The Cyber Security Policy 2.0 released by the Tamil Nadu government recently lists out steps for ensuring the protection of assets of the government through guidelines, Standard Operating Procedures (SOP) for audit, compliance and monitoring of cyber threats and attacks.
The document issued by the Information Technology and Digital Services Department covers e-sign/digital signature certificate, e-mail security, password policy, social media policy, backup and recovery, information security audit, among others.
The Cyber Security Policy 2.0 issued on August 23 this year is expected to supersede the Tamil Nadu Cyber Security Policy 2020 issued in September 2020. The latest policy has incorporated inputs from Centre for Development of Advanced Computing (C-DAC), Indian Institute of Technology Madras (IIT-M), Tamil Nadu e-Governance Agency, among others.
โCyber Security Policy 2.0 is applicable to all State government departments, State Public Sector Units and other State government agencies functioning under Government of Tamil Nadu, which uses IT infrastructure, network or digital data. CSP 2.0 is also applicable to the relevant stakeholders and third parties (For instance, Suppliers, Contractors, Consultants and Partners),โ a G.O. said.
The policy aims to protect information assets of government (infrastructure, software, citizen services) and maximize their availability to government and citizens and to create an institutional mechanism to monitor the established infrastructure.
It is for developing a comprehensive security risk reduction strategy, establishing security capabilities and infrastructure for layered security of mission-critical systems and data, and for effective cyber security measures to help in detecting, preventing and mitigating cyber attacks.
The CSP 2.0 also mandates all State government departments to nominate officials to coordinate with Cyber Security Incident Response Team (CSIRT) to collate information regarding cyber security incidents that take place in Government websites/applications and IT infrastructure.
The officials nominated from all the departments were to undergo annual training for one or two days on management of change, incident and problem. Every department is ensure that the backed-up datasets/databases are stored in tapes/external devices or in servers/storage in more than one location – other than the primary space of storage.
โThe backed-up datasets shall be restored periodically and confirmed by the department for the correctness and completeness. Comprehensive risk assessment to be done by the departments through their CISOs/ISOs to identify and define criticality by evaluating the value, sensitivity, and potential consequences of compromise for each asset/application.
Published – September 07, 2024 12:43 am IST