The National e-Governance Division (NeGD), under its Capacity Building scheme, recently organised the 30th CISO Deep-Dive training programme. It targeted chief information security officers (CISOs) from central, state, and union territory governments, subordinate agencies, public sector undertakings (PSUs), technical wings of police and security forces, and officers in charge of IT system security in their respective organisations.
The deep-dive training was specifically aimed at educating and enabling CISOs to understand cyber-attacks comprehensively and thoroughly, get necessary exposure to the latest security technologies, and translate the benefits of a resilient e-infrastructure to individual organisations and citizens at large. The training also focused on providing a holistic view of legal provisions and enabling CISOs to formulate policies in the domain of cybersecurity and build concrete cyber crisis management plans.
At the event, a government official encouraged CISO officers to think innovatively and futuristically while supporting the cybersecurity endeavours of their organisations. Another representative stressed the need for robust cybersecurity conduct at an individual level and requested all CISO participants to use properly licensed software. Participants were reminded of various government initiatives in the cybersecurity domains, particularly the National Critical Information Infrastructure Protection Centre (NCIIPC), which addresses potential cyber threats to critical infrastructure.
The training programme brought together an array of subject matter experts from the industry, academia, and the government to speak on key domain issues of cybersecurity, including:
- governance risk and compliance
- emerging cybersecurity trends
- the landscape of cybersecurity products in India
- network security and cyber crisis workplace plans
- application and data security
- cloud security
- mobile security
- cryptography
- cybersecurity testing and audit
- cybersecurity related provisions of the IT Act and ISMS Standards including ISO 27001
Launched in 2018, the CISO training is a first-of-its-kind partnership between the government and industry consortium under a public-private partnership (PPP) model. Since June 2018, these programmes have capacitated 1,224 senior officials to secure the digital infrastructure and systems of their respective organisations.
The CISO training sessions are a part of the Ministry of Electronics and Information Technology (MeitY)’s Cyber Surakshit Bharat initiative, which spreads awareness about cybercrime and builds the capacity of CISOs and frontline IT officials across all government departments. It aims to ensure the country has adequate safety measures to combat the growing number of cyber-attacks and for organisations to defend their digital infrastructures and tackle cyber-attacks.
Last week, the Indian Computer Emergency Response Team (CERT-In) and the Cyber Security Agency of Singapore (CSA) designed and conducted the cybersecurity exercise “Synergy” for 13 countries. The initiative is part of the International Counter Ransomware Initiative- Resilience Working Group, which is being led by India under the leadership of the National Security Council Secretariat (NSCS).
The theme of the exercise was ‘Building Network Resiliency to counter Ransomware Attacks’. The exercise scenario was derived from real-life cyber incidents, in which a domestic level (limited impact) ransomware incident escalates to a global cyber security crisis. As OpenGov Asia reported, the specific objective of the exercise was to assess, share, and improve strategies and practices among member-states to build network resiliency against ransomware and cyber extortion attacks.