In a bid to fortify the cybersecurity posture of government organizations, CERT-In (the Computer Emergency Response Team of India) has recently issued a pivotal directive. Under these newly mandated guidelines, every government entity is now obligated to appoint a Chief Information Security Officer (CISO). These CISOs will play a pivotal role in safeguarding sensitive data and digital assets against an ever-evolving landscape of cyber threats. Moreover, as part of this comprehensive cybersecurity strategy, government entities are also required to furnish CERT-In with essential details about their appointed CISOs. This proactive measure underscores the growing emphasis on cybersecurity readiness within the public sector, reflecting the pressing need for robust defenses against digital threats in today’s interconnected world.
The Indian Computer Emergency Response Team (CERT-In) has taken a significant step towards strengthening cybersecurity across government organizations by issuing a comprehensive set of guidelines. These guidelines, released on Friday, are designed to ensure the safety and security of government digital infrastructure in the face of evolving cyber threats.
“The guidelines shall assist security teams to implement baseline and essential controls and procedures to protect their cyberinfrastructure from prominent threats. These guidelines shall also act as a baseline document for administration and audit teams (internal, external/ third-party auditors) to evaluate an organization’s security posture against cyber security baseline requirements,”
read the notification.
As part of these new guidelines, CERT-In has made it mandatory for senior management within government organizations to nominate a Chief Information Security Officer (CISO) responsible for overseeing information technology security. Additionally, details of the appointed CISO must be shared with CERT-In.
Furthermore, these directives emphasize the formulation of a robust cybersecurity policy by all government bodies. They also stress the assignment of clear roles and responsibilities to the CISO and the establishment of dedicated and proficient cybersecurity teams.
The guidelines go even further, advocating for regular internal and external audits of the entire ICT (Information and Communication Technology) infrastructure. Internal information security audits should be conducted at least once every six months, while third-party security audits must take place at least once a year.
These guidelines come in response to a series of cyberattacks on government-run websites and infrastructure, including a notable attack on the All India Institute of Medical Sciences (AIIMS) last year. Such attacks have underscored the urgent need for robust cybersecurity measures across government agencies.
CERT-In asserts that these new guidelines will provide a prioritized baseline for cybersecurity measures and controls within government organizations and their affiliated entities. It is part of a broader effort by the government to ensure a secure and accountable digital space.
“The government has taken several initiatives to ensure an open, safe & trusted and accountable digital space. The guidelines are an important part of our larger cybersecurity framework,”
stated Rajeev Chandrasekhar, the Minister of State for Electronics and Information Technology.
In support of these efforts, Threatsys is launching its new service, “Virtual CISO Advisory Services.” Threatsys Virtual CISO (vCISO) services are designed to assist government entities and businesses in safeguarding their information assets while maintaining business operations with enhanced cybersecurity expertise to reduce business risk.
A Virtual CISO is an outsourced security expert who provides ongoing guidance to an organization, helping to design and manage its security strategy. Threatsys’ vCISO services offer a subscription-based security management solution, particularly tailored to smaller and mid-sized companies, allowing them to partner with specialist information security professionals.
These services encompass effective advisory strategies and controls, enabling organizations to build a strong cybersecurity posture in an increasingly digital world. As vulnerabilities grow with digital transformation, Threatsys Virtual CISO Consulting Services provide robust security leadership on a subscription-based model, akin to XaaS (Anything as a Service) models.
If you’re seeking affordable and effective Virtual CISO Services (vCISO) in India, Threatsys’ team of senior and experienced Cyber Security Professionals, having Certifications like CISA, CISM, CCISO, CISSO, CEH, CPENT+LPT, etc., are ready to assist you in enhancing your organization’s cybersecurity defenses.
How we can help
We are incredibly proud of our team of Cyber Security Engineers, who are always eager to roll up their sleeves and tackle your Cyber Security Risks, ensuring your business needs are met with utmost dedication. Our mission is to exceed your expectations and establish a long-term, mutually beneficial relationship with you.
Threatsys Cyber Security Testing Services guarantees your safety by leveraging cutting-edge security technologies and experts that can spot vulnerabilities and remove threats from systems while utilizing cutting-edge features. Connect now with Threatsys the No. 1 Cyber Security company in Bhubaneswar which can help you succeed in the supply chain attack. As it is better to stop a supply chain attack than to suffer its consequences, so take the required measures to ensure your business today.
Stay ahead of the game and protect your organization from cybersecurity attacks. Don’t wait for an attack to occur, take preventive measures today.
Increase your preparedness,
Solidify your security stance