Centre Plans Stronger Defences for Key Data
- 09 Jul 2018
- 3 min read
The Ministry of Home Affairs has directed the National Information Security Policy and Guidelines (
Why there is a need for
upgradation of NISPG?
- The sensitive information making its way into the Internet has added to the vulnerability of information sharing. Earlier the files were locked in a cupboard and accountability could be fixed, but with the advent of Digital India, a number of issues were in a grey area.
- The new policy would take into account the evolving cyberspace and the overall policing system in the country.
- The new policy would cover issues pertaining to the Official Secrets Act.
- There are issues relating to
physicalsecurity of a computer, for examplewhether the hard disk will be destroyed before a computer is discarded.
- There are issues relating to the network as well. If
informationis riding on own cyber cable, then everything can be encrypted, but if it is riding on a commercially available one, then one will have to make sure that guidelines are complied with.
- The threats had to be recognised and the measures were to be updated accordingly.
Objectives of National Information Security Policy and Guidelines
- These guidelines are based on the analysis of existing global security standards, and frameworks; and the emerging trends and discourse in the wake of persistent threats, and cyber-attacks on critical infrastructure of nations globally.
- The scope of these guidelines encompasses Government and Public Sector organizations and associated entities and third parties, for protecting the information under their control or ownership during information’s life-cycle including creation, storage, processing, accessing, transmission, destruction etc.
- The objective of these guidelines is to improve the information security posture of an organization possessing any information, including classified
information,and does not restrict organizations from adopting additional stringent practices over and above these guidelines.
- Organizations may evaluate various additional measures for the security of
informationthey possess for protecting their information depending upon the sensitivity, criticality and importance of such information in the overall Internal Security and National Security interest of the country.