Eshield IT Services holds a strong reputation as one of the top cyber security service providers in India. Our primary focus is to aid IT Security firms in India by safeguarding their invaluable assets. This encompasses customer data, financial transactions, proprietary information, and privileged identity and access management. Moreover, our holistic approach to cyber security involves the implementation of comprehensive measures. Thus, guaranteeing the security and availability of systems and networks. By doing so, we effectively minimize the risk of cyber attacks and potential disruptions to business operations. Through a partnership with Eshield IT Services, businesses in India can effectively mitigate financial losses and establish a robust defense against ever-evolving cyber threats. We offer suitable threat hunting steps as part of our services.
The Indian Computer Emergency Response Team (CERT-In) is responsible for administering the IT Act of 2000. This act was passed by the Indian Parliament to regulate Indian cybersecurity legislation, institute data protection rules, and govern cybercrime. CERT-In plays a crucial role in safeguarding various sectors such as e-governance, e-banking, e-commerce, and the private sector.
India lacks a unified cybersecurity law. However, it promotes cybersecurity standards through the IT Act and a variety of sector-specific rules. Also, these measures establish a legal foundation for India’s essential information infrastructure.
Eshield Provides a wide range of cyber security services to our Indian clients including but not limited to:
-
Comprehensive Cyber Security Framework for Primary (Urban) Cooperative Banks (UCBs) – A Graded Approach:
Navigating risk in the urban banking context is the most important topic for any security and compliance boardroom today. However, the development of digital technology has made preparing for potential cyber attack simulations more challenging, particularly as the financial landscape evolves. Thus, it is crucial for banks in metropolitan areas to be aware of the expanding panorama of cyber dangers. In response, the Reserve Bank of India (RBI) has recommended extensive cyber security controls for primary (Urban) Cooperative Banks (UCBs). These controls follow a graded approach. The goal of this document is to emphasize the framework and annexures outlined in the Reserve Bank of India’s new recommendations on the Comprehensive Cyber Security Framework for Primary (Urban) Cooperative Banks (UCBs). Reference -
Guidelines for Protection of Critical Information Infrastructure:
The 2008 Recommendation reflects a shared understanding of the concept of Critical Information Infrastructures (CII) and how national CII are identified across countries. It calls for the introduction and maintenance of effective policy frameworks to implement the OECD Security Guidelines for the protection of CII. Moreover, it also makes recommendations at the domestic level and across borders regarding the protection of CII. Also, one of the key focuses is on how governments should demonstrate leadership and commitment regarding CIIP. They are expected to manage risks to CII and work in partnership with the private sector. Additionally, the Recommendation emphasizes the need for bilateral and multilateral cooperation at regional and global levels. This includes sharing knowledge and experience, developing a common understanding, and exchanging information. Reference -
Guidelines on Information and Cyber Security for Insurers:
Cybercriminals may exploit information obtained from regulated entities for financial gain, engaging in activities such as extortion, identity theft, or misappropriation of intellectual property. Consequently, these criminal actions pose a severe threat to affected policyholders and can result in reputational damage for participants in the insurance sector. Likewise, malicious cyber-attacks targeting critical systems of insurers and Insurance Intermediaries can disrupt their business operations. These security-related concerns have the potential to erode public confidence and expose insurers to reputation risks. Therefore, it is crucial to implement a uniform framework for security information management tools and cyber security in insurers. Regulated entities should establish an in-built governance mechanism to address these security-related issues regularly. Reference -
National Cyber Security Policy:
The “National Cyber Security Policy” has been prepared in consultation with all relevant stakeholders, user entities, and the public. The objective of the policy is to facilitate the creation of a secure passwords and computing environment, foster trust and confidence in electronic transactions, and provide guidance for stakeholders in protecting cyberspace. Reference -
Guidelines on Cyber Security in Power Sector:
All stakeholders are required to meet these Guidelines, which place emphasis on establishing cyber hygiene, providing Cyber Security training to IT and OT Personnel, and designating Cyber Security Training Institutes and Cyber Testing labs within the country. Furthermore, the Guidelines also mandate the procurement of ICT-based products from identified “Trusted Sources” and “Trusted Products”. If a product does not fall into these categories, it must undergo testing for Malware/Hardware Trojan before deployment in the power supply system network. This requirement will be implemented once the system for trusted products and services is in place. Additionally, the Guidelines aim to encourage research and development in cyber security companies and facilitate the establishment of Cyber Testing Infrastructure in both the Public and Private Sectors. Reference -
Master Direction – Information Technology Framework for the NBFC Sector:
On February 18, 2021, the Master Direction regarding security measures for digital payments was published. These security rules are applicable to regulated companies such as scheduled commercial banks, payment banks, small finance banks, and NBFCs that issue credit cards. To ensure secure digital payments, customers can utilize RBI DPSC. The Master Direction encompasses various areas, including Governance and Risk Management, Generic Security Controls, Application Security Life Cycle (ASLC), Authentication Framework, Fraud Risk Management, Reconciliation Mechanism, Consumer Protection, Awareness, and Grievance Redressal Mechanism. It also includes specific controls related to Internet Banking, Mobile Payments, Web Application Security Software, Card Payments Security, and other aspects of information technology security management. Reference -
Recommendations on Privacy, Security, and Ownership of the Data in the Telecom Sector:
The Telecom Regulatory Authority of India (TRAI) has released its Recommendations on Privacy, Security, and Ownership of Data in the telecommunication domain. The Recommendations highlight the importance of data privacy in telecommunications and analyze the existing data breach protection framework. These Recommendations follow a consultation paper titled “Privacy, Security, and Ownership of Data in the telecom sector,” published by TRAI on 09 August 2017. The consultation paper aimed to identify key issues related to data protection in the delivery of digital services through telecommunication systems. Based on the responses received from stakeholders, TRAI has formulated and provided these Recommendations. Reference -
Master Direction on Digital Payment Security Controls:
On February 18, 2021, the Master Direction establishing security measures for digital payments was published. These security rules apply to regulated companies such as scheduled commercial banks, payment banks, small finance banks, and NBFCs that issue credit cards. Customers can use RBI DPSC to make safe digital payments. Governance and Risk Management, Generic Security Controls, Application Security Life Cycle (ASLC), Authentication Framework, Fraud Risk Management, Reconciliation Mechanism, Consumer Protection, Awareness, and Grievance Redressal Mechanism, specific controls related to Internet Banking, Mobile Payments Web Application Security Software, and Card Payments Security and other information technology security management are all covered in the Master Direction. Reference -
Cyber Security and Cyber Resilience Framework of Mutual Funds/ Asset Management Companies (AMCs):
The circular specifically focuses on cyber security and cyber resilience. It originates from the proposal put forth by SEBI’s High Powered Steering Committee. Subsequently, the committee reached an agreement to expand the existing framework outlined in SEBI circular CIR/MRD/DP13/2015 dated July 06, 2015, which addresses cyber security and cyber security resilience services. This extension is intended to encompass all Mutual Funds and Asset Management Companies. Reference -
PCI DSS:
The PCI Security Standards Council (PCI SSC) is a global forum that unites payments industry stakeholders. Its primary objective is to develop and promote the adoption of data security standards and resources, ensuring safe payments worldwide. The PCI compliance consulting services have a specific goal of bolstering global payment account data security. This is accomplished through the development of standards and the provision of supporting services that promote education, awareness, and effective implementation among stakeholders. To guide decision-making and ensure alignment with the mission, a strategic framework is in place. This framework ensures that every initiative meets the needs of the global payments industry. Reference
