India

The Indian Computer Emergency Response Team (CERT-In) administers the IT Act of 2000, which was passed by the Indian Parliament to regulate Indian cybersecurity legislation, institute data protection rules, and govern cybercrime. It also safeguards, among other things, e-governance, e-banking, e-commerce, and the private sector.

While India lacks a unified cybersecurity law, it promotes cybersecurity standards through the IT Act and a variety of sector-specific rules. It also establishes a legal foundation for India’s essential information infrastructure.

Eshield Provides a wide range of services to our Indian clients including but not limited to:

  • Comprehensive Cyber Security Framework for Primary (Urban) Cooperative Banks (UCBs) – A Graded Approach: The most important topic for any security and compliance boardroom today is navigating risk in the urban banking context. Preparing for potential cyber-attacks will become more difficult as the financial landscape evolves owing to the development of digital technology. Banks in metropolitan areas cannot afford to remain unaware of the expanding panorama of cyber dangers. As a result, the Reserve Bank of India (RBI) has recommended extensive cyber security controls in the form of a graded approach for primary (Urban) Cooperative Banks (UCBs). The goal of this document is to emphasize the framework and annexures as per the Reserve Bank of India’s new recommendations on the Comprehensive Cyber Security Framework for Primary (Urban) Cooperative Banks (UCBs). Reference
  • Guidelines for Protection of Critical Information Infrastructure: The 2008 Recommendation reflects a shared understanding of the concept of Critical Information Infrastructures (CII) and of how national CII are identified across countries. It calls for the introduction and maintenance of effective policy frameworks to implement the OECD Security Guidelines in relation to the protection of CII and makes recommendations with respect to the protection of CII at the domestic level and across borders. The Recommendation focuses on how governments should demonstrate leadership and commitment regarding CIIP, manage risks to CII and work in partnership with the private sector. It also calls for bilateral and multilateral cooperation at regional and global levels, for example, to share knowledge and experience, develop a common understanding and share information. Reference
  • Guidelines on Information and Cyber Security for Insurers: Information obtained from regulated entities through cybercrime may be used for financial gain through extortion, identity theft, misappropriation of intellectual property, or other criminal activities. Exposure of personal data can potentially result in severe harm for the affected policyholders, as well as reputational damage to insurance sector participants. Similarly, malicious cyber-attacks against an insurer’s and Insurance Intermediaries’ critical systems may impede its ability to conduct business. Such security-related issues have the potential to undermine public confidence and may lead to reputation risks to insurers. Hence, it is essential to ensure that a uniform framework for information and cyber security is implemented for insurers and an in-built governance mechanism is in place within the regulated entities in order to make sure that all such security-related issues are addressed from time to time. Reference
  • National Cyber Security Policy: The “National Cyber Security Policy” has hence been prepared in consultation with all relevant stakeholders, user entities, and the public. The policy aims to facilitate the creation of a secure computing environment and enable adequate trust and confidence in electronic transactions and also guide stakeholders’ actions for the protection of cyberspace. Reference
  • Guidelines on Cyber Security in Power Sector: These Guidelines are mandatory requirements to be met by all stakeholders and lay emphasis on establishing cyber hygiene, training all IT as well OT Personnel on Cyber Security, and designating Cyber Security Training Institutes as well as Cyber Testing labs in the Country. The Guideline mandates ICT-based procurement from identified “Trusted Sources” and identified “Trusted Products” or else the product has to be tested for Malware/Hardware Trojan before deployment for use in the power supply system network when the system for trusted product and service is in place. It will promote research and development in cyber security and open up the market for setting up Cyber Testing Infra in the Public as well as Private Sector in the country. Reference
  • Master Direction – Information Technology Framework for the NBFC Sector: For the purpose of enabling the Reserve Bank of India (RBI) to regulate the credit system of the country to its advantage, the RBI has issued Master Directions – Information Technology Framework for the NBFC Sector, 2017 on June 8, 2017. The focus of the proposed IT Framework is on IT Governance, IT Policy, Information & Cyber Security, IT Operations, IS Audit, Business Continuity Planning, and IT Services Outsourcing. The Non-Banking Finance Company (NBFC) sector has grown in size and complexity over the years. As the NBFC industry matures and achieves scale, its Information Technology /Information Security (IT/IS) framework, Business continuity planning (BCP), Disaster Recovery (DR) Management, IT audit, etc. must be benchmarked to best practices. Reference
  • Recommendations on Privacy, Security, and Ownership of the Data in the Telecom Sector: The Telecom Regulatory Authority of India (TRAI) released its Recommendations on Privacy, Security, and Ownership of Data (the Recommendations) in the context of the telecommunication domain. The Recommendations, besides elaborating on the need and importance of data privacy in telecommunications, have also analyzed the telecommunication environment to assess whether the existing data protection framework is sufficient or not. The Recommendations are in continuation to a consultation paper on “Privacy, Security and Ownership of the Data in the telecom sector” which was published by TRAI on 09 August 2017. The consultation paper aimed to identify the key issues pertaining to data protection in relation to the delivery of digital services through telecommunication systems. The TRAI, on considering the responses submitted by the stakeholders, has provided these Recommendations. Reference
  • Master Direction on Digital Payment Security Controls: On February 18, 2021, the Master Direction establishing security measures for digital payments was published. These security rules apply to regulated companies such as scheduled commercial banks, payment banks, small finance banks, and NBFCs that issue credit cards. Customers can use RBI DPSC to make safe digital payments. Governance and Risk Management, Generic Security Controls, Application Security Life Cycle (ASLC), Authentication Framework, Fraud Risk Management, Reconciliation Mechanism, Customer Protection, Awareness, and Grievance Redressal Mechanism, specific controls related to Internet Banking, Mobile Payments Application Security Controls, and Card Payments Security are all covered in the Master Direction. Reference
  • Cyber Security and Cyber Resilience Framework of Mutual Funds/ Asset Management Companies (AMCs): The circular focuses on cyber security and cyber resilience. It is based on the proposal of SEBI’s High Powered Steering Committee, which agreed that the framework established in SEBI circular CIR/MRD/DP13/2015 dated July 06, 2015, on cyber security and cyber resilience be extended to all Mutual Funds / Asset Management Companies. Reference
  • PCI DSS: The PCI Security Standards Council (PCI SSC) is a global forum that brings together payments industry stakeholders to develop and drive the adoption of data security standards and resources for safe payments worldwide. The PCI SSC’s mission is to enhance global payment account data security by developing standards and supporting services that drive education, awareness, and effective implementation by stakeholders. We achieve this with a strategic framework to guide our decision-making process and ensure that every initiative is aligned with our mission and supports the needs of the global payments industry. Reference

Our services include consulting, assessment, and support services.

Please visit our Services page for a full range of services offered, and for more info: Contact us