Deccan Despatch (January - April 2010) - CII

and pass the same for obtaining anInternet account.• Government to set up dedicated‘Cyber Cops Academy’ and traina parallel professional stream oftechnology professionals. Suchtrained personnel should be postedat all important police stations.• In order to improve cyber policingcapabilities – Inter-state cooperationof cyber crime policethrough setting up of “NationalCyber Crime coordination centre”and an “Inter State CooperationArrangement” to be endorsed by allState Governments.• Need for a powerful legal system bythe government for an internationallaw and international policemen tohandle crimes.• Need to set up an effective cybercrime cell with qualified engineers toperform in a better manner.II. RECOMMENDATIONSTO THE INDUSTRYBanking / Finance• Every bank should ensure that itscustomers to whom internet bankingfacilities are given - complete suitableawareness quiz before their accountsare activated.• Educate before you empower -mandatory course (1 hour) about thedangers of being online, speciallydoing business like banking.• Mandatory use of mobile phones as astrong authentication device as theyare pervasive by the banks.• All banks should be mandated tointroduce digital signatures forauthentication of Internet bankingtransactions.• Provide basic knowledge of internetcrimes and fundamentals to theoperators as a precaution.vendors / merchants for bankingactivityCollaborative IncedentReporting MechanismPrivate sector organizations shouldcome together and set up of an “IncidentReporting Mechanism” including“Whistle Blowing”, to capture thecyber crime incidents that they areaware of or have happened within theirorganizations.Appropriate de-identification of theentities or persons involved may bemanaged to assure confidentialitythrough a system of “NationalOmbudsman for Information Securitybeach Incident Reports”.The incident reports can also blacklistentities and individuals involved insuch crimes and help the industry tosever relationships with such entities orindividuals.38• Companies should be mandatedto take such due diligence steps asmandated in ITA 2008 to preventcyber crimes committed by itsemployees or third parties.Policing andCyber Crimes• Inter-state cooperation of cybercrime police should be ensuredthrough setting up of a “NationalCyber Crime Coordination Center”and an “Inter State CooperationArrangement” to be endorsed by allState Governments.• One of the States that has excelled inpreventing / detecting / investigationthe cyber crime can take theleadership in setting up supportservices and share best practices withother States.• The coordination center can alsoprovide an online cyber crimecomplaints receiving mechanismwhich may be forwarded to theappropriate authority (DGPs) of eachstate for further action.• Companies should use hardwareappliances which have hard codedbrowsers (do not allow anything tochange once the box is shipped) - thiswill nullify any impact of spyware,malware, Trojans etc.• Companies should address the needto protect the individual identity andthe digital assets / devices.• Companies should monitor the “flybynight operators” – insiders whoget involved in the cyber crime.• Banks should review the existing2Factor authentication process tomake it more effective• Banks should have an effectivemechanism internally to detect &mitigate the risk of internal fraud• Banks should do a effective KYC &Due Diligence process to ensure toensure authenticity of the customerand avoid external frauds• Banks should exercise caution whileintroducing any promotional offersto avoid misuse• Banks to exercise due care andcaution while engaging externalCorporate Policies• Top management must considercyber security as an integral andcritical part of their job profile.• The top management has to develop,deploy and enforce cyber securitypolicy for the corporation to preventdamage to its critical systems.• Management should conduct periodiccyber security risk evaluation.• Management should acquire anddeploy enterprise wide securityarchitecture.• Management should invest inacquiring, training and retailing inhouse talent for safe guarding criticalsystems.• Management should establishenterprise wide access controlsystems with varying user privilegesand logs.• Management should develop anddeploy contingency planning anddisaster recovery.– Document by Confederation of IndianIndustry & Scope International Pvt. Ltd.