DSCI NEWS NEWSLETTER OF DATA SECURITY COUNCIL OF INDIA

DSCI wishes you a very “HAPPY INDEPENDENCE DAY”

June-July 2014

DSCI Certi�ed Privacy Lead Assessor TrainingAugust 20-22, 2014 Royal Orchid Hotel, Bangalore

2nd Hyderabad Security ConferenceSeptember 12, 2014Novotel & HICC Complex, Near Hitec City,Hitex Road, Hyderabad

UPCOMING EVENTS

Register Today

Register Today

DSCI NEWS

2

June-July 2014

Joint Working Group MeetingA meeting with Joint Working Group (JWG) was held on July 16, 2014 where the MHA informed that the National Information Security Policy and Guidelines (NISPG) had been developed with the help of DSCI, and approval of Home Secretary (HS) had been obtained to issue it. The proposal for the setting up of Cyber Policy Research Centre, and Security Standards, submitted by DSCI as CoEs was also deliberated. The group proposed DSCI to develop a paper on Risk Assessment in cyber security in some sectors. Some members volunteered to be part of the team to develop this paper.

Workshop on Preventing Telemarketing Frauds by FTC

US Federal Trade Commission-M3AAG in association with NASSCOM and DSCI organized a workshop on ‘Preventing Telemarketing Fraud: A Multi-Stakeholder Response Coordinating Enforcement, Education, and Technological Solutions’. The discussion deliberated on issues including technical support scams, immigration hoaxes and phantom debt collection calls that have defrauded global consumers millions of dollars, have damaged the reputation of outsourcing business and a�ected global trade. US FTC, DSCI and Nasscom along with DSCI members participated in the dialogue to address this threat and develop a multi-faceted action plan with the relevant stakeholders -representatives from Indian and foreign law enforcement, the business community, anti-abuse technology experts, and consumer advocates.

DSCI Privacy CertificationProgram

DSCI Privacy Certi�ed (DPC©) Organization

In the year 2014, DSCI launched its Certi�cation Program for organizations – DSCI Privacy Certi�ed (DPC©) to provide an assurance mechanism for organizations to demonstrate the privacy practices to relevant stakeholders and enhance trust. DPC© certi�cation scheme is based on the independent third party privacy assessment which are carried out by Assessment Organizations (AOs) based on DSCI Assessment Framework - Privacy (DAF-P©) and DSCI Privacy Framework (DPF©).

The assessors of the respective AOs are trained and certi�ed by DSCI as DSCI Certi�ed Privacy Lead Assessor (DCPLA©). This equips them with necessary knowledge, skills and tools to undertake privacy assessments in organizations in line with the DSCI requirements. The assessment report submitted by the AOs is reviewed by DSCI, post which DSCI decides awarding the DPC© certificate to the organization. This certification is valid for a period of three years subject to surveillance assessments in 2nd and 3rd year. Organizations undergoing assessment can choose the scope of assessment, as per the guidelines provided in the Data Privacy Assessment Manual of DSCI.

Vodafone India, the �rst telecom company to receive the DSCI Privacy Certi�cation

Vodafone India Limited (VIL) – Delhi Circle became the �rst telecom organization to be granted as ‘DSCI Privacy Certi�ed’ (DPC©) organization. The c erti�cate wa s awarded by Prof. Balakrishnan, Chairman, DSCI during a ceremony, organized on the sidelines of DSCI Best Practices Meet on July 10, 2014.

The assessment of data privacy program implementation at Vodafone-Delhi Circle, in line with the requirements of DSCI Privacy Framework (DPF©) and DSCI Assessment Framework for Privacy (DAF-P©), was conducted by DNV GL- Assessment Organisation ( AO).

On the occasion Mr. Burgess Cooper, VP & CTSO, Vodafone India said,

Vodafone India’s Delhi circle has been awarded the coveted DSCI Privacy Certi�cation. The certi�cate benchmarks the privacy standards that Vodafone India complies with and also reiterates our focus on ‘Customer First’. The adoption of the DSCI framework has led to many business improvements including the reduction of high-risks, better coverage of privacy issues in our contracts, improved review of new business developments, standardized processes and detailed vendor audits. The certi�cation bene�ts us by ensuring that appropriate processes and procedures for personal data management are de�ned, documented and embedded in our privacy practices.

June-July 2014

For more details on the certification write to us at assessment@dsci.in

4

DSCI Certi�ed Privacy Lead Assessor (DCPLA©)– Training & Certi�cation Program

DSCI celebrated the completion one year of DCPLA© Training and Certification Program on June 5, 2014. The three-day training  program which was conceptualized and designed to equip professionals with required knowledge and tools to assess organizations privacy program, garners a ‘DSCI Privacy Lead Assessors’ community with 268 DCPLA© trained professionals from over 90 organizations. Till now 14 batches have been conducted in various cities namely Delhi, Mumbai, Bangalore, Hyderabad, Pune, Chennai and Kolkata.

DSCI NEWS C

ase

Stud

y Driv

en I

nnovation Delivery Methods Strategic, Tractical & Operational Focus Policy D

eliberations

Technology Trends Contemporary Approaches

P

ract

ical

Insi

ghts

Global PrivacyEvolution &

Developments

DSCI DataPrivacy Assessment

Mannual

Legal

Frameworks in

India, EU & US

DSCI PrivacyFramework &

DSCI Assessment

Framework

Nine Assessment

Areas - Context,

Objectives &

Guidence

Introductionto Privacy

Concepts

(Classroom Training + Examination)DAYPROGRAM3

DCPLA© TRAINING OVERVIEW

TRAINEDPROFESSIONALS268

BATCHES14

Banking

Consulting

PharmaceuticalManufacturing

Insurance

IT/ BPM Law Firms

Telecom

ORGANIZATIONS90+

June-July 2014

5

On the occasion few DCPLA© professionals also shared their views about the program

The 13th & 14th batch of DCPLA© training was organized in in Bangalore and Delhi.

DSCI NEWS

An excellent course, the �rst of its kind in the country. Covers the whole ambit of the Indian Data Privacy Rules, and a comparison with the global Privacy landscape. A must have certi�cation for the Privacy professionals.

Arun Kumar Anand, Vice President & CISO,–NIIT Technologies Limited

I have known DSCI since its inception. I am extremely happy to see their consistent endeavor to make a difference in data security and privacy with initiatives happening within the industry in a big way.

Seema Bangera, CISO- Serco Global Services

The program conducted by DSCI exclusively for our team was turned out to be an excellent 3 days spent in debate, discussion and learning. The program structure comprising of lectures and case studies was well balanced and helped in topics being well understood. Role play was an icing on the cake. A big thanks to the DSCI team to make this happen.

Vinay Disley, General Manager–Enterprise Risk Management, Wipro

Every organization has privacy requirements, from its regulators, clients, end customers, or its own employees. DCPLA is a great program on understanding how to assess if your organization satis�es assessment criteria, and more importantly, what needs to be done to bridge the privacy chasm. The course is designed with good overview of the commonalities and di�erences between international as well as local privacy requirements, and is delivered by knowledgeable and experienced trainers. Highly recommended!

Ashish Chandra Mishra, CISO, Tesco HSC

June-July 2014

Read More ..

6

Roundtable by EastWest Institute

A roundtable on “Pathways to Improve Global Co-operation in Cyberspace” was organized by EastWest Institute on June 16-17 in San Francisco, US. The roundtable focused on eight speci�c topics, out of which Dr. Kamlesh Bajaj, CEO, DSCI participated in “Exploring Surveillance, Privacy and Big Data”. This group discussed transparency and accountability in the collection and use of information by government and organizations. He presented his views on the NSA Surveillance and its implications for cloud computing in the context of national security and underscored the need for global co-operation to put limits on surveillance in the name of counter-terrorism and national security.

Countries in the roundtable included Russia, China, Japan, India, Germany, Netherlands in addition to the US and several experts from the US universities and other organizations.

Strategic Partnership with Leading Law Institutions

Recognizing the need to increase the skill base of cyber security professionals in India and nurture the next generation talent in this �eld, DSCI is forging collaboration with leading institutions in India. In this endeavor, its most recent collaboration had been with Jindal Global Law School of the O.P Jindal Global University (JGU) and National Law School of India University (NLSIU).

Programs in association with DSCI

• Development of course materials on cyber security• Undertake collaborative research• Conduct joint skill development programs• Support industry-academia interactions in the areas of

cyber laws and data protection

DSCI NEWSJune-July 2014

The 6th DSCI Best Practices Meet (BPM) was held on July 9-10, 2014 at, The Leela Palace, Bangalore. The theme of this year was ‘SMAC: new paradigm for Security?’. The event was inaugurated by the Professor N. Balakrishnan, Chairman, DSCI.

BPM 2014 witnessed over 300 industry professionals, 61 speakers, 24 sessions- including policy, technical, debates, business etc in the form of multiple parallel track discussions, breakfast meets and keynote addresses. It provided the participants an opportunity to interact with the leaders in security and privacy and helped them understand and learn the contemporary practices which are evolving to address of SMAC adoption.

Session Highlights

The pre-event Workshops & Roundtable included on speci�c topics including IT Act and Amendments, Data Localization and Advanced Persistent Threats were very well received by the participants 350+

participants20+Sponsors &Partners

50+Speakers

9

DSCI NEWSDSCI Excellence Awards 2014 – Nomination Open

Fourth edition of DSCI Excellence Awards was opened for nominations on August 11. After running three editions of awards, from the experience gained and feedback received, the nomination forms for corporate segment have been revised from this year and was made online. Few new categories were added including ‘Security in Energy Sector organization’ Privacy in Outsourcing Sector’ and ‘Security Product of the Year’.

A report on ‘Industry Best Practices-Trends’ was also launched at the Best Practices Meet held on July 10.

DSCI awards honor organizations and individuals who have implemented robust, e�ective and resilient security programs, shown innovation, demonstrated commitment in the �eld of security and privacy and the LEAs for their exemplary e�orts in capacity building and cybercrime investigations.

DSCI Excellence Award for Security ino Banko Telecomo e-Governanceo e-Commerceo IT Services (Large)o IT Services (SME)o BPM (Large)o BPM (SME)o Energy Sector Organization

Industry Leaderso Security Leader of the Year

(Sector Specific)o Privacy Leader of the Year

Categories in Corporate Segment

Nominate TodayNominate Now India Cyber Cop of the year Excellence in Capacity Building

NEW

Privacy in Organizationso Privacy – Outsourcing Sector

(IT-ITeS/BPM)o Privacy – Other Sectors

Security Products and Companieso Emerging Information Security

Product Companyo Security Product of the Year

NEW

NEW

Categories in Law Enforcement Segment

NOMINATION FORMS OVERHAULED ANDNOW ONLINE

Nominate TodayNominate Now

Nominate for DSCI Excellence Awards 2014

June-July 2014

Session at Interop- Delhi 2014

• A panel discussion titled ‘How Consumerization of IT(SoCLoMo) is Transforming the Enterprise Security Landscape’ was organized at Interop- Delhi 2014 by UBM India. Mr. Aseem Mukhi, Senior Consultant, DSCI was co- panelist in the discussion. The panel discussion focused on the importance of security with the growing adoption of social, cloud and mobile (SloCoMo) and how the amalgamation of these technologies have enabled organizations to o�er collaborative, connective and on-demand services to consumers. The panel also discussed the challenges emerging with the convergence of these technologies. Mr. Mukhi, emphasized that in order to address these challenges the enterprises need their security architecture be more intelligent, content and context aware. He also highlighted that organizations need to focus on incorporating adequate provisions to protect privacy of their customers and employees.

Other panelists included Mr. Sundar Ramaswamy, Partner, KPMG (panel chair); Mr. Satyamoorti Sivasubramanian, CISO, Airtel; Mr. Rajesh Hemrajani, Head – IT Security, The Royal Bank of Scotland Group; and Mr. Srinivas L, Head of Enterprise Security Business, Samsung; Col. A K Anand, CISO,  NIIT Technologies.

• Session on ‘Privacy Governance’ was delivered by Col. A KAnand, CISO, NIIT Technologies at Interop- Delhi 2014. He discussed the prevailing global and Indian privacy landscape, and evolving drivers for privacy regulations whilst highlighting the importance of implementation of a privacy program in an organization to safe guard privacy. He also discussed the challenges and pitfalls encountered during the course of privacy program implementation, for the bene�t of the audience.

Discussion on cyber security and critical information infrastructure protection by Embassy of Israel

Embassy of Israel convened a meeting with Mr. Zori Kor, Vice President, ASERO Worldwide and retired Israeli Security Agency (ISA) and DSCI members in New Delhi. Mr Kor, underscored the importance of ‘cyber security and critical information infrastructure protection for corporates’. He also shared his experience in handling issues in

counter-terrorismand protective security including cyber security and critical information infrastructure defense.

Over 15 DSCI representatives of DSCI members participated the exclusive meeting with Mr. Kor.

Cyber Labs Special Training Programs

• 404 police officers were trained in 5 day training oncybercrime investigations across eight cyber labs

• 858 officers were trained in short courses and speciallectures on cybercrimes & cyber forensics

• Conducted one week special course on informationsecurity for police officers of the Kolkata Cyber lab

• Special session was undertaken for National PoliceAcademy, Hyderabad and Department of PublicProsecution, Government of Karnataka on cybercrimeinvestigations. Special session on mobile forensics forCentral Detective Training School (CDTS), Hyderabadwas also conducted.

• Conducted cybercrime awareness session for Customsand Excise Officers of TNPA, Jammu and Kashmir Police

• Conducted a special session on cyber-crimes, BankingFrauds & Investigations for Lakshmi Vilas Bank (LVB)officials

• A training on Mobile phone investigations and MobileData Analysis was undertaken for CBI Academy. Over 40police officials participated.

Bangalore Chapter Meeting

The DSCI Bangalore Chapter meeting was hosted by Aujas Networks. It deliberated of topics including Cyber Resilience, Data Privacy and Information Security- Present and Future. It also outlined the roadmap for the chapter activities.

The key speakers at the meeting included Mr. Srinivas P, AVP and Head, Privacy & Data Protection, Infosys; Mr. Pallab Talukdar, President (India & Middle East) Aujas Networks; Mr. Sasi Kumar, Head- Platform Practice, Aujas Networks; Mr. Joseph Joshi, Sr. Information Risk Manager – ING Vysya Bank; and Mr. Rahul Jain, Principal Consultant, DSCI.

DSCI NEWSJune-July 2014

11

A special session for the senior management was also conducted and the respective Technology Heads, Regional Security Managers were apprised on the organization’s privacy commitments and practices.

The program was well received by the Vodafone employees. Over 1500 Vodafone employees were trained on basics of privacy through the e-learning module. The winners of Privacy Quiz were incentivized across all the circles of Vodafone. All the employees were also encouraged to adopt privacy posters on their desks.

Industry News

Vodafone Celebrated Privacy Awareness Month

In a bid to create awareness on privacy and promote privacy culture within the organization, Vodafone India celebrated “Privacy Awareness Month” in May. The program started with a message from CTSO/CPO on the importance of protecting personal information followed by the launch of various activities including ‘Privacy Basics’ e-learning Training, Privacy Quiz and Privacy Commitments posters among others.

DSCI NEWSJune-July 2014

Contributed Articles

Perils of di�dence Indian Express, June 20, 2014, Dr. Kamlesh Bajaj, CEO, DSCI http://indianexpress.com/article/opinion/columns/perils-of-diffidence/1/

NETmundial: Is the world any closer to global oversight of the Internet?EastWest Institute, 01 July, 2014, Dr. Kamlesh Bajaj, CEO, DSCI http://www.ewi.info/idea/netmundial-world-any-closer-global-oversight-internet.

Industrial Espionage and Counterterrorism Surveillance: Two Sides of the Same CoinChina-US Focus, 09 July, 2014, Dr. Kamlesh Bajaj, CEO, DSCIhttp://www.chinausfocus.com/peace-security/industrial-espionage-and-counterterrorism-surveillance-two-sides-of-the-same-coin/

Right to be forgotten - an Indian perspectiveETCIO.com, 24 June, 2014, Rahul Jain, Principal Consultant, DSCIhttp://cio.economictimes.indiatimes.com/tech-talk/Right-to-be-forgotten-an-Indian-perspective/240

Is NETmundial a lost opportunity?Information Week, 26 June, 2014, Rahul Sharma, Senior Consultant, DSCIhttp://www.informationweek.in/informationweek/perspective/296732/netmundial-lost-opportunity

12

DSCI NEWSJune-July 2014

Cyberspace: Post-Snowden  Strategic Analysis – Journal by IDSA, July 28, 2014, Dr. Kamlesh Bajaj, CEO, DSCI (The author has restricted the circulation and its use for research, teaching, and private study purpose only.Please write to priti.vandana@dsci.in to have a copy)

13

Vodafone India �rst telecom company to receive DSCI privacy certi�cation

Information Week, July 2014http://www.informationweek.in/informationweek/press-releases/297192/vodafone-india-telecom-company-receive-dsci-privacy-certi�cation?utm_source=referrence_article

CIOL Online, July 22,2014http://www.ciol.com/ciol/news/217997/vodafone-india-telecom-company-receive-dsci-privacy-certi�cation

Annecto Telecom, July 23, 2014http://annectotelecom.co.za/vodafone-india-becomes-�rst-telecom-company-receive-dsci-privacy-certi�cation/

Data Security Council of India signs MoU with NLSIU

Business Standard, July 29, 2014http://www.business-standard.com/article/pti-stories/dsci-inks-pact-with-nlsiu-for-cyber-law-research-114071101105_1.html

Indians most-willing to trade personal data for better e-service: Study

Livemint, June, 19, 2014http://www.livemint.com/Industry/NPRShpnU9Ue9enXarYl1BM/Indians-mostwilling-to-trade-personal-data-for-better-eser.html

What India Sorely Needs: Cyber Forensic Experts

CSO Forum, 03 July 2014http://www.csoforum.in/cso_forum/features/40689/india-sorely-cyber-forensic-experts

Does EU's Right to be Forgotten put barrier on the Net?

Business Standard, June 24, 2014http://www.business-standard.com/article/current-a�airs/does-eu-s-right-to-be-forgotten-put-barrier-on-the-net-114062400073_1.html

DSCI NEWSMedia Coverages

Blogs By Brian Pereira, July 11, 2014http://techwow.wordpress.com/2014/07/11/report-1-6th-dsci-best-practices-meet-it-act-and-its-amendments/

June-July 2014

14

DSCI NEWS

Editorial Board

Priti VandanaManager - Marketing & Communications, DSCI

Aseem MukhiSenior Consultant, DSCI

Data Security Council of IndiaNiryat Bhawan, 3rd Floor, Rao Tula Ram Marg,New Delhi - 110057, IndiaPhone: +91-11-26155070, Fax: +91-11-26155071Email: info@dsci.in, Website: www.dsci.in

Follow us on:

About DSCIDSCI is a focal body on data protection in India, set-up as an independent Self Regulatory Organization (SRO) by NASSCOM®, to promote data protection, develop security and privacy best practices & standards and encourage the Indian industries to implement the same.

DSCI is engaged with the Indian IT/BPM industry, their clients worldwide, Banking and Telecom sectors, industry associations, data protection authorities and other government agencies in di�erent countries. It conducts industry wide surveys and publishes reports, organizes data protection awareness seminars, workshops, projects, interactions and other necessary initiatives for outreach and public advocacy. DSCI is focused on capacity building of Law Enforcement Agencies for combating cyber crimes in the country and towards this; it operates several cyber labs across India to train police officers, prosecutors and judicial officers in cyber forensics.

Public Advocacy, Thought Leadership, Awareness and Outreach and Capacity Building are the key words with which DSCI continues to promote and enhance trust in India as a secure global sourcing hub, and promotes data protection in the country.

data-security-council-of-india dsci.connect dsci_connect dsci.video

June-July 2014