 |
| |
|
India Information Security Forum
|
Importance
In recent years, the development of information technology (IT) has brought with it a rapid increase in the use of open network systems, as typified by the Internet, providing various types of services to different industries. Concurrently, proper management of information security risks such as the risk of service interruptions, theft or alteration of data, impersonation and other events resulting from unauthorized access to the computer system is rapidly becoming critical.
If these risks should occur and cause unauthorized transactions and service interruptions, not only could the one affected business process be adversely affected, but the entire business system could also be impacted. In order to ensure smooth working of the businesses, while reaping the benefits from the remarkable advance of the IT revolution, it is vital for each organization to become thoroughly cognizant of the importance of information security, and to work for managing risk systematically throughout the organization in line with each situation, under the active involvement of management.
These risks are common across all organizations and therefore in this recognition, an Information Security Forum which would help to harness renowned expertise from various sectors of industry and the collective knowledge and experience of our members delivering practical guidance and solutions to overcome wide-ranging security challenges impacting business information today.
Purpose
The Forum shall be an unincorporated association of organizations in the commercial and public sector. The association shall exist for the purposes of addressing security and related issues concerned with the use of information and information technology by Forum Members and with the use of such in the commercial and public sectors generally. In particular, the Forum shall endeavor to be an organization dedicated to clarifying and resolving the key issues in information security in a manner that accelerates the development of solutions that help in meeting the business needs of Forum Members.
Forum Charter
While the final charter for the forum will emerge from the discussions with leading members of the forum, it is suggested that the forum would look into the following issues with a view to counter the risks involved for information security in an organized manner.
- Technical support - Provide technical advice and information in the area of Information Security.
- Education & Awareness - Spreading awareness about the importance of Information Security amongst organizations. Educating the management about the need of Information Security.
- Information Sharing - This would include sharing information on various developments in the field of Information Security across the world, so as to enable incorporation of these developments in the IT environment of the organizations.
Typical Activities
The Information Security Forum will be focusing on activities oriented towards security architectures & frameworks, best practices, and governance. The key areas of focus would be:
- Data Security
- Security Strategy Framework
- Evaluation of Information Risk
- Security Architecture
- Identity and Authentication Management
- IT Audit and Compliance
Typical Members
Information Security Forum is governed by an Executive, which ensures the efficient and effective operation and development of the forum in the best interests of its members.
A Working Body is responsible for representing 'Information Security Forum Members' interests and ensuring a balanced work programme which reflects the needs of its members. Membership is evenly spread over a wide range of sectors, such as Suppliers of IT Consultancy and Professional services, Banking Financial Services and Insurance, Governmental Agencies, Air and Transportation Services, Chemicals, Healthcare and Pharmaceuticals, Electronics, Engineering and Manufacturing, Media, Telecommunications and Education, Power Energy and Mineral Resources, Retail and Hospitality
Agenda
The objectives of the Forum shall be, to:
- Understand and articulate the information security and related concerns of Forum Members.
- Identify research, analyze and address in a practical way information security and related matters of interest to Forum Members, and to disseminate the results of such work appropriately.
Phases
- Phase 1 Setting up of the India Cyber Security Forum framework
- Founding members
- Secretariat
- Selection of the governing council of the India Cyber Security Forum
- Members would be from the founding members, by invitation,
- Including Director CERT, DIT representative, and
- Deputy NSA/JS NSCS
- legal and enforcement agencies.
- Defining charter and rules of memberships
- Defining what information would be shared, and how
- Setting up of the India Cyber Security Forum web-site
- Begin work related to tackling the menace of Phishing and Spam in two subcommittees.
- Interface with CERT-in
- Phase 2
- Setting up information aggregation and dissemination feeds/channels
- Setting up interfaces with other Departments of government, industry and academia.
- Phase 3
- Setting up of sectoral Sub Committees under India Cyber Security Forum.
- Phase 4
- Setting up of threat and artifact analysis capability
Launch
- The proposal to establish the India Cyber Security Forum has been discussed in the Indo US ICT WG meeting in December 2008 to co opt US CERT and industry members.
- A CII-Government Seminar on Trusted Computing and Information Sharing’ can be held in March 2008 to coincide with the launch.
|
|
|
|
