Cyber Security Handbook

Cyber Risk Handbook for Corporate Board of Directors


NCSAI TEMA CMAI organised "National Round table Conference on Cyber Risks for Corporates on 20th November, 2019 at was held at Manak, Telecom Engineering Centre (TEC), Department of Telecommunications, Govt. of India. The Conference discussed the draft of Cyber Risk Handbook for Corporate Boards of Directors/Stake Holders/Industries specifically adapted for India.

The draft of handbook and presentation was made by Larry Clinton, Chairman Internet Security Alliance, USA and stakeholders consultations held.

NCSAI TEMA CMAI has entered into a Memorandum of Understanding with the Internet Security Alliance (ISA) USA to produce a Cyber Risk Handbook for Corporate Boards of Directors specifically adapted for India.


Over the past several years the ISA has produced a series of handbooks on cyber security specifically targeted to the needs and unique roles that corporate boards --- as opposed to corporate management -- have in promoting enhanced cyber security. One of the ISA's goals is to develop and promote a coherent and unified and effective conceptualization of cyber security at the board level announcing on a global basis since both modern business and modern cyber-attacks are largely international in nature.


ISA has already collaborated and produced unified versions of this handbook for the US, UK, Germany, Latin America, and a pan-European edition. An additional version is under development for Japan. The format for the development of the handbooks is to use a recent version of the handbook produced in a USA/UK and discuss and deliberate and review the same among Corporates, Government officer, Cyber experts, industries, technocrats etc. A structured discussion was held to ascertain appropriateness of the content for India and suggest changes to be incorporated to make it relevant for India.


Two items are particularly noteworthy about this. First, the handbooks have proven to be extremely popular with both industry and Government. Among the ISA partners who have assisted in developing and have endorsed and are promoting and distributing the previous handbooks are: The National Association of Corporate Directors (US), the US Department of Homeland Security, the US Department of Justice, The European Conference of Directors Associations, The Cyber Security Council of Germany, the German Government's Cyber Security Agency (BSI), The Organization of American States, and The Japanese Federation of Businesses.


Second, and perhaps more importantly, the Handbooks have been independently assessed and found to actually improve cyber security practice. Price Water House Coopers in their annual Global Information Security Survey reported that corporate boards are increasingly listening to the advice in these handbooks and that is leading to substantially increased cyber security budgets, improved risk management, closer alignment of cyber security and overall business goals and helping to create a culture of security in those organizations that use the handbook.


The Cyber Risk Handbook envisages will be addressing the cyber security concerns of private industry as well as Government.

The principle challenges in protecting critical infrastructure are that much of it lies in private hands. Private companies are often governed by necessity, economic considerations, and not national security considerations. Government has economic issues but also non-economic issues affecting their risk tolerance – privacy, national security, ensuring government services – such as elections – are not disrupted. So private sector and industry cyber risk assessment is different – appropriately so.

However, in the cyber world we are all using the same system and in reality the private sector will is on the front lines of cyber conflict. So we must work together – government and industry globally – to find ways to improve risk assessment and management of these private (as well as government) organizations in our mutual self-interest.


The conference was joined by various stakeholders of cyber security domain including followings:


§   Sh Shekhar Dutt, IAS (Retd.) Former Dy. NSA, Former Defence Secretary, Former Governor Chhattisgarh

§   Dr Larry Clinton, Chairman, Internet Security Alliance (ISA) USA

§   Dr Gulshan Rai, Former Advisor NCSC

§   Mrs Deepa Tyagi, Sr. DDG TEC, DOT, GOI

§   Sh. Deepak Yadav, IPS Addll. Deputy Commissioner of Police, Delhi

§   Sh. Narender Nath, Joint Secretary, NCSC, GOI

§   Sh. R Shakya, DDG Security, DOT, GOI

§   Sh. PK Singh, DDG (Telecom Security), TEC, DOT,GOI

§   Sh. Sanjeev Kumar, Director ( Tech) MTNL

§   Sh. Pavan Duggal, Advocate Cyber security

§   Sh. PK Malhotra, Former Secretary Law

§   Col. Inderjeet Brar, Director General, Cyber Security Association of India.

§   Sh Saket Modi, CEO Lucideus-Cyber Security

§   Dr Former Commondo of Defence Forces, Israel

§   Sh Jiten Jain, CEO, Voyager Infosec

§   Gen. Yosi Ben Hanan, Israel

§   Sh. Monish Chatrath, Managing Partner, MGC Global

§   Sh. Vineet Kumar, Former CTO, Jharkhand Police & Founder & President Cyber Peace

FoundationCTO, Jharkhand Police


A Drafting committee was constituted consisting of followings:


§   Sh. PK Singh, DDG (Telecom Security), TEC, DOT, GOI

§   Dr Gulshan Rai, Former Advisor NCSC

§   Sh. Pavan Duggal, Advocate Cyber security

§   Sh. PK Malhotra, Former Secretary Law

§   Col. Inderjeet Brar, Director General, Cyber Security Association of India.

§   Sh. Anil Praksh, President Telecom users Group.

§   Sh. Monish Chhatrath, Managing Partner, MGC Global

§   Sh. Vineet Kumar, Former CTO, Jharkhand Police & Founder & President Cyber Peace


About CMAI

CMAI Association of India is apex premier and foremost non-profit trade promotion organization based in India with 54 MOU partners spread across the globe and 48,500 members. CMAI is prominent trade association promoting growth in education, communications, manufacturing trade sector through Legislative and Regulatory Advocacy, Research, Exhibitions, Trade shows, Conferences and Seminars, Technology events, Buyers-Sellers Meets B2B meetings promotion and fostering business and strategic relationships.

Past and Present Partners-

Central Board of Secondary Education (CBSE), All India Council Technical Education (AICTE), Ministry of Human Resources and Development (MHRD), Commonwealth Telecommunication Organization (CTO-UK), Department of Telecommunication (DOT) Govt. of India, Ministry of Micro Small & Medium Enterprises (MSME), Ministry of New and Renewable Energy (MNRE), Association of Indian Universities(AIU), National Internet Exchange of India (NIXI), National Institute of Electronics & Information Technology (NIELIT), ITU-APT Foundation, Geneva/India, Telecom Export Promotion Council (TEPC) etc.