Upcoming Events Data Privacy Day28 January, 2013

Mumbai Cyber Safety MonthJanuary, 2013

Internet Safety Campaign February, 2013

Our Vision

Harness data protection as a lever for economic development of India through global integration of Practices and standards conforming to various legal regimes.

Our Mission

To create trustworthiness of Indian companies as global sourcing service providers, and to assure clients worldwide that India is a secure destination for outsourcing where privacy and protection of customer data are enshrined in the global best practices followed by the industry.

Our Objectives

4Public Advocacy on Data Protection and Cyber Security

4Capacity Building on Security land Privacy

4Thought Leadership through Best Practices

4Independent Oversight for Assurance & Dispute resolution through ADR towards Self-Regulation

4Cyber Crime Speedier Trial through training of Law Enforcement Agencies and Judiciary

DATA SECURITY COUNCIL OF INDIA A Initiative

DSCI NEWS Q U A RT E R LY N E W S L E T T E R O F D ATA S E C U R I T Y CO U N C I L O F I N D I A

October - December 2012 Vol. 3 No.4

Message from CEO

DSCI Corporate Membership is open

Visit: http://www.dsci.in/taxonomypage/105

At the onset of the New Year, I thank you for your constant support and encouragement in DSCI endeavors for establishing a strong security regime in India. In the last

quarter, DSCI continued to engage with the Indian government on very important policy issues in the areas of cyber security, privacy, internet governance and IT Act. The level of engagement with the European Union vis-à-vis adequacy of India as a data secure country has significantly increased with the visit of EU delegation to India and event organized by NASSCOM-DSCI in Brussels. DSCI's flagship event - The Annual Information Security Summit 2012 witnessed enthusiastic participation from the security community. With the release of DSCI Assessment Frameworks for Privacy and Security at this year's Summit, another major milestone has been achieved. These assessment frameworks will help gauge organizational security and privacy practices. As a next step, we aim at building an assessment ecosystem, in partnership with consulting and auditing firms, leading to DSCI certification. I solicit your support in adopting these frameworks within your organizations, sharing your experiences and highlighting the improvement areas. I am sure that the adoption of these frameworks will help you mature privacy and security practices in your organization and provide assurance to your external stakeholders through DSCI certification..

Dr. Kamlesh Bajaj

Position paper on proposed EU Data Protection Regulation

DSCI has developed a position paper on proposed EU Data Protection Regulation, highlighting key issues in the proposal pertaining to outsourcing industry. CEO, DSCI along with NASSCOM visited Brussels to meet key policy makers and other stakeholders and apprised them on DSCI's position on the proposed EU Data Protection Regulation. A special data protection event was also organized by DSCI and NASSCOM in Brussels for this purpose.

Views on the Issue of Internet Governance

DSCI communicated its views on the issue of Internet Governance to the government in a meeting organized by the government under the Chairmanship of Mr. Kapil Sibal, Honb'le Minister for Communications and IT, for industry consultation on India's position at World Conference on International Telecommunications (WCIT), Dubai. CEO, DSCI emphasized that the Internet should not be regulated by the governments through UN and ITU's mandate should be limited to telecommunication, while democratization of Internet Governance is essential.

Participation in Cyber Regulation Advisory Committee - Views on Sec 66A & 79 of the IT (Amendment) Act, 2008

CEO, DSCI attended the meeting of Cyber Regulation Advisory Committee Chaired by Mr. Kapil Sibal, Honb'le Minister for Communications and IT and conveyed DSCI views on section 66A of the IT (Amendment) Act, 2008 emphasizing on the need to provide guidance with respect to interpretation of 66A, keeping Indian context in view. He requested the government to issue a clarification that BPO, Cloud Service providers and Banks should not be treated as intermediaries under sec 79 and rules there under.

Public AdvocacyEngagement with National Security Council Secretariat

The permanent Joint Working Group (JWG) for Public-Private Partnership in Cyber Security has been constituted by the government under the Chairpersonship of Ms. Latha Reddy, Deputy National Security Advisor (Dy NSA), with representation from various government agencies and departments and industry associations. This is the first step towards implementation of recommendations of the report - 'Engagement with Private Sector on Cyber Security' which was released by Mr. Shiv Shankar Menon, NSA in October, 2012. In accordance with the decisions taken during the first meeting, four sub-groups have been formed with wider participation from government and the industry. CEO, DSCI has been assigned the role of the overall industry coordinator and he will also chair the sub-group on Vulnerabilities in Critical Information Infrastructure.

Indo- EU Negotiations for Adequacy Status

As part of the Indo-EU negotiations for declaring India as an adequate country for data protection, a high level EU delegation led by DG Justice visited India to do consultations with key stakeholders and to take a firsthand view of the data protection practices implemented by the IT/BPO industry. DSCI led the discussion with the EU delegation enlisting the support from the key players in the IT/BPO industry and presented the salient features of the IT (Amendment) Act, 2008 and how it meets the EU adequacy requirements. DSCI also presented a white paper on EU adequacy assessment of India, which evaluates the adequacy of India's data privacy regime in the light of the 'third country' assessment mandated under Article 25 of the EU Data Protection Directive.

2

White Paper

Position Paper

Position Paper

Thought LeadershipDSCI Assessment Frameworks released

DSCI Assessment Frameworks for Security and Privacy were released at the NASSCOM-DSCI Annual Information Security Summit 2012 by Mr. N Chandrasekaran, Chairman, NASSCOM and CEO, TCS.

In August 2009 the first version of DSCI Best Practices Approach was ©unveiled. Both - the DSCI Privacy Framework (DPF) and the DSCI

©Security Framework (DSF) were released by the end of December 2010. Even though the frameworks are complete, and have been shared extensively with analysts, large companies, Big4 consulting firms, military organizations, and interested wings of governments in India and abroad - with positive feedback on their refreshing approach, the absence of assessment framework was felt as a hindrance to the use of maturity criteria. DSCI has now developed the assessment frameworks with the support and guidance of experts from the industry, consulting firms and user organizations who provided the benefit of their experience and expectations.

Inputs and feedback from the members of the Privacy Assessment Advisory Group (PAAG) & Security Assessment Advisory Group (SAAG) helped DSCI finalize the approach to develop the Assessment

Frameworks. DSCI adopted two distinct approaches for Privacy Assessment - one that is based on DPF© and helps assess organizational competence in privacy and the other one that focuses on assessment based on global privacy principles. The security assessment framework is primarliy based on DSF© and focuses on assessment resulting in maturity for each security discipline.

As a next step, DSCI will be developing an ecosystem in consultation with the consulting and auditing firms.

To know more write to

3

assessment@dsci.in

DSCI in partnership with Cisco has launched the Security Thought Leadership Program for the benefit of Security Community and Leadership in India. The program envisages development of collaborated content and engagement of security community and leadership for informed, meaningful, enriching discussions as part of this nine month engagement. It aims at providing guidance to the industry through reference architectures, Best Practices and Case studies.

DSCI aims to leverage this collaboration with CISCO and provide insights into the rapidly changing threat landscape bringing focus on the next generation security capabilities available to effectively counter the ever growing dynamic environment and advance persistent threats

For more information on the DSCI- CISCO thought leadership program register at

or write to

Security Thought Leadership Program

DSCI – CISCO

RE-INVENTING THE NETWORK IN THE CONTEXT OF SECURITY

Virtuali-zation

BYODCloud &Mobility

Self-healing policy

governed network

InformationSecurity

Compliance

SecurityGovernance

EnterpriseSecurity

Intelligence &situationalawareness

Content,Context &

App Aware

nfor I mfo an tio oi nta Tsi er ce hnm ou ls on go yC

etwN of ro k n So ei ct uul rio tv yE

e oc fn De og mre av in no sC

http://www.dsci.in/security-thought-leadership

thoughtleadership@dsci.in

Security and Privacy Standards Development at ISO

DSCI, through Bureau of Indian Standards (BIS), participated in nd ththe ISO SC 27 meetings in Rome from 22 Oct – 26 Oct'12.

Several security and privacy standards are under development /revision at ISO, including Cloud Security, Incident Management, Application Security, Network Security, Disaster Recovery, Investigation methods, Digital Forensics, Industry vertical specific ISMS, Privacy Capability Maturity Model, Privacy Architecture, Codes of Practice for Data Protection in Public Cloud, Privacy Impact Assessment, Privacy Seals and others. India, being the participating member country at ISO also has an obligation to vote on different standards.

DSCI invites organizations and individuals to become part of this standard development process and contribute in shaping the future. To know more about ISO standards development process and contribution, please write to

NASSCOM GIC Project on Study of Regulatory Readiness in the banking sector

DSCI has taken a lead to work with NASSCOM on Global Inhouse Centres (GIC) project to study regulatory readiness of global

NASSCOM SSC (Sector Skill Council) on Occupational Standards for Cyber Security

DSCI is leading the development of Occupational Standards (OS) for cyber security under NASSCOM SSC with the help of experts from the industry. NASSCOM has set up the SSC, in partnership with the National Skill Development Council (NSDC), to fulfill the growing need for skilled manpower across sectors and to narrow the existing gap between demand and supply of skills- generic and domain specific.

banks who have established back office operations in India. The study is being done to analyze the preparedness of the Indian operations to meet the current regulatory requirements in US, UK and Singapore.

First PRSG Meeting for the e-Security Index project awarded by DeitY

The first Project Review & Steering Group (PRSG) meeting of the e-Security Index project was held at DSCI office under the Chairmanship of Prof. N. Ramani, National Institute of Advance Studies. The PRSG comprises senior officials from DeitY and Professors from FMS, Delhi. DSCI project team briefed the PRSG members on the progress made on the project and presented the completed deliverables – outcomes of the study of similar existing models or frameworks developed internationally and the high level structure of the e-security index framework. The e-Security index is based on three sub-indexes – National, Sectoral and Citizen. Each sub-index is further divided into number of parameters, sub-parameters and indicators. PRSG members advised the DSCI project team on the next steps of the projects and associated complexities.

Membership of India Smart Grid Forum (ISGF)

India Smart Grid Forum (ISGF) is promoted by Ministry of Power, Government of India. DSCI has joined the ISGF as a member of the Working Group on cyber security. The objectives of the working group is to-develop smart grid cyber security requirements in Indian context, propose a risk assessment framework to evaluate the risk of each smart grid component throughout its lifecycle, develop a cyber security approach and checklist useful for utilities, propose risk mitigation measures and suggest regulatory and policy measures for security and privacy issues.

5

Call for Contribution !

Rahul.jain@dsci.in

EVENTS ORGANIZED BY DSCI

Annual Information Security Summit 2012 organized in Mumbai

The Annual Information Security Summit 2012 (AISS12) was organized at Taj Lands End, Mumbai on 11-12 Dec. Mr. N Chandrasekaran, Chairman, NASSCOM and CEO, TCS inaugurated the Summit and emphasized on the growing importance of information security and privacy in the era of information technology. This year the summit witnessed over 400 participants - CIOs, CTOs, CISOs, Risk Management, Security and Privacy professionals, auditors and Consultants and others from Government, IT / BPO /ITeS, Telecom, PSUs, Energy and BFSI.

The 2-day Annual Information Security Summit provided the platform for addressing the current security challenges, trends in the security, broad subjects including National Security, Cyber Crimes and Cyber Security. With the support of over 35 organizations, AISS12 featured various sessions and roundtables that provided guidance on contemporary and evolving approaches to the security challenges faced by different industry verticals. To highlight contemporary security technologies and solutions , the Summit had Exhibition Pavilion, Product Launches, and Technology Demonstrations, where the solution providers got the opportunity to address distinguished group of audience with their set of offerings and also connect with their peers across industry.

The AISS12 summoned the participants to discuss on broader subjects like Cyber Diplomacy, Cyber Crimes, Business Responsibility in Information Age together with celebrating the success of women in the field of security through a special session that was chaired by Ms. Latha Reddy, Deputy National Security Advisor (Dy. NSA).

Prior to the 2-day summit a Workshop on IT (Amendment) Act, 2008 was conducted to sensitize the corporate about the provisions of the act focused on data protection and privacy, liability of intermediaries, cyber crimes, etc. The workshop was attended by senior leaders from the industry and government organizations including PSUs.

Industry Outreach & Awareness

6

235Organizations

35Sponsors

76Speakers

452 Participants

MD/CEO/ED32

Middle Mgmt& others79

CXO/GM96

Heads132

Audit & RiskPrivacy & Data ProtectionFraud Risk Mgmt & Outsourcing

Consulting

IS & TechnologyMarketing & SalesOperations

LegalInvestigations

P A R T I C I P A T I O N B R E A K - U P

7

DSCI Excellence Awards Ceremony organized on the sidelines of AISS12

DSCI every year, through Excellence Awards, honors organizations and individuals who have implemented robust, effective and resilient security programs and law enforcement agencies for exemplary efforts in capacity building and cyber crime investigations. Starting this year, DSCI Excellence Awards has become an integral part of the Information Security Summit, and both the corporate and law enforcement awards were presented together.

The awards were given away to the winners by Ms Latha Reddy, Dy NSA in the presence of Mr. Som Mittal, President, NASSCOM, Dr. Kamlesh Bajaj, CEO, DSCI, Jury members - Dr. Ganesh Natarajan, Mr. Loknath Behera and Mr. Nandkumar Sarvade, Sponsors of the awards - Mr. John Samuel, Country Manager, Verizon, Mr. Kartik Sahani, Country Manager, RSA, Mr. Jack Cristin, Junior, Associate General Counsel, Global Asset Protection, eBay and Mr. Parameshwaran Nath, Head- Corporate Affairs, eBay. The awards evening was attended by senior industry leaders and police officials. This year, 78 nominations were received in 10 categories in the corporate segment and 17 nominations in 2 categories of law enforcement segments that includes India Cyber Cop of the Year and Excellence in Capacity Building of Law Enforcement Agencies.

The jury for corporate awards included:Dr Ganesh Natrajan, Vice Chairman & CEO, Zensar Technologies Mr S Sambamurthy, Director, Institute for Development and Research in Banking TechnologyMr. Kersi Tavadia, CIO, BSE Ltd.Mr. B K Syngal, Ex-Chairman and Managing Director, VSNLProf. Asim K Pal, Management of Information Systems Department, IIM Calcutta; andProf M P Gupta, Department of Management Studies, IIT Delhi.

The jury for the law enforcement awards included: Mr Loknath Behera, IGP, NIAMr Pratap Reddy, IGP, Western Range, KarnatakaMr Nandkumar Saravade, Citi Security and Investigative Services, South AsiaMr Vakul Sharma, Advocate, Supreme Court.

PricewaterhouseCoopers was the process partner for the awards.

4

4

4

4

4

4

4

4

4

4

DSCI conferred a special award - 'Visionary Leadership in Cyber Crime Investigation' on Mr. Loknath Behera, Inspector General of Police (Operation & Co-ordination), National Investigation Agency for his distinguished achievements and exemplary contributions in the field of cyber crime investigation.

8

"The threat environment is getting worse. As our dependence on

cyberspace increases, especially that of critical infrastructures, our vulnerability to cyber attacks increases.

Security preparedness is essential for organizations. On one hand we must aim to reduce vulnerabilities in our systems and processes, and on

the other hand we must keep a vigilant eye and adopt latest security practices and technologies to safeguard against the perennial & evolving threats. Therefore, it is important to recognize, honor and reward

organizations and individuals who have implemented strong, effective and resilient security programs to help the organizations address

real risks, build resilience, increase trustworthiness and create a conducive environment for doing

business.” Dr. Kamlesh Bajaj

Corporate segment Law Enforcement Segment, supported by eBay

DSCI Excellence Awards for Security, supported by Verizon

DSCI Excellence Award for Capacity Building of Law Enforcement Agencies

Karnataka Police44 Security in Bank: HDFC Bank Ltd.

4 Security in Telecom: Aircel Ltd.

4 Security in e-Governance: Central Board of Excise & Customs (CBEC)

4 Security in IT Services - Large: Tech Mahindra Ltd.

4 Security in IT Services - SME: Ugam Solutions Pvt. Ltd.

4 Security in Global BPO - Genpact Ltd.

4 Security in Captive BPO - ADP Pvt. Ltd

DSCI Excellence Award for Privacy: IBM Daksh Business Process Services Pvt Ltd

DSCI Excellence Award for Emerging Information Security Product Company: Pawaa Software

DSCI Excellence Award: Security Leader of the Year, supported by RSA

4 Mr Vishal Salvi, HDFC Bank Ltd (Banking Industry)

4 Mr. Pankaj Agrawal, Aircel Ltd (Telecom Industry)4 Col. Arun Kumar Anand, NIIT Technologies (IT Industry)

4 Ms. Nandita Mahajan, IBM Daksh Business Process Services Pvt Ltd (BPO Industry)

DSCI Excellence Award: India Cyber Cop of the Year

Dr. Triveni Singh, DSP, Cyber Crime Cell- Noida, UP Police4

9

Winners of the DSCI Excellence Awards 2012

Roundtable on National Cyber Security Initiatives at IIT Delhi

CEO, DSCI was invited at Department of Management Studies, IIT Delhi to speak on India's concern and challenges on cyber security. The conference was aimed at providing a contemporary solution to formulate a mechanism that involved Industry and academia in the national cyber security Initiatives. Other eminent speaker at the event were Mr. B. J. Srinath, Sr. Director, CERT-In, Mr. Ram Narain, Deputy Director General (Security), Department of Telecom, Brig. A. Ghosh, Director, National Security Council, Mr. Art Gilliland, Senior VP- Enterprise Security, HP and Prof. MP Gupta, Department of management Studies, IIT Delhi. Regulations for social media organized by VIPS

Mr. Vinayak Godse, Director, DSCI was invited to a panel discussion at the inauguration of Annual Media Fest at VIPS- Vivekananda Institute of Professional Studies, an institute affiliated to Indraprastha University, New Delhi. The discussion was held on effects of rules, regulations /laws for social media. The co-panelists for the session were Mr. Madhavan Narayanan, Senior Editor, Hindustan Times, Mr. Soutik Biswas, Online Editor, BBC South East Asia and Mr. Shivam Vij, Organizer, Kafila.

Indo-French Seminar on Applications of Identification Technologies

The French Trade Commission in India organized an Indo-French Seminar of Applications of Identification Technologies in New Delhi. The seminar provided a platform for interaction between the French identification technology providers and buyers in India. Mr. Rahul Jain, Sr Consultant, DSCI participated and made a presentation emphasizing the implications of identification technologies on privacy. He highlighted the key privacy concerns in identification technologies and recommendations to address the same.

Cloud Computing Program organized by IDRBT

Mr. Rahul Sharma, Consultant, DSCI delivered a lecture at program organized by IDRBT for IIBF & Banking Professionals, on Cloud Computing. He emphasized on how cloud security concerns need to be taken into consideration while evaluating and adopting cloud services. He briefed the audiences on various standards and frameworks for evaluating cloud services and the provisions of the Indian legal regime that impact cloud services.

EVENTS ORGANIZED BY OTHER ORGANIZATIONS / ENTITIES

National Conference of CISOs of Critical Sectors of Government organized by NCIIPC

CEO,DSCI delivered a talk on the role of private enterprises in the protection of Critical Information Infrastructure at the first National Conference of Chief Information Security Officers of Critical Sectors of Government organized by National Critical Information Infrastructure Protection Center (NCIIPC), NTRO in New Delhi . He highlighted different public-partnership models in areas of testing & accreditation of ICT products, Security Audits and Testing, Capacity Building of Law Enforcement Agencies. He detailed the role of government and private sector in each of these areas.

The conference was inaugurated by Mr. Shiv Shankar Menon, National Security Advisor, in the presence of senior government officials from various Ministries, Defense, Police and other government organizations. The conference also featured presentations and panel discussions on the protection of critical information infrastructure by senior officials from NTRO, Power Grid, Indian Railways, Airport Authority of India, National Stock Exchange, Nuclear Power Corporation of India, IDRBT, among others. The conference featured outcomes of several research and development projects undertaken by various organizations or agencies in the field of security. The valedictory address was delivered by Dr. R. Chidambaram, Principal Scientific Advisor to the Government of India.

South Asia Workshop organized by United Nation Office on Drugs and Crimes (UNODC)

Mr. Vikram Asnani, Sr. Consultant, DSCI, participated and delivered a session on how private sector collaboration can counter the misuse of the Internet for terrorist purposes. The two day workshop was organized by UNODC to generate awareness among the nations against terrorism. The workshop witnessed discussions on various legislative actions, policies and prosecution issues. The participants from Europe and Asia including India also discussed on how collaboration between nations and private organizations can counter the misuse of the Internet for terrorism purposes.

10

Capacity Building

4

4

PROGRAMS ON CYBER CRIME INVESTIGATION AND CYBER FORENSICS

DSCI Cyber Forensics Forum

DSCI Cyber Forensic Forum has been established to assist the law enforcement agencies in investigation of cybercrime cases related to digital evidence handling. The forum's key objectives include working towards capacity building, investigation and guidance, technical know-how and policy recommendations on Best Practices on cyber forensics.

Key stakeholders other than DSCI and NASSCOM are Government Agencies including Law Enforcement Agencies, Judiciary/ Lawyers and Cyber Forensics Companies.

Training Programs

DSCI is actively engaged to impart training to Law Enforcement and other government agencies

5-day advanced training on Cyber Crime course was conducted for police officials working at the Pune Cyber Crime cell.Short course on cyber crime and cyber laws was conducted for Corps of Military Police. 31 officers participated in the workshop.

Outreach Programs

DSCI continue to promote awareness on cyber crimes and cyber laws through events.

DSCI Events

1-day workshop for Web hosting vendors and resellers at Bangalore Cyber Lab, Officials from Directi , Mumbai delivered the sessions. 21 police officers attended the workshop. 2 Cyber Crime Awareness workshops in Gujarat & Chandigarh conducted as a part of Cyber Crime Awareness Project awarded by DeitY. Over 350 Police officials participated at the workshops.

Other Events

Lecture on Cyber crimes at Sardar Vallabh Bhai Patel National Police Academy, Hyderabad. Session on prevention of IT frauds in Indian railways at the Vigilance Department of Indian Railways, Bangalore.

Session on cyber law and cyber crime at the annual Location Security Heads Meet, conducted by Wipro. The meet witnessed participation of 20 security heads from across India.

4

4

4

4

4

11

12

DSCI in News and Social Media

We will work with social media firms for Net safety: Data Security chief

Experts Demands Information Technology Act Change

Cyber police gets NASSCOM awards

NASSCOM-DSCI Summit attendance reaffirms growing interest in data security

Cloud and mobile: A nightmare for security?

DSCI honors organizations, individuals for undertaking excellent security initiatives

DSCI Assessment Frameworks for Security And Privacy Released

Award for CID cyber crime police

NASSCOM - DSCI Summit focuses on data security challenges

NASSCOM-DSCI host Information Security Summit 2012

DSCI Annual Information Security Summit Begins

India Inc faces internal threat

13

DSCI is a focal body on data protection in India, set-up as an independent Self?Regulatory Organization (SRO) by NASSCOM®, to promote data protection, develop security and privacy best practices & standards and encourage the Indian industries to implement the same.

DSCI is engaged with the Indian IT/BPO industry, their clients worldwide, Banking and Telecom sectors, industry associations, data protection authorities and other government agencies in different countries. It conducts industry wide surveys and publishes reports, organizes data protection awareness seminars, workshops, projects, interactions and other necessary initiatives for outreach and public advocacy. DSCI is focused on capacity building of Law Enforcement Agencies for combating cyber crimes in the country and towards this; it operates several cyber labs across India to train police officers, prosecutors and judicial officers in cyber forensics.

Public Advocacy, Thought Leadership, Awareness and Outreach and Capacity Building are the key words with which DSCI continues to promote and enhance trust in India as a secure global sourcing hub, and promotes data protection in the country.

About DSCI

Editorial Board

Priti VandanaManager - Marketing & Communications, DSCI

Rahul JainSr. Consultant, DSCI

Data Security Council of India Niryat Bhawan, 3rd Floor, Rao Tula Ram Marg,New Delhi - 110057, IndiaPhone: +91-11-26155070, Fax: +91-11-26155071Email: info@dsci.in, Website:

14

www.dsci.in

http://www.linkedin.com/groups?gid=1846736&trk=hb_side_g

http://twitter.com/DSCI_CONNECT

http://www.facebook.com/DSCI.CONNECT