A9R23 | Information Security | Computer Security

Netw ork and Information Security Standards for E-Governance -An Approach Paper

-

Government of India Ministry of Communications and Information Technology Department of Information Technology National Informatics Centre http://egovstandards.gov.in

M. National Informatics Centre NIC-WG1-EGOVSTDS-NIS .Rao.2- Version 1.Network and Information Security Standards - Prepared by: T.0 . Senior Technical Director Reviewed by: Deputy Director General NIC Approved by: Director General No part of this document shall be reproduced without prior permission of Director General.

.............................................................................................................3 Introduction .......Table of Contents Amendment Log .........................................................................................................................................8 4......................................3- Version 1............. 3...................................................................... 5 PURPOSE..................9 NIC-WG1-EGOVSTDS-NIS .......................................... 4. Need for Standards........................1 ISO ...................................7 National and International Initiatives on Standards .........................................................6 Areas of Network and Information Security Standards...........................1 1............................................................. Abbreviations ...................................0 ........................................................................2 BIS ...................................................... 8 4............5 BACKGROUND............ 6 2.....................................................................................................................................................................2 1...4 1.................. 9 5........................................................................................................................ 1..................................................3 STATE GOVERNMENTS ................ 8 4.................................. 6 SCOPE............................................................................

1.Amendment Log Version No.4- Version 1.0 Date 22-12-05 Change Number NA Brief Description First Version Sections Changed All NIC-WG1-EGOVSTDS-NIS .0 .

yet available whenever. The information security is essential for a shared system. such as a time sharing system. the need for automated tools for protecting files and other information stored on computers became evident. vide its notification No. 14 (3)04-EGD dated 7th September 2005. The second major change that affected security is the introduction of distributed systems and the use of networks and communication facilities for carrying data between terminal user and computer and between computer and computer. Network security measures are needed to protect data during their transmission because virtually all business. wherever and to whomever the needs dictate. and the need is even more acute for systems that can be accessed over public telephone or data network.5Version 1. to design the broad policy framework NIC-WG1-EGOVSTDS-NIS . managing the organizations security systems. detecting and removing malicious code. The Network and Information security standards need to be put in place for prevention of intrusions. A new approach to the standards based e-Governance that simultaneously provides for the security and availability of network resources is the need of the hour. 1. ensuring the service continuity with proper disaster management. data protection with data back up and recovery procedures and many more. This approach keeps information safe. has constituted an “Apex Body on Standards in DIT”.0 . Introduction With the introduction of computers.1. the Department of Information Technology (DIT). among other things. Government and academic organizations are interconnected their systems with a collection of networks referred as Internet.1 Background Recognizing the critical role that standards play in the rapid growth of eGovernance.

for setting as well as development of standards for the e-Governance initiatives in India. Need for Standards With the e-Governance initiatives taken up in a large scale both at Central and State Government level. it is essential to have a broad national level policy framework of standards to ensure seamless integration and inter operability of applications and services in a secured manner across the country. 1. Network and Information security is one of the key priority area identified under the National e-Governance Programme (NeGP). Working groups are being set up for each of the above area of Standards.6Version 1. The Policy NIC-WG1-EGOVSTDS-NIS .3 Scope The scope of this document is to introduce the Network and Information security needs of e_Governance and to identify the various areas of Network and Information Security where standards need to be put in place.2 Purpose To act as a base document that can be submitted to the working group to deliberate and come out with white papers on Network and Information Standards for e_Governance.0 . as discussion papers for Working Groups to develop standards need to be prepared at the first instance. 1. Originating white papers on all desired standards to serve.National Informatics Centre (NIC) has been entrusted with this major task of the formulation of standards. 2.

Wi-Fi and more) ?? Electronic Mail ?? SPAM Prevention ?? Anti Virus ?? Password Selection ?? Early Warning Systems (Intrusion Prevention) ?? Computer Emergency Response Teams (CERT) ?? Digital Signature ?? Electronic Commerce NIC-WG1-EGOVSTDS-NIS .7- Version 1. VPN Gateways.0 . Content filtering. State Governments are setting up SWAN that need to be established on global standards to integrate with national level NICNET which is again reaching up to block level shortly. For example.framework is essential in a global scenario like India where the Government services are being offered to the citizens by the State Governments independently on various State subjects that need to be in line with the Central Government initiatives. 3. ?? Data protection and Retention ?? Back up and Recovery (Including Disaster Recovery and Service Continuity) ?? Security Appliances (Firewalls. Areas of Network and Information Security Standards Following are some of the areas of Network and Information Security where Standards need to be put in place in the context of e_Governance.

4. business continuity management. The copies of Work Programme (and also of wide circulation drafts for comments during the wide circulation period) can be obtained from the Director of the concerned Technical Divisions. NIC-WG1-EGOVSTDS-NIS . communications and operations management.2 BIS BIS is engaged in formulation of Indian Standards for the sector Electronics and Information Technology supervised by a division counsel in which Network and Information Security is a part. 4. implementing. human resources security. and improving information security management in an organization. BIS publishes detailed Work Programme for each of the Division Council once in a year. 4. Bureau of Indian Standards. National and International Initiatives on Standards Following are some of the agencies working towards defining standards in the area of Network and Information Security. information security incident management. The Work Programme. asset management. New Delhi.1 ISO ISO/IEC 17799:2005 establishes guidelines and general principles for initiating.0 .8Version 1. ISO/IEC 17799:2005 contains best practices of control objectives and controls in the following areas of information security management: Security policy. physical and environmental security. contains committee wise position of standards published and draft standards (like preliminary. development and maintenance. information systems acquisition. wide circulation and finalized draft standards) at different stages of preparation. maintaining. besides giving scope of Division Council and Sectional Committees. organization of information security. The objectives outlined provide general guidance on the commonly accepted goals of information security management. access control.

Abbreviations Abbreviation Description BIS DIT e_Governance IEC ISO IT NIC NICNET SWAN VPN Bureau of Indian Standards Department of Information Technology E Governance Institute of Electronics Communications International Standards Organization Information Technology National Informatics Centre NIC Network State Wide Area Network Virtual Private Network NIC-WG1-EGOVSTDS-NIS .9- Version 1.4.0 .3 State Governments Some State Governments like Andhra Pradesh have released their own IT policy documents with the help of consultants in which the Network and Information Security standards and IT architecture form a part. 5.

Sign up to vote on this title
UsefulNot useful