Studies & Reports

    • GROWING CYBER SECURITY INDUSTRY: Roadmap for India

      With increasing & ubiquitous connectivity across people, processes, machines & devices, ensuring cyber security is emerging as the most important challenge for the IT-BPM industry. With these challenges also come significant opportunities. The GoI has also called to make India a global leader in cyber security.

      The Cyber Security Task Force’s Vision 2025 aims to grow the Indian Cyber Security Products and Services Industry to USD 35 billion.

      With this in mind, the Data Security Council of India (DSCI) has worked on a report on cyber security that provides a roadmap for the industry to achieve this goal and also a set of recommendations to the government to set up the necessary ecosystem.

      Read More
    • EU Data Protection Directive FAQs

      Trans - border data flows from European Union countries are covered under Article 25 of the EU Data Protection Directive 95/46. Article 29 Working Party proposed ways of transferring data of European citizens to countries that are deemed insecure under this Directive. In the Working Party document WP 12/98 on “Transfers of personal data to third countries”,

      Read More
    • DSCI-BSA Report on Security Considerations in Software Procurement by Government Agencies in India

      The study takes a detailed look at the Indian government’s and its various agencies’ existing software procurement policies, and outlines global best practices for software procurement. It aims to help streamline the central and state governments’ procurement processes and encourage the use of properly licensed software to minimize security threats.

      Read More
    • Cyber Security Research Developments

      For strengthening the cyber ecosystem, a focused attention and adequate investment of efforts & resources would be required for cyber security. Investment in R&D activities in cyber security domain could result in high returns such as opportunities for entrepreneurs leading to expansion of businesses which in turn could result in more jobs in the market, increased trust and credibility and self-reliance of the nation.

      Read More
    • The Threat Within: A Study on Insider Threat by DSCI in Collaboration with PwC

      Security breaches and the compromise of sensitive information are very real concerns for any organization today. Studies have shown that though the likelihood of the attack from insiders may be very low as compared to external threats, the magnitude of the impact is at least ten times more than that of the total impact an external attacker can cause. This is because an insider attack is committed by people who know the organisation’s most sensitive secrets and vulnerabilities and have access to its systems. In most cases, breaches by insiders are committed by individuals who have no intention of doing anything wrong and then there are some who are motivated by greed, selfishness, or antagonism towards the management. DSCI and PricewaterhouseCoopers (PwC) have jointly conducted a study to understand the challenges and risks associated with insider threats.

      Read More
    • 19th National Conference on e-Governance: White Paper on “Cyber Security Framework for Citizen Centric Services”

      Various sections of this white paper encapsulate a brief analysis on impact of technology on citizen services, cybersecurity threats, and dilemmas related to cyber security while providing citizen services. The white paper also attempts to identify critical aspects, principles and components for Cyber Security Framework in context of provision of citizen centric services.

      Read More
    • DSCI-BSA Study- Security Consideration in Software Procurement by Government agencies in India

      Shri Anurag Singh Thakur, Hon' ble MP and Chairman, Parliamentary Standing Committee on IT released DSCI-BSA report' Security Consideration in Software Procurement by Government agencies in India on 13th Nov 2014.

      Read More
    • Standing Committee report on Information Technology (2013-14)

      Released by the DietY, the fifty-second report by the Standing Committee on Information Technology (2013-14) on cybercrime, cyber security and right to privacy, recognizes DSCI as an industry association engaged in implementation of best practices and validation of organization’s data protection programs and practices through audits. The report acknowledges DSCI work in the area of creating awareness on cyber forensics and conducting training programs on cybercrime investigation.

      Read More
    • The Evolution of SIEM

      Whether the result of cyber criminals sending phishing or malware attacks through company emails, nation states targeting an organization’s IP, or insiders misusing sensitive data, we live in a world where prevention of breaches has become impossible. Successful attacks bypass each layer of prevention that we have put in place because they often use valid user credentials, trusted access paths, or new exploits, thus going unnoticed by our preventative controls...

      Read More
    • Global Cooperation in Cyberspace Initiative: 2014-2015 Action Agenda

      With the cyberspace becoming the most essential infrastructure to the conduct of global business and government, these institutions are thriving on predictability and continuity. As cyber attacks demonstrate, however, the global digital environment is becoming an increasingly unpredictable and unstable space, where risks are extremely difficult to evaluate and manage. The EastWest Institute (EWI) has been in the vanguard working internationally to improve the safety and security of cyberspace, with their fifth Global Cyberspace Cooperation Summit, concluding in Berlin in December 2014.

      Read More
    • DAF- DSCI Assessment Framework

      Organizations can respond to the security challenge posed by ever expanding threat scenarios only through preparedness. They have to implement appropriate technical and process safeguards along with physical, legal, and personnel security measures for securing their businesses. DSCI Security Framework - DSF© - details the best practices using an innovative approach that brings dynamism into security. It is a new risk based approach to security, that is data-centric; driven by security principles of information visibility, coverage & accuracy; they help an organization evaluate itself through self-assessment on the maturity criteria proposed in DSF©.

      Read More
    • The Threat Within

      Security breaches and the compromise of sensitive information are very real concerns for any organisation today. Studies have shown that though the likelihood of the attack from insiders may be very low as compared to external threats, the magnitude of the impact is at least 10 times more than that of the total impact an external attacker can cause. This is because an insider attack is committed by people who know the organisation’s most sensitive secrets and vulnerabilities and have access to its systems. In most cases, breaches by insiders are committed by individuals who have no intention of doing anything wrong and then there are some who are motivated by greed, selfishness, or antagonism towards the management. Data Security Council of India (DSCI) and Price waterhouse Coopers (PwC) have jointly conducted a study to understand the challenges and risks associated with insider threats.

      Read More
    • DSCI-KPMG Banking Survey 2010: State of Data Security and Privacy in the Indian Banking Industry

      Banks are in the forefront of using cutting edge IT, information security technology, and processes that are similar to those in the IT-BPM sector. It is crucial to understand how the technologies are helping banks meet customer service expectations, and how are they using technologies and processes to meet the challenges of cybercrime. It is with this view that DSCI, in association with KPMG, and under the aegis of CERT-In (DIT), surveyed 20 banks and interviewed CISOs and equivalents across the industry. The findings, in the form of DSCI-KPMG Survey Report, highlight trends and insights into the state of data security and privacy in the industry.

      Read More
    • Service Provider Assessment Framework

      The IT (Amendment) Act, 2008 has established a strong data protection regime in the country, by requiring body corporates to implement ‘reasonable security practices’ to protect ‘sensitive personal information’. What is ‘reasonable security’ though? An organization is expected to have a comprehensive information security program, with appropriate controls that are commensurate with its information assets and risk assessment.

      Read More
    • Reasonable Security Practices - IT (Amendment) Act, 2008

      The enactment and notification of the IT (Amendment) Act, 2008 [ITAA 2008] has significantly strengthened the data protection regime in India. Section 43A of ITAA 2008 mandates ‘body corporates’ to implement ‘reasonable security practices’ for protecting the ‘sensitive personal information’ of any individual, failing which they are liable to pay damages to the aggrieved person. The Indian Government is expected to come out with detailed rules and regulations under the Act that will explicitly define terms such as ‘reasonable security practices’ and ‘sensitive personal information’ amongst others.

      Read More
    • FAQs on IT Act 2000 & Amendments 2008

      The IT (Amendment) Act, 2008 (ITAA 2008) has established a strong data protection regime in India. It addresses industry’s concerns on data protection, and creates a more predictive legal environment for the growth of e-commerce that includes data protection and cyber crimes measures, among others. Sensitive personal information of consumers, held in digital environment, is required to be protected through reasonable security practices by the corporates.

      Read More