July News Letter - dsci.in - Data Security Council of India · PDF fileDSCI NEWS 2 June-July...
-
Upload
phungkhuong -
Category
Documents
-
view
214 -
download
2
Transcript of July News Letter - dsci.in - Data Security Council of India · PDF fileDSCI NEWS 2 June-July...
DSCI NEWS NEWSLETTER OF DATA SECURITY COUNCIL OF INDIA
DSCI wishes you a very “HAPPY INDEPENDENCE DAY”
June-July 2014
DSCI Certi�ed Privacy Lead Assessor TrainingAugust 20-22, 2014 Royal Orchid Hotel, Bangalore
2nd Hyderabad Security ConferenceSeptember 12, 2014Novotel & HICC Complex, Near Hitec City,Hitex Road, Hyderabad
UPCOMING EVENTS
Register Today
Register Today
DSCI NEWS
2
June-July 2014
Joint Working Group MeetingA meeting with Joint Working Group (JWG) was held on July 16, 2014 where the MHA informed that the National Information Security Policy and Guidelines (NISPG) had been developed with the help of DSCI, and approval of Home Secretary (HS) had been obtained to issue it. The proposal for the setting up of Cyber Policy Research Centre, and Security Standards, submitted by DSCI as CoEs was also deliberated. The group proposed DSCI to develop a paper on Risk Assessment in cyber security in some sectors. Some members volunteered to be part of the team to develop this paper.
Workshop on Preventing Telemarketing Frauds by FTC
US Federal Trade Commission-M3AAG in association with NASSCOM and DSCI organized a workshop on ‘Preventing Telemarketing Fraud: A Multi-Stakeholder Response Coordinating Enforcement, Education, and Technological Solutions’. The discussion deliberated on issues including technical support scams, immigration hoaxes and phantom debt collection calls that have defrauded global consumers millions of dollars, have damaged the reputation of outsourcing business and a�ected global trade. US FTC, DSCI and Nasscom along with DSCI members participated in the dialogue to address this threat and develop a multi-faceted action plan with the relevant stakeholders -representatives from Indian and foreign law enforcement, the business community, anti-abuse technology experts, and consumer advocates.
DSCI Privacy CertificationProgram
DSCI Privacy Certi�ed (DPC©) Organization
In the year 2014, DSCI launched its Certi�cation Program for organizations – DSCI Privacy Certi�ed (DPC©) to provide an assurance mechanism for organizations to demonstrate the privacy practices to relevant stakeholders and enhance trust. DPC© certi�cation scheme is based on the independent third party privacy assessment which are carried out by Assessment Organizations (AOs) based on DSCI Assessment Framework - Privacy (DAF-P©) and DSCI Privacy Framework (DPF©).
The assessors of the respective AOs are trained and certi�ed by DSCI as DSCI Certi�ed Privacy Lead Assessor (DCPLA©). This equips them with necessary knowledge, skills and tools to undertake privacy assessments in organizations in line with the DSCI requirements. The assessment report submitted by the AOs is reviewed by DSCI, post which DSCI decides awarding the DPC© certificate to the organization. This certification is valid for a period of three years subject to surveillance assessments in 2nd and 3rd year. Organizations undergoing assessment can choose the scope of assessment, as per the guidelines provided in the Data Privacy Assessment Manual of DSCI.
Vodafone India, the �rst telecom company to receive the DSCI Privacy Certi�cation
Vodafone India Limited (VIL) – Delhi Circle became the �rst telecom organization to be granted as ‘DSCI Privacy Certi�ed’ (DPC©) organization. The c erti�cate wa s awarded by Prof. Balakrishnan, Chairman, DSCI during a ceremony, organized on the sidelines of DSCI Best Practices Meet on July 10, 2014.
The assessment of data privacy program implementation at Vodafone-Delhi Circle, in line with the requirements of DSCI Privacy Framework (DPF©) and DSCI Assessment Framework for Privacy (DAF-P©), was conducted by DNV GL- Assessment Organisation ( AO).
On the occasion Mr. Burgess Cooper, VP & CTSO, Vodafone India said,
Vodafone India’s Delhi circle has been awarded the coveted DSCI Privacy Certi�cation. The certi�cate benchmarks the privacy standards that Vodafone India complies with and also reiterates our focus on ‘Customer First’. The adoption of the DSCI framework has led to many business improvements including the reduction of high-risks, better coverage of privacy issues in our contracts, improved review of new business developments, standardized processes and detailed vendor audits. The certi�cation bene�ts us by ensuring that appropriate processes and procedures for personal data management are de�ned, documented and embedded in our privacy practices.
June-July 2014
For more details on the certification write to us at [email protected]
4
DSCI Certi�ed Privacy Lead Assessor (DCPLA©)– Training & Certi�cation Program
DSCI celebrated the completion one year of DCPLA© Training and Certification Program on June 5, 2014. The three-day training program which was conceptualized and designed to equip professionals with required knowledge and tools to assess organizations privacy program, garners a ‘DSCI Privacy Lead Assessors’ community with 268 DCPLA© trained professionals from over 90 organizations. Till now 14 batches have been conducted in various cities namely Delhi, Mumbai, Bangalore, Hyderabad, Pune, Chennai and Kolkata.
DSCI NEWS C
ase
Stud
y Driv
en I
nnovation Delivery Methods Strategic, Tractical & Operational Focus Policy D
eliberations
Technology Trends Contemporary Approaches
P
ract
ical
Insi
ghts
Global PrivacyEvolution &
Developments
DSCI DataPrivacy Assessment
Mannual
Legal
Frameworks in
India, EU & US
DSCI PrivacyFramework &
DSCI Assessment
Framework
Nine Assessment
Areas - Context,
Objectives &
Guidence
Introductionto Privacy
Concepts
(Classroom Training + Examination)DAYPROGRAM3
DCPLA© TRAINING OVERVIEW
TRAINEDPROFESSIONALS268
BATCHES14
Banking
Consulting
PharmaceuticalManufacturing
Insurance
IT/ BPM Law Firms
Telecom
ORGANIZATIONS90+
June-July 2014
5
On the occasion few DCPLA© professionals also shared their views about the program
The 13th & 14th batch of DCPLA© training was organized in in Bangalore and Delhi.
DSCI NEWS
An excellent course, the �rst of its kind in the country. Covers the whole ambit of the Indian Data Privacy Rules, and a comparison with the global Privacy landscape. A must have certi�cation for the Privacy professionals.
Arun Kumar Anand, Vice President & CISO,–NIIT Technologies Limited
I have known DSCI since its inception. I am extremely happy to see their consistent endeavor to make a difference in data security and privacy with initiatives happening within the industry in a big way.
Seema Bangera, CISO- Serco Global Services
The program conducted by DSCI exclusively for our team was turned out to be an excellent 3 days spent in debate, discussion and learning. The program structure comprising of lectures and case studies was well balanced and helped in topics being well understood. Role play was an icing on the cake. A big thanks to the DSCI team to make this happen.
Vinay Disley, General Manager–Enterprise Risk Management, Wipro
Every organization has privacy requirements, from its regulators, clients, end customers, or its own employees. DCPLA is a great program on understanding how to assess if your organization satis�es assessment criteria, and more importantly, what needs to be done to bridge the privacy chasm. The course is designed with good overview of the commonalities and di�erences between international as well as local privacy requirements, and is delivered by knowledgeable and experienced trainers. Highly recommended!
Ashish Chandra Mishra, CISO, Tesco HSC
June-July 2014
Read More ..
6
Roundtable by EastWest Institute
A roundtable on “Pathways to Improve Global Co-operation in Cyberspace” was organized by EastWest Institute on June 16-17 in San Francisco, US. The roundtable focused on eight speci�c topics, out of which Dr. Kamlesh Bajaj, CEO, DSCI participated in “Exploring Surveillance, Privacy and Big Data”. This group discussed transparency and accountability in the collection and use of information by government and organizations. He presented his views on the NSA Surveillance and its implications for cloud computing in the context of national security and underscored the need for global co-operation to put limits on surveillance in the name of counter-terrorism and national security.
Countries in the roundtable included Russia, China, Japan, India, Germany, Netherlands in addition to the US and several experts from the US universities and other organizations.
Strategic Partnership with Leading Law Institutions
Recognizing the need to increase the skill base of cyber security professionals in India and nurture the next generation talent in this �eld, DSCI is forging collaboration with leading institutions in India. In this endeavor, its most recent collaboration had been with Jindal Global Law School of the O.P Jindal Global University (JGU) and National Law School of India University (NLSIU).
Programs in association with DSCI
• Development of course materials on cyber security• Undertake collaborative research• Conduct joint skill development programs• Support industry-academia interactions in the areas of
cyber laws and data protection
DSCI NEWSJune-July 2014
The 6th DSCI Best Practices Meet (BPM) was held on July 9-10, 2014 at, The Leela Palace, Bangalore. The theme of this year was ‘SMAC: new paradigm for Security?’. The event was inaugurated by the Professor N. Balakrishnan, Chairman, DSCI.
BPM 2014 witnessed over 300 industry professionals, 61 speakers, 24 sessions- including policy, technical, debates, business etc in the form of multiple parallel track discussions, breakfast meets and keynote addresses. It provided the participants an opportunity to interact with the leaders in security and privacy and helped them understand and learn the contemporary practices which are evolving to address of SMAC adoption.
Session Highlights
The pre-event Workshops & Roundtable included on speci�c topics including IT Act and Amendments, Data Localization and Advanced Persistent Threats were very well received by the participants 350+
participants20+Sponsors &Partners
50+Speakers
9
DSCI NEWSDSCI Excellence Awards 2014 – Nomination Open
Fourth edition of DSCI Excellence Awards was opened for nominations on August 11. After running three editions of awards, from the experience gained and feedback received, the nomination forms for corporate segment have been revised from this year and was made online. Few new categories were added including ‘Security in Energy Sector organization’ Privacy in Outsourcing Sector’ and ‘Security Product of the Year’.
A report on ‘Industry Best Practices-Trends’ was also launched at the Best Practices Meet held on July 10.
DSCI awards honor organizations and individuals who have implemented robust, e�ective and resilient security programs, shown innovation, demonstrated commitment in the �eld of security and privacy and the LEAs for their exemplary e�orts in capacity building and cybercrime investigations.
DSCI Excellence Award for Security ino Banko Telecomo e-Governanceo e-Commerceo IT Services (Large)o IT Services (SME)o BPM (Large)o BPM (SME)o Energy Sector Organization
Industry Leaderso Security Leader of the Year
(Sector Specific)o Privacy Leader of the Year
Categories in Corporate Segment
Nominate TodayNominate Now India Cyber Cop of the year Excellence in Capacity Building
NEW
Privacy in Organizationso Privacy – Outsourcing Sector
(IT-ITeS/BPM)o Privacy – Other Sectors
Security Products and Companieso Emerging Information Security
Product Companyo Security Product of the Year
NEW
NEW
Categories in Law Enforcement Segment
NOMINATION FORMS OVERHAULED ANDNOW ONLINE
Nominate TodayNominate Now
Nominate for DSCI Excellence Awards 2014
June-July 2014
Session at Interop- Delhi 2014
• A panel discussion titled ‘How Consumerization of IT(SoCLoMo) is Transforming the Enterprise Security Landscape’ was organized at Interop- Delhi 2014 by UBM India. Mr. Aseem Mukhi, Senior Consultant, DSCI was co- panelist in the discussion. The panel discussion focused on the importance of security with the growing adoption of social, cloud and mobile (SloCoMo) and how the amalgamation of these technologies have enabled organizations to o�er collaborative, connective and on-demand services to consumers. The panel also discussed the challenges emerging with the convergence of these technologies. Mr. Mukhi, emphasized that in order to address these challenges the enterprises need their security architecture be more intelligent, content and context aware. He also highlighted that organizations need to focus on incorporating adequate provisions to protect privacy of their customers and employees.
Other panelists included Mr. Sundar Ramaswamy, Partner, KPMG (panel chair); Mr. Satyamoorti Sivasubramanian, CISO, Airtel; Mr. Rajesh Hemrajani, Head – IT Security, The Royal Bank of Scotland Group; and Mr. Srinivas L, Head of Enterprise Security Business, Samsung; Col. A K Anand, CISO, NIIT Technologies.
• Session on ‘Privacy Governance’ was delivered by Col. A KAnand, CISO, NIIT Technologies at Interop- Delhi 2014. He discussed the prevailing global and Indian privacy landscape, and evolving drivers for privacy regulations whilst highlighting the importance of implementation of a privacy program in an organization to safe guard privacy. He also discussed the challenges and pitfalls encountered during the course of privacy program implementation, for the bene�t of the audience.
Discussion on cyber security and critical information infrastructure protection by Embassy of Israel
Embassy of Israel convened a meeting with Mr. Zori Kor, Vice President, ASERO Worldwide and retired Israeli Security Agency (ISA) and DSCI members in New Delhi. Mr Kor, underscored the importance of ‘cyber security and critical information infrastructure protection for corporates’. He also shared his experience in handling issues in
counter-terrorismand protective security including cyber security and critical information infrastructure defense.
Over 15 DSCI representatives of DSCI members participated the exclusive meeting with Mr. Kor.
Cyber Labs Special Training Programs
• 404 police officers were trained in 5 day training oncybercrime investigations across eight cyber labs
• 858 officers were trained in short courses and speciallectures on cybercrimes & cyber forensics
• Conducted one week special course on informationsecurity for police officers of the Kolkata Cyber lab
• Special session was undertaken for National PoliceAcademy, Hyderabad and Department of PublicProsecution, Government of Karnataka on cybercrimeinvestigations. Special session on mobile forensics forCentral Detective Training School (CDTS), Hyderabadwas also conducted.
• Conducted cybercrime awareness session for Customsand Excise Officers of TNPA, Jammu and Kashmir Police
• Conducted a special session on cyber-crimes, BankingFrauds & Investigations for Lakshmi Vilas Bank (LVB)officials
• A training on Mobile phone investigations and MobileData Analysis was undertaken for CBI Academy. Over 40police officials participated.
Bangalore Chapter Meeting
The DSCI Bangalore Chapter meeting was hosted by Aujas Networks. It deliberated of topics including Cyber Resilience, Data Privacy and Information Security- Present and Future. It also outlined the roadmap for the chapter activities.
The key speakers at the meeting included Mr. Srinivas P, AVP and Head, Privacy & Data Protection, Infosys; Mr. Pallab Talukdar, President (India & Middle East) Aujas Networks; Mr. Sasi Kumar, Head- Platform Practice, Aujas Networks; Mr. Joseph Joshi, Sr. Information Risk Manager – ING Vysya Bank; and Mr. Rahul Jain, Principal Consultant, DSCI.
DSCI NEWSJune-July 2014
11
A special session for the senior management was also conducted and the respective Technology Heads, Regional Security Managers were apprised on the organization’s privacy commitments and practices.
The program was well received by the Vodafone employees. Over 1500 Vodafone employees were trained on basics of privacy through the e-learning module. The winners of Privacy Quiz were incentivized across all the circles of Vodafone. All the employees were also encouraged to adopt privacy posters on their desks.
Industry News
Vodafone Celebrated Privacy Awareness Month
In a bid to create awareness on privacy and promote privacy culture within the organization, Vodafone India celebrated “Privacy Awareness Month” in May. The program started with a message from CTSO/CPO on the importance of protecting personal information followed by the launch of various activities including ‘Privacy Basics’ e-learning Training, Privacy Quiz and Privacy Commitments posters among others.
DSCI NEWSJune-July 2014
Contributed Articles
Perils of di�dence Indian Express, June 20, 2014, Dr. Kamlesh Bajaj, CEO, DSCI http://indianexpress.com/article/opinion/columns/perils-of-diffidence/1/
NETmundial: Is the world any closer to global oversight of the Internet?EastWest Institute, 01 July, 2014, Dr. Kamlesh Bajaj, CEO, DSCI http://www.ewi.info/idea/netmundial-world-any-closer-global-oversight-internet.
Industrial Espionage and Counterterrorism Surveillance: Two Sides of the Same CoinChina-US Focus, 09 July, 2014, Dr. Kamlesh Bajaj, CEO, DSCIhttp://www.chinausfocus.com/peace-security/industrial-espionage-and-counterterrorism-surveillance-two-sides-of-the-same-coin/
Right to be forgotten - an Indian perspectiveETCIO.com, 24 June, 2014, Rahul Jain, Principal Consultant, DSCIhttp://cio.economictimes.indiatimes.com/tech-talk/Right-to-be-forgotten-an-Indian-perspective/240
Is NETmundial a lost opportunity?Information Week, 26 June, 2014, Rahul Sharma, Senior Consultant, DSCIhttp://www.informationweek.in/informationweek/perspective/296732/netmundial-lost-opportunity
12
DSCI NEWSJune-July 2014
Cyberspace: Post-Snowden Strategic Analysis – Journal by IDSA, July 28, 2014, Dr. Kamlesh Bajaj, CEO, DSCI (The author has restricted the circulation and its use for research, teaching, and private study purpose only.Please write to [email protected] to have a copy)
13
Vodafone India �rst telecom company to receive DSCI privacy certi�cation
Information Week, July 2014http://www.informationweek.in/informationweek/press-releases/297192/vodafone-india-telecom-company-receive-dsci-privacy-certi�cation?utm_source=referrence_article
CIOL Online, July 22,2014http://www.ciol.com/ciol/news/217997/vodafone-india-telecom-company-receive-dsci-privacy-certi�cation
Annecto Telecom, July 23, 2014http://annectotelecom.co.za/vodafone-india-becomes-�rst-telecom-company-receive-dsci-privacy-certi�cation/
Data Security Council of India signs MoU with NLSIU
Business Standard, July 29, 2014http://www.business-standard.com/article/pti-stories/dsci-inks-pact-with-nlsiu-for-cyber-law-research-114071101105_1.html
Indians most-willing to trade personal data for better e-service: Study
Livemint, June, 19, 2014http://www.livemint.com/Industry/NPRShpnU9Ue9enXarYl1BM/Indians-mostwilling-to-trade-personal-data-for-better-eser.html
What India Sorely Needs: Cyber Forensic Experts
CSO Forum, 03 July 2014http://www.csoforum.in/cso_forum/features/40689/india-sorely-cyber-forensic-experts
Does EU's Right to be Forgotten put barrier on the Net?
Business Standard, June 24, 2014http://www.business-standard.com/article/current-a�airs/does-eu-s-right-to-be-forgotten-put-barrier-on-the-net-114062400073_1.html
DSCI NEWSMedia Coverages
Blogs By Brian Pereira, July 11, 2014http://techwow.wordpress.com/2014/07/11/report-1-6th-dsci-best-practices-meet-it-act-and-its-amendments/
June-July 2014
14
DSCI NEWS
Editorial Board
Priti VandanaManager - Marketing & Communications, DSCI
Aseem MukhiSenior Consultant, DSCI
Data Security Council of IndiaNiryat Bhawan, 3rd Floor, Rao Tula Ram Marg,New Delhi - 110057, IndiaPhone: +91-11-26155070, Fax: +91-11-26155071Email: [email protected], Website: www.dsci.in
Follow us on:
About DSCIDSCI is a focal body on data protection in India, set-up as an independent Self Regulatory Organization (SRO) by NASSCOM®, to promote data protection, develop security and privacy best practices & standards and encourage the Indian industries to implement the same.
DSCI is engaged with the Indian IT/BPM industry, their clients worldwide, Banking and Telecom sectors, industry associations, data protection authorities and other government agencies in di�erent countries. It conducts industry wide surveys and publishes reports, organizes data protection awareness seminars, workshops, projects, interactions and other necessary initiatives for outreach and public advocacy. DSCI is focused on capacity building of Law Enforcement Agencies for combating cyber crimes in the country and towards this; it operates several cyber labs across India to train police officers, prosecutors and judicial officers in cyber forensics.
Public Advocacy, Thought Leadership, Awareness and Outreach and Capacity Building are the key words with which DSCI continues to promote and enhance trust in India as a secure global sourcing hub, and promotes data protection in the country.
data-security-council-of-india dsci.connect dsci_connect dsci.video
June-July 2014