power (CSIRT-Power)
  • Legal and Policy Measures:
    • Information Technology Act, 2000: Core law for cybercrime and electronic governance
    • National Cyber Security Policy, 2013: Strategic vision for securing cyberspace
    • Digital Personal Data Protection Act, 2023: Ensures privacy, mandates breach reporting
    • Cyber Crisis Management Plan: Framework for cyber incident response in government agencies
  • Capacity Building Programs:
    • Pradhan Mantri Gramin Digital Saksharta Abhiyan (PMGDISHA): Promotes digital literacy in rural areas
    • Cyber Surakshit Bharat Initiative: Trains Chief Information Security Officers of public sector organisations
    • Indian Cyber Crime Coordination Centre (I4C): Multi-agency platform to handle cybercrimes
[UPSC 2017] In India, it is legally mandatory for which of the following to report on cyber security incidents? 1. Service providers 2. Data Centres 3. Body corporate Select the correct answer using the code given below:

Options: (a) 1 only (b) 1 and 2 only (c) 3 only (d) 1, 2 and 3*

 

Get an IAS/IPS ranker as your 1: 1 personal mentor for UPSC 2024

Attend Now

Subscribe
Notify of
0 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments

JOIN THE COMMUNITY

Join us across Social Media platforms.

💥UPSC 2026, 2027 UAP Mentorship - June Batch Starts
Talk To Mentor
💥UPSC 2026, 2027 UAP Mentorship - June Batch Starts
Talk To Mentor