National Cyber Crime Policy

by

National Cyber Crime Policy

Cyberspace is a complex Environment consisting of interactions between people, Software and Services, supported by worldwide distribution of Communication-technology/”>Information and communication technology (ICT) devices and networks.

In the Light of the Growth of IT sector in the country, ambitious plans for rapid social transformation & Inclusive Growth and India’s prominent role in the IT global market, providing right kind of focus for creating secure computing environment and adequate trust & confidence in electronic transactions, software, services, devices and networks, has become one of the compelling priorities for the country. Such a focus enables creation of a suitable cyber security eco-system in the country, in tune with globally networked environment.

Cyberspace is vulnerable to a wide variety of incidents, whether intentional or accidental, manmade or natural, and the data exchanged in the cyberspace can be exploited for nefarious purposes by both nation-states and non-state actors. The protection of information Infrastructure-2/”>INFRASTRUCTURE and preservation of the confidentiality, Integrity and availability of information in cyberspace is the essence of a secure cyber space.

The “National Cyber Security Policy” has hence been prepared in consultation with all relevant stakeholders, user entities and public. The policy aims at facilitating creation of secure computing environment and enabling adequate trust and confidence in electronic transactions and also guiding stakeholders actions for protection of cyber space.

Mission

To protect information and information infrastructure in cyberspace, build capabilities to prevent and respond to cyber threats, reduce vulnerabilities and minimize damage from cyber incidents through a combination of institutional structures, people, processes, technology and cooperation.

 

Objectives

  • To create a secure cyber ecosystem in the country, generate adequate trust & confidence in IT systems and transactions in cyberspace and thereby enhance adoption of IT in all sectors of the economy.
  • To create an assurance framework for design of security policies and for promotion and enabling actions for compliance to global security standards and best practices by way of conformity assessment (product, process, technology & people).
  • To strengthen the Regulatory framework for ensuring a Secure Cyberspace ecosystem.
  • To enhance and create National and Sectoral level 24 x 7 mechanisms for obtaining strategic information regarding threats to ICT infrastructure, creating scenarios for response, resolution and crisis management through effective predictive, preventive, protective, response and recovery actions.
  • To enhance the protection and resilience of Nation’s critical information infrastructure by operating a 24×7 National Critical Information Infrastructure Protection Centre (NCIIPC) and mandating security practices related to the design, acquisition, development, use and operation of information Resources.
  • To develop suitable indigenous security technologies through frontier technology research, solution oriented research, proof of concept, pilot development, transition, diffusion and commercialisation leading to widespread deployment of secure ICT products / processes in general and specifically for addressing National Security requirements.
  • To improve visibility of the integrity of ICT products and services by establishing infrastructure for testing & validation of security of such products.
  • To create a workforce of 500,000 professionals skilled in cyber security in the next 5 years through capacity building, Skill development and training.
  • To provide fiscal benefits to businesses for adoption of standard security practices and processes. To enable protection of information while in process, handling, storage & transit so as to safeguard privacy of citizen’s data and for reducing economic losses due to cyber crime or data theft.
  • To enable effective prevention, investigation and prosecution of cyber crime and enhancement of law enforcement capabilities through appropriate legislative intervention.
  • To create a culture of cyber security and privacy enabling responsible user behaviour & actions through an effective communication and promotion strategy.
  • To develop effective public private partnerships and collaborative engagements through technical and operational cooperation and contribution for enhancing the security of cyberspace.

Strategies

 

Creating a secure cyber ecosystem

  • To designate a National nodal agency to coordinate all matters related to cyber security in the country, with clearly defined roles & responsibilities.
  • To encourage all organizations, private and public to designate a member of senior management, as Chief Information Security Officer (CISO), responsible for cyber security efforts and initiatives.

Creating an assurance framework

  • To promote adoption of global best practices in information security and compliance and thereby enhance cyber security posture.
  • To create infrastructure for conformity assessment and certification of compliance to cyber security best practices, standards and guidelines (Eg. ISO 27001 ISMS certification, IS system audits, Penetration testing / Vulnerability assessment, application security testing, web security testing) .

 

 

Encouraging Open Standards

  • To encourage use of open standards to facilitate interoperability and data exchange among different products or services.
  • To promote a consortium of Government and private sector to enhance the availability of tested and certified IT products based on open standards.

strengthening the Regulatory framework

To develop a dynamic legal framework and its periodic review to address the cyber security challenges arising out of technological developments in cyber space (such as cloud computing, mobile computing, encrypted services and Social Media) and its harmonization with international frameworks including those related to Internet governance.

Information sharing and cooperation

  • To develop bilateral and multi-lateral relationships in the area of cyber security with other countries.
  • To enhance National and global cooperation among security agencies, CERTs, Defence agencies and forces, Law Enforcement Agencies and the judicial systems.

Creating Cyber Security Awareness

  • To promote and launch a comprehensive national awareness program on security of cyberspace.
  • To sustain security Literacy awareness and publicity campaign through electronic media to help citizens to be aware of the challenges of cyber security.

Developing effective Public Private Partnerships

  • To facilitate collaboration and cooperation among stakeholder entities including private sector, in the area of cyber security in general and protection of critical information infrastructure in particular for actions related to cyber threats, vulnerabilities, breaches, potential protective measures, and adoption of best practices.
  • To create models for collaborations and engagement with all relevant stakeholders.

,

Cybercrime is a growing problem that affects individuals, businesses, and governments around the world. In order to combat cybercrime, it is important to have a national cybercrime policy in place. A national cybercrime policy is a set of guidelines that outline the roles and responsibilities of different government agencies in preventing, investigating, prosecuting, and victimizing cybercrime.

There are many different aspects to a national cybercrime policy. Some of the most important aspects include:

  • Cybercrime Prevention: This includes measures to educate the public about cybercrime risks and how to protect themselves, as well as efforts to develop technical solutions to prevent cybercrime attacks.
  • Cybercrime Investigation: This includes measures to investigate cybercrime incidents, identify the perpetrators, and collect evidence.
  • Cybercrime Prosecution: This includes measures to prosecute cybercrime offenders and bring them to Justice.
  • Cybercrime Victim Assistance: This includes measures to provide support and assistance to victims of cybercrime, such as help with recovering lost data or Money.
  • Cybercrime Awareness and Education: This includes measures to raise awareness of cybercrime risks and how to protect against them.
  • International Cooperation: This includes measures to cooperate with other countries in preventing, investigating, and prosecuting cybercrime.
  • Research and Development: This includes measures to fund research into new technologies and techniques for preventing, investigating, and prosecuting cybercrime.
  • Legislation: This includes measures to enact new laws or amend existing laws to address cybercrime.
  • Regulation: This includes measures to regulate the activities of businesses and individuals in order to prevent cybercrime.
  • Policy: This includes measures to develop and implement policies that will help to prevent, investigate, and prosecute cybercrime.
  • Standards: This includes measures to develop and implement standards for information security and cybercrime prevention.
  • Infrastructure: This includes measures to develop and maintain the infrastructure necessary to prevent, investigate, and prosecute cybercrime.
  • Training: This includes measures to train law enforcement officers, prosecutors, and other government officials in cybercrime prevention, investigation, and prosecution.
  • Operational Coordination: This includes measures to coordinate the efforts of different government agencies involved in cybercrime prevention, investigation, and prosecution.
  • Public-Private Partnerships: This includes measures to establish partnerships between government and the private sector to combat cybercrime.
  • Evaluation and Assessment: This includes measures to evaluate the effectiveness of the national cybercrime policy and make necessary adjustments.

A national cybercrime policy is an essential tool for combating cybercrime. By having a clear and concise policy in place, governments can better coordinate their efforts to prevent, investigate, prosecute, and victimize cybercrime. This will help to protect individuals, businesses, and governments from the devastating effects of cybercrime.

In addition to the above, there are a number of other things that governments can do to combat cybercrime. These include:

  • Enforcing existing laws: Many countries already have laws in place that can be used to prosecute cybercrime. However, these laws are often not enforced effectively. Governments need to ensure that their laws are being enforced and that cybercriminals are being brought to justice.
  • Raising awareness: Many people are not aware of the risks of cybercrime or how to protect themselves. Governments need to raise awareness of cybercrime risks and how to protect against them. This can be done through public education campaigns, school programs, and other initiatives.
  • Developing new technologies: Governments can also play a role in developing new technologies to combat cybercrime. For example, governments can fund research into new encryption technologies or Artificial Intelligence systems that can be used to detect and prevent cybercrime attacks.
  • Working with the private sector: Governments also need to work with the private sector to combat cybercrime. The private sector has a lot of expertise in information security and cybercrime prevention. Governments need to work with the private sector to share information, develop joint initiatives, and coordinate their efforts.

Cybercrime is a serious problem that affects everyone. By taking action, governments can help to protect individuals, businesses, and governments from the devastating effects of cybercrime.

What is cybercrime?

Cybercrime is any crime that is committed using a computer or the internet. This can include things like hacking, identity theft, fraud, and online child sexual exploitation.

What are the different types of cybercrime?

There are many different types of cybercrime, but some of the most common include:

  • Hacking: This is when someone gains unauthorized access to a computer or computer system.
  • Identity theft: This is when someone steals your personal information, such as your name, address, or Social Security number, and uses it to commit fraud.
  • Fraud: This is when someone deceives you in order to get your money or personal information.
  • Online child sexual exploitation: This is when someone uses the internet to exploit children sexually.

How can I protect myself from cybercrime?

There are a number of things you can do to protect yourself from cybercrime, including:

  • Use strong passwords: Make sure your passwords are strong and unique for each account.
  • Be careful about what information you share online: Don’t share your personal information, such as your address or Social Security number, online unless you’re sure it’s safe.
  • Be careful about the links you click on: Don’t click on links in emails or on websites unless you’re sure they’re safe.
  • Keep your software up to date: Make sure your operating system and software are up to date with the latest security patches.
  • Use a firewall and antivirus software: A firewall can help protect your computer from unauthorized access, and antivirus software can help protect your computer from malware.
  • Be aware of phishing scams: Phishing scams are emails or websites that try to trick you into giving away your personal information. Be careful about any emails or websites that ask for your personal information, and don’t click on any links in them.

What should I do if I think I’ve been a victim of cybercrime?

If you think you’ve been a victim of cybercrime, there are a number of things you can do, including:

  • Report the crime to the police: The police can investigate the crime and help you recover your losses.
  • Change your passwords: If your passwords have been compromised, change them immediately.
  • Monitor your credit report: If you think your identity has been stolen, monitor your credit report for any unauthorized activity.
  • Place a fraud alert on your credit report: A fraud alert will make it more difficult for someone to open new accounts in your name.
  • Shred sensitive documents: Shred any documents that contain your personal information, such as your Social Security number or bank account number.

Where can I get more information about cybercrime?

There are a number of resources available to learn more about cybercrime, including:

  • The Federal Trade Commission (FTC): The FTC has a website with information about cybercrime and how to protect yourself.
  • The National Cyber Security Alliance (NCSA): The NCSA is a non-profit organization that provides information about cybercrime and online safety.
  • The Department of Justice (DOJ): The DOJ has a website with information about cybercrime and how to report it.

  1. Which of the following is not a type of cybercrime?
    (A) Hacking
    (B) Phishing
    (C) Malware
    (D) National Cyber Crime Policy

  2. Which of the following is the best way to protect yourself from cybercrime?
    (A) Use strong passwords and keep them safe.
    (B) Be careful about what information you share online.
    (C) Keep your software up to date.
    (D) All of the above.

  3. Which of the following is not a good practice to protect yourself from cybercrime?
    (A) Use a password manager.
    (B) Share your passwords with friends and family.
    (C) Use two-factor authentication.
    (D) Keep your software up to date.

  4. Which of the following is a good way to report cybercrime?
    (A) Contact the police.
    (B) Contact the website or company that was hacked.
    (C) Contact your bank or credit card company.
    (D) All of the above.

  5. Which of the following is not a good way to report cybercrime?
    (A) Contact the hacker.
    (B) Contact the media.
    (C) Contact your friends and family.
    (D) All of the above.

  6. Which of the following is a good way to protect your computer from malware?
    (A) Use antivirus software.
    (B) Keep your software up to date.
    (C) Be careful about what websites you visit.
    (D) All of the above.

  7. Which of the following is not a good way to protect your computer from malware?
    (A) Use a firewall.
    (B) Install malware yourself.
    (C) Share your computer with others.
    (D) All of the above.

  8. Which of the following is a good way to protect your identity from theft?
    (A) Use strong passwords and keep them safe.
    (B) Be careful about what information you share online.
    (C) Keep your software up to date.
    (D) All of the above.

  9. Which of the following is not a good way to protect your identity from theft?
    (A) Use a password manager.
    (B) Share your passwords with friends and family.
    (C) Use two-factor authentication.
    (D) All of the above.

  10. Which of the following is a good way to report identity theft?
    (A) Contact the police.
    (B) Contact the company that was hacked.
    (C) Contact your bank or credit card company.
    (D) All of the above.

  11. Which of the following is not a good way to report identity theft?
    (A) Contact the hacker.
    (B) Contact the media.
    (C) Contact your friends and family.
    (D) All of the above.