Upload
others
View
2
Download
0
Embed Size (px)
Citation preview
DSCI NEWS
Our Vision
Harness data protection as a lever for economic development of India through global integration of practices and standards conforming to various legal regimes.
Our Mission
To create trustworthiness of Indian companies as global sourcing service providers, and to assure clients orldwide that India is a secure destination for outsourcing where privacy and protection of customer data are enshrined in the global best practices followed by the industry.
Our Objectives
Public Advocacy on Data Protection and Cyber Security
Thought Leadership through Best Practices and standards
Capacity Building on Security and Privacy
Cyber Crime Speedier Trial through raining of Law Enforcement Agencies and Judiciary
Independent Oversight forAssurance & Dispute resolution through ADR towards Self-Regulation
DATA SECURITY COUNCIL OF INDIA
NEWSLETTER OF DATA SECURITY COUNCIL OF INDIA
SMAC: A New paradigm for Security ?SOCIAL MOBILITY ANALYTICS CLOUD
April-May 2014
DSCI Best Practices Meet 2014
4 26 450+ 24+
300+
Pre-eventWorkshops
RoundtableMeetings
Parallel TrackSessions
KeynoteSpeakers
Speakers Sessions
ParticipantsBreakfastMeet1
Reasons why you should not miss BPM 2014
Hotel The Leela Palace, Bangalore
6th
2014Best Practices Meet
9th-10th
JULY 2014SMAC: A new paradigm for security?Social Mobility Analytics Cloud
Registere Now Download Agenda
DSCI
DSCI NEWS
2
April-May 2014
Public Advocacy
India-EU FTA Negotiation
In the formal negotiations with the European Union (EU) on adequacy of India, for privacy protection of end customers, under the Indian Laws, DSCI prepared a comprehensive paper on handling the complex scenarios raised by the EU. The totality on Indian Laws, which go well beyond the IT (Amendment) Act, 2008 were studied and presented in that paper to address the privacy concerns raised by the EU.
Since the EU also wanted to keep the Standard Contract Clauses (SCC) in picture for making it India-centric as an alternate for adequacy of India under the EU Data Protection Directives. DSCI prepared a model SCC for giving the Indian service industry an edge in getting data processing contracts at par with adequacy.
Thought Leadership
DSCI Certified Privacy Lead Assessor ((DCPLA©) – Training & Certification Program
The eleventh and twelfth batch of DSCI Certified Privacy Lead Assessor (DCPLA©) training was organized in Bangalore and Mumbai respectively. With this batch the total DCPLA© certified professionals till date stand at 225 from over 75 organizations.
Register for the next batch in Bangalore (18-20, June)
ISO meeting in Hong Kong
DSCI continued to contribute in the development of security and privacy related international standards at ISO. Following are the key standards that DSCI is focusing on and reaching out to the industry for contribution.
• ISO/IEC 27017 - Guidelines on information security controls for the use of cloud computing services based on ISO/IEC27002
• ISO/IEC 27018 - Code of practice for personally identifiable information (PII) protection in public clouds acting as PIIprocessors
DSCI NEWS
3
• ISO/IEC 27036-4 (Information security for supplierrelationships) – Part 4: Guidelines for security of cloudservices
• ISO/IEC 29134 (Privacy Impact Assessment –Methodology)
• ISO/IEC 29151 (Codes of Practice for PII Protection)
In April, a three member delegation comprising Dr. Gargi Keeni, Independent Expert, Mr. Mahesh K, DGM, Corporate Security–International, Tata Communications and Mr. Rahul Jain, Principal Consultant, DSCI represented India through BIS at the ISO SC27 Working Group meeting held in Hong Kong. The delegation focused on defending the Indian comments and inputs provided on the above standards and also contributed in the development of other important standards. To increase awareness in the industry on development of the international standards, DSCI under the aegis of BIS is planning to host the ISO SC27 Working Group meetings in Jaipur in October, 2015.
DSCI-Microsoft Study on Cyber Security
DSCI, with support of Microsoft, conducted a study to understand the Indian cyber security market. The study was undertaken to determine the current market share, rate of growth and various enablers that are shaping Indian cyber security market. DSCI conducted surveys with experts from user organisations, security product companies and services providers, in addition to extracting insights through secondary research. The study consolidates key findings on the adoption of security products & services, budget allocation, product segments and current market opportunities in various verticals.
Outreach & Awareness
Launch of CCFP-IN in association with (ISC)2
(ISC)², in co-operation with DSCI, developed the Certified Cyber Forensics Professional (CCFPSM) for the benefit of cyber forensics professionals India. (ISC)2 collaborated with DSCI in-order to localize the certification program and build relevance of the Indian legal and procedural aspects in it. The certification will help assess proficiency of digital forensics professionals and legal community in India.
The CCFPSM certification program launch in India was held during workshops in Delhi and Bengaluru, co-hosted by (ISC)² and DSCI. The workshops titled ‘Developments in Forensics’ focused on providing updates on the latest developments in forensics globally in addition to in-depth understanding of digital investigations and the salient features of the CCFPSM India certification. Over 175 industry professionals participated in these workshops. Dr. Kamlesh Bajaj, CEO, DSCI in his welcome address highlighted the need for cyber forensics certification in India.
April-May 2014
DSCI NEWS
4
Roundtable at GIC Conclave, 2014
A roundtable discussion on the sidelines of GIC Conclave 2014 was organized by DSCI on ‘Managing affairs of security and privacy in cross-border data flow’. Mr. Vinayak Godse, Director- Data Protection, DSCI while highlighting India’s current state of security and privacy ecosystem, discussed the issues and challenges encountered in managing these affairs. He also apprised the participants on the current state of negotiation with the EU on trans-border data flow. The meeting was well received by GIC members. The members embraced the idea of including security and privacy in the agenda at industry level discussions.
Webinar on Data Protection
Hunton & Williams, in association with DSCI and Nishith Desai Associates conducted a webinar on ‘The Latest Developments in the European Union and India’ with regards to trans-border data flow. Mr. Vinayak Godse, Director-Data Protection, DSCI discussed the key challenges of privacy and data protection from India’s perspective. The key takeaways of the webinar were as follows: • Overview of the current legislative landscape in EU
Data Protection and Privacy• Understanding of the EU General Data Protection
Regulation and cross data flows issues• Insights into the recent enforcements in EU Data
protection Directive
The webinar was well received by over 400 participants.
Other speakers included Lisa J. Sotto, Partner and Chair of the Global Privacy and Cybersecurity Practice, Hunton & Williams LLP; Bridget Treacy, Partner and Head of the UK Privacy and Cybersecurity Practice, Hunton & Williams; Gowree Gokhale, Partner, Nishith Desai Associates and Rakhi Jindal, Principal Associate, Nishith Desai Associates.
View Recording
Roundtable on Internet governance by ORF
Observer Research Foundation (ORF) organized a roundtable on “Breaking the web – Data Localization versus the Global Internet" in Delhi. The panellists at the roundtable discussed the implications of the policy direction taken by some governments, for localization of data and ICT infrastructure, thereby creating hindrance to cross border data flows. Mr. Rahul Jain, Principal Consultant represented DSCI in the panel. He emphasized on the need to promote cross border data flows and maintain the global nature of the Internet. He highlighted broader issues related to national security, privacy, lawful access to data, cybercrimes and others, which are driving some of the governments across the world to demand data localization. He underlined the need for the global community including the governments and industry to address these issues and ensure that the balkanization of the Internet does not take place.
Other panellists included Mr. Anupam Chander, Professor of Law at UC Davis and Director, California International Law Center, Dr. Govind, CEO, National Internet Exchange of India, Mr. Anupam Khanna, Chief Economist & Director-General (Policy Outreach), NASSCOM, and Mr. Partha Guhapatra, Vice President & Head, Corporate Affairs, Wipro.
April-May 2014
DSCI NEWS
5
Panel discussion on Privacy at ICSC2014 organised by Information Week
A panel discussion titled ‘Keeping Pace with evolving Privacy Environment and Associated Organizational Responsibility’ was organised at ICSC2014 an eventorganised by the Information Week. Mr. Rahul Sharma, Consultant, DSCI moderated the discussion and focussed on the current state of privacy landscape in India and global developments around privacy highlighting the India-EU trans-border data flow. He apprised the audience on the DSCI Privacy Framework (DPF©) and the development of privacy assessment ecosystem and how DSCI is trying to improve the privacy baseline through capacity building, by creating training & certification programs for organizations and individuals. Over 40 CISOs participated in the event.Other panellist included Mr. Srinivas Poosarla, AVP and Head (Global), Privacy & Data Protection – Infosys; Mr. Ashish Chandra Mishra, CISO–Tesco HSC; Mr. Maria Bellarmine, Head – Information Security Group – Tech Mahindra; Mr. Joseph Joshi, Sr. Information Risk Manager – ING Vysya Bank and Mr. Manoj Bhati, Solution Specialist – India & SAARC, SafeNet.
NetMundial Conference on Internet governance
DSCI participated in ‘NetMundial’– a global multi-stakeholder meeting, held in Sao Paulo, Brazil to deliberate on the future of Internet governance (IG). Mr. Rahul Sharma, Consultant, DSCI represented DSCI and NASSCOM as part of World Information Technology Service Alliance (WITSA) delegation at the conference. He highlighted DSCI proposed actionable steps for IG, which were submitted to the NETmundial steering committee as DSCI-NASSCOM comments on the draft document on ‘Internet Principles and Roadmap for Evolution of Internet Governance Ecosystem’.
The meeting congregated 1,480 stakeholders from the government, industry, civil societies and academia, technical community from over 75 countries. An outcome document was released post the summit, which serves as input for other Internet governance conferences across the world.
Download Outcome Document
April-May 2014
DSCI NEWS
6
April-May 2014
Capacity Building
Cyber Security Projects
• Cybercrime Workshop
‘Cyber Crime Awareness Workshop’- a project awarded by DeitY to DSCI to organize four workshops in 2013-14, was successfully completed.
Over 500 police officers were trained under the program. Other participants of the workshop included stakeholders such as state IT and home departments, academia and judiciary. The workshops also witnessed exhibitions by various cyber forensics vendors demonstrating contemporary tools and technologies.
A proposal for conducting eight cybercrime workshops has been submitted to DeitY.
• Cyber Forensics Training Facility
The support of DeitY for cyber labs in Mumbai, Pune, Bangalore and Kolkata ended in 2013. Over 12,000 police officers and judiciary were trained through the special training programs in theses for labs.
Workshop on cyber security and cybercrime by ELCIA
Electronic City Industries Association (ELCIA) in collaboration with DSCI conducted a workshop on cyber security and cybercrime. Mr. Vinayak Godse, Director- Data Protection, DSCI delivered a session on Data protection. He highlighted the need for governance of security and privacy in India, while emphasizing on the role of the industry in building capacity to handle cybercrimes. He also urged the ELCIA members to come forward to support the cyber lab program.
Workshop for CCFP by (ISC)2
A workshop for ‘Certified Cyber Forensics Professional’ certification was organized by (ISC)2 in Florida, USA. Mr. Venkatesh Murthy, Sr. Manager-Cyber Forensics, DSCI, contributed in drafting questions at the workshop as a subject matter expert. Similar experts from other countries were invited to contribute in the workshop.
Cyber Labs Special Training Programs
• 110 police officers were trained in 5 day training on cybercrime investigations across eight cyber labs• 287 officers were trained in short courses and special lectures on cybercrimes & cyber forensics• Conducted one week special course on information security for police officers of the Kolkata cyber lab
Special sessions on invitation were taken for the following organizations
• National Police Academy, Hyderabad on cybercrime investigations
DSCI NEWS
7
April-May 2014
Bank of India Future Calls Technology Private Limited Mahindra Cominova
DSCI Corporate Membership is open
Sears IT & Management Services (India) Pvt Ltd Xiarch Solutions SecPod Technologies Pvt. Ltd
700 organizations from IT-BPM, Banking, Telecom, Manufacturing, Security, Consulting and Advisory services are already our
members.
New Corporate Members http://www.dsci.in/membership
Provide consultation for respondingto the government on policiesrelated to data protection
Participate in DSCI opportunitiesfor global networking and businessbuilding at DSCI events, workshopsand trainings, seminars and conclaves
Get access to DSCI Frameworks(DSF©, DPF© & DAF©) and globallyacknowledged study materials,reports and surveys at no cost
Seek advisory services• Security and Privacy queries• For implementatin of DSCI
Frameworks
Get features in DSCI studies, surveys,reports, Industry benchmarkingprogram and advisory groups asthought leader
Participate in DSCI training programs
Contribute in the development ofinternational standards
Connect with over 650 DSCImembers representing the usercommunity and solution providers
Build your brand DSCI Excellence Awards
Receive updates, newsletter andinformatin on issues related todata protection, IT Act, governmentpolicies and global rules & regulationsrelated to the data security, privacy,protection and cyber security
Showcase your company st DSCIevents through sponsorships andspeaking opportunities
Brainstorm with global thought leaders, Privacy Commissioners and regulatorsat DSCI Rountable Conferences
Get visibility through your own Member Page on DSCI Website, which features company’s engagement history with DSCI
Provide inputs and participate in bilateral and multi lateral trade dialogues on global data flows and other issues
Smart Chip Limited
DSCI NEWS
8
April-May 2014
Industry News
CMO Asia and World Innovation Congress 2014 organized Excellence in Innovation Awards 2014. Serco Global Services won three awards in the following categories :
“Best Innovative Product of the Year”: Serco was awarded for an in-house developed and deployed business intelligent tool “Loading Station on Cloud”.
“CIO of the Year”: Mr. Rajendra Deshpande, CIO, Serco Global Services
“Women in IT/ ITeS Leadership Award”: Ms Seema Bangera – VP Information Securities
DSCI Chapter News
New Chapter in Coimbatore
To foster the network of security and privacy professionals Coimbatore region, DSCI created a Chapter in Coimbatore. The platform will help Chapter members to build links with industry experts, share their views and knowledge on policy issues and other data protection matters.
The Chapter is anchored by Mr. Balaji Raju, Managing Director, AES Technologies and co-anchored by Mr. Ravichandran, CEO & Managing Director, Nilgiris Chemical Stoneware.
DSCI currently runs the Chapter community with over 1600+security and privacy professionals, spread across 12 chapters (Delhi, Mumbai, Pune, Kolkatta, Bangalore, Hyderabad, Chennai, Bhubaneshwar, Ahmedabad, Chandigarh, Jaipur and Coimbatore)
Register here to be part of the community
DSCI NEWS
9
April-May 2014
Delhi Chapter Meeting
The DSCI Delhi Chapter meeting was hosted by Wipro Technologies Ltd. The chapter meeting was co-chaired by Mr. Ananthanarayanan S, Technology Advisor, Wipro (Chapter co-anchor Gurgaon region) and Mr. K. S. Ponia, Associate Director, Information Security, Tech Mahindra (Chapter co-anchor Noida region).
During the meeting, Mr. Chandra Ballabh, Assistant SOC Manager, UIDAI, provided an overview of incident management and related capabilities, Mr. Pradeep Eledath, CEO, SAFE++ presented his views on establishing an efficient Disaster recovery in the cloud and Mr. Alok Sinha, CEO, GLOBUS 8 showcased developments around convergent computing and proactive monitoring to deal with new-age security threats in cyberspace.
The chapter members pondered over security concerns associated with sharing of Aadhar Number with third parties and drew parallels with the Social Security number in the United States. Safety issues and recommendations in the space of cloud computing were mulled over. Lastly, points and provisions included in Safe Harbor between EU and the US were also discussed during the session.
The members were of the opinion to develop white paper in the area of policy making and recommendations on data protection and cyber security.
Sponsored by
RSA Conference Asia Pacific & Japan 2014
RSA Conference Asia Pacific & Japan 2014 will bring together over 3000 information security professionals to learn about the industry’s most important issues, share best practices and network with industry peers.
The conference will be held in Singapore from 22- 23 July 2014.
Customise your own learning from 8 conference tracks:
• Cloud and Data Security• Cybercrime and Law Enforcement• Mobile Security• Security Infrastructure• Threats and Risk Management• Dedicated Mandarin Sessions• Dedicated Japanese sessions• Sponsor Special Topics
Visit http://www.rsaconference.com/events/ap14 for more information.
DSCI members are entitled to S$100 discount to attend the conference.
DSCI NEWS
10
April-May 2014
Articles
Against a Splinternet’Dr. Kamlesh Bajaj, CEO, DSCI
Cyber Space and its MilitarizationMr. Mayank Lau, Consultant, DSCI
Security Product Entrepreneurship in IndiaMr. Atul Kumar, Sr. Analyst, DSCI
Data Security Council to offer cyber forensics certification
Business Standard http://www.business-standard.com/article/pti-stories/data-security-council-to-offer-cyber-forensics-certification-114050201002_1.html
Economic Timeshttp://articles.economictimes.indiatimes.com/2014-05-02/news/49578325_1_forensics-cyber-crime-dsci
Zee Newshttp://www.samachar.com/data-security-council-to-offer-cyber-forensics-certification-ofctMBcabbd.html
… and more
DSCI in News
DSCI NEWS
11
April-May 2014
Editorial Board
Priti VandanaManager - Marketing & Communications, DSCI
Aseem MukhiSr. Consultant, DSCI
Data Security Council of IndiaNiryat Bhawan, 3rd Floor, Rao Tula Ram Marg,New Delhi - 110057, IndiaPhone: +91-11-26155070, Fax: +91-11-26155071Email: [email protected], Website: www.dsci.in
Follow us on:
About DSCIDSCI is a focal body on data protection in India, set-up as an independent Self Regulatory Organization (SRO) by NASSCOM®, to promote data protection, develop security and privacy best practices & standards and encourage the Indian industries to implement the same.
DSCI is engaged with the Indian IT/BPM industry, their clients worldwide, Banking and Telecom sectors, industry associations, data protection authorities and other government agencies in different countries. It conducts industry wide surveys and publishes reports, organizes data protection awareness seminars, workshops, projects, interactions and other necessary initiatives for outreach and public advocacy. DSCI is focused on capacity building of Law Enforcement Agencies for combating cyber crimes in the country and towards this; it operates several cyber labs across India to train police officers, prosecutors and judicial officers in cyber forensics.
Public Advocacy, Thought Leadership, Awareness and Outreach and Capacity Building are the key words with which DSCI continues to promote and enhance trust in India as a secure global sourcing hub, and promotes data protection in the country.
data-security-council-of-india dsci.connect dsci_connect dscivideo