Upload
others
View
4
Download
0
Embed Size (px)
Citation preview
CYBER SURAKSHIT BHARAT
BACK GROUND
Digital India is a key initiative for the country. In light of the recent attacks, there is increased focus on cyber safety. Recognizing
the need to strengthen the cyber security ecosystem in India, and in alignment with the Honourable Prime Minister's vision for a
'Digital India', the Ministry of Electronics and Information Technology (MeitY), launched the Cyber Surakshit Bharat initiative in
association with National e-Governance Division (NeGD) and industry partners.
CYBER SURAKSHIT BHARAT DEEP DIVE TRAINING
The purpose of the program would be to spread awareness, build capacity as well as enable government departments on steps
that need to be taken to create a Cyber Resilient IT set up.
TARGET AUDIENCE
Officers from Central and State/UT Governments and subordinate agencies/PSUs, including public sector Banks and Insurance
companies, technical wings of police and security forces
1. Designated Chief Information Security Officers (CISOs),
2. CTOs and Member of Technical /PMU teams, Officers responsible to observe security of the IT systems in their respective
organizations
BATCH SIZE: 40-50 PARTICIPANTS
Chief Information Security Officers’ (CISO) Deep Dive Training
On
Cyber Security
Programme Coordinators
Dr. Charru Malhotra and Mr. Kamal Jain August (01-04), 2018
The objective of the programme is to educate & enable the Chief Information Security Ofcers (CISO) & broader IT community to address the challenges of cyber security. Create awareness on the emerging landscape of cyber threats Provide in-depth understanding on key activities, new initiatives, challenges and related solutions Applicable frameworks, guidelines & policies Applicable frameworks, guidelines & policies related to the subject Share best practices to learn from success & failures Provide key inputs to take informed decision on Cyber Security related issues in their respective functional area
The 4 days residential regional training programme will be conducted in 5-6 major cities across country. The following areas would also be covered in detail, from the practitioner perspective, by experts from Government and leading Industries in the area.
PROGRAMME OBJECTIVE
COURSE OVERVIEW
LOGISTICS
NOMINATION PROCESS
REGION WISE BATCHES LOCATION
02
03
01
01
New Delhi
BengaluruChennaiHyderabad
Mumbai
Kolkata
12 June - 15 June,1801 Aug - 04 Aug,18
27 June - 30 June,1826 Sept - 29 Sept, 1810 Oct - 13 Oct, 18
18 July - 21 July, 18
05 Sep - 08 Sep,18East - Assam, West Bengal, Jharkhand, Bihar, Sikkim, Tripura, Nagaland, Mizoram, Arunachal, Manipur, Meghalaya
North- J& K, Chandigarh, Haryana, UP, UK, Punjab, Delhi, Himachal
South - Andhra Pradesh, Telangana, Karnataka, Tamil Nadu, Puducherry, Lashadweep, Andaman Nicobar,Kerala, Odisha
West- Maharashtra, Chattisgarh, MP, Goa, Gujarat, Rajasthan, Daman & Diu & DNH
FOUNDING PARTNERS
KNOWLEDGE PARTNERS
Programme Schedule Chief Information Security Officers’ Deep Dive CyberSecurityTraining
under
Cyber Surakshit Bharat Initiative Programme
Coordinators: Dr. Charru Malhotra and Mr. Kamal Jain
August 01-04, 2018
Conference Hall , First Floor, Indian Institute of Public Administration (IIPA), I. P. Estate, Outer Ring
Road, New Delhi-110002
Day -1: Wednesday, August 01, 2018
Timings Topic Faculty/Guest
09:00hrs –09:45hrs
Registration Ms. Rashmi, Ms. Shilpa (IIPA Digital India Training Team)
09:45hrs – 10:15hrs Inaugural session
About IIPA Prof. V. K. Sharma (Sr. Professor, IIPA) About the Programme
Shri. Rakesh Maheshwari (Group coordinator, MeitY) Inaugural Address Dr. Gulshan Rai (National Cyber Security Coordinator, PMO) Vote of Thanks Dr. Charru Malhotra (Programme Coordinator , IIPA) 10:15-10:30
Group photo and tea break
10:30-13:00
Session 2 Governance Risk and Compliance Incident Response Mechanism-IRM
Mr. Navin Kaul (Senior Manager , Ernst &Young)
Mr. Vidur Gupta (Partner - Advisory Services, EY)
13:00 hrs - 14:00 hrs Lunch Break
14:00 hrs -15:30 hrs
Session 3 Network Security
Mr. Dhiraj Gaur (Security Consultant, Palo Alto Networks Pvt Ltd)
15:30 hrs - 15:45 hrs Tea Break
Ministry of Electronics and Information
Technology
15:45 hrs -17:00 hrs
Session 3 Contd. Network Security (Contd.)
Mr. Dhiraj Gaur (Security Consultant, Palo Alto Networks Pvt Ltd)
17:00 hrs - 17:30 hrs
Briefing on Individual and Group assignments – 6 Groups by Programme Coordinator
Day -2: Thursday, August 02, 2018
09:30 hrs - 10:15 hrs
Session 4 Mobile security (Mobile as an end-point device, framework for secure mobile applications)
Dr. Rahul Johari (Head, Software Development Cell, Guru Gobind Singh Indraprastha University)
10:15 hrs - 10:30rs Tea Break
10:30 hrs - 12:30 hrs
Session 4 Contd. End Point Security
Mr. Iftekhar Hussain (Microsoft India)
12:30 hrs - 13:00 hrs
Session 5 Cyber Forensic
Dr. Gaurav Gupta (Ministry of Electronics and Information Technology)
13:00 hrs - 14:00 hrs Lunch Break
14:00 hrs - 15:30 hrs
Session 6 Application and Data Security
Mr. Amarpreet Singh (Security Delivery Leader- Data & Application Security, IBM
15:30 hrs – 15:45 hrs Tea Break
15:45 hrs – 17:00 hrs
Session 6 Contd. Application and Data Security
Ms. Neeti Vohra (Joint Director, Corporate R & D, CDAC, Pune)
Day-3 : Friday, August 03, 2018
09:30 hrs 10:45 hrs
Session 7 Experience sharing on Cyber Security management in Government
Ms. Shubhagta Kumar ADG (SI), CBEC
10:45 hrs - 11:00 hrs
Tea Break
11:00 hrs 12:00 hrs
Session 8 Cloud Security
Mr. Dhiraj Gaur (Security Consultant, Palo Alto Networks Pvt Ltd)
12:00 hrs -13:00 hrs
Session 9 Emerging Trends and Challenges
Cyber Security – A Holistic National Perspective
Dr.Charru Malhotra (Programme Coordinator , Indian Institute of Public Administration)
13:00 hrs - 14:00 hrs Lunch Break
14:00 hrs - 15:45 hrs
Session 10 Operation and Monitoring of Cyber Security Compliance at National level & in organizations
Mr. Hemant Mehrotra (Security Delivery Leader –North, IBM)
15:45 hrs - 16:00 hrs Tea Break
16:00 hrs - 17:30 hrs
Session 11 Overview of IT Act and its amendments
Mr. Pavan Duggal (Sr.Cyber Law Expert, President CyberLaw.Net)
Day-4 : Saturday, August 04, 2018
09:00hrs -09:30 hrs
Cyber Crisis Management Plan (CCMP) Dr.Charru Malhotra (Programme Coordinator , Indian Institute of Public Administration)
09:30hrs – 12:30hrs
Session 12 Group Presentations by Participants
Jury of Panel Experts
Mr. Dipak Singh (Sr. Director, MeitY)
Mr. I.P.S Sethi (Deputy Director General, NIC) Wg. Cmdr (Dr.) Prabir Panda (IAF-Retd.)
(ECI-Enterprise Architecture Security & Head of Technical Support Unit)
Mr. Amolak Singh (Director IT Security, Infologic Solution)
Dr. Charru Malhotra and Mr. Kamal Jain (Programme Coordinators )
12:30 hrs – 13:30 hrs Valedictory Session
Overview of the Training Conducted Dr. Charru Malhotra (Programme Coordinator ) Mr. Dipak Singh (Sr. Director, MeitY) Need for such Trainings and Role of IIPA by Guests-of-Honor Prof. V. K. Sharma (Sr. Professor, IIPA)
Valedictory address by Chief Guest Mr. M. Srinivas Rao, IAS (President & CEO, NeGD, MeitY) Vote of Thanks Mr. Kamal Jain (Programme Coordinator & Sr General Manager, NeGD, MeitY)
13:30 hrs : Lunch
Assignment Instructions
1. Group Assignment
a. Nos of Groups - 5-6
b. Group Size - 5-8
c. To be made on the first day and announce during the last session of day one by the
course coordinator (IIPA in the first programme)
d. Member Mix- As per assignment
e. Submission - Presentation in prescribed format - 20 mnts followed by 10 mnts for
Q&A on day 4- preferably each member has to contribute during
presentation/Q&A
f. First two groups to be given some award- Cross ranking by participants and the
panel (MeitY, CDAC/CERTIN, NeGD and Industry)
g. Possible Assignments - Group to consider itself as an organization distributed to
Head Office and Regional /Divisional Offices in various locations, have over 600
regular and 200 outsources employees. The organization have IT applications for
key functions like Finance, HR and some key business function
(citizen/Business/G2G service - to be assumed by the group) and come up with
1. A Network Security policy of the organization.
2. Security Related Monitoring Mechanism, Accountability related clauses
and SLAs in IT related outsourcing arrangements.
3. Definition and Identification of Critical Information Infrastructure in the
organization
4. Institutional Structure and Incident response Mechanism in your
organization to handle Cyber Security related incidence citing an
actual/imaginary scenario
5. End Point Security Policy
6. Log Management and Review Policy/ Data Classification and Back Up
Management policy
2. Individual Assignments (Name and Dept not required, This will be kept confidential)
Announcement to made on day one
a. To be done by each individual
b. To be submitted on day 4, in Digital form to be mailed to Mr Dipak Singh
and
Mr. Kamal Jain and Dr. Charru Malhotra(word or pdf)
c. Assignment
List Critical IT assets and applications in your organization
Briefly describe O&M model of major asset category in your organization
Who is responsible for security (both physical and Digital) of that asset
Existing security related policies, if any, in your organizations
Gap in existing Cyber Security arrangements that you have identified durin
training
Action plan for next 3 months to address these gaps
Chief Information Security Officers’ (CISO) Deep Dive Training
On
Cyber Security
under
Cyber Surakshit Bharat initiative (August 01-04, 2018)
Visiting Experts
Dr. Gulshan Rai
National Cyber Security Coordinator, PMO, India
Phone (O) – 23747965, 24368572
Email: [email protected]
Shri M. Srinivas Rao, IAS
President & CEO, NeGD, MeitY
Phone(O)- 30481637
Email: [email protected]
Shri. Rakesh Maheshwari
Group Co-ordinator, Cyber Law & e-Security
MeitY, India
Phone (O) – 24361244
Email: [email protected]
Name Designation with Organization
Mr. Navin Kaul Senior Manager Ernst & Young LLP
Mr. Vidur Gupta Partner-Advisory Services, Ernst & Young
Mr. Dhiraj Gaur Security Consultant
Palo Alto Networks (India) Pvt.
Mr. Iftekhar Hussain Technology Solutions Professional - Cyber Threat Management Microsoft Corporation ( India )
Dr. Rahul Johari Assistant Professor Computer Sciences Department Guru Gobind Singh Indraprastha Uni
versity
Dr. Gaurav Gupta Scientist D, Ministry of Electronics and Information Technology
(MeitY)
Mr. Amarpreet Singh Security Delivery Leader - DAS Data & Application Security
Ms. Neeti Vohra Joint Director, Corporate R & D CDAC, Pune
Ms. Shubhagta Kumar ADG (SI) The office of Directorate General of Systems & Data Management
Central Board of Excise and Customs (CBEC)
Mr. Hemant Mehrotra Security Delivery Leader- North, IBM
Mr. Pavan Duggal Mr. Pavan Duggal Sr. Cyber Advocate
Mr. Dipak Singh Sr. Director, MeitY
Mr. Ashutosh Chadha Group Director, Government Affairs & Public Policy
Microsoft India
Dr. Prabir Panda Dr. Prabir Panda Wing Cmdr
Indian Air Force (IAF-Retd.)
Prof. Arvinder Kaur Dean, university’s School of information Communication &
Technology (USICT)
Mr. Rakshit Tandon Consultant – IAMAI ( Internet & Mobile Association of India)
Advisor – Cyber Complaint Redressal
Ministry Officials and Core Project Team at IIPA
MeitY Officials Name Designation Contact no. Email id
Mr. Ajay Prakash Sawhney, IAS Secretary
24364041 [email protected]
Mr. Pankaj Kumar, IAS Additional Secretary 24360160 [email protected]
Mr. Vinay Thakur Director, Project Development
30481618
24301933
Mr. Dipak Singh Sr. Director, MeitY 24301305 [email protected]
Mr. Kamal Kr. Jain Programme Director
SGM CB, NeGD
9958967194 [email protected]
Mr. Vinay Singh Consultant, NeGD 8800440771 [email protected]
IIPA Team
Name Designation Contact no. Email id
Dr. Tishyarakshit Chatterjee, IAS (Retd.)
Director, IIPA 9717778418 [email protected]
Mr. Amitabh Ranjan Registrar, IIPA 9868164013 [email protected]
Dr. Charru Malhotra
Programme Coordinator
Asso. Professor (e- Governance & ICT)
9818529298
23468393
[email protected], [email protected]
Prof. V.K.Sharma Sr. Professor 9818961977 [email protected]
Ms. Rashmi Anand Sr. Research Officer 8800602134
[email protected], [email protected]
Ms. Shilpa Yadav Research Officer 7701921513 [email protected]
Ms. Surabhi Dalal Research Officer 9990172030 [email protected]
Ms. Nishtha Agarwal Research Officer 9868225928 [email protected]
Mr. Naveen Chand Training Cell 8750816357 [email protected]
TRAINING BRIEF
Chief Information Security Officers’ –CISOs’ Deep Dive Training on Cyber Security
under Cyber Security Bharat Initiative (August 1-4, 2018)
Indian Institute of Public Administration had collaborated with Ministry of Electronics and
Information Technology (MeitY) and National e-Governance Division (NeGD) to design and
conduct the Chief Information Security Officers’ (CISO) Deep Dive Training Program from
August 1-4, 2018. This four day technical training on cyber security focused on several
objectives including:
1. Creating awareness on the emerging landscape of cyber threats
2. Provide in-depth understanding on key activities, new initiatives, challenges and related
solutions
3. Applicable frameworks, guidelines and policies related to cyber security
4. Share best practices and learn from successes and failures
5. Provide key inputs to take informed decisions on cyber security related issues in their
respective functional areas
Forty two participants had attended the training program. These were primarily Chief Security
Officers (CSOs), Chief Technical Officers (CTOs)- the officers responsible to observe security
of the IT systems in central and state ministries/departments and subordinate agencies, including
PSU banks, insurance companies, and technical wings of police and security forces, Joint
Secretaries and former APPPA (Advanced Professional Program in Public Administration)
participants.
Dr. Gulshan Rai ((National Cyber Security Coordinator, Prime Minister’s Office, Govt. of
India), who had been gracious enough to the Chief Guest of the Inaugural function, prodded the
CISOs in possessing a compound set of expertise ranging from technical, managerial,
responsible for risk assessment. Sh. Rakesh Maheshwari (Group Coordinator, Cyber Law,
Cyber-Security, Cert-in, MeitY) reminded that all organisations, therefore must chalk out a
Cyber Crisis Management Plan (CCMP). Considering the importance of CCMP, this session was
undertaken by Dr. Charru Malhotra wherein she discussed CCMP in great detail.
Over the course of four days, the CISOs were trained by industry practitioners drawn from E&Y,
IBM, Microsoft, Paloalto Networks, Dell EMC as well as senior experts from both Cert-in and
IIPA. Routine online quizzes were conducted to gauge the intermittent knowledge captured by
the participants using online platform by the industry experts and IIPA and awards were given to
the participants.
At the fourth day, the participants delivered group presentations on the following topics
1. Network Security Policy of the organization
2. Security Related Monitoring Mechanism, Accountability related clauses and SLAs in IT
related outsourcing arrangements
3. Definition and identification of Critical Information Infrastructure in the organization
4. Institutional Structure and Incident response Mechanism in your organization to handle
Cyber Security related incidence citing an actual/imaginary scenario
5. End Point Security Policy
6. Log Management and Review Policy/ Data Classification and Back Up Management
policy
These presentations were judged by eminent jury from industry (Mr. Amolak Singh, Director IT
solutions, Infologic Solutions), government (Mr. I.P.S. Sethi, Deputy Director Genral, NIC, Mr.
Dipak Singh), renowned practitioner (Wg. Cmdr.(Dr.) Prabir Panda (IAF, Retd), Enterprise
Architect- Security and Head of Technical Support Unit-Election Commission of India).
In the valedictory session, Shri M. Srinivas Rao, IAS (President and CEO, National e-
Governance Division) in his address expressed his anticipation that the program shall garner
huge demand for which he suggested using e-learning tools to actually reach out to a larger
audience.
Overall, the dignitaries, industry, and participants all hailed this endeavor by IIPA as a unique
PPP capacity building effort that would surely empower government departments to be more
cyber resilient.
This highly intense skill based cyber security training was designed, and coordinated by Dr.
Charru Malhotra (Associate Professor – e-Governance and ICT), Indian Institute of Public
Administration.
Some Glimpses of CISO Deep Dive Training Program
August 1-4, 2018
Pic 1: In their good books- Positive feedback from the participants about the CISO Deep Dive Training
Program August 1-4, 2018
Pic 2: Group photograph of the inaugural session- Dr. Gulshan Rai (National Cyber Security Coordinator, PMO), in
the center. Towards his left is Dr. Charru Malhotra (Associate Professor, IIPA). Towards his right is Prof. V.K.
Sharma (Sr. Professor, IIPA), Mr. Rakesh Maheshwari (Group Coordinator, MeitY),Mr. Dipak Singh (Sr. Director,
MeitY), Mr. Kamal Jain (Sr. General Manager, NeGD).
Pic 3:Dr. Gulshan Rai (National Cyber Security Coordinator, PMO) addressing the CISOs at the inaugural
ceremony August 1, 2018
Pic 4: Dr. Gulshan Rai (National Cyber Security Coordinator, PMO) with Professor V.K.Sharma (Senior Professor at IIPA) along
with Dr. Charru Malhotra (Associate Professsor, IIPA and Program coordinator)
Pic 5: CISOs attending the Deep Dive Training at the inaugural ceremony Aug 1, 2018
Pic 6: CISOs working in their groups for assessments during the training program
Pic 7: Sh. M.Srinivas Rao, IAS (President and CEO, NeGD, MeitY) addressing the CISOs at the valedictory session
August 4, 2018
Pic 8: Prof. V.K. Sharma (Senior Professor at IIPA) awarding token of gratitude to the chief guest Sh. M. Srinivas Rao, IAS
(President and CEO, NeGD, MeitY at the valedictory session
Pic 9: Participants presenting their group presentation at the final day of the training program August 4, 2018
Pic 10: Sh. M. Srinivas Rao awarding certificates to participants at the valedictory session of CISO Deep Dive
Training
CYBER SURAKSHITBHARAT
Digital India is a key initiative for the country. In light of the recent attacks, there is increased focus on cyber safety. Recognizing the need to strengthen the cyber security ecosystem in India, and in alignment with the Honourable Prime Minister's vision for a 'Digital India', the Ministry of Electronics and Information Technology (MeitY), launched the Cyber Surakshit Bharat initiative in association with National e-Governance Division (NeGD) and industry partners.
The purpose of the program would be to spread awareness, build capacity as well as enable government departments on steps that need to be taken to create a Cyber Resilient IT set up.
Ofcers from Central and State Ministries/Departments and subordinate agencies, including PSU Banks and Insurance companies, technical wings of police and security forces
1. Designated Chief Information Security Ofcers (CISOs),
2. CTOs and Member of Technical /PMU teams, Ofcers responsible to observe security of the IT systems in their respective organizations
CYBER SURAKSHIT BHARAT DEEP DIVE TRAINING
TARGET AUDIENCES
BATCH SIZE - MAXIMUM 50 PARTICIPANTS
BACK GROUND
The objective of the programme is to educate & enable the Chief Information Security Ofcers (CISO) & broader IT community to address the challenges of cyber security. Create awareness on the emerging landscape of cyber threats Provide in-depth understanding on key activities, new initiatives, challenges and related solutions Applicable frameworks, guidelines & policies Applicable frameworks, guidelines & policies related to the subject Share best practices to learn from success & failures Provide key inputs to take informed decision on Cyber Security related issues in their respective functional area
The 4 days residential regional training programme will be conducted in 5-6 major cities across country. The following areas would also be covered in detail, from the practitioner perspective, by experts from Government and leading Industries in the area.
PROGRAMME OBJECTIVE
COURSE OVERVIEW
LOGISTICS
NOMINATION PROCESS
REGION WISE BATCHES LOCATION
02
03
01
01
New Delhi
BengaluruChennaiHyderabad
Mumbai
Kolkata
12 June - 15 June,1801 Aug - 04 Aug,18
27 June - 30 June,1826 Sept - 29 Sept, 1810 Oct - 13 Oct, 18
18 July - 21 July, 18
05 Sep - 08 Sep,18East - Assam, West Bengal, Jharkhand, Bihar, Sikkim, Tripura, Nagaland, Mizoram, Arunachal, Manipur, Meghalaya
North- J& K, Chandigarh, Haryana, UP, UK, Punjab, Delhi, Himachal
South - Andhra Pradesh, Telangana, Karnataka, Tamil Nadu, Puducherry, Lashadweep, Andaman Nicobar,Kerala, Odisha
West- Maharashtra, Chattisgarh, MP, Goa, Gujarat, Rajasthan, Daman & Diu & DNH
Detailed Programme Schedule
for
Chief Information Security Officers’ Deep Dive Training
under Cyber Surakshit Bharat initiative
Programme Coordinators
Dr. Charru Malhotra and Mr. Kamal Jain
June 12-15, 2018
Conference Hall , First Floor, Indian Institute of Public Administration (IIPA), I. P. Estate, Outer Ring Road,
New Delhi-110002
Day -1: Tuesday, June 12, 2018
Timings Topic Faculty/Guest
0900hrs –
0930hrs
Registration Rashmi, Surabhi , Nishtha, Hemant
(IIPA Digital India Training Team)
0930hrs – 0945hrs
Session 1 Ice Breaking
Dr.Charru Malhotra and Mr.Kamal Jain (Programme Coordinators)
0945hrs – 1030hrs
Inaugural session
Introduction to the Programme
Dr. Charru Malhotra (Programme Coordinator , Indian Institute of Public Administration)
About Cyber Surakshit Bharat and its Objectives
Mr. Rakesh Maheshwari (Group Coordinator, Ministry of Electronics and Information Technology-MeitY)
Welcome Address
Dr. T. Chatterjee, IAS (Retd.) (Director, Indian Institute of Public Administration)
Keynote Address by Chief Guest
Dr. Gulshan Rai (National Cyber Security Coordinator-PMO, India )
Vote of Thanks Mr. Dipak Singh (Sr Director, MeitY)
1030hrs- 1045hrs
Group photo and tea break
1045hrs –
1300hrs
Session 2
Governance Risk and Compliance
Mr. Navin Kaul (Senior Manager , Ernst &Young)
Mr. Vidur Gupta (Partner - Advisory Services, EY)
1300hrs- 1400hrs
Lunch Break
1400hrs–
1530hrs
Session 3
Network Security
Mr. Dhiraj Gaur (Security Consultant, Palo Alto Networks Pvt Ltd)
1530hrs- 1545hrs
Tea Break
1545hrs-
1700hrs
Session 3 Contd.
Network Security (Contd.)
Mr. Dhiraj Gaur (Security Consultant, Palo Alto Networks Pvt Ltd)
1700hrs-
1730hrs
Briefing on Group Work and Individual
Assignments Dr.Charru Malhotra & Mr. Kamal Jain (Programme Coordinators)
Day -2: Wednesday, June 13, 2018
0930hrs –
1130hrs
Session 4
End Point Security
Mr. Sanesh Vig (Technical Solution Professional, Microsoft India)
1130hrs- 1145hrs
Tea Break
1145hrs-
1230hrs
Session 4 Contd.
End Point Security (Contd.)
Mr. Sanesh Vig (Technical Solution Professional, Microsoft India)
1230hrs-
1300hrs
Session 5
Internet Separation
Mr. Ravinder Singh (Director - Cyber security, Dell EMC)
Mr. Anup Tiwari
(Sr. Technology Consultant, VMware Software India
Pvt Ltd)
1300hrs- 1400hrs
Lunch Break
1400hrs –
1530hrs
Session 6
Application and Data Security
Mr. Amarpreet Singh (Security Delivery Leader- Data & Application
Security, IBM)
Ms.Neeti Vohra
(Joint Director, Corporate R & D, CDAC, Pune)
1530hrs – 1545hrs
Tea Break
1545hrs –
1700 hrs
Session 6 Contd.
Application and Data Security
(Contd.)
Mr. Amarpreet Singh (Security Delivery Leader- Data & Application
Security, IBM)
Ms.Neeti Vohra
(Joint Director, Corporate R & D, CDAC, Pune)
Day-3 : Thursday, June 14, 2018
0930hrs –
1130hrs
Session 7
Cloud Security & Emerging
Technologies
Mr. Dhiraj Gaur (Security Consultant, Palo Alto Networks Pvt Ltd)
1130hrs- 1200hrs
Tea Break
1200hrs -
1300hrs
Session 8
Cyber Crisis Management Plan
(CCMP)
Ms.Savita Utreja (Scientist 'G' / Senior Director, Indian Computer
Emergency Response Team(CERT-In)
1300hrs- 1400hrs
Lunch Break
1400hrs –
1600hrs
Session 9
Operation/Monitoring- Related Cyber
Security Issues
Dr.Charru Malhotra (Associate Professor – e-Governance & ICT)
Mr. Amarpreet Singh
(Security Delivery Leader- Data & Application
Security, IBM)
1600hrs – 1615hrs
Tea Break
1630hrs-
1730hrs
Session 10
Overview of IT Act & Amendments
Mr. Pavan Duggal (Sr. Cyber Advocate, President of Cyberlaws.Net)
Day-4 : Friday, June 15, 2018
0900hrs –
1230hrs
Session 11
Group Presentations by Participants
Panel Experts
Mr. Dipak Singh, (Sr Director, MeitY)
Mr. Kamal Jain
(Programme Coordinator & SGM CB, NeGD)
Dr.Charru Malhotra
(Programme Coordinator , IIPA)
Mr. Ashutosh Chadha
(Group Director, Government Affairs & Public
Policy Microsoft India)
1230hrs – 1330hrs
Valedictory Session
Programme Highlights:
Dr. Charru Malhotra (Programme Coordinator , Indian Institute of Public Administration)
Ministry’s Vision:
Mr. Vinay Thakur (Director, CB, NeGD)
Way forward:
Mr. Dipak Singh (Sr Director, MeitY)
Concluding Remarks:
Prof. V.K.Sharma (Professor, Indian Institute of Public Administration)
Valedictory Address by the Chair
Shri Pankaj Kumar, IAS (Additional Secretary, Ministry of Electronics and Information Technology)
Vote of Thanks:
Mr. Kamal Jain (Programme Coordinator, SGM CB, NeGD)
Assignment instructions Validation plan for Day 4(open to enhancement)
1. Group Assignment a. Nos of Groups - 5-6 b. Group Size - 5-8 c. To be made on the first day and announce during the last session of day one by the course coordinator (IIPA in the first programme) d. Member Mix- As per assignment e. Submission - Presentation in prescribed format - 20 mnts followed by 10 mnts for Q&A on day 4- preferably each member has to contribute during presentation/Q&A f. First two groups to be given some award- Cross ranking by participants and the panel (MeitY, CDAC/CERTIN, NeGD and Industry) g. Possible Assignments - Group to consider itself as an organization distributed to Head Office and Regional /Divisional Offices in various locations, have over 600 regular and 200 outsources employees. The organization have IT applications for key functions like Finance, HR and some key business function (citizen/Business/G2G service - to be assumed by the group) and come up with
1. A Network Security policy of the organization. 2. Security Related Monitoring Mechanism, Accountability related clauses and SLAs in IT related outsourcing arrangements. 3. Definition and Identification of Critical Information Infrastructure in the organization 4. Institutional Structure and Incident response Mechanism in your organization to handle Cyber Security related incidence citing an actual/imaginary scenario 5. End Point Security Policy 6. Log Management and Review Policy/ Data Classification and Back Up Management policy
2. Individual Assignments (Name and Dept not required, This will be kept confidential) Announcement to made on day one
a. To be done by each individual b. To be submitted on day 4, in Digital form to be mailed to Mr Dipak Singh and Mr. Kamal Jain and Dr. Charru Malhotra(word or pdf) c. Assignment
List Critical IT assets and applications in your organization
Briefly describe O&M model of major asset category in your organization
Who is responsible for security (both physical and Digital) of that asset
Existing security related policies, if any, in your organizations
Gap in existing Cyber Security arrangements that you have identified during training
Action plan for next 3 months to address these gaps
Chief Information Security Officers’ Deep Dive Training
under
Cyber Surakshit Bharat initiative
June 12-15, 2018
Conference Hall , First Floor, Indian Institute of Public Administration
(IIPA), I. P. Estate, Outer Ring Road,
New Delhi-110002
Mr. Gulshan rai
National Cyber Security Coordinator, PMO, India
Phone (O) – 23747965, 24368572
Email: [email protected]
Mr. Ajay Prakash Sawhney
Secretary, MeitY, India Phone (O) – 24364041
Email: [email protected]
S.No. Name Designation with organisation
1. Mr. Dhiraj Gaur Security Consultant
Palo Alto Networks (India) Pvt. Ltd.4.47 Worldmark 2, Aerocity,
Delhi 110 037
2. Mr. Navin Kaul Senior Manager Ernst & Young LLP
6th Floor, WorldMark 1, Aerocity,
3. Mr. Amarpreet Singh Security Delivery Leader - DAS (Data & Application
Security) IBM A-26, Sector 62 Noida - 201301
4. Mr. Sanesh Vig Technical Solution Professional Microsoft India
5. Ms Neeti Vohra Joint Director, Corporate R & D CDAC, Pune
6. Ms Savita Utreja Scientist ‘G’/Senior Director CERT-In
Electronics Niketan
6 CGO Complex New Delhi – 110003
7. Mr. Vidur Gupta Partner-Advisory Services, Ernst & Young
8. Anup Tiwari Sr. Technology Consultant, VMware Software India Pvt Ltd
9. Dr. T. Chatterjee Director, Indian Institute of Public Administration
10. Prof. V.K.Sharma , Indian Institute of Public Administration
11. Dr. Charru
Malhotra
Associate Professor (e-Gov & ICT)Indian Institute of Public Administration
12. Mr Ashutosh Chadha Group Director, Government
Affairs & Public Policy Microsoft India
13. Ms Aditee Rele Microsoft India
14. Mr Ravi Vijayvargiya Senior Technical Director NIC
15. Mr Ajay Lakra Additional Director CERT-In
Electronics Niketan, 6 CGO Complex
New Delhi 110003
16. Mr Arvind Kumar Scientist ‘G’ & GC MeitY
17. Mr Vinod Kumar
Chauhan
Scientist ‘C’ MeitY
Ministry Officials and Core Project Team at IIPA
MeitY Officials Name Designation Contact no.
(011) Email id
Mr. Ajay Prakash Sawhney
Secretary
24364041 [email protected] Mr. Sanjay Goel Joint
Secretary 24363114 [email protected]
Mr. Vinay Thakur Director, Project Development
30481618
24301933
Mr. Dipak Singh Sr Director, MeitY 24301305 [email protected]
Mr. Kamal Kr. Jain SGM CB, NeGD
9958967194 [email protected]
Mr. Vinay Singh Consultant, NeGD 8800440771 [email protected]
IIPA Team
Name Designation Contact no. Email id
Dr. Tishyarakshit Chatterjee, IAS
Director, IIPA 9717778418 [email protected]
Mr. Amitabh Ranjan Registrar, IIPA 9868164013 [email protected]
Dr. Charru Malhotra
Project Coordinator
Associate Professor (e- Governance & ICT)
9818529298
23468393
Ms. Rashmi Anand Sr. Research Officer 8800602134, 9868534834
[email protected], [email protected]
Ms. Shilpa Yadav Research Officer 7701921513 [email protected]
Ms. Surabhi Dalal Research Officer 9990172030 [email protected]
Ms. Nishtha Agarwal Research Officer 9868225926 [email protected]
Mr. Hemant Chandra Training Cell 9971671766 [email protected]
FOUNDING PARTNERS
KNOWLEDGE PARTNERS
1 | P a g e
TRAINING BRIEF
Chief Information Security Officers’ –CISOs’ First Deep Dive Training on CyberSecurity under CyberSecurity
Bharat Initiative ( June 12-15, 2018)
Ministry of Electronics and Information Technology (MeitY) and National e-Governance Division
(NeGD) had collaborated with IIPA to design and conduct the CISOs’ First Deep Dive Training
Program (June12-15, 2018). This four-daytechnical training on cybersecurity had focusedon
several objectives including :-
1. Creating awareness on the emerging landscape of cyber threats
2. Provide in-depth understanding on key activities, new initiatives, challenges and related
solutions
3. Applicable frameworks, guidelines and policies related to cyber security
4. Share best practices and learn from successes and failures
5. Provide key inputs to take informed decision on cyber security related issues in their
respective functional areas
Thirty participants had attended the training - who were primarily chief security officers, chief
technical officers – the officers responsible to observe security of the IT systems in central and
state ministries/departments and subordinate agencies, including PSU banks, insurance companies,
and technical wings of police and security forces. In the welcome address at the Inaugural function,
Director-IIPA prophesized that diplomacy and military conflicts would no longer be confined to
border and that cybesecurity would now form a significant part of all of these. In similar vein, Dr.
Gulshan Rai (National Cyber Security Coordinator, Prime Minister’s Office, Govt of India), who
had been gracious enough to the Chief Guest of the Inaugural function, prodded the CISOs to
possess a compound set of expertise ranging from technical, managerial, responsible for risk
assessment. Sh. Rakesh Maheshwari (Group Coordinator, CyberLaw, Cyber-Security, Cert-in,
MeitY) reminded that all organisations, therefore must chalk out a cyber crisis management plan
(CCMP). Over these four days, the CISOs were trained by industry practioners drawn from E&Y,
IBM, Microsoft, Paloalto Networks, Dell EMC as well as senior experts from both Cert-in and
IIPA. Routine online quizzes were conducted to gauge the intermittent knowledge captured by the
participants using online platform by the industry experts and IIPA and awards were given to the
participant.
At the fourth day, the participants delivered group presentations on topics such as
1. Network Security Policy of the organization
2. Security Related Monitoring Mechanism, Accountability related clauses and SLAs in IT
related outsourcing arrangements
3. Definition and Identification of Critical Information Infrastructure in the organization
4. Institutional Structure and Incident response Mechanism in your organization to handle
Cyber Security related incidence citing an actual/imaginary scenario
5. End Point Security Policy
6. Log Management and Review Policy/ Data Classification and Back Up Management
policy
These presentations were evaluated by eminent jury drawn from industry (Mr. Ashutosh Chaddha,
Microsoft), Academia (Dr. Rahul Johari, faculty at University School of Information and
2 | P a g e
Communication Technology, Guru Gobind Singh Indraprastha University, Dwarka), government
(Mr. Dipak Singh), renowned practitioner (Mr. Rakshit Tandon) and IIPA seniors (Dr. Charru
Malhotra). The best two presentations were given the first and second position respectively.
In the valedictory session, Shri Pankaj Kumar, IAS (Additional Secretary- MeitY) in his
valedictory address referred to this training by IIPA as a “historical event” – since it was the first
training program of the prestigious CyberSecurity Bharat Initiative flagged off by the Prime
Minister of India.
Overall, the dignitaries, industry, and participants all hailed this endeavor by IIPA as a unique PPP
capacity building effort that would surely empower government departments to be more cyber
resilient.
This highly intense skill based cybersecurity training was designed, and coordinated by Dr. Charru
Malhotra (Associate Professor – e-Governance and ICT), Indian Institute of Public Administration
and Mr. Kamal Jain (SGM CB, NeGD, MeitY).
Some glimpses of the CISO Deep Dive Training
June 12-15, 2018
Pic 1: Group Photograph of the Inaugural session - Dr. Gulshan Rai (National Cyber Security Coordinator, PMO) in the
center,flanked by L to R - Dr. T. Chatterjee (Director, IIPA), Mr. Rakesh Maheshwari (Group Coordinator, MeitY), Mr. Dipak
Singh (Sr. Director MeitY). To the left of Dr. Gulshan Rai (centre) is Dr. Charru Malhotra (Associate Professor IIPA), Mr. Ashutosh
Chadha (Group Director, Government Affairs & Public Policy, Microsoft), Mr. Kamal Jain( Sr. General Manager, NeGD) and Mr.
3 | P a g e
Vinay Singh (NeGD).In the second row- Prof. V.K. Sharma (Sr. Professor IIPA). Last row L to R : Mr. Vidhur Gupta ( Partner,
Advisory Services, E & Y) and NavinKaul ( Sr. Manager, E & Y) along with training participants and IIPA team .
Pic 2: Dr. Gulshan Rai (National Cyber Security
coordinator) with Dr. Tishyarakshit Chatterjee (Director IIPA) along with Mr. Dipak Singh from
MeitY and Dr. Charru Malhotra at the inaugural
ceremony on 12/6/2018
Pic 3: Mr.Rakesh Maheshwari (Group coordinator
MeitY) addressing the CISOs at the inaugural
ceremony on 12/6/2018
Pic 4: CISOs attending the Deep Dive Training
4 | P a g e
Pic 5: Sh. Pankaj Kumar addressing the CISOs in the
valedictory session 15/6/2018
Pic 6: Dr. Charru Malhotra addressing the CISOs in the
valedictory session on 15/6/2018
Pic 7: Dr. Charru Malhotra and Prof. V.K. Sharma along with
Mr.Dipak Singh (MeitY) giving Shri Pankaj Kumar ( Additional Secretary, MeitY) a token of gratitude at the
valedictory session on 15/6/2018
5 | P a g e
Pic 8: Group photograph of the Valedictory session 15/8/2018- Shri Pankaj Kumar ( Additional Secretary, MeitY) in the center with Mr. Dipak Singh
(MeitY), Mr. Kamal Jain (NeGD), Prof V.K. Sharma (professor IIPA), Dr. Charru Malhotra (Associate Professor, IIPA). To the left of Shri Pankaj Kumar
Mr. Ashutosh Chadha, Mr. Rahul Johari (Jury members)