Government issues new cybersecurity guidelines
“To effectvly fight cybercrime, all companies n enterprises must mandatorily report cyber incidents to @IndianCERT, New #CyberSecurity directions for a #SafeAndTrusted Internet issued under Sec 70b of IT Act,” said Union Minister of state for Elec...
By Priyanka Sangani, ETtech | Updated:
ETtech
Pune: All companies and enterprises will mandatorily have to report all cyber incidents to the Indian Computer Emergency Response Team (CERT-In) as per new guidelines issued under Sec 70b of the IT Act.
This is in order to coordinate response activities as well as emergency measures with respect to cyber security incidents, CERT-In said in a statement.
All service providers, intermediaries, data centres, body corporate and Government organisations shall mandatorily enable logs of all their ICT systems and maintain them securely for a rolling period of 180 days within the Indian jurisdiction. “These should be provided to CERT-In along with reporting of any incident or when ordered / directed by CERT-In,” as per the guidelines. These rules will come into effect 60 days after being issued.
During the course of handling cyber incidents and interactions with the constituency, CERT-In has identified certain gaps causing hindrance in incident analysis. To address the identified gaps and issues so as to facilitate incident response measures, CERT-In has issued directions relating to information security practices, procedure, prevention, response and reporting of cyber incidents under the provisions of sub-section (6) of section 70B of the Information Technology Act, 2000. These directions will become effective after 60 days, as per a statement.
“To effectvly fight cybercrime, all companies n enterprises must mandatorily report cyber incidents to @IndianCERT, New #CyberSecurity directions for a #SafeAndTrusted Internet issued under Sec 70b of IT Act,” said Union Minister of state for Electronics and IT Rajeev Chandrasekhar on microblogging platform Twitter.
Other directives include synchronization of ICT system clocks, maintenance of logs of ICT systems; subscriber/customer registrations details by data centers, virtual private server (VPS) providers, VPN Service providers, Cloud service providers; KYC norms and practices by virtual asset service providers, virtual asset exchange providers and custodian wallet providers. The list of cyber incidents to be reported include data leaks and breaches, attacks on mobile apps, unauthorised access of IT systems and identify theft and phishing attacks.
This is in order to coordinate response activities as well as emergency measures with respect to cyber security incidents, CERT-In said in a statement.
All service providers, intermediaries, data centres, body corporate and Government organisations shall mandatorily enable logs of all their ICT systems and maintain them securely for a rolling period of 180 days within the Indian jurisdiction. “These should be provided to CERT-In along with reporting of any incident or when ordered / directed by CERT-In,” as per the guidelines. These rules will come into effect 60 days after being issued.
During the course of handling cyber incidents and interactions with the constituency, CERT-In has identified certain gaps causing hindrance in incident analysis. To address the identified gaps and issues so as to facilitate incident response measures, CERT-In has issued directions relating to information security practices, procedure, prevention, response and reporting of cyber incidents under the provisions of sub-section (6) of section 70B of the Information Technology Act, 2000. These directions will become effective after 60 days, as per a statement.
“To effectvly fight cybercrime, all companies n enterprises must mandatorily report cyber incidents to @IndianCERT, New #CyberSecurity directions for a #SafeAndTrusted Internet issued under Sec 70b of IT Act,” said Union Minister of state for Electronics and IT Rajeev Chandrasekhar on microblogging platform Twitter.
Other directives include synchronization of ICT system clocks, maintenance of logs of ICT systems; subscriber/customer registrations details by data centers, virtual private server (VPS) providers, VPN Service providers, Cloud service providers; KYC norms and practices by virtual asset service providers, virtual asset exchange providers and custodian wallet providers. The list of cyber incidents to be reported include data leaks and breaches, attacks on mobile apps, unauthorised access of IT systems and identify theft and phishing attacks.
ADVERTISEMENT
Download
The Economic Times Business News App for the Latest News in Business, Sensex, Stock Market Updates & More.
The Economic Times Business News App for the Latest News in Business, Sensex, Stock Market Updates & More.
Download
The Economic Times News App for Quarterly Results, Latest News in ITR, Business, Share Market, Live Sensex News & More.
The Economic Times News App for Quarterly Results, Latest News in ITR, Business, Share Market, Live Sensex News & More.
Related Articles
Explained: What the AI cybersecurity guidelines endorsed by the US, UK and 16 other countries entailADVERTISEMENT
