Cyber Security Handbook

We organised "National Round table Conference on Cyber Risks for Corporates “on 20th November, 2019 TEC, New Delhi. The Conference discussed the draft of Cyber Risk Handbook for Corporate Boards of Directors/Stake Holders/Industries specifically adapted for India.

The draft of handbook and presentation made by Larry Clinton, Chairman Internet Security Alliance and seek your views in the matter and look forward for guidance please.

The conference was joined by various stakeholders of cyber security domain including followings:

  • Sh Shekhar Dutt, IAS (Retd.) Former Dy. NSA, Former Defence Secretary, Former Governor Chhattisgarh

  • Dr Larry Clinton, Chairman, Internet Security Alliance (ISA) USA

  • Dr Gulshan Rai, Former Advisor NCSC

  • Mrs Deepa Tyagi, Sr. DDG TEC, DOT, GOI

  • Sh. Deepak Yadav, IPS Addll. Deputy Commissioner of Police, Delhi

  • Sh. Narender Nath, Joint Secretary, NCSC, GOI

  • Sh. R Shakya, DDG Security, DOT, GOI

  • Sh. PK Singh, DDG (Telecom Security), TEC, DOT,GOI

  • Sh. Sanjeev Kumar, Director ( Tech) MTNL

  • Sh. Pavan Duggal, Advocate Cyber security

  • Sh. PK Malhotra, Former Secretary Law

  • Col. Inderjeet Brar, Director General, Cyber Security Association of India.

  • Sh Saket Modi, CEO Lucideus-Cyber Security

  • Dr Former Commondo of Defence Forces, Israel

  • Sh Jiten Jain, CEO, Voyager Infosec

  • Gen. Yosi Ben Hanan, Israel

  • Sh. Monish Chatrath, Managing Partner, MGC Global

  • Sh. Vineet Kumar, Former CTO, Jharkhand Police & Founder & President Cyber Peace FoundationCTO, Jharkhand Police

CYBER HANDBOOK DRAFTING COMMITTEE

Subsequent to the National Seminar, a Drafting committee has been constituted consisting of followings:

  • Sh. PK Singh, DDG (Telecom Security), TEC, DOT, GOI

  • Dr Gulshan Rai, Former Advisor NCSC

  • Sh. Pavan Duggal, Advocate Cyber security

  • Sh. PK Malhotra, Former Secretary Law

  • Col. Inderjeet Brar, Director General, Cyber Security Association of India.

  • Sh. Anil Praksh, President Telecom users Group.

  • Sh. Monish Chhatrath, Managing Partner, MGC Global

  • Sh. Vineet Kumar, Former CTO, Jharkhand Police & Founder & President Cyber Peace Foundation

If you are interested to contribute in drafting hand book, please inform by email.

WHY CYBER RISK HANDBOOK

The Cyber Risk Handbook envisages will be addressing the cyber security concerns of private industry as well as Government.

The principle challenges in protecting critical infrastructure are that much of it lies in private hands. Private companies are often governed by necessity, economic considerations, and not national security considerations. Government has economic issues but also non-economic issues affecting their risk tolerance – privacy, national security, ensuring government services – such as elections – are not disrupted. So private sector and industry cyber risk assessment is different – appropriately so.

However, in the cyber world we are all using the same system and in reality the private sector will is on the front lines of cyber conflict. So we must work together – government and industry globally – to find ways to improve risk assessment and management of these private (as well as government) organizations in our mutual self-interest.

ISA USA

TEMA CMAI has entered into a Memorandum of Understanding with the Internet Security Alliance to produce a Cyber Risk Handbook for Corporate Boards of Directors specifically adapted for India.

Over the past several years the ISA has produced a series of handbooks on cyber security specifically targeted to the needs and unique roles that corporate boards --- as opposed to corporate management -- have in promoting enhanced cyber security. One of the ISA's goals is to develop and promote a coherent and unified and effective conceptualization of cyber security at the board level announcing on a global basis since both modern business and modern cyber attacks are largely international in nature.

ISA has already collaborated and produced unified versions of this handbook for the US, UK, Germany, Latin America, and a pan-European edition. An additional version is under development for Japan. The format for the development of the handbooks is to use a recent version of the handbook produced in a USA/UK and discuss and deliberate and review the same among Corporates, Government officer, Cyber experts, industries, technocrats etc. A structured discussion will be held to ascertain appropriateness off the content for India and suggest changes to be incorporated to make it relevant for India.

GENERAL

Two items are particularly noteworthy about this. First, the handbooks have proven to be extremely popular with both industry and Government. Among the ISA partners who have assisted in developing and have endorsed and are promoting and distributing the previous handbooks are: The National Association of Corporate Directors (US), the US Department of Homeland Security, the US Department of Justice, The European Conference of Directors Associations, The Cyber Security Council of Germany, the German Government's Cyber Security Agency (BSI), The Organization of American States, and The Japanese Federation of Businesses.

Second, and perhaps more importantly, the Handbooks have been independently assessed and found to actually improve cyber security practice. Price Water House Coopers in their annual Global Information Security Survey reported that corporate boards are increasingly listening to the advice in these handbooks and that is leading to substantially increased cyber security budgets, improved risk management, closer alignment of cyber security and overall business goals and helping to create a culture of security in those organizations that use the handbook.