Cyber Security Initiatives in India

Questions and Answers

Which initiative aims to enhance India's digital infrastructure?

• Make in India
• Swachh Bharat
• Smart City Mission
• Digital India (correct)

Which of the following is NOT included in India’s counter cyber security strategies?

• Cyber insurance mandates (correct)
• Public-private partnerships
• International cyber security cooperation
• Enhanced data encryption laws

The primary agency responsible for the Digital Forensics and Cyber Crime Division in India is?

• CBI (correct)
• DRDO
• NIA
• RAW

What is the name of the Indian government's cyber security exercise?

Cyber Drill (A)

How often does CERT-In conduct cyber security exercises for critical sectors?

Annually (B)

The main focus of India's cyber security exercises is to test:

Incident response and preparedness (A)

What is a primary purpose of cyber security exercises in India?

Strengthening response to cyber threats (B)

Which sector is typically NOT a focus of India’s cyber security exercises?

Food industry (B)

What is the first step that must be taken in cyber security incident handling?

Identification (B)

What is the primary goal of conducting regular audits in cyber security assurance?

To identify and address vulnerabilities (C)

Which agency is responsible for handling cyber incidents reported in India?

CERT-In (D)

What process involves isolating a cyber threat to limit its spread?

Containment (A)

What does the term 'cyber hygiene' refer to?

Practices to maintain security (C)

What is the final step that should always be included in incident handling?

Post-incident review (B)

Which program did the Indian government launch to enhance safe internet access?

Cyber Suraksha Mission (B)

Which term refers to restoring affected systems to normal operations?

Recovery (C)

In the context of incident response, what does 'eradication' mean?

Removing malicious elements (C)

Which of these laws specifically regulates data protection in India?

Information Technology Act (D)

What best describes cyber security assurance?

Providing confidence in system defenses (C)

Which organization is responsible for cyber security assurance in critical infrastructure in India?

NCIIPC (C)

What is the primary aim of assurance practices in cyber security?

Enhancing protection against cyber threats (D)

Phishing attacks are predominantly targeted at achieving which of the following?

Gaining unauthorized access to data (A)

What key element typically included in cyber security assurance frameworks focuses on understanding potential threats?

Risk assessments (C)

Which of the following options is NOT typically considered a cyber threat?

Data encryption (C)

Flashcards

Digital India

A program in India that aims to improve digital infrastructure and access.

Cyber Insurance Mandates

Government regulation requiring insurance against cyber threats.

Digital Forensics and Cyber Crime Division

A division established by CBI to investigate cybercrimes.

Cyber Drill

India's cyber security exercise focused on readiness.

CERT-In Cyber Security Exercises

Annual exercises by CERT-In for critical sectors.

Cyber Security Exercises

Practice for incident response and preparedness.

Focus of Cyber Security Exercises

Exercises mainly concentrate on crucial sectors like finance, telecommunications, and energy.

Cyber Security Incident Handling

Procedures and methods for managing cyber security incidents.

Cyber Security Audits & Testing

Identifying and fixing vulnerabilities in cybersecurity systems

Cybersecurity Assurance Practices

Actions to improve protection against cyber threats

Indian Data Protection Law

The Information Technology Act governs data protection in India

Cyber Suraksha Mission

Indian government's program for safe internet access

Phishing Attacks

Attempts to gain unauthorized access to data through deceptive methods

Incident Response - Eradication

Removing malicious elements from a system during a cyberattack

Cyber Hygiene

Security practices to maintain a secure online environment

Cyber Threat

A malicious attempt to violate or exploit a computer system

First step in incident handling

Identification of the incident.

Indian cyber incident agency

CERT-In is the agency responsible for handling reported cyber incidents in India.

Containment (cyber)

Limiting the spread of a cyber incident.

Final step in incident handling

Post-incident review.

Cyber security assurance

Providing confidence in system defenses.

Indian critical infrastructure cyber security

NCIIPC is responsible for cyber security assurance of Indian critical infrastructure.

Cyber security assurance framework elements

Risk assessments are an important part of the Indian framework for cyber security assurance frameworks.

System Recovery

Restoring affected systems to normal operation.

Study Notes

Cyber Security Initiatives in India

• India's primary cyber security agency is CERT-In
• The National Cyber Security Policy of India was released in 2013
• The National Critical Information Infrastructure Protection Centre (NCIIPC) protects critical infrastructure like power, water, and telecom
• The Information Technology Act in India was amended in 2008 to address cybercrimes and cyber terrorism
• The National Information Centre (NIC) is responsible for developing a secure government cyber ecosystem
• Cyber Surakshit Bharat is an initiative focusing on cyber security training and certification

Counter Cyber Security Initiatives in India

• Cyber Surakshit Bharat is an initiative to spread awareness about cyber safety
• India collaborates with the USA in the 'Digital India and Cyber Security Forum'
• The Cyber Swachhta Kendra was launched under the Digital India program
• Public-private partnerships, enhanced data encryption laws, and international cyber security cooperation are part of India's cyber security strategies
• The Cyber Security Exercise is known as Cyber Drill
• CERT-In conducts cyber security exercises annually for critical sectors.

Cyber Security Incident Handling

• The first step in cyber security incident handling is identification
• CERT-In handles cyber incidents reported in India.
• Containment limits the spread of a cyber incident
• Incident handling includes reporting.

Cyber Security Assurance

• Cyber security assurance provides confidence in system defenses
• The National Critical Information Protection Centre (NCIIPC) is responsible for cyber security assurance in Indian critical infrastructure
• Cyber security frameworks in India typically involve risk assessments
• Regular audits and testing in cyber security assurance help identify and address vulnerabilities.

General Cyber Security in India

• The Information Technology Act regulates data protection in India
• The Indian government launched the Cyber Suraksha Mission to provide safe internet access for all
• Phishing attacks are primarily aimed at gaining unauthorized access to data
• In incident response, "eradication" refers to removing malicious elements
• Cyber hygiene refers to maintaining security practices in digital environments.

Credit Card and UPI Security

• CVV is used to verify credit cards for online payments
• Two-factor authentication (2FA) is a common security feature of UPI transactions
• UPI PIN is required to complete transactions
• Contactless payments without a PIN are possible for certain amounts with UPI.
• Virtual Payment Addresses (VPAs) protect user privacy in UPI transactions
• Online banking platforms often use CAPTCHA to prevent bots
• Phishing attacks are a common threat for financial transactions.

Mobile Banking Security

• Regularly updating mobile banking apps is a best practice
• Enabling fingerprint or facial recognition enhances security for mobile banking.
• Mobile banking apps should have screen lock to prevent unauthorized access
• Downloads should come from official app stores to avoid vulnerabilities
• Mobile banking security involves password security and avoiding public Wi-Fi.
• Mobile banking apps should enable two-factor authentication

Web-based Implementation

• JavaScript is the primary programming language for implementing geolocking systems in web applications
• Google Maps API is integrated into web applications for real-time location services
• CryptoJS enables strong encryption algorithms for JavaScript
• HTTPS ensures secure data transmission in web-based geolocking systems.
• Validating user locations and employing secure protocols is critical

Advanced System Security Topics

• Geo-encryption secures data based on geographical locations
• Geolocking restricts data access to specific locations
• Geo-encryption adds security by tying data to geographical location
• Performance issues (overhead) are a concern for geo-encryption
• Accurate location data is crucial for effective geolocking implementations.

Micro ATM, e-Wallet, and POS Security

• Micro ATMs provide banking services in rural and remote areas
• e-Wallets use UPI PINs or OTPs for verification of transactions
• POS systems are vulnerable to malware attacks if firewalls and antivirus software are not present.
• Secure POS systems should have regularly updated software

Security Guidelines

• Installing antivirus software is a security guideline for POS systems
• Strong passwords and biometric authentication are crucial for e-wallet security
• Regular security updates are essential to prevent malware attacks on POS systems.
• Data encryption protects sensitive data in POS transactions
• Firewalls prevent unauthorized access to POS systems

Advanced Topics in Geolocation Security

• Geo-encryption protects data based on location.
• Geolocking restricts data access to particular areas
• Accurate location data is key to effective geolocking implementation
• Performance overhead is a concern in geo-encryption implementation
• Regular auditing helps to identify and address any vulnerabilities
• Multi-factor authentication helps secure systems better.

Security with Network and Configurations

• WiFi is a common technology for indoor geolocation
• BLE stands for Bluetooth Low Energy, designed for low-power consumption.
• Signal strength measurement estimates user location using WiFi signals.
• SDN helps to manage network resources and improve network efficiency
• Regular updates to software, use of encryption, and employing strong passwords are essential for security.

Role-Based and Attribute-Based Access Control

• Role-Based Access Control (RBAC) ties access rights to user roles
• Attribute-Based Access Control (ABAC) uses attributes to determine access rights dynamically
• Policy Decision Point (PDP) evaluates access control policies and makes decisions
• RBAC is simpler but less flexible compared to ABAC.
• Robust encryption standards provide further security in ABAC

Description

This quiz covers key cyber security initiatives implemented in India, including important agencies, policies, and programs aimed at protecting critical infrastructure. It highlights collaboration with international partners and the role of public-private partnerships in enhancing cyber safety awareness across the nation.