Loading...
Skip to main content

Like many websites, BSA’s websites use cookies to ensure the efficient functioning of those websites and give our users the best possible experience. You can learn more about how we use cookies, and how you can change your browser's cookie settings, in our cookies statement. By continuing to use this site without changing your cookie settings, you consent to our use of cookies.

X

JUN 06, 2022 | ASIA PACIFIC | INDIA

BSA Statement on the Submission to Ministry of Electronics and Information Technology on CERT-In’s Notification on Information Security Practices

NEW DELHI – June 6, 2022 – BSA | The Software Alliance submitted its concerns to the Ministry of Electronics and Information Technology (MeitY) on Computer Emergency Response Team’s (CERT-In) “Directions … relating to information security practices, procedure, prevention, response and reporting of cyber incidents for Safe & Trusted Internet” (Directions).

The Directions aims to augment and strengthen cybersecurity in India. BSA supports this aim of CERT-In and the need to build an effective cyber incident reporting regime. While we appreciate MeitY’s efforts to clarify the Directions through Frequently Asked Questions (FAQs), a few provisions are incompatible with risk-based, technology neutral, and flexible approaches to ensure robust cyber security mechanisms.

“We are concerned about the broad scope of notifiable cyber incidents, the lack of a risk-based threshold, and the short timeline for reporting in the Directions. These provisions will undermine incident investigation and response, including the deployment of defensive measures”, said Venkatesh Krishnamoorthy, Country Manager – India, BSA | The Software Alliance. “We urge the CERT-In to adopt an impact-based and risk-based approach to incident reporting. We recommend that the Directions ask to provide an initial report of high-impact or severe cyber incidents as soon as practicable or within 72 hours of the confirmation of an incident, whichever is faster. We also seek greater flexibility on log-keeping requirements and more time to implement user validation requirements. BSA looks forward to working with MeitY and CERT-In to contribute to an effective approach towards a secure digital economy for India.”

ABOUT BSA

The Business Software Alliance (www.bsa.org) is the global trade association of the enterprise software industry, representing companies that are leaders in artificial intelligence, cybersecurity, cloud computing, and other cutting-edge technologies. We work in over 20 markets in the US, Europe, and Asia, advocating for policies that build trust in technology so that every industry sector and the public can benefit from innovation. BSA also supports its members and their customers by raising awareness of the risks of unlicensed software use and the benefits of software asset management, driving license compliance and software adoption around the world through sound IT procurement.

MEDIA CONTACTS

Michael O’Brien

For Media Inquiries

MEDIA CONTACTS

Media Inquiries

MEDIA CONTACTS

Media Inquiries

CONTACTO DE PRENSA

Media Inquiries