With cyber-security becoming a key concern both for corporates as well as individuals, data protection has assumed major importance. Kamlesh Bajaj, Chief Executive Officer, Data Security Council of India (DSCI) talks about the threats that Indian cyber space is prone to and DSCI’s initiatives to address this concern.
The council recently launched some security and privacy assessment frameworks for companies. DSCI is the focal body for data protection in India, set up as an independent self-regulatory organisation by Nasscom.
What kind of security threats is the Indian cyber space exposed to most commonly?
There are laws around the world which try to ensure that corporate data are protected and privacy of individuals is also protected. Security of data, privacy protection and cyber security are the three dimensions of Internet safety.
Indian cyber space is facing threats in all dimensions. India is exposed to all kinds of security threats - right from financial fraud to identity theft and hacker attacks. It is a common hacking tool to bypass all your security systems and steal data. For instance, if a travel site is exposed to a hacking attack, details of credit card payment can be retrieved by hackers.
What is DSCI doing to combat these threats?
DSCI is there to develop best practices, create more awareness, try to see that government comes up with laws which can be implemented, are not too intrusive and which can help industry apply them in such a way that the focus is on data security. Our focus at DSCI is developing such ways of working that help companies, government departments and others to retain the focus on security and implement it in such a manner that the data, whether personal or corporate, is fully protected.
Tell us something about the assessment framework released by DSCI.
We have just released a framework which is on assessment. It will help a company assess its security level and gauge what level of security is implemented. Assessment will help to measure implementation. We have independent frameworks for both security as well as privacy. For each of these, we develop a set of strategic and tactical guidelines and maturity criteria.
Although DSCI has created this framework, we do take inputs from industry advisory groups. It has taken a year to develop this framework. Any company can make use of this assessment and can do a self-assessment. Once they are fully implemented, they can do a third-party assessment.
Who is this third party assessment?
We are planning to set up a panel of auditors who will use our framework, our approach and then they can go as a third party. Some of the top chief security officers and others are on our advisory panel. The big four consulting firms will definitely be there on the panel – we will try to encourage others also. In the next two-three months, the panel will be ready. We are aiming to create an entire ecosystem for auditors and implementing them.
What about the threats associated with social media?
We are going to start an Internet safety campaign where we will be working with social media companies such as Google, Facebook and Microsoft.
With their help, we are launching a programme in January. The idea is to educate the youth and we’ll do it around campuses. Information has economic value, so we need to consciously understand what we share.