Cyber Domain is vulnerable and data exchanged in the cyber space can be exploited. A strategic framework and actions are required for countering the cyber-attacks. This should involve a combination of preventive, detective reactive and processes to deal with cyber-attacks. The Haryana ISMO has to create Common infrastructure and build capacity/ expertise to cater to the Information Security needs of the state.
ISMO has started its operations by identifying and implementing Open Source tools and processes helping in threat identification, prompt detection of an incident and respond to the incident to prevent an attack. The overall goal to protect data/assets has to be based on leading frameworks as well as standards including but not limited to OWASP, ISO 27001 etc. ISMO has initiated its two programs called Continuous Vulnerabilities Management (CVM) and Continuous Security Monitoring (CSM) in line with the preventive, detective and reactive approach.
The cyber security threat Landscape is changed now and Administrator/End Users has to keep pace with information security updates. They should keep their Web applications/ sites updated, review the zero day vulnerabilities (with respect to their environment) and apply the necessary patch. ISMO will assist all State departments/organizations to apply above mentioned guidelines and making secure their portals/sites.
The Government of Haryana has taken a holistic view of this issue and has made a strategic shift to identify IT Assets and bring it under continuous security monitoring. This is a major deviation in to the traditional approach of the practice of carrying out point-in-time audits, as is common with the general principles adopted for any security management operation. Further, information security is a multi-dimensional problem in a networked environment involving a large number of inter-related hardware and software components and the dynamics in an evolving technology scenario poses an additional facet of challenge.
As this organization unit (ISMO) will need to carry out monitoring, risk-assessment, risk management and other security governance/ oversight activities, it is essential that it be outside the influence of implementing bodies of IT projects. Hence, the Haryana ISMO is proposed to be established as a part of the Society for IT Initiative Fund for e-Governance, with a duty to give periodic reports and recommendations to the State IT PRISM – while reporting to the Principal Secretary, IT for all day-to-day matters and guidance.
The broad goals / responsibilities of the ISMO is as follows: Establish and maintain Information Security (InfoSec) related policy framework for the State. This will include policies, standards and implementation guidelines as may be needed. Create and maintain a State InfoSec Asset Catalog and periodically assess the security posture of the assets therein.
Establish a state-level Security Operations Center (SOC) to monitor select assets from the asset catalog, with the ability to provide early detection capabilities for InfoSec incidents and breaches.
Establish an Incident Response and Containment (IRC) team with the charge of responding to InfoSec incidents and take breach containment measures. Establish a Continuous Vulnerability Management (CVM) team with the charge of pro-actively exploring the state assets for any vulnerabilities; so that risk assessment and defensive measures may be taken.
Establish a Governance, Risk and Compliance (GRC) management team with the charge of: managing the InfoSec Policy Framework as well as monitoring its implementation and compliance; creating and managing Risk Assessment and Risk Treatment plans; and monitoring and reporting the State Government's compliance with various country-level InfoSec polices & standards as well as taking / recommending appropriate action. Create and maintain the State Information Security Crisis Management Plan; discharge the responsibilities outlined therein.
Provide periodic summary reports and/or insights on the security posture of various assets to the State Administration. Represent the State in relevant National & international Information Security events / forums as may be needed. Provide InfoSec guidance and awareness to State Government departments, boards and corporations as may be needed.
The Chief Information Security Officer (CISO) of the state is heading this organization unit. The initial duties assigned to the CISO, as the Head of ISMO are:- to form a core InfoSec team drawing from available resources and hiring as may be needed, on contract basis; to take necessary steps to form a State-level Security Operations Center (SOC) with a capacity to capture and analyse security events / incidents for at least 5 important projects of the state; to take necessary steps to form a Risk Management practice in the state to complement the SOC; to initiate the creation of a comprehensive InfoSec Policy for the state; and Operate the ISMO.
Cyber Domain is vulnerable..!!! Data exchanged in the cyber space can be exploited. A strategic framework and actions are required for countering the cyber-attacks. This should involve a combination of preventive, detective and reactive processes to deal with cyber-attacks. The overall goal to protect Data/Assets has to be based on leading frameworks as well as standards including but not limited to OWASP, ISO 27001 etc. ISMO has started its operations with Identifying and implementing Open Source tools and processes that would help in prompt detection of an incident and respond to the incident to prevent an attack. Three approaches being adopted by ISMO is:
SMO has initiated its two programs in line with above mentioned approach.
- CVM : Continuous Vulnerabilities Management
- CSM : Continuous Security Monitoring