Anda di halaman 1dari 20

CYBER SURAKSHIT BHARAT

Chief Information Security Officers’ (CISO)


Deep Dive Training
On
Cyber Security
Programme Coordinators
Dr. Charru Malhotra and Mr. Kamal Jain
August (01-04), 2018

BACK GROUND

Digital India is a key initiative for the country. In light of the recent attacks, there is increased focus on cyber safety. Recognizing
the need to strengthen the cyber security ecosystem in India, and in alignment with the Honourable Prime Minister's vision for a
'Digital India', the Ministry of Electronics and Information Technology (MeitY), launched the Cyber Surakshit Bharat initiative in
association with National e-Governance Division (NeGD) and industry partners.

CYBER SURAKSHIT BHARAT DEEP DIVE TRAINING

The purpose of the program would be to spread awareness, build capacity as well as enable government departments on steps
that need to be taken to create a Cyber Resilient IT set up.

TARGET AUDIENCE

Officers from Central and State/UT Governments and subordinate agencies/PSUs, including public sector Banks and Insurance
companies, technical wings of police and security forces

1. Designated Chief Information Security Officers (CISOs),

2. CTOs and Member of Technical /PMU teams, Officers responsible to observe security of the IT systems in their respective
organizations

BATCH SIZE: 40-50 PARTICIPANTS


PROGRAMMEOBJECTI
VE
Theobj
ecti
veoftheprogrammei stoeducat
e&enabl
etheChi
efI
nfor
mat
ionSecur
it
yOfcer
s(CI
SO)&br
oaderI
Tcommuni
ty
toaddr
essthechal
lengesofcybersecur
it
y.

Cr
eat
eawar
enessont
heemer
gingl
andscapeofcybert
hreat
s

Pr
ovi
dei
n-dept
hunder
standi
ngonkeyact
ivi
ti
es,new i
ni
ti
ati
ves,chal
l
engesandr
elat
edsol
uti
ons

Appl
i
cabl
efr
amewor
ks,gui
del
i
nes&pol
i
ciesr
elat
edt
othesubj
ect

Shar
ebestpr
act
icest
olear
nfr
om success&f
ail
ures

Pr
ovi
dekeyi
nput
stot
akei
nfor
meddeci
si
ononCyberSecur
it
yrel
atedi
ssuesi
nthei
rrespect
ivef
unct
ionalar
ea

COURSEOVERVI
EW

The4daysresi
dent
ialr
egi
onaltr
aini
ngprogrammewi llbeconductedin5-6majorcit
iesacrosscountr
y.Thefol
l
owingar
eas
wouldal
sobecover
edindetai
l
,fr
om thepracti
ti
onerperspect
ive,byexper
tsf
rom Governmentandleadi
ngIndust
ri
esin
thear
ea.
LOGI
STI
CS

NOMI
NATI
ONPROCESS

REGI
ONWI
SE BATCHES LOCATI
ON

02 12June-15June,18
Nor
th-J&K,Chandi
gar
h,Har
yana,UP
,UK,Punj
ab,Del
hi
,Hi
machal New Del
hi
01Aug-04Aug,18

Bengalur
u 27June-30June,18
South-AndhraPr adesh,T
elangana,Karnataka,TamilNadu, 03 Chennai 26Sept-29Sept,18
Puducher
ry,Lashadweep,AndamanNi cobar,
Kerala,Odisha
Hyder
abad 10Oct-13Oct,18

West
-Maharasht
ra,Chat
ti
sgar
h,MP
,Goa,Guj
arat
,Raj
ast
han, 01 Mumbai 18Jul
y-21Jul
y,18
Daman&Diu&DNH

East-Assam,WestBengal
,Jharkhand,Bi
har,Si
kki
m,T
ripur
a, Kol
kat
a 05Sep-08Sep,
18
01
Nagaland,Mi
zor
am,Arunachal
,Manipur,Meghal
aya
FOUNDI
NG PARTNERS

KNOWLEDGE PARTNERS
Ministry of Electronics and Information
Technology

Programme Schedule
Chief Information Security Officers’ Deep Dive CyberSecurityTraining
under
Cyber Surakshit Bharat Initiative Programme
Coordinators: Dr. Charru Malhotra and Mr. Kamal Jain
August 01-04, 2018
Conference Hall , First Floor, Indian Institute of Public Administration (IIPA), I. P. Estate, Outer Ring
Road, New Delhi-110002
Day -1: Wednesday, August 01, 2018
Timings Topic Faculty/Guest
09:00hrs Registration Ms. Rashmi, Ms. Shilpa
–09:45hrs (IIPA Digital India Training Team)
09:45hrs –
10:15hrs Inaugural session
About IIPA
Prof. V. K. Sharma
(Sr. Professor, IIPA)

About the Programme


Shri. Rakesh Maheshwari
(Group coordinator, MeitY)

Inaugural Address
Dr. Gulshan Rai
(National Cyber Security Coordinator, PMO)

Vote of Thanks
Dr. Charru Malhotra
(Programme Coordinator , IIPA)
10:15-10:30
Group photo and tea break
10:30- Session 2 Mr. Navin Kaul
13:00 Governance Risk and Compliance (Senior Manager , Ernst &Young)

Incident Response Mechanism-IRM Mr. Vidur Gupta


(Partner - Advisory Services, EY)
13:00 hrs -
14:00 hrs Lunch Break
14:00 hrs - Session 3 Mr. Dhiraj Gaur
15:30 hrs Network Security (Security Consultant, Palo Alto Networks Pvt Ltd)
15:30 hrs -
Tea Break
15:45 hrs
15:45 hrs - Session 3 Contd. Mr. Dhiraj Gaur
17:00 hrs Network Security (Contd.) (Security Consultant, Palo Alto Networks Pvt Ltd)
17:00 hrs -
17:30 hrs Briefing on Individual and Group assignments – 6 Groups by Programme Coordinator
Day -2: Thursday, August 02, 2018
09:30 hrs - Session 4 Dr. Rahul Johari
10:15 hrs Mobile security (Head, Software Development Cell, Guru Gobind Singh
(Mobile as an end-point device, Indraprastha University)
framework for secure mobile
applications)

10:15 hrs -
10:30rs Tea Break
10:30 hrs - Session 4 Contd. Mr. Iftekhar Hussain
12:30 hrs End Point Security (Microsoft India)

12:30 hrs - Session 5 Dr. Gaurav Gupta


13:00 hrs Cyber Forensic (Ministry of Electronics and Information Technology)
13:00 hrs -
14:00 hrs Lunch Break
14:00 hrs - Session 6 Mr. Amarpreet Singh
15:30 hrs Application and Data Security (Security Delivery Leader- Data & Application Security,
IBM

15:30 hrs –
Tea Break
15:45 hrs
15:45 hrs – Session 6 Contd. Ms. Neeti Vohra
17:00 hrs Application and Data Security (Joint Director, Corporate R & D, CDAC, Pune)
Day-3 : Friday, August 03, 2018
09:30 hrs Session 7 Ms. Shubhagta Kumar
10:45 hrs Experience sharing on Cyber Security ADG (SI), CBEC
management in Government

10:45 hrs -
Tea Break
11:00 hrs
11:00 hrs Session 8 Mr. Dhiraj Gaur
12:00 hrs Cloud Security (Security Consultant, Palo Alto Networks Pvt Ltd)

12:00 hrs - Session 9 Dr.Charru Malhotra


13:00 hrs Emerging Trends and Challenges (Programme Coordinator , Indian Institute of Public
Cyber Security – A Holistic Administration)
National Perspective
13:00 hrs -
14:00 hrs Lunch Break
14:00 hrs - Session 10 Mr. Hemant Mehrotra
15:45 hrs Operation and Monitoring of Cyber (Security Delivery Leader –North, IBM)
Security Compliance at National level
& in organizations
15:45 hrs -
16:00 hrs Tea Break
16:00 hrs - Session 11 Mr. Pavan Duggal
17:30 hrs Overview of IT Act and its (Sr.Cyber Law Expert, President CyberLaw.Net)
amendments

Day-4 : Saturday, August 04, 2018

09:00hrs Cyber Crisis Management Plan (CCMP) Dr.Charru Malhotra


-09:30 hrs (Programme Coordinator , Indian
Institute of Public Administration)

Jury of Panel Experts


09:30hrs Session 12
– Group Presentations by Participants Mr. Dipak Singh
12:30hrs (Sr. Director, MeitY)

Mr. I.P.S Sethi


(Deputy Director General, NIC)

Wg. Cmdr (Dr.) Prabir Panda (IAF-Retd.)


(ECI-Enterprise Architecture Security & Head of
Technical Support Unit)

Mr. Amolak Singh


(Director IT Security, Infologic Solution)

Dr. Charru Malhotra and Mr. Kamal Jain


(Programme Coordinators )
12:30 hrs –
Valedictory Session
13:30 hrs

Overview of the Training Conducted


Dr. Charru Malhotra (Programme Coordinator )

Mr. Dipak Singh (Sr. Director, MeitY)

Need for such Trainings and Role of IIPA by Guests-of-Honor


Prof. V. K. Sharma (Sr. Professor, IIPA)

Valedictory address by Chief Guest


Mr. M. Srinivas Rao, IAS (President & CEO, NeGD, MeitY)

Vote of Thanks
Mr. Kamal Jain
(Programme Coordinator & Sr General Manager, NeGD, MeitY)

13:30 hrs : Lunch


Assignment Instructions

1. Group Assignment
a. Nos of Groups - 5-6
b. Group Size - 5-8
c. To be made on the first day and announce during the last session of day one by the
course coordinator (IIPA in the first programme)
d. Member Mix- As per assignment
e. Submission - Presentation in prescribed format - 20 mnts followed by 10 mnts for
Q&A on day 4- preferably each member has to contribute during
presentation/Q&A
f. First two groups to be given some award- Cross ranking by participants and the
panel (MeitY, CDAC/CERTIN, NeGD and Industry)
g. Possible Assignments - Group to consider itself as an organization distributed to
Head Office and Regional /Divisional Offices in various locations, have over 600
regular and 200 outsources employees. The organization have IT applications for
key functions like Finance, HR and some key business function
(citizen/Business/G2G service - to be assumed by the group) and come up with
1. A Network Security policy of the organization.
2. Security Related Monitoring Mechanism, Accountability related clauses
and SLAs in IT related outsourcing arrangements.
3. Definition and Identification of Critical Information Infrastructure in the
organization
4. Institutional Structure and Incident response Mechanism in your
organization to handle Cyber Security related incidence citing an
actual/imaginary scenario
5. End Point Security Policy
6. Log Management and Review Policy/ Data Classification and Back Up
Management policy
2. Individual Assignments (Name and Dept not required, This will be kept confidential)
Announcement to made on day one
a. To be done by each individual
b. To be submitted on day 4, in Digital form to be mailed to Mr Dipak Singh
and
Mr. Kamal Jain and Dr. Charru Malhotra(word or pdf)
c. Assignment
 List Critical IT assets and applications in your organization
 Briefly describe O&M model of major asset category in your organization
 Who is responsible for security (both physical and Digital) of that asset
 Existing security related policies, if any, in your organizations
 Gap in existing Cyber Security arrangements that you have identified durin
training
 Action plan for next 3 months to address these gaps
Chief Information Security Officers’ (CISO) Deep Dive Training
On
Cyber Security
under
Cyber Surakshit Bharat initiative
(August 01-04, 2018)

Visiting Experts
Dr. Gulshan Rai
National Cyber Security Coordinator, PMO, India
Phone (O) – 23747965, 24368572
Email: grai@mit.gov.in

Shri M. Srinivas Rao, IAS


President & CEO, NeGD, MeitY
Phone(O)- 30481637
Email: ceo@digitalindia.gov.in

Shri. Rakesh Maheshwari


Group Co-ordinator, Cyber Law & e-Security
MeitY, India
Phone (O) – 24361244
Email: rakesh@meity.gov.in

Name Designation with Organization


Mr. Navin Kaul Senior Manager Ernst & Young LLP

Mr. Vidur Gupta Partner-Advisory Services, Ernst & Young

Mr. Dhiraj Gaur Security Consultant


Palo Alto Networks (India) Pvt.

Mr. Iftekhar Hussain Technology Solutions Professional - Cyber Threat Management


Microsoft Corporation ( India )

Dr. Rahul Johari Assistant Professor


Computer Sciences Department Guru Gobind Singh Indraprastha Uni
versity

Dr. Gaurav Gupta Scientist D, Ministry of Electronics and Information Technology


(MeitY)
Mr. Amarpreet Singh Security Delivery Leader - DAS Data & Application Security

Ms. Neeti Vohra Joint Director, Corporate R & D CDAC, Pune

Ms. Shubhagta Kumar ADG (SI)


The office of Directorate General of Systems & Data Management
Central Board of Excise and Customs
(CBEC)

Mr. Hemant Mehrotra Security Delivery Leader- North, IBM

Mr. Pavan Duggal Mr. Pavan Duggal Sr. Cyber Advocate

Mr. Dipak Singh Sr. Director, MeitY

Mr. Ashutosh Chadha Group Director, Government Affairs & Public Policy
Microsoft India

Dr. Prabir Panda Dr. Prabir Panda Wing Cmdr


Indian Air Force (IAF-Retd.)

Prof. Arvinder Kaur Dean, university’s School of information Communication &


Technology (USICT)

Mr. Rakshit Tandon Consultant – IAMAI ( Internet & Mobile Association of India)
Advisor – Cyber Complaint Redressal
Ministry Officials and Core Project Team at IIPA
MeitY Officials
Name Designation Contact no. Email id
Mr. Ajay Prakash Sawhney, IAS Secretary 24364041 secretary@meity.gov.in
Mr. Pankaj Kumar, IAS Additional Secretary 24360160 pankajkumar@nic.in

Mr. Vinay Thakur Director, Project 30481618 vinay@nic.in


Development 24301933
Mr. Dipak Singh Sr. Director, MeitY 24301305 dipak.singh@meity.gov.in

Mr. Kamal Kr. Jain SGM CB, NeGD 9958967194 kamal.jain@digitalindia.gov.in


Programme Director
Mr. Vinay Singh Consultant, NeGD 8800440771 vinay.singh@digitalindia.gov.in

IIPA Team
Name Designation Contact no. Email id
Dr. Tishyarakshit Chatterjee, IAS Director, IIPA 9717778418 titichatterjee@gmail.com
(Retd.)
Mr. Amitabh Ranjan Registrar, IIPA 9868164013 ranjanamitabh@ymail.com
Dr. Charru Malhotra Asso. Professor 9818529298
Programme Coordinator (e- Governance & ICT) charrumalhotra@gmail.com,
23468393 charrumalhotra.iipa@gov.in
Prof. V.K.Sharma Sr. Professor 9818961977 profvinod@gmail.com
Ms. Rashmi Anand Sr. Research Officer 8800602134 rashmi.iipa@gmail.com,
anandrashmi2110@gmail.com
Ms. Shilpa Yadav Research Officer 7701921513 shilpayadav.iipa@gmail.com

Ms. Surabhi Dalal Research Officer 9990172030 iipasurabhi@gmail.com

Ms. Nishtha Agarwal Research Officer 9868225928 nagarwal.iipa@gmail.com


Mr. Naveen Chand Training Cell 8750816357 chandnaveen1990@gmail.com
TRAINING BRIEF
Chief Information Security Officers’ –CISOs’ Deep Dive Training on Cyber Security
under Cyber Security Bharat Initiative (August 1-4, 2018)
Indian Institute of Public Administration had collaborated with Ministry of Electronics and
Information Technology (MeitY) and National e-Governance Division (NeGD) to design and
conduct the Chief Information Security Officers’ (CISO) Deep Dive Training Program from
August 1-4, 2018. This four day technical training on cyber security focused on several
objectives including:
1. Creating awareness on the emerging landscape of cyber threats
2. Provide in-depth understanding on key activities, new initiatives, challenges and related
solutions
3. Applicable frameworks, guidelines and policies related to cyber security
4. Share best practices and learn from successes and failures
5. Provide key inputs to take informed decisions on cyber security related issues in their
respective functional areas
Forty two participants had attended the training program. These were primarily Chief Security
Officers (CSOs), Chief Technical Officers (CTOs)- the officers responsible to observe security
of the IT systems in central and state ministries/departments and subordinate agencies, including
PSU banks, insurance companies, and technical wings of police and security forces, Joint
Secretaries and former APPPA (Advanced Professional Program in Public Administration)
participants.
Dr. Gulshan Rai ((National Cyber Security Coordinator, Prime Minister’s Office, Govt. of
India), who had been gracious enough to the Chief Guest of the Inaugural function, prodded the
CISOs in possessing a compound set of expertise ranging from technical, managerial,
responsible for risk assessment. Sh. Rakesh Maheshwari (Group Coordinator, Cyber Law,
Cyber-Security, Cert-in, MeitY) reminded that all organisations, therefore must chalk out a
Cyber Crisis Management Plan (CCMP). Considering the importance of CCMP, this session was
undertaken by Dr. Charru Malhotra wherein she discussed CCMP in great detail.

Over the course of four days, the CISOs were trained by industry practitioners drawn from E&Y,
IBM, Microsoft, Paloalto Networks, Dell EMC as well as senior experts from both Cert-in and
IIPA. Routine online quizzes were conducted to gauge the intermittent knowledge captured by
the participants using online platform by the industry experts and IIPA and awards were given to
the participants.

At the fourth day, the participants delivered group presentations on the following topics
1. Network Security Policy of the organization
2. Security Related Monitoring Mechanism, Accountability related clauses and SLAs in IT
related outsourcing arrangements
3. Definition and identification of Critical Information Infrastructure in the organization
4. Institutional Structure and Incident response Mechanism in your organization to handle
Cyber Security related incidence citing an actual/imaginary scenario
5. End Point Security Policy
6. Log Management and Review Policy/ Data Classification and Back Up Management
policy
These presentations were judged by eminent jury from industry (Mr. Amolak Singh, Director IT
solutions, Infologic Solutions), government (Mr. I.P.S. Sethi, Deputy Director Genral, NIC, Mr.
Dipak Singh), renowned practitioner (Wg. Cmdr.(Dr.) Prabir Panda (IAF, Retd), Enterprise
Architect- Security and Head of Technical Support Unit-Election Commission of India).

In the valedictory session, Shri M. Srinivas Rao, IAS (President and CEO, National e-
Governance Division) in his address expressed his anticipation that the program shall garner
huge demand for which he suggested using e-learning tools to actually reach out to a larger
audience.

Overall, the dignitaries, industry, and participants all hailed this endeavor by IIPA as a unique
PPP capacity building effort that would surely empower government departments to be more
cyber resilient.
This highly intense skill based cyber security training was designed, and coordinated by Dr.
Charru Malhotra (Associate Professor – e-Governance and ICT), Indian Institute of Public
Administration.
Some Glimpses of CISO Deep Dive Training Program

August 1-4, 2018

Pic 1: In their good books- Positive feedback from the participants about the CISO Deep Dive Training
Program August 1-4, 2018
Pic 2: Group photograph of the inaugural session- Dr. Gulshan Rai (National Cyber Security Coordinator, PMO), in
the center. Towards his left is Dr. Charru Malhotra (Associate Professor, IIPA). Towards his right is Prof. V.K.
Sharma (Sr. Professor, IIPA), Mr. Rakesh Maheshwari (Group Coordinator, MeitY),Mr. Dipak Singh (Sr. Director,
MeitY), Mr. Kamal Jain (Sr. General Manager, NeGD).
Pic 3:Dr. Gulshan Rai (National Cyber Security Coordinator, PMO) addressing the CISOs at the inaugural
ceremony August 1, 2018

Pic 4: Dr. Gulshan Rai (National Cyber Security Coordinator, PMO) with Professor V.K.Sharma (Senior Professor at IIPA) along
with Dr. Charru Malhotra (Associate Professsor, IIPA and Program coordinator)
Pic 5: CISOs attending the Deep Dive Training at the inaugural ceremony Aug 1, 2018

Pic 6: CISOs working in their groups for assessments during the training program
Pic 7: Sh. M.Srinivas Rao, IAS (President and CEO, NeGD, MeitY) addressing the CISOs at the valedictory session
August 4, 2018

Pic 8: Prof. V.K. Sharma (Senior Professor at IIPA) awarding token of gratitude to the chief guest Sh. M. Srinivas Rao, IAS
(President and CEO, NeGD, MeitY at the valedictory session
Pic 9: Participants presenting their group presentation at the final day of the training program August 4, 2018

Pic 10: Sh. M. Srinivas Rao awarding certificates to participants at the valedictory session of CISO Deep Dive
Training