Studies & Reports

Our studies and reports constitute a key part of our initiatives and programs. We share our assessment and research findings in order to encourage enhanced action on the areas of our work. DSCI studies and reports highlight the various issues, challenges and solutions, spanning across the domains of our work. While some studies and reports are published in partnership, other’s are solely our views and research.

    • GROWING CYBER SECURITY INDUSTRY: Roadmap for India

      Mar 31, 2017

      With increasing & ubiquitous connectivity across people, processes, machines & devices, ensuring cyber security is emerging as the most important challenge for the IT-BPM industry. With these challenges also come significant opportunities. The GoI has also called to make India a global leader in cyber security.

      The Cyber Security Task Force’s Vision 2025 aims to grow the Indian Cyber Security Products and Services Industry to USD 35 billion.

      With this in mind, the Data Security Council of India (DSCI) has worked on a report on cyber security that provides a roadmap for the industry to achieve this goal and also a set of recommendations to the government to set up the necessary ecosystem.

      Read More
    • EU Data Protection Directive FAQs

      Nov 16, 2016

      Trans - border data flows from European Union countries are covered under Article 25 of the EU Data Protection Directive 95/46. Article 29 Working Party proposed ways of transferring data of European citizens to countries that are deemed insecure under this Directive. In the Working Party document WP 12/98 on “Transfers of personal data to third countries”,

      Read More
    • Leading Industry Practices in Security and Privacy

      Sep 14, 2016

      Organisations today need to be increasingly secure as the environment in which they operate is more and more complex and dynamic with attackers using innovative techniques such as emerging mobile and cloud platforms. Security response to this challenge must be equally innovative - a way that helps an organisation become nimble footed to respond quickly to real threats in its environment.

      Read More
    • DSCI-PwC Study Report: The Threat Within

      Aug 23, 2016

      Data Security Council of India (DSCI) and PricewaterhouseCoopers (PwC) jointly conducted a study to understand the challenges and risks associated with insider threats. Security breaches and the compromise of sensitive information are very real concerns for any organization today. Studies have shown that though the likelihood of the attack from insiders may be very low as compared to external threats, the magnitude of the impact is at least ten times more than that of the total impact an external attacker can cause.

      Read More
    • Data Protection Practices of Indian IT-ITES Industry

      Aug 23, 2016

      NASSCOM, and DSCI have conducted this survey on Data Protection practices of IT/ITES industry through KPMG. The survey was designed to elicit response from top management in the form of IT and/or Security leadership, and also from security operations of the company.

      Read More
    • DSCI-KPMG Survey 2010: State of Data Security and Privacy in Indian BPO Industry

      Aug 23, 2016

      Businesses continue to drive IT operations, which in turn try to sustain existing systems, often at the cost of security. Customers, on the other hand, are demanding more security as their worries about cyber crimes, privacy and identity theft grow. In the networked world, business partners, suppliers, and vendors also demand assurance of essential and adequate security when they inter-operate to share information and business data for faster and cost-effective transactions. At the same time, regulatory and law-enforcement agencies require proof of compliance with a plethora of security regulations. Under these circumstances, there is no better way of understanding security preparedness of companies than through a survey. This is the third DSCI-KPMG Security Survey, conducted in association with CERT-In.

      Read More
    • DSCI-Cisco Security Thought Leadership Program: Survey Report on Reinventing the Network in the Context of Security

      Aug 23, 2016

      One of the biggest challenges that organizations face is to understand the extent to which they need to enable or adopt capabilities offered by these advancements while balancing the security ecosystem with accurate analysis of associated risks. To understand the views of security leaders in India, with regards to these dynamic changes in the security ecosystem Cisco partnered with Data Security Council of India to conduct a joint study. The study also focused on understanding the challenges faced by security leaders and the security community in India when it comes to understanding the characteristics and challenges of new age security threats as well as developing a forward leaning security capabilities to guard against ever evolving cyber threats.

      Read More
    • DSCI-BSA Report on Security Considerations in Software Procurement by Government Agencies in India

      Aug 01, 2016

      The study takes a detailed look at the Indian government’s and its various agencies’ existing software procurement policies, and outlines global best practices for software procurement. It aims to help streamline the central and state governments’ procurement processes and encourage the use of properly licensed software to minimize security threats.

      Read More
    • Cyber Security Research Developments

      Aug 01, 2016

      For strengthening the cyber ecosystem, a focused attention and adequate investment of efforts & resources would be required for cyber security. Investment in R&D activities in cyber security domain could result in high returns such as opportunities for entrepreneurs leading to expansion of businesses which in turn could result in more jobs in the market, increased trust and credibility and self-reliance of the nation.

      Read More
    • The Threat Within: A Study on Insider Threat by DSCI in Collaboration with PwC

      Jul 01, 2016

      Security breaches and the compromise of sensitive information are very real concerns for any organization today. Studies have shown that though the likelihood of the attack from insiders may be very low as compared to external threats, the magnitude of the impact is at least ten times more than that of the total impact an external attacker can cause. This is because an insider attack is committed by people who know the organisation’s most sensitive secrets and vulnerabilities and have access to its systems. In most cases, breaches by insiders are committed by individuals who have no intention of doing anything wrong and then there are some who are motivated by greed, selfishness, or antagonism towards the management. DSCI and PricewaterhouseCoopers (PwC) have jointly conducted a study to understand the challenges and risks associated with insider threats.

      Read More
    • 19th National Conference on e-Governance: White Paper on “Cyber Security Framework for Citizen Centric Services”

      Jan 21, 2016

      Various sections of this white paper encapsulate a brief analysis on impact of technology on citizen services, cybersecurity threats, and dilemmas related to cyber security while providing citizen services. The white paper also attempts to identify critical aspects, principles and components for Cyber Security Framework in context of provision of citizen centric services.

      Read More
    • Whitepaper on Best Practices for Security in Cloud Adoption by Indian Banks

      Mar 01, 2015

      Cloud computing is an obvious option for banks in order to have efficient and cost-effective IT strategy. Nowadays the infrastructure is augmented by advanced analytics, real-time campaign management, and customer experience analytics., which are compute heavy. The whitepaper provides insights so that management of various banking institutions can embrace and adopt cloud computing.

      Read More
    • DSCI-BSA Study- Security Consideration in Software Procurement by Government agencies in India

      Nov 13, 2014

      Shri Anurag Singh Thakur, Hon' ble MP and Chairman, Parliamentary Standing Committee on IT released DSCI-BSA report' Security Consideration in Software Procurement by Government agencies in India on 13th Nov 2014.

      Read More
    • Standing Committee report on Information Technology (2013-14)

      Feb 12, 2014

      Released by the DietY, the fifty-second report by the Standing Committee on Information Technology (2013-14) on cybercrime, cyber security and right to privacy, recognizes DSCI as an industry association engaged in implementation of best practices and validation of organization’s data protection programs and practices through audits. The report acknowledges DSCI work in the area of creating awareness on cyber forensics and conducting training programs on cybercrime investigation.

      Read More
    • Global Cooperation in Cyberspace Initiative: 2014-2015 Action Agenda

      Jan 01, 2014

      With the cyberspace becoming the most essential infrastructure to the conduct of global business and government, these institutions are thriving on predictability and continuity. As cyber attacks demonstrate, however, the global digital environment is becoming an increasingly unpredictable and unstable space, where risks are extremely difficult to evaluate and manage. The EastWest Institute (EWI) has been in the vanguard working internationally to improve the safety and security of cyberspace, with their fifth Global Cyberspace Cooperation Summit, concluding in Berlin in December 2014.

      Read More
    • The Evolution of SIEM

      Jan 01, 2014

      Whether the result of cyber criminals sending phishing or malware attacks through company emails, nation states targeting an organization’s IP, or insiders misusing sensitive data, we live in a world where prevention of breaches has become impossible. Successful attacks bypass each layer of prevention that we have put in place because they often use valid user credentials, trusted access paths, or new exploits, thus going unnoticed by our preventative controls...

      Read More
    • AISS 2013 Recommendations: Advancing Towards a Securer Cyberspace

      Dec 10, 2013

      This report “AISS 2013 Recommendations: Advancing Towards a Securer Cyberspace”, in essence is the outcome of the NASSCOM-DSCI Annual Information Security Summit 2013, held at the Grand, New Delhi on December 10-12, 2013.

      Read More
    • DSCI-CISCO Security Thought Leadership Program

      Sep 01, 2013

      Survey Report on Reinventing the Network in the Context of Security

      One of the biggest challenges that organizations face is to understand the extent to which they need to enable or adopt capabilities offered by these advancements while balancing the security ecosystem with accurate analysis of associated risks. The threat landscape is rapidly changing and there is a growing concern about cyber-attacks on critical infrastructure and key industry verticals. With an increasing mobile workforce, a new set of malware arrive, and targeted and persistent attacks have become reality. The current generation of security capabilities implemented by organizations across India may protect them from traditional threats; however, to be at par with the dynamic threat landscape organizations need to re-assess their security ecosystem and evaluate capabilities of next generation security.

      Read More
    • Legal and Policy Issues in Cloud Computing -Discussion Paper based on DSCI-BSA Workshop

      Jul 16, 2013

      A workshop to discuss policy and legal issues in the cloud was organized on July 16, 2013 by DSCI and BSA. The workshop was attended by the leading cloud service providers and senior DeitY representative. Key issues including jurisdictional challenges, lawful access to data, issues relating to cyber-crime investigations and capturing of cyber forensics among other issues were brainstormed. A discussion paper was created on the Legal and Policy Issues in Cloud Computing based on the discussion in the workshop.

      Read More
    • Building Trust in Cyberspace : Report By EWI on 3rd Worldwide Cybersecurity Summit held in New Delhi

      Oct 30, 2012

      Building Trust in Cyberspace, a report featuring highlights of its recently concluded 3rd Worldwide Cybersecurity Summit in New Delhi on October 30-31.

      Read More
    • Report of the "Group of Experts on Privacy "constituted by Planning Commission of India

      Oct 16, 2012

      Report of the Group of Experts on Privacy ”constituted by Planning Commission of India under the chairmanship of Justice AP Shah, Former Chief Justice, Delhi High Court) is released. The report covers international Privacy principles, national privacy principles, rationale and emerging issues along with the analysis of relevant Legislations/Bills from a privacy perspective. On the basis of deliberation and in depth analysis, the group has identified a set of recommendations which the government may like to consider while formulating the proposed framework for Privacy Act.

      Read More
    • Recommendations of Joint Working Group on Engagement with Private Sector on Cyber Security

      Aug 16, 2012

      Joint Working Group constituted Sub-Groups with representatives of government and private sector, to flesh out the details Private Public Partnership. Based on the inputs from these Sub-Groups, JWG finalized its recommendations and released a report.

      Read More
    • NASSCOM-DSCI Cyber Security Advisory Group Report: Securing Our Cyber Frontiers

      Mar 01, 2012

      India is leveraging the power of technology to address its social, economic and development challenges. However, if cyber threats are not addressed through appropriate policy measures, they can disrupt country’s economic development. Though several initiatives have been taken by the government and industry, these efforts need to be further augmented, given the gravity of the problem. NASSCOM and DSCI created the Cyber Security Advisory Group (CSAG), having representation from public and private sectors, to recommend the priority policy action items for the government based on the global developments and learning.

      Read More
    • "Securing Our Cyber Frontiers" Report released by Hon'ble Home Minister Shri. P Chidambaram

      Mar 01, 2012

      Honourable Union Home Minister, Shri. P Chidambaram, released the NASSCOM-DSCI Report – 'Securing Our Cyber Frontiers' on April 30, 2012.

      Speaking on the occasion, Shri. Chidambaram said, "From a national security point of view, this is an important report and law enforcement agencies should quickly scale up their capacity to deal with these new crimes. We look forward to working with NASSCOM-DSCI in implementing the recommendations of NASSCOM-DSCI Report- Securing Our Cyber Frontiers".

      Read More
    • DAF- DSCI Assessment Framework

      Dec 01, 2011

      Organizations can respond to the security challenge posed by ever expanding threat scenarios only through preparedness. They have to implement appropriate technical and process safeguards along with physical, legal, and personnel security measures for securing their businesses. DSCI Security Framework - DSF© - details the best practices using an innovative approach that brings dynamism into security. It is a new risk based approach to security, that is data-centric; driven by security principles of information visibility, coverage & accuracy; they help an organization evaluate itself through self-assessment on the maturity criteria proposed in DSF©.

      Read More
    • The Threat Within

      Jun 01, 2011

      Security breaches and the compromise of sensitive information are very real concerns for any organisation today. Studies have shown that though the likelihood of the attack from insiders may be very low as compared to external threats, the magnitude of the impact is at least 10 times more than that of the total impact an external attacker can cause. This is because an insider attack is committed by people who know the organisation’s most sensitive secrets and vulnerabilities and have access to its systems. In most cases, breaches by insiders are committed by individuals who have no intention of doing anything wrong and then there are some who are motivated by greed, selfishness, or antagonism towards the management. Data Security Council of India (DSCI) and Price waterhouse Coopers (PwC) have jointly conducted a study to understand the challenges and risks associated with insider threats.

      Read More
    • DSCI-KPMG Banking Survey 2010: State of Data Security and Privacy in the Indian Banking Industry

      Feb 01, 2011

      Banks are in the forefront of using cutting edge IT, information security technology, and processes that are similar to those in the IT-BPM sector. It is crucial to understand how the technologies are helping banks meet customer service expectations, and how are they using technologies and processes to meet the challenges of cybercrime. It is with this view that DSCI, in association with KPMG, and under the aegis of CERT-In (DIT), surveyed 20 banks and interviewed CISOs and equivalents across the industry. The findings, in the form of DSCI-KPMG Survey Report, highlight trends and insights into the state of data security and privacy in the industry.

      Read More
    • Service Provider Assessment Framework

      Dec 01, 2010

      The IT (Amendment) Act, 2008 has established a strong data protection regime in the country, by requiring body corporates to implement ‘reasonable security practices’ to protect ‘sensitive personal information’. What is ‘reasonable security’ though? An organization is expected to have a comprehensive information security program, with appropriate controls that are commensurate with its information assets and risk assessment.

      Read More
    • Reasonable Security Practices - IT (Amendment) Act, 2008

      Dec 01, 2010

      The enactment and notification of the IT (Amendment) Act, 2008 [ITAA 2008] has significantly strengthened the data protection regime in India. Section 43A of ITAA 2008 mandates ‘body corporates’ to implement ‘reasonable security practices’ for protecting the ‘sensitive personal information’ of any individual, failing which they are liable to pay damages to the aggrieved person. The Indian Government is expected to come out with detailed rules and regulations under the Act that will explicitly define terms such as ‘reasonable security practices’ and ‘sensitive personal information’ amongst others.

      Read More
    • FAQs on IT Act 2000 & Amendments 2008

      Dec 01, 2010

      The IT (Amendment) Act, 2008 (ITAA 2008) has established a strong data protection regime in India. It addresses industry’s concerns on data protection, and creates a more predictive legal environment for the growth of e-commerce that includes data protection and cyber crimes measures, among others. Sensitive personal information of consumers, held in digital environment, is required to be protected through reasonable security practices by the corporates.

      Read More
    • Data Protection Challenges in Cloud Computing

      Dec 01, 2010

      Data Security and Privacy in Cloud Computing are engaging the attention of user organizations and Cloud service providers alike. Regulators also are not far behind. Cloud is a new name for services such as webmail that have been around for nearly a decade. What are the security risks of Cloud Computing?

      Read More
    • DSCI-KPMG Survey 2010: State of Data Security and Privacy in the Indian Banking Industry

      Dec 01, 2010

      Businesses continue to drive IT operations, which in turn try to sustain existing systems, often at the cost of security. Customers, on the other hand, are demanding more security as their worries about cyber crimes, privacy and identity theft grow. In the networked world, business partners, suppliers, and vendors also demand assurance of essential and adequate security when they inter-operate to share information and business data for faster and cost-effective transactions. At the same time, regulatory and law-enforcement agencies require proof of compliance with a plethora of security regulations.

      Read More
    • Consultation Paper on Legal Framework for Data Protection, Security and Privacy Norms

      Jul 05, 2010

      DSCI believes that self-regulation by industry associations should be encouraged by any proposed privacy legislation, to ensure that technological advancements are taken advantage of, while bureaucratic structures do not hinder the growth of technology and its adoption in integrating the country in global digital economy.

      Read More
    • Shadows in the Cloud - Investigating Cyber Espionage

      Apr 06, 2010

      The Report documents a complex ecosystem of cyber espionage that systematically compromised government, business, academic, and other computer network systems in India, the Offices of the Dalai Lama, the United Nations, and several other countries. The report also contains an analysis of data which were stolen from politically sensitive targets and recovered during the course of the investigation.

      Read More