Recently, the Ministry of Electronics and Information Technology<\/a> (MeitY<\/a>) declared ICICI Bank as a protected system. In essence, it means that any unauthorised access attempt would be deemed an act of cyber terrorism<\/a>. This declaration was made through a gazette notification by the Government of India as a “Protected System” under the IT Act<\/a>. 的监管机构和权威指南可用于对齐任何组织证明的关键任务系统和为什么它可能是犯罪或恐怖行动如果坏蛋虐待一个系统需要维护客户数据的地方。总的来说,监管机构和政府议程有限RegTech和GRC在我看来。 最近,电子和信息技术(MeitY)宣布ICICI银行作为一个保护系统。从本质上讲,这意味着任何未经授权的访问尝试将被视为一个行为网络恐怖主义。这个声明是通过印度政府公报通知下“保护系统”它的行为。
What are the ramifications of such a development? Can this be done by any organization? Is there a set of guidelines for getting branded as ‘Protected System’ are some of the many questions that come to mind. Will the government proactively will do anything to protect such a system? Or, does the announcement have no real value? Are these aspects covered in the Act or in the National Critical Information Infrastructure Protection Centre regulations? ETCIO spoke to a number of technology and security experts on the issue.
\"All this branding and actual work can be done by commercial banks and they can give a report to the regulators and authorities on how they have reduced fraud and data theft. In a court of law, the banks have a valid legal point that a fraudster and hacker is behaving like a criminal and putting the entire financial systems at risk. It means anti-terror laws may also be included from a legal perspective. Regulator and authority guidelines may be used to align any organization to prove the mission critical nature of the system and why it could be criminal or terror act if a bad actor abuses a system where customer data needs to be safeguarded. Overall, the regulators and authorities have a limited agenda for RegTech and GRC in my view,\" says Sudin Baraokar, Global IT and Innovation Advisor.
Is the announcement crucial for a bank? Given the system’s criticality and the risks associated with a security breach<\/a>, what is the import of the guarantee that the system is safeguarded both technically and legally? Legally speaking, the current notification means that any person who secures access or tries to secure access to a protected system will be in contravention of the provisions of this section and shall be punished.
\"Similar to the Aadhar, even an attempt to access the data can land the person in jail up to 10 years. This means if one intends to scan bank infrastructure for ethical reasons or unethical reasons, they need to watch out. Also, the definition of a \"protected system\" is missing from the IT Act. The center can declare any system as a protected system. An FIR will follow in all cases but the big difference is that this becomes a non-bailable cognizable offence the minute it's declared a protected system,\" opines Sumit Malhotra, Chief Information Officer and Head - Cloud Platform and Site Reliability, Times Internet<\/a>.
\"This is quite a proactive step. If it is, then this could be adopted by all or are there some prerequisites for this to apply. For instance, does the organization need to be from the BFSI or a similarly sensitive sector?\" says another technology leader.
On the other hand, many experts feel that the government has just laid down the dos and don'ts, would be in a position to review major changes in an organization and conduct audits, apart from having a government representative on the change management board. There are many such questions which need an answer.
<\/p><\/body>","next_sibling":[{"msid":93719187,"title":"Wanted: 7,000 construction workers for Intel chip plants","entity_type":"ARTICLE","link":"\/news\/wanted-7000-construction-workers-for-intel-chip-plants\/93719187","category_name":null,"category_name_seo":"telecomnews"}],"related_content":[],"msid":93719285,"entity_type":"ARTICLE","title":"Ramifications of MeitY declaring specific organizations as protected systems","synopsis":"'Regulator and authority guidelines may be used to align any organization to prove the mission critical nature of the system and why it could be criminal or terror act if a bad actor abuses a system where customer data needs to be safeguarded. Overall, the regulators and authorities have a limited agenda for RegTech and GRC in my view.'","titleseo":"telecomnews\/ramifications-of-meity-declaring-specific-organizations-as-protected-systems","status":"ACTIVE","authors":[{"author_name":"Muqbil Ahmar","author_link":"\/author\/479256058\/muqbil-ahmar","author_image":"https:\/\/etimg.etb2bimg.com\/authorthumb\/479256058.cms?width=100&height=100","author_additional":{"thumbsize":true,"msid":479256058,"author_name":"Muqbil Ahmar","author_seo_name":"muqbil-ahmar","designation":"Executive Editor - ETCIO and ETCISO","agency":false}}],"analytics":{"comments":0,"views":625,"shares":0,"engagementtimems":3125000},"Alttitle":{"minfo":""},"artag":"ETCIO","artdate":"2022-08-23 07:41:21","lastupd":"2022-08-23 07:46:19","breadcrumbTags":["ministry of electronics and information technology","meity","it act","cyber terrorism","security breach","internet","data protection","protected systems"],"secinfo":{"seolocation":"telecomnews\/ramifications-of-meity-declaring-specific-organizations-as-protected-systems"}}" data-authors="[" muqbil ahmar"]" data-category-name="" data-category_id="" data-date="2022-08-23" data-index="article_1">
MeitY声明特定组织保护系统的影响
这样的发展的影响是什么?这是由任何组织吗?有一套准则获得贴上“保护系统”的许多问题。将政府主动做任何事情来保护这样一个系统?或者,公告没有真正的价值吗?这些方面在行为或在国家关键信息基础设施保护中心规定?ETCIO说许多技术和安全专家在这个问题上。
声明一个银行的关键吗?考虑到系统的临界状态和相关的风险安全漏洞的进口,保证系统维护在技术上和法律上吗?从法律上讲,当前的通知意味着任何人保护访问或试图获得一个受保护的系统将违反本节的规定,应当受到惩罚。
“类似于Aadhar,甚至试图访问数据可以土地的人进监狱10年。这意味着如果一个打算扫描银行基础设施原因道德或不道德的原因,他们需要小心。此外,“保护系统”的定义是失踪的行动。中心可以声明任何系统作为一个保护系统。冷杉在所有情况下都将遵循,但最大的不同是,这成为non-bailable可辨识的罪行的分钟宣布保护系统,“以为苏米特Malhotra首席信息官和头部——云平台和网站可靠性,次互联网。
“这是相当积极的一步。如果是,那么这可能是采用全部或有一些先决条件这申请。例如,组织需要从BFSI或者类似敏感部门吗?”另一个人说技术的领导者。
另一方面,许多专家认为政府只制定行为准则,将能够审查重大变化在一个组织,开展审计,除了有一个政府代表变更管理委员会。有许多这样的问题需要一个答案。
Recently, the Ministry of Electronics and Information Technology<\/a> (MeitY<\/a>) declared ICICI Bank as a protected system. In essence, it means that any unauthorised access attempt would be deemed an act of cyber terrorism<\/a>. This declaration was made through a gazette notification by the Government of India as a “Protected System” under the IT Act<\/a>.
What are the ramifications of such a development? Can this be done by any organization? Is there a set of guidelines for getting branded as ‘Protected System’ are some of the many questions that come to mind. Will the government proactively will do anything to protect such a system? Or, does the announcement have no real value? Are these aspects covered in the Act or in the National Critical Information Infrastructure Protection Centre regulations? ETCIO spoke to a number of technology and security experts on the issue.
\"All this branding and actual work can be done by commercial banks and they can give a report to the regulators and authorities on how they have reduced fraud and data theft. In a court of law, the banks have a valid legal point that a fraudster and hacker is behaving like a criminal and putting the entire financial systems at risk. It means anti-terror laws may also be included from a legal perspective. Regulator and authority guidelines may be used to align any organization to prove the mission critical nature of the system and why it could be criminal or terror act if a bad actor abuses a system where customer data needs to be safeguarded. Overall, the regulators and authorities have a limited agenda for RegTech and GRC in my view,\" says Sudin Baraokar, Global IT and Innovation Advisor.
Is the announcement crucial for a bank? Given the system’s criticality and the risks associated with a security breach<\/a>, what is the import of the guarantee that the system is safeguarded both technically and legally? Legally speaking, the current notification means that any person who secures access or tries to secure access to a protected system will be in contravention of the provisions of this section and shall be punished.
\"Similar to the Aadhar, even an attempt to access the data can land the person in jail up to 10 years. This means if one intends to scan bank infrastructure for ethical reasons or unethical reasons, they need to watch out. Also, the definition of a \"protected system\" is missing from the IT Act. The center can declare any system as a protected system. An FIR will follow in all cases but the big difference is that this becomes a non-bailable cognizable offence the minute it's declared a protected system,\" opines Sumit Malhotra, Chief Information Officer and Head - Cloud Platform and Site Reliability, Times Internet<\/a>.
\"This is quite a proactive step. If it is, then this could be adopted by all or are there some prerequisites for this to apply. For instance, does the organization need to be from the BFSI or a similarly sensitive sector?\" says another technology leader.
On the other hand, many experts feel that the government has just laid down the dos and don'ts, would be in a position to review major changes in an organization and conduct audits, apart from having a government representative on the change management board. There are many such questions which need an answer.
<\/p><\/body>","next_sibling":[{"msid":93719187,"title":"Wanted: 7,000 construction workers for Intel chip plants","entity_type":"ARTICLE","link":"\/news\/wanted-7000-construction-workers-for-intel-chip-plants\/93719187","category_name":null,"category_name_seo":"telecomnews"}],"related_content":[],"msid":93719285,"entity_type":"ARTICLE","title":"Ramifications of MeitY declaring specific organizations as protected systems","synopsis":"'Regulator and authority guidelines may be used to align any organization to prove the mission critical nature of the system and why it could be criminal or terror act if a bad actor abuses a system where customer data needs to be safeguarded. Overall, the regulators and authorities have a limited agenda for RegTech and GRC in my view.'","titleseo":"telecomnews\/ramifications-of-meity-declaring-specific-organizations-as-protected-systems","status":"ACTIVE","authors":[{"author_name":"Muqbil Ahmar","author_link":"\/author\/479256058\/muqbil-ahmar","author_image":"https:\/\/etimg.etb2bimg.com\/authorthumb\/479256058.cms?width=100&height=100","author_additional":{"thumbsize":true,"msid":479256058,"author_name":"Muqbil Ahmar","author_seo_name":"muqbil-ahmar","designation":"Executive Editor - ETCIO and ETCISO","agency":false}}],"analytics":{"comments":0,"views":625,"shares":0,"engagementtimems":3125000},"Alttitle":{"minfo":""},"artag":"ETCIO","artdate":"2022-08-23 07:41:21","lastupd":"2022-08-23 07:46:19","breadcrumbTags":["ministry of electronics and information technology","meity","it act","cyber terrorism","security breach","internet","data protection","protected systems"],"secinfo":{"seolocation":"telecomnews\/ramifications-of-meity-declaring-specific-organizations-as-protected-systems"}}" data-news_link="//www.iser-br.com/news/ramifications-of-meity-declaring-specific-organizations-as-protected-systems/93719285">
评论
现在评论 阅读评论(1)所有评论
找到这个评论进攻?
下面选择你的理由并单击submit按钮。这将提醒我们的版主采取行动