SlideShare a Scribd company logo

Computer Emergency Response Team for Health Care Sector (CERT-H)

Manpreet Singh Sidhu
Manpreet Singh Sidhu

This document is a concept note which draws the need of setting up of sectoral CERT to secure and mitigate the risks arising out of cyber space.

Healthcare
1 of 11
Download to read offline
SETTING UP OF COMPUTER EMERGENCY RESPONSE TEAM FOR HEALTH CARE CERT-H Draft Concept Note ABSTRACT This document is a concept note which draws the need of setting up of sectoral CERT to secure and mitigate the risks arising out of cyber space. Manpreet Singh Sidhu, Consultant (NISG)
Contents 1. Overview .........................................................................................................................................2 2. Preparation of Information Security Policy and Contingency Plan ................................3 3. Approach- Formation of Computer Emergency Response Team for Health care (CERT-H): .......................................................................................................................................4 3.1. Constitution of Ministry Level Cyber Crisis Management Committee (MCCMC)/ Information Security Steering Committee (ISSC)................................................................4 3.2. Formation of Cyber Security Cell (CSeC)..............................................................................5 3.2.1. Objectives of CSeC .....................................................................................................................6 3.2.2. Roles & Responsibilities of CSeC...........................................................................................7 4. Institutional Framework of CERT-H ........................................................................................8 5. Conclusion: ...................................................................................................................................9
1. Overview To build a secure and resilient cyberspace for citizens, business and government and also to protect anyone from intervening into privacy, National Cyber Security Policy 2013 has been published by the ministry of Electronics and Information Technology (MeitY), GoI. The one of the objective of the policy is to create an assurance framework for design of security policies and promotion and enabling actions for compliance to global security standards and best practices by way of conformity assessment (Product, process, technology & people). The strategies devised to implement National Cyber Security Policy 2013 are  To create infrastructure for conformity assessment and certification of compliance to cyber security best practices, standards and guidelines (Eg. ISO 27001 ISMS certification).  To operationalise 24x7 sectoral CERTs for all coordination and communication actions within the respective sectors for effective incidence response & resolution and cyber crisis management.  To implement Cyber Crisis Management Plan.  To mandate implementation of global security best practices, business continuity management and cyber crisis management plan. Similarly, The XII five-year plan on information technology sector, Report of Sub-Group on Cyber Security published by Meity, Section 3.0, Current status of cyber security preparedness, Point (e) states that:- “To enable comprehensive cyber security policy compliance, the Govt. has mandated implementation of security policy within Govt. in accordance with the Information Security Management System (ISMS) Standard ISO 27001. In addition, Computer security guidelines have been issued for compliance within Govt. A Common Criteria based IT product security testing facility has been set up at Kolkata, which can test IT products up to EAL4”
In support of this, Ministry of Home affairs has released National Information Security Policy and Guidelines (NISPG) and MeitY has published the Cyber Crisis Management Plan-2015 (CCMP-2015). The Cyber Crisis Management Plan for countering Cyber Attacks and Cyber Terrorism outlines a framework for dealing with cyber related incidents for a coordinated, multi-disciplinary and broad based approach for rapid identification, information exchange, swift response and remedial actions to mitigate and recover from malicious cyber related incidents impacting critical national processes. In the CCMP-2015, it is advised to prepare detailed contingency plans in consultation with CERT-In/NTRO/MoD/MHA, as the case may be, for dealing with crisis in respective areas. The Crisis Management Group established by respective central administrative ministry will be mainly responsible for dealing with cyber crisis in consultation with CERT- In/NTRO/MoD/MHA and report all developments to National Crisis Management Committee seeking its directions and guidance as when necessary. Furthermore, the respective Central Administrative Ministry/Department will set up a control room. He response teams and supporting organisations such as CERT-In, NTRO, MoD, IDS (DIARA), MHA, IB, R&AW, DoT and NDMA will work together to mitigate the incident. 2. Preparation of Information Security Policy and Contingency Plan In order to prepare contingency plan for dealing with cyber crisis. MoHFW need to prepare the information security policy along with Cyber Crisis Management Plan (CCMP) with following steps:- I. Gap Assessment of current system in place; II. Preparation of Information Security Policy of MoHFW; III. Formulation of Cyber Crisis Management Plan (CCMP) for MoHFW based on the CCMP shared by MeitY; IV. Consultation with various stakeholders ; V. Cyber Security awareness for senior officials; VI. Cyber security awareness training for all employees of the department including mock drills/table top exercises;
VII. Documenting security control procedures in order to mitigate risk; VIII. Implementation of information security policy by implementing security control procedures; IX. Periodic internal and external audit review; X. Review of process and procedures related to information security. 3. Approach- Formation of Computer Emergency Response Team for Health care (CERT-H): The information security of an organisation is a continuous process which is based on the Plan, DO Check, Act (PDCA) approach. In order to implement and secure the information of MoHFW, it is proposed to constitute the Sectoral CERT as CERT-H of health care sector under Ministry Level Cyber Crisis Management Committee (MCCMC) and Cyber Security Cell (CSeC) to carry out the task successful. 3.1. Constitution of Ministry Level Cyber Crisis Management Committee (MCCMC)/ Information Security Steering Committee (ISSC) For successful governance of CERT-H, it is proposed to constitute a Ministry Level Cyber Crisis Management Committee (MCCMC) to oversee and to provide the vision to Cyber Security implementation in eHealth sector. This committee is an apex body of high-level officials of the MoHFW for developing various policies related to cyber security and dealing with crisis situations, which has serious or national ramifications, will also deal with Ministry level crisis arising out of focused cyber-attacks. This committee shall monitor, review and oversee the Information Security Policy and Cyber Crisis Management Plan of the MoHFW and its critical information Infrastructures. The composition of the Committee will be as under: 1. Secretary (HFW) Chairman 2. Add. Secretary e-Governance Member 3. DDG (Admin), DteGHS Member 4. Joint Secretary, eHealth, MoHFW Member
5. JS/Director, IFD, MoHFW Member 6. Director, Legal Cell, MoHFW Member 7. Sr. Director, MeitY, GoI Member 8. NIC, HoD, (MoHFW) Member 9. Sr. Director, CERT-In, GoI Member 10.Chairman Computerisation, AIIMS, New Delhi Member 11.Add. Director, Centre for Health Informatics (CHI) Member 12.Chief Information Security Officer, MoHFW Member Convener The MCCMC will be free to co-opt members depending on the nature of crisis, as and when required. When a situation is handled by the MCCMC, it will give such directions to the Crisis Management Group of the Department/division as deemed necessary. This committee shall also act as Information Security Steering Committee (ISSC) as proposed by National Critical Information Infrastructure Protection Centre (NCIIPC). 3.2. Formation of Cyber Security Cell (CSeC) As per the Crisis Management Plan for countering cyber-attacks and cyber terrorism prepared by Government of India, MoHFW may draw up their own Crisis Management Plans and implements the same. Since there is lack of adequate expertise in Government/Government Agencies/ it emerged that there is need for setting up an ongoing permanent mechanism which may act as nodal agency for monitoring various cyber security related matters for Ministry of Health and Family Welfare and its associated divisions, programs, projects, institutions etc. The Ministry may set up of Cyber Security Cell (CSeC) under eHealth division to cater to crisis situations in Cyber Security matters of Ministry of Health and Family Welfare. The nodal agency for implementation of Cyber Security within Ministry will be Centre for Health Informatics (CHI), NIHFW. The Cyber Security Cell will work under the guidance of Governing body of Cyber Security Cell of MoHFW headed by JS(eHealth), MoHFW. Composition of Cyber Security Cell with following members as its Governing Body:
1. Joint Secretary, eHealth, MoHFW Chairman 2. NIC HoD, MoHFW Member 3. HoD Computer Science Department, IIT Delhi or his nominee Member 4. Mission Director, NHM, Haryana Member 5. Mission Director, NHM, Tamil Nadu Member 6. Mission Director, NHM, Rajasthan Member 7. Director, NHM, MoHFW Member 8. DGM (IS-I), Ministry of Home Affairs Member 9. Add. Director, Centre for Health Informatics (CHI) Member 10.Add. Chief Information Security Officer, MoHFW. Member 11.Two Cyber Security Experts Member 12.Chief Information Security Officer, MoHFW Member Convener The modalities to establish CSeC may be finalized by eHealth Division, MoHFW will facilitate the provisions for IT infrastructure & manpower support to the CSeC. The CSeC will be headed by the CISO of MoHFW. 3.2.1. Objectives of CSeC  To formulate MoHFW's Information Security Policy and Cyber Crisis Management Plan as appropriate from time to time and implement the same in coordination with CERT-In & with direction of MCCMC.  To initiate proactive measures to increase awareness and understanding of Information security and computer security issues throughout the community of network users and service providers by disseminating security related information.  To act as a nodal agency to conduct security audits or assessments of government and constituent IT infrastructure in the Ministry and its organisations, evolving security policy for the Ministry.  To act as a central point for monitoring, identifying vulnerabilities and suggesting remedial measures for correcting vulnerabilities in computer and communication
systems(websites & e-governance applications) belonging to government and 'certify' any e-governance or e-commerce site in the Ministry.  To conduct education, training, research and development in cyber security.  To collect and maintain a repository of all System/Website administrators of MoHFW Websites/Web applications  To build capacity among the technical personnel to identify and fight security threats.  To assist MCCMC by priority with relevant information for their decision making process.  To carry out direction of MCCMC to fight cyber-attacks. 3.2.2. Roles & Responsibilities of CSeC  Vulnerability Reporting  Incident Reporting  Penetration testing  Incident Analysis  Vulnerability Assessment of various MoHFW Websites Log analysis.  Coordination with CERT-In, other government bodies, divisions, institutions and MCCMC Identify and classify cyber-attack scenarios.  Determine the tools and technology used to detect and prevent attacks.  Develop a checklist for handling initial investigations of cyber-attacks.  Determine the scope of an internal investigation once an attack has occurred.  Conduct any investigations within the determined scope.  Promote cyber security awareness within divisions.  Address data breach issues, including notification requirements.  Conduct follow-up reviews on the effectiveness of the department’s response to an actual attack  Prepare SOP for different types of crisis.
 CISO shall formulate appropriate guidelines and action plan to ensure the role and responsibility of CSeC as described above. 4. Institutional Framework of CERT-H It is essential to implement the Crisis Management Plan (CMP) from the grass root level for countering Cyber threats. In view of this, it is proposed to have Information Security Officers (ISO) at the subordinate office, divisions etc. These ISOs shall report to Chief Information Security Officer (CISO) of the MoHFW who will be assisted by Addl. CISO. The day to day Security related activities for the MoHFW will be looked after by CSeC. CSeC will be a unit under the administrative control of eHealth division. The ISOs will continuously interact with CSeC for Cyber security related assistance. Ministry Level Committee on Cyber Security shall be the apex committee for Crisis Management in the Ministry. The same committee shall also act as Information Security Steering Committee (ISSC). Structure of the Institutional Framework of CERT-H.
5. Conclusion: Considering the thrust of the Government for digitization and making available majority of Govt. Services to citizens through cyber means, it is imperative that cyber security receives utmost attention. Ministry of Health and Family Welfare are required to set up CERT-H for preparation of detailed Information Security Policy and Contingency plan for dealing with Information Security and crisis arising out of cyber-attacks in health care sector. In order to implement and secure the information of MoHFW, it is proposed to form Sectoral CERT by setting up of Ministry Level Cyber Crisis Management Committee (MCCMC) and Cyber Security Cell (CSeC) under eHealth division.
Computer Emergency Response Team for Health Care Sector (CERT-H)

Recommended

Conference Paper at International Conference on Enterprise Information System...
Conference Paper at International Conference on Enterprise Information System...Conference Paper at International Conference on Enterprise Information System...
Conference Paper at International Conference on Enterprise Information System...Malaysia University of Science and Technology (MUST)
 
Information security management (bel g. ragad)
Information security management (bel g. ragad)Information security management (bel g. ragad)
Information security management (bel g. ragad)Rois Solihin
 
Security Risk Management: ovvero come mitigare e gestire i rischi dei dati at...
Security Risk Management: ovvero come mitigare e gestire i rischi dei dati at...Security Risk Management: ovvero come mitigare e gestire i rischi dei dati at...
Security Risk Management: ovvero come mitigare e gestire i rischi dei dati at...festival ICT 2016
 
The Present and the Future ISAC in Taiwan
The Present and the Future ISAC in TaiwanThe Present and the Future ISAC in Taiwan
The Present and the Future ISAC in TaiwanAPNIC
 
WIRELESS SECURITY MEASUREMENT USING DATA VALUE INDEX
WIRELESS SECURITY MEASUREMENT USING DATA VALUE INDEXWIRELESS SECURITY MEASUREMENT USING DATA VALUE INDEX
WIRELESS SECURITY MEASUREMENT USING DATA VALUE INDEXIJNSA Journal
 
Enterprise security strategic_plan
Enterprise security strategic_planEnterprise security strategic_plan
Enterprise security strategic_planwardell henley
 
Information Security Governance: Concepts, Security Management & Metrics
Information Security Governance: Concepts, Security Management & MetricsInformation Security Governance: Concepts, Security Management & Metrics
Information Security Governance: Concepts, Security Management & MetricsOxfordCambridge
 
Information Security Governance #2A
Information Security Governance #2A Information Security Governance #2A
Information Security Governance #2A Marius FAILLOT DEVARRE
 

Recommended

Conference Paper at International Conference on Enterprise Information System...
Conference Paper at International Conference on Enterprise Information System...Conference Paper at International Conference on Enterprise Information System...
Conference Paper at International Conference on Enterprise Information System...Malaysia University of Science and Technology (MUST)
 
Information security management (bel g. ragad)
Information security management (bel g. ragad)Information security management (bel g. ragad)
Information security management (bel g. ragad)Rois Solihin
 
Security Risk Management: ovvero come mitigare e gestire i rischi dei dati at...
Security Risk Management: ovvero come mitigare e gestire i rischi dei dati at...Security Risk Management: ovvero come mitigare e gestire i rischi dei dati at...
Security Risk Management: ovvero come mitigare e gestire i rischi dei dati at...festival ICT 2016
 
The Present and the Future ISAC in Taiwan
The Present and the Future ISAC in TaiwanThe Present and the Future ISAC in Taiwan
The Present and the Future ISAC in TaiwanAPNIC
 
WIRELESS SECURITY MEASUREMENT USING DATA VALUE INDEX
WIRELESS SECURITY MEASUREMENT USING DATA VALUE INDEXWIRELESS SECURITY MEASUREMENT USING DATA VALUE INDEX
WIRELESS SECURITY MEASUREMENT USING DATA VALUE INDEXIJNSA Journal
 
Enterprise security strategic_plan
Enterprise security strategic_planEnterprise security strategic_plan
Enterprise security strategic_planwardell henley
 
Information Security Governance: Concepts, Security Management & Metrics
Information Security Governance: Concepts, Security Management & MetricsInformation Security Governance: Concepts, Security Management & Metrics
Information Security Governance: Concepts, Security Management & MetricsOxfordCambridge
 
Information Security Governance #2A
Information Security Governance #2A Information Security Governance #2A
Information Security Governance #2A Marius FAILLOT DEVARRE
 
News letter May 11
News letter May 11News letter May 11
News letter May 11captsbtyagi
 
Zlatibor risk based balancing of organizational and technical controls for ...
Zlatibor risk based balancing of organizational and technical controls for ...Zlatibor risk based balancing of organizational and technical controls for ...
Zlatibor risk based balancing of organizational and technical controls for ...Dejan Jeremic
 
Oig 15 55-mar15
Oig 15 55-mar15Oig 15 55-mar15
Oig 15 55-mar15Andrey Apuhtin
 
policies and prosedures For JK Air Finished
policies and prosedures For JK Air Finishedpolicies and prosedures For JK Air Finished
policies and prosedures For JK Air FinishedLevi Williams
 
Risk Management
Risk ManagementRisk Management
Risk Managementijtsrd
 
Cyber Security Standards Compliance
Cyber Security Standards ComplianceCyber Security Standards Compliance
Cyber Security Standards ComplianceDr. Prashant Vats
 
Information Security Governance: Concepts, Security Management & Metrics
Information Security Governance: Concepts, Security Management & MetricsInformation Security Governance: Concepts, Security Management & Metrics
Information Security Governance: Concepts, Security Management & MetricsMarius FAILLOT DEVARRE
 
Guidelines on Security and Privacy in Public Cloud Computing
Guidelines on Security and Privacy in Public Cloud ComputingGuidelines on Security and Privacy in Public Cloud Computing
Guidelines on Security and Privacy in Public Cloud ComputingDavid Sweigert
 
my experience as ciso
my experience as cisomy experience as ciso
my experience as cisoMarc Vael
 
International Journal of Engineering Research and Development
International Journal of Engineering Research and DevelopmentInternational Journal of Engineering Research and Development
International Journal of Engineering Research and DevelopmentIJERD Editor
 
Information Security - Back to Basics - Own Your Vulnerabilities
Information Security - Back to Basics - Own Your VulnerabilitiesInformation Security - Back to Basics - Own Your Vulnerabilities
Information Security - Back to Basics - Own Your VulnerabilitiesJack Nichelson
 
Draft NIST 7628 on CyberSecurity
Draft NIST 7628 on CyberSecurityDraft NIST 7628 on CyberSecurity
Draft NIST 7628 on CyberSecurityGovLoop
 
MeHI Privacy & Security Webinar 3.18.15
MeHI Privacy & Security Webinar 3.18.15MeHI Privacy & Security Webinar 3.18.15
MeHI Privacy & Security Webinar 3.18.15MassEHealth
 
Securing ever growing and complex business systems v1 1
Securing ever growing and complex business systems v1 1Securing ever growing and complex business systems v1 1
Securing ever growing and complex business systems v1 1Maganathin Veeraragaloo
 
A Major Revision of the CISRCP Program
A Major Revision of the CISRCP ProgramA Major Revision of the CISRCP Program
A Major Revision of the CISRCP ProgramGoogleNewsSubmit
 
Risk Assesment medical firm
Risk Assesment medical firmRisk Assesment medical firm
Risk Assesment medical firmMichael Exton BA (Hons), MSc
 
Chapter 3.docx
Chapter 3.docxChapter 3.docx
Chapter 3.docxAmir Khan
 
National Cyber Security Policy-2013
National Cyber Security Policy-2013National Cyber Security Policy-2013
National Cyber Security Policy-2013Vidushi Singh
 
Ethiopia reba paper
Ethiopia reba paperEthiopia reba paper
Ethiopia reba paperWesen Tegegne
 
Cyber Security India & Cyber Crime
Cyber Security India & Cyber CrimeCyber Security India & Cyber Crime
Cyber Security India & Cyber CrimeDeepak Kumar (D3)
 
APEC Framework for Securing the Digital Economy
APEC Framework for Securing the Digital EconomyAPEC Framework for Securing the Digital Economy
APEC Framework for Securing the Digital EconomyETDAofficialRegist
 
RBI Gopalakrishna Committee Report on IT
RBI Gopalakrishna Committee Report on ITRBI Gopalakrishna Committee Report on IT
RBI Gopalakrishna Committee Report on ITNetwork Intelligence India
 

More Related Content

What's hot

News letter May 11
News letter May 11News letter May 11
News letter May 11captsbtyagi
 
Zlatibor risk based balancing of organizational and technical controls for ...
Zlatibor risk based balancing of organizational and technical controls for ...Zlatibor risk based balancing of organizational and technical controls for ...
Zlatibor risk based balancing of organizational and technical controls for ...Dejan Jeremic
 
policies and prosedures For JK Air Finished
policies and prosedures For JK Air Finishedpolicies and prosedures For JK Air Finished
policies and prosedures For JK Air FinishedLevi Williams
 
Risk Management
Risk ManagementRisk Management
Risk Managementijtsrd
 
Cyber Security Standards Compliance
Cyber Security Standards ComplianceCyber Security Standards Compliance
Cyber Security Standards ComplianceDr. Prashant Vats
 
Information Security Governance: Concepts, Security Management & Metrics
Information Security Governance: Concepts, Security Management & MetricsInformation Security Governance: Concepts, Security Management & Metrics
Information Security Governance: Concepts, Security Management & MetricsMarius FAILLOT DEVARRE
 
Guidelines on Security and Privacy in Public Cloud Computing
Guidelines on Security and Privacy in Public Cloud ComputingGuidelines on Security and Privacy in Public Cloud Computing
Guidelines on Security and Privacy in Public Cloud ComputingDavid Sweigert
 
my experience as ciso
my experience as cisomy experience as ciso
my experience as cisoMarc Vael
 
International Journal of Engineering Research and Development
International Journal of Engineering Research and DevelopmentInternational Journal of Engineering Research and Development
International Journal of Engineering Research and DevelopmentIJERD Editor
 
Information Security - Back to Basics - Own Your Vulnerabilities
Information Security - Back to Basics - Own Your VulnerabilitiesInformation Security - Back to Basics - Own Your Vulnerabilities
Information Security - Back to Basics - Own Your VulnerabilitiesJack Nichelson
 
Draft NIST 7628 on CyberSecurity
Draft NIST 7628 on CyberSecurityDraft NIST 7628 on CyberSecurity
Draft NIST 7628 on CyberSecurityGovLoop
 
MeHI Privacy & Security Webinar 3.18.15
MeHI Privacy & Security Webinar 3.18.15MeHI Privacy & Security Webinar 3.18.15
MeHI Privacy & Security Webinar 3.18.15MassEHealth
 
Securing ever growing and complex business systems v1 1
Securing ever growing and complex business systems v1 1Securing ever growing and complex business systems v1 1
Securing ever growing and complex business systems v1 1Maganathin Veeraragaloo
 
A Major Revision of the CISRCP Program
A Major Revision of the CISRCP ProgramA Major Revision of the CISRCP Program
A Major Revision of the CISRCP ProgramGoogleNewsSubmit
 

What's hot (16)

News letter May 11
News letter May 11News letter May 11
News letter May 11
 
Zlatibor risk based balancing of organizational and technical controls for ...
Zlatibor risk based balancing of organizational and technical controls for ...Zlatibor risk based balancing of organizational and technical controls for ...
Zlatibor risk based balancing of organizational and technical controls for ...
 
Oig 15 55-mar15
Oig 15 55-mar15Oig 15 55-mar15
Oig 15 55-mar15
 
policies and prosedures For JK Air Finished
policies and prosedures For JK Air Finishedpolicies and prosedures For JK Air Finished
policies and prosedures For JK Air Finished
 
Risk Management
Risk ManagementRisk Management
Risk Management
 
Cyber Security Standards Compliance
Cyber Security Standards ComplianceCyber Security Standards Compliance
Cyber Security Standards Compliance
 
Information Security Governance: Concepts, Security Management & Metrics
Information Security Governance: Concepts, Security Management & MetricsInformation Security Governance: Concepts, Security Management & Metrics
Information Security Governance: Concepts, Security Management & Metrics
 
Guidelines on Security and Privacy in Public Cloud Computing
Guidelines on Security and Privacy in Public Cloud ComputingGuidelines on Security and Privacy in Public Cloud Computing
Guidelines on Security and Privacy in Public Cloud Computing
 
my experience as ciso
my experience as cisomy experience as ciso
my experience as ciso
 
International Journal of Engineering Research and Development
International Journal of Engineering Research and DevelopmentInternational Journal of Engineering Research and Development
International Journal of Engineering Research and Development
 
Information Security - Back to Basics - Own Your Vulnerabilities
Information Security - Back to Basics - Own Your VulnerabilitiesInformation Security - Back to Basics - Own Your Vulnerabilities
Information Security - Back to Basics - Own Your Vulnerabilities
 
Draft NIST 7628 on CyberSecurity
Draft NIST 7628 on CyberSecurityDraft NIST 7628 on CyberSecurity
Draft NIST 7628 on CyberSecurity
 
MeHI Privacy & Security Webinar 3.18.15
MeHI Privacy & Security Webinar 3.18.15MeHI Privacy & Security Webinar 3.18.15
MeHI Privacy & Security Webinar 3.18.15
 
Securing ever growing and complex business systems v1 1
Securing ever growing and complex business systems v1 1Securing ever growing and complex business systems v1 1
Securing ever growing and complex business systems v1 1
 
A Major Revision of the CISRCP Program
A Major Revision of the CISRCP ProgramA Major Revision of the CISRCP Program
A Major Revision of the CISRCP Program
 
Risk Assesment medical firm
Risk Assesment medical firmRisk Assesment medical firm
Risk Assesment medical firm
 

Similar to Computer Emergency Response Team for Health Care Sector (CERT-H)

Chapter 3.docx
Chapter 3.docxChapter 3.docx
Chapter 3.docxAmir Khan
 
National Cyber Security Policy-2013
National Cyber Security Policy-2013National Cyber Security Policy-2013
National Cyber Security Policy-2013Vidushi Singh
 
Cyber Security India & Cyber Crime
Cyber Security India & Cyber CrimeCyber Security India & Cyber Crime
Cyber Security India & Cyber CrimeDeepak Kumar (D3)
 
APEC Framework for Securing the Digital Economy
APEC Framework for Securing the Digital EconomyAPEC Framework for Securing the Digital Economy
APEC Framework for Securing the Digital EconomyETDAofficialRegist
 
Final national cyber security strategy november 2014
Final national cyber security strategy november 2014Final national cyber security strategy november 2014
Final national cyber security strategy november 2014vikawotar
 
CSM_Guideline_v2.0_en.pdf
CSM_Guideline_v2.0_en.pdfCSM_Guideline_v2.0_en.pdf
CSM_Guideline_v2.0_en.pdfSnahvaFray
 
E’s Data Security Company Strategic Security Plan – 2015.docx
E’s Data Security Company Strategic Security Plan – 2015.docxE’s Data Security Company Strategic Security Plan – 2015.docx
E’s Data Security Company Strategic Security Plan – 2015.docxmydrynan
 
SBIC Report : Transforming Information Security: Future-Proofing Processes
SBIC Report : Transforming Information Security: Future-Proofing ProcessesSBIC Report : Transforming Information Security: Future-Proofing Processes
SBIC Report : Transforming Information Security: Future-Proofing ProcessesEMC
 
This domain reviews the diverse areas of knowledge needed to develop and man...
This domain reviews the diverse areas of knowledge needed to develop and man...This domain reviews the diverse areas of knowledge needed to develop and man...
This domain reviews the diverse areas of knowledge needed to develop and man...bikheet
 
Using cloud services: Compliance with the Security Requirements of the Spanis...
Using cloud services: Compliance with the Security Requirements of the Spanis...Using cloud services: Compliance with the Security Requirements of the Spanis...
Using cloud services: Compliance with the Security Requirements of the Spanis...Miguel A. Amutio
 
Fdic ffiec cyber_security_assessments
Fdic ffiec cyber_security_assessmentsFdic ffiec cyber_security_assessments
Fdic ffiec cyber_security_assessmentsKen M. Shaurette
 
National_Cyber_Security_Strategy.pdf
National_Cyber_Security_Strategy.pdfNational_Cyber_Security_Strategy.pdf
National_Cyber_Security_Strategy.pdfAlexandre Pinheiro
 
Cybersecurity Hub & Operations - Dr. Kiru Pillay
Cybersecurity Hub & Operations - Dr. Kiru PillayCybersecurity Hub & Operations - Dr. Kiru Pillay
Cybersecurity Hub & Operations - Dr. Kiru PillaydotZADNA
 
Global CyberSecurity Index and Cyberwellness Profiles
Global CyberSecurity Index and Cyberwellness ProfilesGlobal CyberSecurity Index and Cyberwellness Profiles
Global CyberSecurity Index and Cyberwellness ProfilesICT Watch
 
SBIC Enterprise Information Security Strategic Technologies
SBIC Enterprise Information Security Strategic TechnologiesSBIC Enterprise Information Security Strategic Technologies
SBIC Enterprise Information Security Strategic TechnologiesEMC
 
European Risk Management Seminar 2018 - Cyber Report
European Risk Management Seminar 2018 - Cyber Report European Risk Management Seminar 2018 - Cyber Report
European Risk Management Seminar 2018 - Cyber Report FERMA
 
RiskWatch for Credit Unions™
RiskWatch for Credit Unions™RiskWatch for Credit Unions™
RiskWatch for Credit Unions™CPaschal
 

Similar to Computer Emergency Response Team for Health Care Sector (CERT-H) (20)

Chapter 3.docx
Chapter 3.docxChapter 3.docx
Chapter 3.docx
 
National Cyber Security Policy-2013
National Cyber Security Policy-2013National Cyber Security Policy-2013
National Cyber Security Policy-2013
 
Ethiopia reba paper
Ethiopia reba paperEthiopia reba paper
Ethiopia reba paper
 
Cyber Security India & Cyber Crime
Cyber Security India & Cyber CrimeCyber Security India & Cyber Crime
Cyber Security India & Cyber Crime
 
APEC Framework for Securing the Digital Economy
APEC Framework for Securing the Digital EconomyAPEC Framework for Securing the Digital Economy
APEC Framework for Securing the Digital Economy
 
RBI Gopalakrishna Committee Report on IT
RBI Gopalakrishna Committee Report on ITRBI Gopalakrishna Committee Report on IT
RBI Gopalakrishna Committee Report on IT
 
Final national cyber security strategy november 2014
Final national cyber security strategy november 2014Final national cyber security strategy november 2014
Final national cyber security strategy november 2014
 
CSM_Guideline_v2.0_en.pdf
CSM_Guideline_v2.0_en.pdfCSM_Guideline_v2.0_en.pdf
CSM_Guideline_v2.0_en.pdf
 
E’s Data Security Company Strategic Security Plan – 2015.docx
E’s Data Security Company Strategic Security Plan – 2015.docxE’s Data Security Company Strategic Security Plan – 2015.docx
E’s Data Security Company Strategic Security Plan – 2015.docx
 
SBIC Report : Transforming Information Security: Future-Proofing Processes
SBIC Report : Transforming Information Security: Future-Proofing ProcessesSBIC Report : Transforming Information Security: Future-Proofing Processes
SBIC Report : Transforming Information Security: Future-Proofing Processes
 
This domain reviews the diverse areas of knowledge needed to develop and man...
This domain reviews the diverse areas of knowledge needed to develop and man...This domain reviews the diverse areas of knowledge needed to develop and man...
This domain reviews the diverse areas of knowledge needed to develop and man...
 
Using cloud services: Compliance with the Security Requirements of the Spanis...
Using cloud services: Compliance with the Security Requirements of the Spanis...Using cloud services: Compliance with the Security Requirements of the Spanis...
Using cloud services: Compliance with the Security Requirements of the Spanis...
 
Fdic ffiec cyber_security_assessments
Fdic ffiec cyber_security_assessmentsFdic ffiec cyber_security_assessments
Fdic ffiec cyber_security_assessments
 
National_Cyber_Security_Strategy.pdf
National_Cyber_Security_Strategy.pdfNational_Cyber_Security_Strategy.pdf
National_Cyber_Security_Strategy.pdf
 
Cybersecurity Hub & Operations - Dr. Kiru Pillay
Cybersecurity Hub & Operations - Dr. Kiru PillayCybersecurity Hub & Operations - Dr. Kiru Pillay
Cybersecurity Hub & Operations - Dr. Kiru Pillay
 
Global CyberSecurity Index and Cyberwellness Profiles
Global CyberSecurity Index and Cyberwellness ProfilesGlobal CyberSecurity Index and Cyberwellness Profiles
Global CyberSecurity Index and Cyberwellness Profiles
 
SBIC Enterprise Information Security Strategic Technologies
SBIC Enterprise Information Security Strategic TechnologiesSBIC Enterprise Information Security Strategic Technologies
SBIC Enterprise Information Security Strategic Technologies
 
European Risk Management Seminar 2018 - Cyber Report
European Risk Management Seminar 2018 - Cyber Report European Risk Management Seminar 2018 - Cyber Report
European Risk Management Seminar 2018 - Cyber Report
 
RiskWatch for Credit Unions™
RiskWatch for Credit Unions™RiskWatch for Credit Unions™
RiskWatch for Credit Unions™
 
Session 5.3 Alexander Ntoko
Session 5.3 Alexander NtokoSession 5.3 Alexander Ntoko
Session 5.3 Alexander Ntoko
 

Recently uploaded

Hubli Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real Meet
Hubli Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real MeetHubli Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real Meet
Hubli Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real MeetCall Girls Service
 
Mangalore Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real Meet
Mangalore Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real MeetMangalore Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real Meet
Mangalore Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real MeetCall Girls Service
 
❤️Call girls in Jalandhar ☎️9876848877☎️ Call Girl service in Jalandhar☎️ Jal...
❤️Call girls in Jalandhar ☎️9876848877☎️ Call Girl service in Jalandhar☎️ Jal...❤️Call girls in Jalandhar ☎️9876848877☎️ Call Girl service in Jalandhar☎️ Jal...
❤️Call girls in Jalandhar ☎️9876848877☎️ Call Girl service in Jalandhar☎️ Jal...chandigarhentertainm
 
Call Girls Hyderabad Just Call 9907093804 Top Class Call Girl Service Available
Call Girls Hyderabad Just Call 9907093804 Top Class Call Girl Service AvailableCall Girls Hyderabad Just Call 9907093804 Top Class Call Girl Service Available
Call Girls Hyderabad Just Call 9907093804 Top Class Call Girl Service AvailableDipal Arora
 
Sambalpur Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real Meet
Sambalpur Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real MeetSambalpur Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real Meet
Sambalpur Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real MeetCall Girls Service
 
bhubaneswar Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real Meet
bhubaneswar Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real Meetbhubaneswar Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real Meet
bhubaneswar Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real MeetCall Girls Service
 
❤️♀️@ Jaipur Call Girl Agency ❤️♀️@ Manjeet Russian Call Girls Service in Jai...
❤️♀️@ Jaipur Call Girl Agency ❤️♀️@ Manjeet Russian Call Girls Service in Jai...❤️♀️@ Jaipur Call Girl Agency ❤️♀️@ Manjeet Russian Call Girls Service in Jai...
❤️♀️@ Jaipur Call Girl Agency ❤️♀️@ Manjeet Russian Call Girls Service in Jai...Gfnyt.com
 
❤️♀️@ Jaipur Call Girls ❤️♀️@ Jaispreet Call Girl Services in Jaipur QRYPCF ...
❤️♀️@ Jaipur Call Girls ❤️♀️@ Jaispreet Call Girl Services in Jaipur QRYPCF ...❤️♀️@ Jaipur Call Girls ❤️♀️@ Jaispreet Call Girl Services in Jaipur QRYPCF ...
❤️♀️@ Jaipur Call Girls ❤️♀️@ Jaispreet Call Girl Services in Jaipur QRYPCF ...Gfnyt.com
 
Call Girl In Zirakpur ❤️♀️@ 9988299661 Zirakpur Call Girls Near Me ❤️♀️@ Sexy...
Call Girl In Zirakpur ❤️♀️@ 9988299661 Zirakpur Call Girls Near Me ❤️♀️@ Sexy...Call Girl In Zirakpur ❤️♀️@ 9988299661 Zirakpur Call Girls Near Me ❤️♀️@ Sexy...
Call Girl In Zirakpur ❤️♀️@ 9988299661 Zirakpur Call Girls Near Me ❤️♀️@ Sexy...Sheetaleventcompany
 
dhanbad Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real Meet
dhanbad Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real Meetdhanbad Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real Meet
dhanbad Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real MeetCall Girls Service
 
Bareilly Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real Meet
Bareilly Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real MeetBareilly Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real Meet
Bareilly Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real MeetCall Girls Service
 
Ernakulam Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real Meet
Ernakulam Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real MeetErnakulam Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real Meet
Ernakulam Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real MeetCall Girls Chandigarh
 
Call Girl Amritsar ❤️♀️@ 8725944379 Amritsar Call Girls Near Me ❤️♀️@ Sexy Ca...
Call Girl Amritsar ❤️♀️@ 8725944379 Amritsar Call Girls Near Me ❤️♀️@ Sexy Ca...Call Girl Amritsar ❤️♀️@ 8725944379 Amritsar Call Girls Near Me ❤️♀️@ Sexy Ca...
Call Girl Amritsar ❤️♀️@ 8725944379 Amritsar Call Girls Near Me ❤️♀️@ Sexy Ca...Sheetaleventcompany
 
VIP Call Girl Sector 32 Noida Just Book Me 9711199171
VIP Call Girl Sector 32 Noida Just Book Me 9711199171VIP Call Girl Sector 32 Noida Just Book Me 9711199171
VIP Call Girl Sector 32 Noida Just Book Me 9711199171Call Girls Service Gurgaon
 
Call Girls Thane Just Call 9907093804 Top Class Call Girl Service Available
Call Girls Thane Just Call 9907093804 Top Class Call Girl Service AvailableCall Girls Thane Just Call 9907093804 Top Class Call Girl Service Available
Call Girls Thane Just Call 9907093804 Top Class Call Girl Service AvailableDipal Arora
 
Russian Call Girls in Noida Pallavi 9711199171 High Class Call Girl Near Me
Russian Call Girls in Noida Pallavi 9711199171 High Class Call Girl Near MeRussian Call Girls in Noida Pallavi 9711199171 High Class Call Girl Near Me
Russian Call Girls in Noida Pallavi 9711199171 High Class Call Girl Near Memriyagarg453
 
Ozhukarai Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real Meet
Ozhukarai Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real MeetOzhukarai Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real Meet
Ozhukarai Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real MeetCall Girls Service
 
Nanded Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real Meet
Nanded Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real MeetNanded Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real Meet
Nanded Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real MeetCall Girls Service
 
VIP Call Girl DLF Phase 2 Gurgaon (Noida) Just Meet Me@ 9711199012
VIP Call Girl DLF Phase 2 Gurgaon (Noida) Just Meet Me@ 9711199012VIP Call Girl DLF Phase 2 Gurgaon (Noida) Just Meet Me@ 9711199012
VIP Call Girl DLF Phase 2 Gurgaon (Noida) Just Meet Me@ 9711199012adityaroy0215
 
(Sonam Bajaj) Call Girl in Jaipur- 09257276172 Escorts Service 50% Off with C...
(Sonam Bajaj) Call Girl in Jaipur- 09257276172 Escorts Service 50% Off with C...(Sonam Bajaj) Call Girl in Jaipur- 09257276172 Escorts Service 50% Off with C...
(Sonam Bajaj) Call Girl in Jaipur- 09257276172 Escorts Service 50% Off with C...indiancallgirl4rent
 

Recently uploaded (20)

Hubli Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real Meet
Hubli Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real MeetHubli Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real Meet
Hubli Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real Meet
 
Mangalore Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real Meet
Mangalore Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real MeetMangalore Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real Meet
Mangalore Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real Meet
 
❤️Call girls in Jalandhar ☎️9876848877☎️ Call Girl service in Jalandhar☎️ Jal...
❤️Call girls in Jalandhar ☎️9876848877☎️ Call Girl service in Jalandhar☎️ Jal...❤️Call girls in Jalandhar ☎️9876848877☎️ Call Girl service in Jalandhar☎️ Jal...
❤️Call girls in Jalandhar ☎️9876848877☎️ Call Girl service in Jalandhar☎️ Jal...
 
Call Girls Hyderabad Just Call 9907093804 Top Class Call Girl Service Available
Call Girls Hyderabad Just Call 9907093804 Top Class Call Girl Service AvailableCall Girls Hyderabad Just Call 9907093804 Top Class Call Girl Service Available
Call Girls Hyderabad Just Call 9907093804 Top Class Call Girl Service Available
 
Sambalpur Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real Meet
Sambalpur Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real MeetSambalpur Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real Meet
Sambalpur Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real Meet
 
bhubaneswar Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real Meet
bhubaneswar Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real Meetbhubaneswar Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real Meet
bhubaneswar Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real Meet
 
❤️♀️@ Jaipur Call Girl Agency ❤️♀️@ Manjeet Russian Call Girls Service in Jai...
❤️♀️@ Jaipur Call Girl Agency ❤️♀️@ Manjeet Russian Call Girls Service in Jai...❤️♀️@ Jaipur Call Girl Agency ❤️♀️@ Manjeet Russian Call Girls Service in Jai...
❤️♀️@ Jaipur Call Girl Agency ❤️♀️@ Manjeet Russian Call Girls Service in Jai...
 
❤️♀️@ Jaipur Call Girls ❤️♀️@ Jaispreet Call Girl Services in Jaipur QRYPCF ...
❤️♀️@ Jaipur Call Girls ❤️♀️@ Jaispreet Call Girl Services in Jaipur QRYPCF ...❤️♀️@ Jaipur Call Girls ❤️♀️@ Jaispreet Call Girl Services in Jaipur QRYPCF ...
❤️♀️@ Jaipur Call Girls ❤️♀️@ Jaispreet Call Girl Services in Jaipur QRYPCF ...
 
Call Girl In Zirakpur ❤️♀️@ 9988299661 Zirakpur Call Girls Near Me ❤️♀️@ Sexy...
Call Girl In Zirakpur ❤️♀️@ 9988299661 Zirakpur Call Girls Near Me ❤️♀️@ Sexy...Call Girl In Zirakpur ❤️♀️@ 9988299661 Zirakpur Call Girls Near Me ❤️♀️@ Sexy...
Call Girl In Zirakpur ❤️♀️@ 9988299661 Zirakpur Call Girls Near Me ❤️♀️@ Sexy...
 
dhanbad Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real Meet
dhanbad Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real Meetdhanbad Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real Meet
dhanbad Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real Meet
 
Bareilly Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real Meet
Bareilly Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real MeetBareilly Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real Meet
Bareilly Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real Meet
 
Ernakulam Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real Meet
Ernakulam Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real MeetErnakulam Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real Meet
Ernakulam Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real Meet
 
Call Girl Amritsar ❤️♀️@ 8725944379 Amritsar Call Girls Near Me ❤️♀️@ Sexy Ca...
Call Girl Amritsar ❤️♀️@ 8725944379 Amritsar Call Girls Near Me ❤️♀️@ Sexy Ca...Call Girl Amritsar ❤️♀️@ 8725944379 Amritsar Call Girls Near Me ❤️♀️@ Sexy Ca...
Call Girl Amritsar ❤️♀️@ 8725944379 Amritsar Call Girls Near Me ❤️♀️@ Sexy Ca...
 
VIP Call Girl Sector 32 Noida Just Book Me 9711199171
VIP Call Girl Sector 32 Noida Just Book Me 9711199171VIP Call Girl Sector 32 Noida Just Book Me 9711199171
VIP Call Girl Sector 32 Noida Just Book Me 9711199171
 
Call Girls Thane Just Call 9907093804 Top Class Call Girl Service Available
Call Girls Thane Just Call 9907093804 Top Class Call Girl Service AvailableCall Girls Thane Just Call 9907093804 Top Class Call Girl Service Available
Call Girls Thane Just Call 9907093804 Top Class Call Girl Service Available
 
Russian Call Girls in Noida Pallavi 9711199171 High Class Call Girl Near Me
Russian Call Girls in Noida Pallavi 9711199171 High Class Call Girl Near MeRussian Call Girls in Noida Pallavi 9711199171 High Class Call Girl Near Me
Russian Call Girls in Noida Pallavi 9711199171 High Class Call Girl Near Me
 
Ozhukarai Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real Meet
Ozhukarai Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real MeetOzhukarai Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real Meet
Ozhukarai Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real Meet
 
Nanded Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real Meet
Nanded Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real MeetNanded Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real Meet
Nanded Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real Meet
 
VIP Call Girl DLF Phase 2 Gurgaon (Noida) Just Meet Me@ 9711199012
VIP Call Girl DLF Phase 2 Gurgaon (Noida) Just Meet Me@ 9711199012VIP Call Girl DLF Phase 2 Gurgaon (Noida) Just Meet Me@ 9711199012
VIP Call Girl DLF Phase 2 Gurgaon (Noida) Just Meet Me@ 9711199012
 
(Sonam Bajaj) Call Girl in Jaipur- 09257276172 Escorts Service 50% Off with C...
(Sonam Bajaj) Call Girl in Jaipur- 09257276172 Escorts Service 50% Off with C...(Sonam Bajaj) Call Girl in Jaipur- 09257276172 Escorts Service 50% Off with C...
(Sonam Bajaj) Call Girl in Jaipur- 09257276172 Escorts Service 50% Off with C...
 

Computer Emergency Response Team for Health Care Sector (CERT-H)

  • 1. SETTING UP OF COMPUTER EMERGENCY RESPONSE TEAM FOR HEALTH CARE CERT-H Draft Concept Note ABSTRACT This document is a concept note which draws the need of setting up of sectoral CERT to secure and mitigate the risks arising out of cyber space. Manpreet Singh Sidhu, Consultant (NISG)
  • 2. Contents 1. Overview .........................................................................................................................................2 2. Preparation of Information Security Policy and Contingency Plan ................................3 3. Approach- Formation of Computer Emergency Response Team for Health care (CERT-H): .......................................................................................................................................4 3.1. Constitution of Ministry Level Cyber Crisis Management Committee (MCCMC)/ Information Security Steering Committee (ISSC)................................................................4 3.2. Formation of Cyber Security Cell (CSeC)..............................................................................5 3.2.1. Objectives of CSeC .....................................................................................................................6 3.2.2. Roles & Responsibilities of CSeC...........................................................................................7 4. Institutional Framework of CERT-H ........................................................................................8 5. Conclusion: ...................................................................................................................................9
  • 3. 1. Overview To build a secure and resilient cyberspace for citizens, business and government and also to protect anyone from intervening into privacy, National Cyber Security Policy 2013 has been published by the ministry of Electronics and Information Technology (MeitY), GoI. The one of the objective of the policy is to create an assurance framework for design of security policies and promotion and enabling actions for compliance to global security standards and best practices by way of conformity assessment (Product, process, technology & people). The strategies devised to implement National Cyber Security Policy 2013 are  To create infrastructure for conformity assessment and certification of compliance to cyber security best practices, standards and guidelines (Eg. ISO 27001 ISMS certification).  To operationalise 24x7 sectoral CERTs for all coordination and communication actions within the respective sectors for effective incidence response & resolution and cyber crisis management.  To implement Cyber Crisis Management Plan.  To mandate implementation of global security best practices, business continuity management and cyber crisis management plan. Similarly, The XII five-year plan on information technology sector, Report of Sub-Group on Cyber Security published by Meity, Section 3.0, Current status of cyber security preparedness, Point (e) states that:- “To enable comprehensive cyber security policy compliance, the Govt. has mandated implementation of security policy within Govt. in accordance with the Information Security Management System (ISMS) Standard ISO 27001. In addition, Computer security guidelines have been issued for compliance within Govt. A Common Criteria based IT product security testing facility has been set up at Kolkata, which can test IT products up to EAL4”
  • 4. In support of this, Ministry of Home affairs has released National Information Security Policy and Guidelines (NISPG) and MeitY has published the Cyber Crisis Management Plan-2015 (CCMP-2015). The Cyber Crisis Management Plan for countering Cyber Attacks and Cyber Terrorism outlines a framework for dealing with cyber related incidents for a coordinated, multi-disciplinary and broad based approach for rapid identification, information exchange, swift response and remedial actions to mitigate and recover from malicious cyber related incidents impacting critical national processes. In the CCMP-2015, it is advised to prepare detailed contingency plans in consultation with CERT-In/NTRO/MoD/MHA, as the case may be, for dealing with crisis in respective areas. The Crisis Management Group established by respective central administrative ministry will be mainly responsible for dealing with cyber crisis in consultation with CERT- In/NTRO/MoD/MHA and report all developments to National Crisis Management Committee seeking its directions and guidance as when necessary. Furthermore, the respective Central Administrative Ministry/Department will set up a control room. He response teams and supporting organisations such as CERT-In, NTRO, MoD, IDS (DIARA), MHA, IB, R&AW, DoT and NDMA will work together to mitigate the incident. 2. Preparation of Information Security Policy and Contingency Plan In order to prepare contingency plan for dealing with cyber crisis. MoHFW need to prepare the information security policy along with Cyber Crisis Management Plan (CCMP) with following steps:- I. Gap Assessment of current system in place; II. Preparation of Information Security Policy of MoHFW; III. Formulation of Cyber Crisis Management Plan (CCMP) for MoHFW based on the CCMP shared by MeitY; IV. Consultation with various stakeholders ; V. Cyber Security awareness for senior officials; VI. Cyber security awareness training for all employees of the department including mock drills/table top exercises;
  • 5. VII. Documenting security control procedures in order to mitigate risk; VIII. Implementation of information security policy by implementing security control procedures; IX. Periodic internal and external audit review; X. Review of process and procedures related to information security. 3. Approach- Formation of Computer Emergency Response Team for Health care (CERT-H): The information security of an organisation is a continuous process which is based on the Plan, DO Check, Act (PDCA) approach. In order to implement and secure the information of MoHFW, it is proposed to constitute the Sectoral CERT as CERT-H of health care sector under Ministry Level Cyber Crisis Management Committee (MCCMC) and Cyber Security Cell (CSeC) to carry out the task successful. 3.1. Constitution of Ministry Level Cyber Crisis Management Committee (MCCMC)/ Information Security Steering Committee (ISSC) For successful governance of CERT-H, it is proposed to constitute a Ministry Level Cyber Crisis Management Committee (MCCMC) to oversee and to provide the vision to Cyber Security implementation in eHealth sector. This committee is an apex body of high-level officials of the MoHFW for developing various policies related to cyber security and dealing with crisis situations, which has serious or national ramifications, will also deal with Ministry level crisis arising out of focused cyber-attacks. This committee shall monitor, review and oversee the Information Security Policy and Cyber Crisis Management Plan of the MoHFW and its critical information Infrastructures. The composition of the Committee will be as under: 1. Secretary (HFW) Chairman 2. Add. Secretary e-Governance Member 3. DDG (Admin), DteGHS Member 4. Joint Secretary, eHealth, MoHFW Member
  • 6. 5. JS/Director, IFD, MoHFW Member 6. Director, Legal Cell, MoHFW Member 7. Sr. Director, MeitY, GoI Member 8. NIC, HoD, (MoHFW) Member 9. Sr. Director, CERT-In, GoI Member 10.Chairman Computerisation, AIIMS, New Delhi Member 11.Add. Director, Centre for Health Informatics (CHI) Member 12.Chief Information Security Officer, MoHFW Member Convener The MCCMC will be free to co-opt members depending on the nature of crisis, as and when required. When a situation is handled by the MCCMC, it will give such directions to the Crisis Management Group of the Department/division as deemed necessary. This committee shall also act as Information Security Steering Committee (ISSC) as proposed by National Critical Information Infrastructure Protection Centre (NCIIPC). 3.2. Formation of Cyber Security Cell (CSeC) As per the Crisis Management Plan for countering cyber-attacks and cyber terrorism prepared by Government of India, MoHFW may draw up their own Crisis Management Plans and implements the same. Since there is lack of adequate expertise in Government/Government Agencies/ it emerged that there is need for setting up an ongoing permanent mechanism which may act as nodal agency for monitoring various cyber security related matters for Ministry of Health and Family Welfare and its associated divisions, programs, projects, institutions etc. The Ministry may set up of Cyber Security Cell (CSeC) under eHealth division to cater to crisis situations in Cyber Security matters of Ministry of Health and Family Welfare. The nodal agency for implementation of Cyber Security within Ministry will be Centre for Health Informatics (CHI), NIHFW. The Cyber Security Cell will work under the guidance of Governing body of Cyber Security Cell of MoHFW headed by JS(eHealth), MoHFW. Composition of Cyber Security Cell with following members as its Governing Body:
  • 7. 1. Joint Secretary, eHealth, MoHFW Chairman 2. NIC HoD, MoHFW Member 3. HoD Computer Science Department, IIT Delhi or his nominee Member 4. Mission Director, NHM, Haryana Member 5. Mission Director, NHM, Tamil Nadu Member 6. Mission Director, NHM, Rajasthan Member 7. Director, NHM, MoHFW Member 8. DGM (IS-I), Ministry of Home Affairs Member 9. Add. Director, Centre for Health Informatics (CHI) Member 10.Add. Chief Information Security Officer, MoHFW. Member 11.Two Cyber Security Experts Member 12.Chief Information Security Officer, MoHFW Member Convener The modalities to establish CSeC may be finalized by eHealth Division, MoHFW will facilitate the provisions for IT infrastructure & manpower support to the CSeC. The CSeC will be headed by the CISO of MoHFW. 3.2.1. Objectives of CSeC  To formulate MoHFW's Information Security Policy and Cyber Crisis Management Plan as appropriate from time to time and implement the same in coordination with CERT-In & with direction of MCCMC.  To initiate proactive measures to increase awareness and understanding of Information security and computer security issues throughout the community of network users and service providers by disseminating security related information.  To act as a nodal agency to conduct security audits or assessments of government and constituent IT infrastructure in the Ministry and its organisations, evolving security policy for the Ministry.  To act as a central point for monitoring, identifying vulnerabilities and suggesting remedial measures for correcting vulnerabilities in computer and communication
  • 8. systems(websites & e-governance applications) belonging to government and 'certify' any e-governance or e-commerce site in the Ministry.  To conduct education, training, research and development in cyber security.  To collect and maintain a repository of all System/Website administrators of MoHFW Websites/Web applications  To build capacity among the technical personnel to identify and fight security threats.  To assist MCCMC by priority with relevant information for their decision making process.  To carry out direction of MCCMC to fight cyber-attacks. 3.2.2. Roles & Responsibilities of CSeC  Vulnerability Reporting  Incident Reporting  Penetration testing  Incident Analysis  Vulnerability Assessment of various MoHFW Websites Log analysis.  Coordination with CERT-In, other government bodies, divisions, institutions and MCCMC Identify and classify cyber-attack scenarios.  Determine the tools and technology used to detect and prevent attacks.  Develop a checklist for handling initial investigations of cyber-attacks.  Determine the scope of an internal investigation once an attack has occurred.  Conduct any investigations within the determined scope.  Promote cyber security awareness within divisions.  Address data breach issues, including notification requirements.  Conduct follow-up reviews on the effectiveness of the department’s response to an actual attack  Prepare SOP for different types of crisis.
  • 9.  CISO shall formulate appropriate guidelines and action plan to ensure the role and responsibility of CSeC as described above. 4. Institutional Framework of CERT-H It is essential to implement the Crisis Management Plan (CMP) from the grass root level for countering Cyber threats. In view of this, it is proposed to have Information Security Officers (ISO) at the subordinate office, divisions etc. These ISOs shall report to Chief Information Security Officer (CISO) of the MoHFW who will be assisted by Addl. CISO. The day to day Security related activities for the MoHFW will be looked after by CSeC. CSeC will be a unit under the administrative control of eHealth division. The ISOs will continuously interact with CSeC for Cyber security related assistance. Ministry Level Committee on Cyber Security shall be the apex committee for Crisis Management in the Ministry. The same committee shall also act as Information Security Steering Committee (ISSC). Structure of the Institutional Framework of CERT-H.
  • 10. 5. Conclusion: Considering the thrust of the Government for digitization and making available majority of Govt. Services to citizens through cyber means, it is imperative that cyber security receives utmost attention. Ministry of Health and Family Welfare are required to set up CERT-H for preparation of detailed Information Security Policy and Contingency plan for dealing with Information Security and crisis arising out of cyber-attacks in health care sector. In order to implement and secure the information of MoHFW, it is proposed to form Sectoral CERT by setting up of Ministry Level Cyber Crisis Management Committee (MCCMC) and Cyber Security Cell (CSeC) under eHealth division.