Top best practices for a Safe & Secure IT Environment

Top best practices for a Safe & Secure IT Environment

Every department in GoI executing e-governance projects has been mandated to appoint CISO (Chief Information Security Officer). Each department’s CISO key roles and responsibilities are also defined. In the run up to clarifying roles and responsibilities, best practices have been notified by MeitY.

“Ministry of Electronics and Information Technology has issued Key Roles and Responsibilities of Chief Information Security Officers (CISOs) in Ministries/Departments and Organizations managing ICT operations”

1.  Know your IT environment:

a. Maintain an inventory of assets and devices deployed in project.

b. Types of data managed in project and classification of data, and access control list

 

2.  Build an internal cyber hygiene culture

a. Educate, sensitize & train employees on safe cyber practices such as passwords, multi factor authentication and types of cyber crime attacks.

 

3.  Information Security Management System (ISMS):

a. Identify, implement, operate, review & improve ISMS policy

 

4.  Implement strong IT Asset fundamentals

a. Ensure latest OS/ antivirus/ SW with latest security features inbuilt

b. No end-of-life or not supported software

c. Procure only genuine hardware & software

 

5.  Ensure a robust cyber security policy framework

a. Include governance

b. Risk management

c. Compliance

d. Data back-up

e. Enforcement & usage policy statements

 

6.  User identity & information security

a. Identity & access management tools

b. Device protection with encryption

c. Maintain logs and define their retention policy in ISMS document

 

7.  Conduct regular & comprehensive cyber security reviews

a. Vulnerability Assessment & Penetration Testing on quarterly basis

b. Web Application Security Assessment (WASA) annually

c. Cyber risk analysis of network, network resources & critical assets

 

8.  Proactive operation and Cyber response strategy

a. Tools for active monitoring of network, devices and user activity

b. Cyber response strategy

        i.    Internal & external communication

       ii.    Threat containment & remediation

      iii. Legal exposure & risk assessment

This Post Has One Comment

Leave a Reply

Close Menu