Annual Report 2017-18 1
ANNUALREPORT
2017-18
Annual Report 2017-182
Data Security Council of India (DSCI) is a premier industry body on data protection in India, setup by NASSCOM®, committed to making the cyberspace safe, secure and trusted by establishing best practices, standards and initiatives in cyber security and privacy. DSCI works with the Government and their agencies, Law Enforcement Agencies, industry sectors including IT-BPM, BFSI, Telecom, industry associations, data protection authorities and think tanks for public advocacy, thought leadership, capacity building and outreach initiatives.
About
DSCI
Annual Report 2017-18 3
Vision To be the premier industry body for making cyberspace safe, secure and trusted.
Objectives • Engagewithgovernments,regulators,industryassociationsandthinktanks
on policy matters through Public Advocacy
• Establish Thought Leadership through development of Best Practices,Standards and Frameworks and publication of Studies, Surveys and Papers
• BuildCapacityinSecurity,PrivacyandCyberForensicsthroughtrainingandcertification of individuals and professionals in Cybercrime Investigations through training of law enforcement agencies and judiciary
• Engage with stakeholders through various Outreach initiatives includingevents, awards, chapters, consultations and membership programs
• DevelopandmaintainanAssuranceecosystemforvalidationofprivacyandsecurity practices implemented by organizations
• Increase India’s share in the global security product and services marketthrough Global Trade Development initiatives
• AimatdevelopinganAlternateDisputeResolutionsystemindataprotection
MissionTo develop capabilities, capacities and norms, in collaboration with all the stakeholders including the government, required to advance towards a safer, more secure and trusted cyberspace
• forenhancingtradeandcommercebyincreasingglobaldataflowsandpromoting innovation;
• strengtheningnationalsecurity,
• protectingindividuals’rightsincyberspace
• addressingsuchglobalissueswhilesafeguardingnationalandindustryinterests.
Annual Report 2017-184
Chairman Message
CEO Message
DSCI Stakeholders
Corporate Members
Programs & Initiatives
Board of Directors
DSCI in News
CONtENtS
5
6
7
8
10
39
41
Annual Report 2017-18 5
In this year, DSCI continued its focus on policy advocacy, thought leadership and awareness around Cyber Security, Privacy and Data protection. Along withkeyinitiativesforIndia’scybersecuritygrowthlandscape,DSCIpavedthe way to achieve its ambitious vision of growing cyber security product and services industry to USD 35 billion by 2025. With cyber security industry development emerging as one of the key recommendations during the stakeholders meeting for strategies and priorities for future, DSCI developed a detailed roadmap and has undertaken various initiatives to enable the growth of cyber security product and services start-ups.
Given the far-reaching impact of European Union General Data Protection Regulation (EU-GDPR) compliance requirements on Indian Industryincluding IT-BPM and others, DSCI in association with NASSCOM worked through the year on Industry’s readiness.We organised several trainingsand awareness programs with global experts, and Directorate-General for Justice of the European Commission and introduced helpdesk for members and supported the industry with key action points and guidance material forGDPRimplementation.Toenhancecapacityofprivacyprofessionals inthe country, DSCI imparted several training programs for diverse sectors of industry.
G K PillaiChairman
In the past couple of years, we have witnessed India marching towards a cashless society. While the citizens are embracing the digital channels for payments, apprehensions are also rising with respect to its safety and security. Given this background, DSCI embarked upon a user awareness campaign targeting the merchants and traders and small businesses helping them understand the significance of security in the realm of digital transactions and making them aware on the basic security best practices. With the support from the primary partners including MeitY and Google India, and significant players both from the government and industry helped the campaign to amplify its reach. Focusing on the theme of Digital Payments, DSCI in association with PayPal India released a joint study– ‘SecuringIndia’sDigitalPaymentFrontiers’highlightingthecurrentstateofcybersecurity inthedigitalpayment ecosystem.
While on the one hand industry witnessed unprecedented growth in innovation and technology adoption, cyber incidentsincludingRansomwareattacksnotonlyimpactedtheindustrybutalsoaccentuatedtheimportanceofcyber security making it a strategic imperative for organisations. DSCI round the year proactively engaged with the industry members and CISO fraternity and shared advisories and guidelines and facilitated collaboration with nodal agencieslikeCERT.
The Annual Information Security Summit (AISS) in New Delhi and the Best Practices Meet (BPM) in Bengaluru served as definitive platforms for cyber security and privacy leaders in the country, both on policy, contemporary and future security technologies. Promoting excellence in security and privacy practices, the DSCI Excellence Awards, recognized organisations and individuals in the Corporate, Law Enforcement and Cyber Security Product and Services categories.
As we move ahead in this year, DSCI is geared up with several initiatives and programs and look forward to continued support of Government and our members.
CHAIRMAN MESSAGE
Annual Report 2017-186
including emerging technologies like Artificial Intelligence, Blockchain among others have been mapped in a web based system and is ready for beta release.
Throughout the year we organised a series of workshops, seminars and round table discussions on several topics engaging diverse stakeholders. The year also marked our first edition of FinSec Conclave in Mumbai. The conference received an overwhelming response with over 300 delegates joining us at the platform.
Given the drive towards digital economy in the country, it was imperative to understand various dynamics of the digital payment ecosystem. We partnered with Paypal to study the ecosystem and released a report named ‘Securing India’s Digital Payment Frontiers’. The report covered challenges, threat landscape, global policies, regulations,standards and frameworks, prevailing in the ecosystem. With the aim to enhance trust and confidence of users and merchants engaged in making digital transactions, DSCI in association with several partners including Ministry of InformationTechnology(MeitY),GovernmentofTelangana,NationalBankforAgricultureandRuralDevelopment(NABARD),NationalPaymentsCorporationofIndia(NPCI)amongothersrolledoutanationwideeducationalandawareness program on security best practices. The content developed in form of videos and brochures in five languagesHindi, English,Gujarati, Tamil&Teluguwasdisseminated throughpartners’ channels.Anawarenessprogram for law enforcement agencies was initiated which was also well received by the audience.
DSCI also started its journey towards achieving its ambitious goal of developing India as a global cyber security hub for products and services. As we move ahead, we are excited to collaborate with existing with our stakeholders to comprehensively chart out our future course of programs and initiatives. Technology Development Board announcing a Commercialisation Program for Cyber Security, and several young product companies participating in InSpreneur, Singapore, were some of the highlights of our Industry Development efforts.
We look forward to your continued support and strengthening our hands in scaling our efforts to benefit our members and stakeholders.
The year was significant for the entire industry and ecosystem. With government ramping up its efforts towards making the nation digital, cashless and protecting it from cyber threats, we at DSCI continued to engage with stakeholders and community on advocacy, knowledge dissemination, capacity development in addition to guiding our diverse member base on protecting their IT infrastructure and advocating cybersecurity and data protection as business enabler. During the year we engaged in cyber security challenges in emerging domains like Internet of Things Security, Automotive Security, blockchain and virtual currencies. We also focussed on enhancing our capacity on cyber forensics and cybercrime investigation.
TomapIndia’scapabilitiesandcompetenciesincybersecuritydomainacrossindustry, government and academia, we undertook ‘National Technology CapabilityRepository’projecttobuildarepositorythroughextensiveprimary& secondary research. This repository will enable decision makers to identify gaps and prioritize actions on technology areas that the country should invest in. A set of 25 technology areas critical to Cyber Security capacity development in the country were identified. I am glad to report that 10 areas
Rama VedashreeCEO
CEO MESSAGE
Annual Report 2017-18 7
DSCI Board has six Directors, of which four are Independent Directors. During the year 2017-18, the Board continued to have Gopal Pillai as the Chairman of Board of Directors.
RamanRoy, joined theBoard inplaceofC.P.Gurnani, Chairman,NASSCOMandAjayKumar, got appointedasSecretary, Department of Defence Production, Ministry of Defence, hence resigned as Nominee Director (MeitY) from DSCI Board. During the year, Mrutyunjay Mahapatra, DMD CIO, State Bank of India joined DSCI Board as independent Director.
The present composition of the Board is as below:
• TwoDirectorsrepresentingNASSCOM–thepresentChairmanandPresident
• FourDirectors,allbeingindependentincludingtheChairman,DSCI
the Board of Directors, as on 31 March 2018, is as below:
G. K. Pillai Chairman, DSCI
N. Balakrishnan Independent Director
A.S. Ramasastri Independent Director
Mrutyunjay Mahapatra Independent Director
Raman Roy Chairman, NASSCOM
R. Chandrashekhar, President, NASSCOM
BOARD OF DIRECtORS
Annual Report 2017-188
DSCIunderstandsstakeholders’prioritiesandencompassestheseinitsvariedinitiatives,programsandoutreachactivities.
Our programs and strategic activities are guided by the Board of Directors. To better reflect the ever-changingcyberspace, we closely engage security and privacy experts from the industry and government, consult member companies, and experts from the chapters spread across various cities in India (Delhi, Mumbai, Pune, Bangalore, Hyderabad,Kolkata, Jaipur,Ahmedabad,Coimbatore,Chandigarh)andSingapore.Thisconsultativeprocesshelpsus meet the aspirations of our stakeholders and help in the industry development.
Some key government agencies we have been engaging through out the year are mentioned below.
StAKEHOlDERS
Cyber Security Ministries & Departments National Security LEAs Regulators
CERT-In MeitY NSCS CBI RBI
NCIIPC DoC and DoT MHA NPA TRAI
NCSC MEA Sec Agencies State Police SEBI
310IT SERVICES
60IT BPM OTHERS
59SECURITY
46 33BFSI
9 3Energy/ Oil & Gas TELECOM
CORPORATE MEMBERS (INDUSTRY)
Annual Report 2017-18 9
StAKEHOlDERS
2000+ Security & Privacy Professionals
BANGALORE
450
DELHI & NCR
365 HYDERABAD
243
MUMBAI
219 CHENNAI
184
AHMEDABAD
170
PUNE
153
KOLKATTA
78 JAIPUR
67
SINGAPORE
35CHANDIGARH
31
COIMBATORE
18
CHAPTER COMMUNITY
DSCI Chapters operate in 12 cities representing over 2000 security and privacy professionals from varied Industry sectors. Members conduct regular meetings, organize educational seminars, share knowledge and discover new opportunities. Driven by voluntary association of individuals, each chapter is run by an Anchor and Co-Anchor to conduct the affairs.
Annual Report 2017-1810
PROGRAMS & INItIAtIVES
DSCI has been pro-actively engaged with the stakeholders including government and industry in building the cybersecurity agenda for the country. Enabling policy, developing the industry, nurturing and evangelizing the security product & services ecosystem to spreading awareness on cyber security imperatives while making cyberspace safe and trusted for all players remained central to all the activities carried out during the year. Few key activities carried out during the year are highlighted below.
Implementation of CStF plan – Cyber Security Product and Services Industry Development
After the formation of Cyber Security Task Force (CSTF) in 2015 that charted out a vision 2025 to grow the cyber security product and services industry to USD 35billion, one million cyber security jobs and 1000 cyber security start-ups,DSCI&NASSCOMcameupwith‘GrowingCyberSecurityIndustry-RoadmapforIndia’whichdelineatedthe path to achieve above goals and provided set of recommendations for the government to enable its necessary ecosystem. In addition to mapping global security landscape, exploring the opportunities and analysing market both from demand and supply side, the report endeavoured to identify opportunities pivotal for innovation by start-ups.
Start-ups in product and services ...gaining market traction and attracting attention of investors
Indian IT Services companies ... Scaling momentum to grow security services in global markets
MNC IT Services companies ... setting up their global consulting & operations in India
Global Security Technology Companies ... India becoming destination of product research, development and support
Niche Security Services companies ... getting recognised in the domestic and international market
User organizations and government institutions ... interest in developing security technologies and building a favourable ecosystem for their development
Global In-House Centres ... moving their security operations and engineering work to India
Cyber Security-
India's current Landscape
Cyber Security-
India's Vision 2025
~100 focused
Start-ups
~150KSecurity
Professionals
~USD 4.5-5 bn
Cyber Security market, 2017
(Overall ~USD 1.6 bn domestic market)
4 Dimensional approach
• Industry
• Technology
• Policy
• Skills
~1000 Focused Start-ups
~1mnSecurity
Professionals
~USD 35 bn
Cyber Security market
Making India a Global Hub for Cyber Security Products and Services
While scanning the cyber security industry and domestic market, many positive movements have been witnessed recently. Cited below are the identified distinct tracks of the industry development which warrant focus concerted efforts.
Cyber Security
Annual Report 2017-18 11
PROGRAMS & INItIAtIVES
Currently, considerable efforts are being made by the government and their agencies regulators to improve both the cyber security posture of the government organisations and overall enable the ecosystem. DSCI has started working closely with the government and industry on the enablement and implementation of CSTF Plan under seven areas including Policy, Use Case Clearing House, Export Market & branding, Domestic Market, Cluster/SIZ, Skills. These tracks were published as CSTF recommendations given as below.
• Commercialisation&transferoftechnology
• Allocatededicatedfund
• NationalCyberSecurityInnovationfund
• DeclareCyberSecurityasastrategicarea
• Establish Cyber Security clusters across India, to acceleratedevelopment of the industry.
• Promote‘BrandIndia’asahubofCyberSecurityproductandservicesthrough global cooperation and advocacy
• InstituteaUseCaseClearingHousetofacilitategrowthintheCyberSecurity products and services ecosystem, and nurture IP creation.
• CreateapoolofonemillionskilledCyberSecurityprofessionals
• Education&Awareness
– Mandate the inclusion of Cyber Security education at all levels of education
– Host state and national-level Cyber Security hackathons
• AppointCISOandreportCSinitiatives
• LaunchanationwideCyberSecurityawarenessinitiativethattargetsleadership,decision-makers and end-users across multiple sectors of the industry.
Policy
Cluster/SIZ
Export MarketBranding
UCCH
Skills
Domestic Market
Policy enablement for cyber security product organisation
Several announcements made during the year where DSCI proactively engaged with government to enable conducive policy and regulatory climate are as below:
• Preferential Market Access for Indian Cyber Security products: In furtherance to Public Procurement (Preference to Make in India) Order 2017 by Department of Industrial Policy and Promotion (DIPP), the Ministry of Electronics and Information Technology (MeitY) released a draft Preferential Market Access Policy for Cyber Security stating that procuring entities shall give preference to domestically manufactured/ produced Cyber Security Products. DSCI endeavoured in helping MeitY in Industry consultation and bringing views of all the stakeholders together.
• Waiver for Security certification by STQC (MeitY): DSCI has been working with Standardization Testing and Quality Certification (STQC) to relax cost of Security certification for Cyber Security Start-ups. A 50% feewaiveronsecuritycertificationwasannouncedbyHon’bleMinisterofElectronicsand ITduringthe
Annual Report 2017-1812
launchofCyberSwachhtaKendra.Thisrelaxationwillhelpstart-upspursuecommoncriteriacertificationfor their products at an affordable cost.
• Workshop on Cyber Security of IT Products using Common Criteria standards: To spread awareness on Common Criteria (CC) evaluation scheme, DSCI in association with STQC conducted workshops in Pune and Bengaluru where DSCI members and start-up community were invited. The workshop covered background on CC standards and global scenario, details on CC evaluation using protection profiles, industry expectation in product security evaluation, and briefing on CC certification process among others.
Start-up Evangelisation
Nurturing Indian security start-ups and products ecosystem by enabling the environment favourable for their growth both in the domestic and global markets has been a key priority for DSCI during the year.
• Cyber Security Delegation to Singapore: A delegation of Indian Cyber Security product companies was hosted at InSpreneur (India Singapore/ ASEAN Entrepreneurship Bridge) 2018, organized by the Indian High Commission in Singapore. InSpreneur held on the side lines of the Pravasi Bhartiya Divas 2018 witnessed participation of leading investors, Venture Capitals (VCs), end-user organizations, senior government officials from Singapore and ASEAN countries. Sessions on Speed Dating were conducted with Cyber Security as one of the key tracks. Three organisations were shortlisted as part of the Cyber Security track and were felicitated at InSpreneur.
At InSpreneur, CEO DSCI also presented on Cyber Security landscape and opportunities for collaboration and growth between India and Singapore.
PROGRAMS & INItIAtIVES
Annual Report 2017-18 13
• Accelerating Commercialisation of Cybersecurity Products by DSCI & TDB: DSCI and Technology Development Board (TDB) joined hands to create a platform to enable funding ecosystem for cybersecurity product companies to accelerate their growth. Stakeholders from the government, funding agencies and industry participated to deliberate on the importance of putting a focused effort for cybersecurity companies and carved out a future roadmap. In a workshop jointly organised by DSCI and TDB, a few start-upsdemonstratedtheir capabilitiesandexploredavenues for leveragingTDB’s commercialisationprogram as one of the funding platforms. Various funding models favourable for these companies at different stages of their lifecycle were explored and deliberated upon and opportunities were provided to be part of the future evaluation process for funding from TDB. TDB has now called for funding proposals from growth stage growth stage security star-ups in India.
• Security Start-ups interaction with Army: DSCI hosted an interactive meeting between 21 Army Signals group and start-ups to make them familiar with the evolving cyber security innovations in the country. DSCI invited start-ups to demonstrate their capabilities and explore possible collaborations. Army officials discussed few use cases and explored solution offerings.
Use Case Clearing House
DSCI has been working to institutionalise Use Case Clearing House (UCCH) with the objective to discover niche white spaces/use cases in Cyber Security domain which could accelerate innovation and product development. The structure is aimed to support the dissemination of Use Cases to researchers & entrepreneurs who are willing to develop solution and enable their adoption.
Joint Working Group on PPP for Cyber Security
In the meeting organised by the Joint Working Group (JWG) DSCI and NASSCOM presented on four key topics: Cyber Security industry development, India as a cloud hub-policy imperatives, Data Protection and Cyber Security Skills Development.
For Cyber Security industry development, DSCI presented the roadmap, and vision and imperatives of seven key tracksof industrydevelopmentsuchasCyberSecurityproductsandservices, importanceofcybersecurityR&D,GICs, etc. The group was also apprised about the projects that have been undertaken as part of larger Industry building agenda. DSCI emphasized the need for all the stakeholders to collaborate to promote Indian cyber security industry, both domestically and globally. An overview of the evolving Digital technology landscape and importance ofcrossborderdataflowstotheeconomywasdiscussedduringthemeeting.
For Data Protection, DSCI presented briefly on Data Privacy imperatives in the view of Data Protection Bill in-making. The discussion was focused on the drivers for privacy, and considerations for drafting a Data Protection Bill. DSCI presented on the Data Privacy Standard getting developed by a committee setup under LITD 17 Committee of Bureau of Indian Standard (BIS).
PROGRAMS & INItIAtIVES
Annual Report 2017-1814
Technology Repository for Cyber Capabilities
Withthekeyobjectivetoidentifyandmapnation’scurrentcybercapabilitiesandcompetencies,DSCIisdevelopinga ‘National Technology repository’. The repository is aimed at helping government, academia and Informationsecurity community with comprehension of technical capabilities in the cyber domain. A set of 25 technology areas has been identified for the development of the repository, which will be shown in the form of an easy to use web application.DSCIhasworkedontechnologyareas includingInternetofThings(IoT),BlockChain,Robotics,Cloudand Virtualization, Digital Forensics, Hardware - Semiconductor and emerging technologies including Artificial Intelligence and Cryptography.
DSCI has conducted two workshops with Industry and Academia respectively to gather feedback on approach and expectations. Beta release of the portal is planned in June 2018.
Pravasi Bhartiya Divas Roundtable ‘Developing Cyber Capacity of India’ hosted by MEA
Given the backdrop of increasing cyber challenges in the digital economy, Ministry of External Affairs organised Pravasi Bhartiya Divas Session focussed on Cyber Security. The outcome and recommendations of these roundtable meeting were aimed to shape future policies and actions through final recommendations at Pravasi Bharatiya Divas2018.ChairedbySmt.SushmaSwaraj,andShri.RaviShankarPrasad,thesessiondiscussedmyriadissuesincludingglobalcyberthreats,itsmitigationandbestpractices;Roleofstate,civilsociety,multi-lateralbodiesandprivate sector in addressing cybersecurity issues; Policy inputs to build industry confidence, trust and resilience in the digital economy; PPP models for Cyber Security cooperation and innovation; Partnerships between academia, civil society including public awareness, training, skills and curriculum in universities.
CEO DSCI participated, and presented on Cyber Security Industry Development giving an overview of current Cyber Security landscape & USD35 billion vision, India advantage, cyber security imperatives of Digital India; as well as the Indian Security Product landscape and capability.
Cyber Security Framework Adoption Issues in Smart Cities to government
In the inputs submitted by DSCI to government, DSCI highlighted specific challenges in the Cyber Security framework adoption in Smart Cities. These issues span from framework adoption, detailing of cyber security functionalrequirementsinRFPs,procurementconsiderationstoenablingtheecosystemdevelopment.DSCIalsorecommended approaches for the effective implementation and global best practices for its adoption.
NASSCOM-DSCI Tech series session on Cybersecurity for SMB
NASSCOM& DSCI convened cybersecurity sessions under theme ‘SMB and Cybersecurity - Cost of ignorance?’The sessions underscored multiple challenges of SMBs & start-ups from security implementation, attracting and retaining cybersecurity skills to security governance in SMB sector. It focused on understanding the depth & breadth of challenges of SMBs and their possible solutions leveraging benefits of outsourcing.
Paper Submitted to Department of Industrial Policy & Promotion (DIPP) on Cyber Security
DSCI submitted a paper to DIPP on roadmap for enhancing cyber security infrastructure protection capabilities, along with the need to develop capacity and raise awareness at government, industry (especially SMBs), schools and colleges and citizen level.
Workshops for Technology Foresight Study for ICT Security & Financial Security
‘TechnologyForesightStudy for ICTSecurity&Financial Security’ projectwas commissionedbyDepartment ofScience & Technology(DST) with DSCI & CDAC jointly. A workshop for a wide set of stakeholders from Industry, academia, and government working in domains of Internet of Things (IoT), SCADA, Big Data, Cloud & Virtualization
PROGRAMS & INItIAtIVES
Annual Report 2017-18 15
& Financial Systems & Services, was organized. The objective was to deliberate on the recommendations proposed by various functional groups for the afore mentioned technology areas. The study was completed and report was submitted.
Cyber Security Technology Roadmap – 2020
CEO,DSCI,presentedon ‘CyberSecurityTechnologyRoadmap–2020’atNITIAayogWorkingGroupmeetingonDevelopment Agenda for Science & Technology Sector. Highlighting Cyber Security Imperatives of Digital India, shefocussedontheroleofcybersecurityResearchandDevelopmentandkeycapabilitiestobeprioritisedinthecountry. Various emerging technologies such as Blockchain, Cryptography, Quantum Computing, etc. were covered.
trans-border Data Flow
DSCI engaged with Department of Commerce (DoC) on policy advocacy for Cross-Border Data Flows and facilitate global trade of services.
Inputs to DoC
European Free Trade Association (EFTA) countries expert group visited India to discuss India-EFTA Free Trade Agreement (FTA) and Services Agreement where DSCI presented to DoC and other stakeholders on the need to carveoutspecialarrangementtoaugmentcross-borderdataflowsbetweenthetwogeographies.
DSCIpresented itspositionon removingbarriers to crossborderdataflows toenhance consumerprotection inRegionalComprehensiveEconomicPartnership(RCEP)e-CommercediscussionshostedbyDoC.
Interactive Session: e-Commerce, Digital Infrastructure, Trade Rules and WTO
DSCIparticipated inan interactivesessionon ‘e-Commerce,Digital Infrastructure,TradeRulesandWTO’ jointlyorganized by FICCI and Centre for WTO Studies, Ministry of Commerce & Industry, GoI. The objective of the session was to discuss the emerging opportunities and challenges for India in e-Commerce sector. The session primarily focusedontherapidgrowthofe-Commerce/DigitalTrade,India’spreparedness,DigitalInfrastructure,InternetandDevelopmentIssues,CyberSecurityMeasures,RegulatoryFrameworkandConsumerProtection,andmore.
Data Protection & Privacy DSCI has been actively working with government and Industry to advocate the need for a robust data protection framework in the country, as it is critical not only for businesses in various sectors, but also for the adoption and success of Digital India mission.
General Data Protection Regulation (GDPR)
InMay2016,EuropeanUnion(EU)adoptedtheGeneralDataProtectionRegulation(GDPR)enhancingtheoverallprivacy regime in EU so as to harmonize the practices and rules followed by its member nations – a critical step towards its objective of digital single market. These rules not only govern the organizations and data controllers inEUbutalso consider theprocesses followedbydataprocessorsoutsideEU countries.WhileGDPR regulatesthe cross-border data flows and impact the businesses of the organizations outside EU, including India, theunderstandingofGDPRincontextofIndianorganizationsisofprimeimportanceintoday’sglobalizedworld.ToimprovethepreparednessoftheindustryonGDPRimplementation,DSCIintroducedthefollowinginitiatives:
PROGRAMS & INItIAtIVES
Annual Report 2017-1816
• NASSCOM-DSCI GDPR helpdesk for members:DSCIalongwithNASSCOMhavecreatedaGDPRhelpdeskfor their members which seeks to respond basic queries of members and offers general guidance as theyprepare forGDPRcomplianceanddemonstrateaccountability.Visithelpdesk:https://community.nasscom.in/community/discuss/policies/gdpr/overview
• DSCI & NASSCOM members’ interaction with EU Commission: A series of workshops was organised for DSCI & NASSCOM members with Department for Justice (DG JUST), EU Commission – responsible for EU policyon justice, consumer rightsandgenderequality.Experts fromCrossborderflowsdepartmentofDG JUSTpresentedandrespondedtoNASSCOMmembersonqueries relatedtoGDPRapplicabilityandimplementation. These workshops were organised in Delhi, Bengaluru and Mumbai.
• DSCI-Deloitte GDPR Survey: InpartnershipwithDeloitte,DSCIconductedasurveytoassesstheGDPRawareness and preparedness levels of organizations operating in India. It also aimed at finding major challenges faced by organisations against the complex implementation requirements laid down in the regulation.
The information from this empirical researchwould help develop Best Practices for GDPR Compliancethat maybe be used by organisations as a touchstone while ensuring compliance. A survey report was developed and released.
• Series of Workshops: DSCI engaged with the IT-BPM, BFSI sector and hosted series of roundtable meetings,closedoormeetings,conferencecallstoapprisethemontheimplicationsofEUGDPR.
• Chapter Meetings: DSCI hosted Chapter Meetings in different part of India to help organisations improve theGDPRpreparednessintheindustry.ThesemeetingsentailedexperiencesharingbytheexpertswhohavebeenleadingtheGDPRimplementationattheirrespectivefirms.Thefindingsandkeytakeawaysfrom various consultations held in different parts of the country, was shared with the larger group.
Workshop for
DSCI members
GDPR Guidance
Material
GDPR Webinar
Series
GDPR
Workshop with
the European
Commission
NASSCOM-
DSCI GDPR
Helpdesk
EU-GDPRAwareness
Mumbai, Delhi
NCR, Bengaluru
GDPR
Implementation-20
point action plan
GDPR Applicability
matrix
Mumbai, Delhi
NCR, Bengaluru
PROGRAMS & INItIAtIVES
Annual Report 2017-18 17
Justice BN Krishna Committee of Experts on Data Protection Framework for India
GovernmentofIndiaconstitutedaCommitteeofExpertschairedbyRetiredHon’bleSupremeCourtJudgeJusticeBN Srikrishna to study various issues related to data protection in India and draft a Data Protection Bill. DSCI CEO being one of the members in the nine-member committee, participated and provided inputs to the deliberations. A whitepaper was drafted and public comments were sought to shape the data protection law.
DSCI and its industry members have been advocating the need for data privacy and protection law in the country for the last several years.After the constitution of theSriKrishnaCommittee,DSCI conducted several industryconsultation meetings in different cities to solicit inputs and DSCI-NASSCOM made a combined submission on the whitepaper to the committee.
Key inputs proposed in the joint submission included the following:
1. The law should be concise, laying down guiding principles of governance, allowing for notification of rules for clarification and procedural structure, prospectively applicable to both public and private entities processing personal data in the digital environment as well as offline filing systems with a 3-year time with possibility of extension for orderly transition applicable to personal data of all Indian residents.
2. The law must permit collection of personal information based on globally recognised grounds for processing with consent being only one of the criteria, whether the information is sensitive or otherwise.
The law should recognize situations where consent or notice is counterproductive, or irrelevant for pursuing legitimate interests and justifiable reason.
3. Data minimization should not be overemphasized at this stage of the evolution of our digital economy as this can impede innovation in the age of predictive analytics and machine learning. The law should take into consideration the actual use of the data, not mere possession.
It also proposed that an organization should be obliged to provide assurance of protecting such information during processing by itself or by a data processor.
4. On encouragement to adopt best practices the paper proposed. The data protection framework should incorporate provisions that provide impetus and incentives for increasing investment and innovation in privacy and security technologies
5. Lawshouldnotinhibitthedataflowswithinandoutsidetheterritorialboundaries,rather develop a framework for enforcement that makes sure that the Data controller offers the same level of data protection irrespective of where the data is processed or resides, as is applicable to it. Data localisation should not find place in any form in this legislation.
6. A positive, structured and tiered enforcement should be put in place. For the next level of escalation, a tiered structure maybe developed by DPA, for which the DPA mayco-optotherorganisationswhichmayappropriatelyincludeSROsinadditiontoleveraging internal structures.
Sessions on Privacy for leading Bank’s management
Several sessions were organised with the management team of leading banks to apprise them on Data protection and impact of Privacy.
PROGRAMS & INItIAtIVES
Annual Report 2017-1818
DSCI Certified Privacy Professional Certification Program
This yearDSCI revised thePrivacyBody ofKnowledge (PBOK)withnecessary updates in thefield of dataprivacy and conducted several training batches on DCPP© Program.
Through these trainings, participants learned global concepts of data privacy, principles, standards, data protection laws, regulations, enforcement models, trans-border data flows, privacy enhancing tools andtechnologies, etc. and certification empowered them to showcase their knowledge in the industry.
Separate batches on privacy were conducted for leading telecom & IT services organisation in Delhi and Mumbai with the objective to enhance and advance the knowledge and skills of the participants in data privacy domain. Fundamentals of privacy, major global laws and regulations in privacy protection, diverse standards and frameworks were discussed besides focusing on technological aspects that drive the need for privacy.
Training and Certification
DCPLA© Training and Certification Program
Two batches of standard DCPLA© training and certification program was conducted during the year.
Over 100 candidates from leading banks, financial institutes, telecom, IT Services, product companies participated in these programs. Over 500 candidates from more than 250 organisations are trained till now on these programs.
PROGRAMS & INItIAtIVES
In an endeavor to increase the base of privacy professionals in the country, DSCI runs certification program named DSCI Certified Privacy Privacy Lead Assessor (DCPLA©) and DSCI Certified Privacy Professional (DCPP©) certification program.
While DCPP© is a credentialing program for individuals who want to start and accelerate their careers in privacy, DCPLA© training and certification program is focused on privacy professionals who want to enhance their knowledge in privacy implementation and their assessments.
Annual Report 2017-18 19
DSCI submission to TRAI Consultation Paper on Privacy, Security and Ownership of the Data in Telecom Sector
DSCIconsultedandsoughtcommentsfrommembersonthe issuesraised intheTRAIConsultationpaper.DSCIreiterated and reaffirmed the need for a balanced and calibrated approach for policy formulation with regard to Security, Privacy & ownership of Data. Once the data protection law is enacted, TRAImay review the existingprovisions in the Indian Telegraph Act and licensing conditions (UAL) and issue advisories or guidelines for TSPs for protecting personal information of users.
Roundtable Discussion on Right to Privacy Online
DSCIparticipated ina roundtablediscussionon ‘TheRighttoPrivacyOnline’organisedbytheUSEmbassy.Thediscussion was held among key stakeholders encompassing government, academia, private sector and think-tanks along the central theme of online privacy and data protection in India.
Roundtable conference on Consumer Data Privacy
DSCI organized a roundtable conference in Mumbai with security and privacy leaders from Finance and other sectors. DSCI developed a whitepaper on consumer data privacy to make companies aware of the rising expectations. It deliberated on compliance expectations, data protection responsibilities, approaches evolved to address consumer privacy issues and likely policy changes that may be required in the country.
International Conference on Computer, Privacy & Data Protection 2018
DSCI CEO was a speaker at a Virtual Conference - The International Conference on Computer, Privacy & Data Protection 2018, which was held jointly in New Delhi and Brussels by Vrije Universiteit, Brussel in partnership with Intel.Withthetheme ‘EvolvingDataProtectionRegimesandGlobal ImplicationsonDataFlows’ thediscussionfocussedaroundimportanceofcrossborderdataflows,changingregulatoryregime,regulatingprivacyprotectionand its impact on the data economy.
SpeakersfromBrussels includedProf. JosephCannataci,UNSpecialRapporteurontheRighttoPrivacyRiccardoMasucci, Global Director of Privacy Policy, Intel, Michael Donohue - Senior Policy Analyst OECD, Bruno Gencarelli, Head of Data flows and Protection Unit, European Commission, Malavika Jayaram, Digital Asia Hub and IndiaincludedDavidHoffman,AssociateGeneralCounselandGlobalPrivacyOfficer,Intel,RamaVedashree,CEO,DataSecurity Council of India.
TRAI Open House Discussion
DSCIwasinvitedtobeapartoftheOpenHouseDiscussionconductedbyTelecomRegulatoryAuthorityofIndia(TRAI),with respect to the Consultation paper on ‘Privacy, Security andOwnership of theData in the TelecomSector’forwhichDSCIhadsubmittedathoroughresponse.DSCIshareditsviewsandpositionwithrespecttodatalocalisation.
PROGRAMS & INItIAtIVES
Annual Report 2017-1820
While Digitization unleashes a variety of new possibilities, it also gives rise to umpteen security and privacy concerns. DSCI engaged itself in comprehensive study of the ecosystem, policies and highlighted security and privacy related challenges at multiple forums. Through nation-wide awareness program merchants and users were encouragedtoadoptbestpracticesanddosanddon’tswhilemakingdigitaltransactions.
DSCI-NASSCOM inputs on MeitY ‘Security of Prepaid Payment Instrument Rules 2017- Draft’
Ministry of Electronics and Information Technology (MeitY) released the draft rules with the objective of enhancing Security of Prepaid Payment Instruments (PPIs) and sought comments and suggestions from the stakeholders to finalize the draft. DSCI and NASSCOM sought inputs from its member organisations and submitted jointly to MeitY. In the submission DSCI, highlighted need to develop overall security framework to govern the entire ecosystem, rather than stipulating different regulatory security rules for distinctive use cases. It also articulated that standardized and streamlined security related requirements rather than multiple regulatory requirements originating from different sources, will help raise focus on security implementation. With recommendation ofdevelopingaprinciplebased framework forsecurityofdigitalpaymentecosystembyRBI, the importanceofenacting a comprehensive Privacy Law in India were the key highlights of the submission.
DSCI-NASSCOM Submission on RBI Master Directions on PPIs
The Reserve Bank of India (RBI) released Master Directions on Issuance and Operation of Prepaid PaymentInstruments (PPIs) in India and sought comments and suggestions from the stakeholders to finalize the draft. DSCI-NASSCOM analyzed the draft, consulted member organizations operating in this space and accordingly submitted theinputstoRBIforfurtheraction.Theinputshavebeenprovidedontheoverallapproachthisframeworkshouldtake, followed by section specific comments.
RBI’s Sub-Committees on Mobile Banking & Credit Card Security
DSCIhasbeenengagedwiththetwosub-committeessetupbyReserveBankofIndiaonmobilebankingsecurityand credit card security. With increasing adoption of digital payments in the country, these committees have been setuptodevelopbestpracticesanddiscussapproachesthatcanbetakenbyRBItogovernthemobilebanking/payment space and credit card transactions. DSCI contributed on various sections of the report along with other industrymembers.Boththesub-committesconcludedtheirdeliberationsandsubmittedthereporttoRBI.
Securing India’s Digital Payment Frontiers
DSCI in associationwithPayPal India released a joint study – ‘Securing India’sDigitalPaymentFrontiers’highlightingthecurrentstateofcybersecurityinthedigitalpaymentecosystem. The key objective of this study was to analyse India’s journey in digitalpayments and its cyber security dynamics, prevailing cyber threat landscape, polices, regulations, standards along with future trends and best practices at the enterprise level.
PROGRAMS & INItIAtIVES
Digital Payments
Annual Report 2017-18 21
KEY Recommendations
• Along-termstrategyformanagingthedynamicglobalcybersecurityenvironmentand controlling cybercrime
• Standardizationofdataprotectionlawsandcybersecurityframework
• Comprehensive regulatory guidelines on technology risk management, paymentsecurity management and business continuity management
• Mechanismforencouragingthreat intelligencesharingacrossthedigitalpaymentecosystem
• StrongstartupinnovationprogramforcybersecurityandtheFintechindustry
• Public-privatepartnershipsforcybersecurityskillsandworkforcedevelopment
• Regulatorysandboxenvironmentforcybersecuritytesting
• Incentivizing Model for companies to make cybersecurity and data protection apriority for Boards and C-Suites
Digital Payment Suraksha Campaign
DSCI in association with MeitY and Google India, launched Digital Payment Suraksha – an awareness campaign to educate end users and merchants on security and safety best practices while making digital transactions. The campaign was launched by Shri Alphons Kannanthanam, Hon. Minister of State for Electronics & InformationTechnology and Ministry of Tourism (Independent Charge) along with Shri Ajay Sawhney, Secretary, MeitY.
Awareness videos and brochures for various payment channels were created in five different languages namely Hindi, English, Gujarati, Tamil and Telugu for payment channels including Mobile Wallets, Debit & Credit Card, Online & Mobile Banking, UPI & BHIM, AEPS and USSD. The campaign was supported by Government of Telangana, NABARD,NPCI,andprivateplayerswhichincludeAirtelPaymentsBank,AxisBank,MasterCard,Paytmpaymentsbank, PayPal, Visa.
More details on https://www.dsci.in/digital-payment-suraksha/
PROGRAMS & INItIAtIVES
Annual Report 2017-1822
Improving Financial Crime Investigation in Digital Payment Frauds
Awareness for Digital Payment Security and Frauds
DSCIparticipatedinapaneldiscussionon‘DigitalPaymentSecurityandFrauds’atCNBCAwaazshow‘Pehredaar’.The importance for organizations and individuals to report cyber frauds and attacks to concerned stakeholders, and need for government and industry to focus on digital payment security awareness in the country, was raised in the show.
To address the challenges pertaining to digital payment frauds, DSCI in association with Paytm Payments Bank has built a program for Law Enforcement Agencies (LEAs) to equip them with latest technology trends & skills to address consumer grievances more effectively. The joint program will help LEAs to find synergies with Payment intermediaries to understand dynamics of digital payment ecosystem and suggests best practices for investigation.
As part of the initial phase DSCI conducted workshops in Kolkata, andMumbaiexclusively for LEAs involved in cybercrime investigations.
A Pocket Guide book on ‘Cybercrime Investigation’ which would act as a quickreference to the Investigating officers was also developed as part of the initiative. The pocket book highlights best practices and contextual information required to effectively investigate cybercrimes.
This initiative would create significant impact in understanding the issues and challenges related to frauds and consumer grievances on digital payment channels.
PROGRAMS & INItIAtIVES
Annual Report 2017-18 23
threat Intelligence Research (ti&R)With the view to strengthening technical and research capabilities, DSCI started working towards threat Intelligence and research to build its capabilities in threat intelligence, threat hunting, malware research, exploitation research and active cyber defence amongothers. The threat IntelligenceResearch initiative is aimed at adding value tomembers through timely research.
InadditiontoadvisoriesonransomwareattacksincludingWannacry,BadRabbit,DSCIalsoproducededucationalcontent in form of newsletters, infographics, videos.
Emerging technologies Keeping up with the fast pace technological advancements, DSCI was instrumental in engaging with thestakeholders and community to bring forth discussions on Artificial Intelligence, Machine Learning, Blockchain among others while highlighting security and privacy imperatives. In addition to building community, DSCI also participated in discussions at different forums.
DSCI on boarded as cyber security advisor for Bankchain Consortium
DSCIwasonboardedas‘CyberSecurityAdvisor’ofanIndustryconsortiumonBlockchainknownasBankchain.AsadvisorDSCIwouldprovidecybersecurityrelatedadviceonBankchain’sprojects.Bankchain,consistsofIndianandsome Middle Eastern banks, and provides a development platform to its member base to develop blockchain based solutionswithusecasesonareassuchasKYC,P2Ppayments,tradefinance,etc.
Cloud Security Clarification on the Cloud Services - Guidelines for Government Department
MeitY had finalized Guidelines for Cloud Service Adoption, Service Level Agreements (SLAs) for procurement and Contractual terms. On 1st of May, MeitY again issued invitation for empanelment of Cloud Service Providers (CSPs), beyond the current list. Guidelines for Government Departments for Adoption/ Procurement of Cloud Services mentioned CSPs to get their facilities/services certified and compliant against standards including ISO 27001, ISO/IEC 27017, ISO 27018, ISO 20000, PCI DSS (based on the project requirements).
DSCI sought clarity from MeitY on whether a CSP can get third party certification against these standards or if certification by STQC is mandatory. Further to the discussion, DSCI issued a clarification to its members that required certifications like ISO 27001, ISO 27017, ISO 27018 etc. re-certification by STQC is not mandatory; third party certification will also be considered.
DSCI was also part of the Audit Criteria Committee for Cloud set up by MeitY.
Reconstitution of Cloud Working Group by MeitY
MeitY reconstituted the ‘Cloud Working Group’ under the chairmanship of Kris Gopalakrishnan. DSCI CEOparticipated in the first meeting of the working group. The working group is chartered to deliberate on the following:
• Globalstatusofcloudcomputing/serviceandapproachbeingfollowedinpromotionofcloudservices
• Statusofcloudcomputing/servicesinIndia
• Thedemandprojectionsinrespectofcloudcomputing/servicesinIndia.
PROGRAMS & INItIAtIVES
Annual Report 2017-1824
• Identifyingbottlenecks (suchas infrastructure in termsofcivil structure,poweretc.) inpromotionandimplementation of cloud computing services in India.
• Toevolveaframeworkforpromotionandenablementofcloudservicesinthecountry.Theframeworkmayinvolve policy in all respect including security, privacy and investment and fiscal incentives.
• Consultationswithcloudserviceproviders.
Workshop on Cloud Data Governance & Security by MeitY
DSCI represented on Data Governance and Classification model for Cloud in Government sector. Various issues around cloud governance and data classification were deliberated along with discussion around guidelines, international best practices, strategies and techniques in the journey towards cloud adoption. DSCI also introduced the audience to a framework to help government agencies evaluate and adopt best cloud based solution.
Skill Development One of the key tracks of CSTF entails strategic focus on Capacity Building and cyber security Skills development. With the vision to create a pool of one million certified and skilled cyber security professionals by 2025, DSCI in association with SSC NASSCOM, has been working towards developing an ecosystem for skill building. A Cyber Security Career Map was developed and 10 upcoming Job roles were identified. Courseware (Student Handbook and Facilitators Guide) for five of these job roles were developed including (i) Penetration Tester (ii) Analyst-Endpoint Security (iii) Security Infrastructure Specialist (iv) Analyst-Compliance & Audit (v) Analyst-Identity & Access Management.
launch of Courseware & Skills townhall
In association with SSC NASSCOM, DSCI launched courseware on Penetration Tester, Analyst-Endpoint Security atAISS2017.ToreflectontheCyberSecurityskillbuildingecosystemofthecountry,DSCIorganisedskillstownhall on the sidelines of Annual Information Security 2017. The participants of the town hall represented different stakeholders of the skill building realm which helped bring in perspectives from the demand side as well as the supply side.
IT Assurance /
GRC
Application Security
Data Security &
PrivacyBCP/DR
Network Security
Management
IT Forensics
Incident Management
Industrial Control Security
End Point
Security
EPS Support -Desktop
(SSC/Q0905)
Security Analyst(SSC/ Q 0901)
Analyst –DR
(SSC/Q0910)
Analyst –Compliance &
Audit(SSC/Q0907)
Analyst – IR(SSC/Q0908)
Analyst –ApplicationSec.
(SSC/Q0903)
Analyst –Network Sec.(SSC/Q0902)
Forensics Specialist
(SSC/Q0922)
Threat Analyst(SSC/Q0916)
Consultant – BCP/DR
(SSC/Q0924)
Consultant –GRC
(SSC/Q0921)
Data Protectn off.(SSC/Q0915)
Consultant –AppSec
(SSC/Q0918)
ArchitectAppSec
(SSC/Q0927)
Consultant –NetSec
(SSC/Q0917)
Architect-NetSec
(SSC/Q0926)
Penetration Tester(SSC/Q0912)
Service Delivery Head
(SSC/Q0933)
Head-BCP/DR
(SSC/Q0937)
Head- GRC(SSC/Q0934)
Head, IR(SSC/Q0935)
Analyst- IOT Security
(SSC/Q0911)
Consultant, IOT Security(SSC/Q0925)
Consulting Org
Entry
Lev
elM
iddl
e Le
vel
Lead
ersh
ip L
evel
Trac
ks
Career Map for Cyber Security
Identity & Access
Management
Administrator IdAM
(SSC/Q0904)
Consultant –IdAM
(SSC/Q0919)
Architect-IdAM
(SSC/Q0928)
Security Operations
Analyst –SOC
(SSC/Q0909)
Sec. Infra. Specialist
(SSC/Q0923)
SOC Specialist(SSC/Q0930)
Head, SOC(SSC/Q0936)
CISO / CPO / CRO(SSC/Q0940)
User Org
Consulting Partner
(SSC/Q0938)
Global Head-Security Services
(SSC/Q0939)IT Services Org
Director Consulting
(SSC/Q0932)
Privacy Analyst
(SSC/Q0906)
Privacy Lead
(SSC/Q0929)
Consultant Database Protectn
(SSC/Q0920)
Architect SOC(SSC/Q0931)
6 leveL7 leveL
8 leveLF
QSN
9 leveL01 leveL
EPS Support -Mobile
(SSC/Q0913)
Analyst –Hardware sec.
(SSC/Q0914)
PROGRAMS & INItIAtIVES
Annual Report 2017-18 25
DSCI continued to build capacity of law enforcement, judiciary, armed forces & prosecution departments in handling cybercrime investigations through its Cyber forensics facility at Bengaluru. In addition to training and advising law enforcement agencies on cyber investigation, DSCI also provided a platform for stakeholders including judiciary, industry (IT-BPM, BFSI, oil and energy) and academia to collaborate and created awareness to effectively handle cybercrimes.
During this year, over 2100 personnel from law enforcement and judiciary through its structured five-day and short courses. Since inception, DSCI has trained over 65,000 personnel through its cyber labs.
Special activities organised during the year
• Karnataka Judicial Academy and Jammu & Kashmir Academy: Multiple sessions on ‘Legal aspect of digitalevidence’forJudges
• National Police Academy (NPA): Session on ‘Computer, Mobile & Social Media Threats in Cybercrimes & CyberSecurity’orseniorpoliceofficers
• University of Tulsa: An exclusive short course on “Invasive Embedded Device Forensics” for Senior Police officers
• City Crime Branch (CCB), Bengaluru City:Anexclusivetrainingon‘MalwareInvestigation’
• Indian Air Force:Two5-daytrainingson‘CybercrimeInvestigationTechniques’forSr.officers
• Indian & Foreign Military Officers:Multipleshortcourseson‘latesttrendsincybercrime’
• Naval Officers:Asessionon‘OverviewofCybercrimes’
• Direct Taxes Regional Training Institute (DTRTI): Session on ‘Search & Seizure of Digital Evidence & Emergingtrendsincybercrimes’
• Chief Investigation officers of Intelligence Bureau:Asessionon‘TrendsinCybercrimes’
• Canadian Global Information Technology:Guest lectureon ‘Importanceofhaving IncidenceResponseManagement Team” for Information Security team
• Telecom Regulatory Authority of India (TRAI):Asessionon‘Cybercrimes&IncidenceResponse’fortheofficials from Government department, Law firms & Educational institutions
• Uttar Pradesh (Noida) Police:Sessionon‘Cybercrimes&Cyberforensics’forpoliceofficers
• Rail Wheel Factory:Conductedasessionon‘LatesttrendsinCyberspace’forheadofdepartmentsofRailwheel factory
• Kerala Police:Adayprogramon‘Cybercrimes&Cyberforensics’
• Amazon India:Sessionon‘IncidenceHandlingTechniques’forInformationSecurityTeamofAmazon.
• Karnataka Police Academy (KPA):Workshopon‘CybercrimeInvestigationTechniques’forpoliceofficers
• Sapthagiri College of Engineering:Asessionon‘CyberSecurity’
PROGRAMS & INItIAtIVES
Cybercrime & Forensics
Annual Report 2017-1826
Cybercrime Awareness Workshop for law enforcement in Mangalore & Goa
DSCI with the support form MeitY, and state police conducted Cybercrime Awareness Workshops in Mangalore and Goa. The discussions in these workshops revolved around topics including Emerging Trends in Cybercrimes, Special Session on Presentation of Digital Evidence in Court of Law, Financial Crimes, Digital Forensics, IT Amendment Act 2008, and Mobile Phone Crime Investigation among others. Over 200 Senior Police officials from respective states joined the awareness program.
PROGRAMS & INItIAtIVES
Annual Report 2017-18 27
Annual Information Security Summit (AISS)
DSCI successfully hosted the 12theditionofitsflagshipevent-AnnualInformationSecuritySummitAISS2017thatwitnessed participation from 853 delegates that represented 417 organizations from diverse stakeholder groups including but not limited to Industry, Government, Defence, Academia, PSUs, etc. The Summit was supported by 47 different organisations who on boarded as sponsors, partners and exhibitors and showcased their niche capabilities. An eclectic line-up of 150 esteemed speakers and a rich agenda were the key highlights of the conference which deliberated in multiple formats, pressing Cyber Security issues such as Right to Privacy, IoT Security, DigitalForensics, 5G Security, SCADA Security, Potent & Wider attacks, Future of Crimes et al.
This time around, AISS agenda offered several new features such as the Hands-on Workshop on APT Attacks & Malware Analysis, Capture the Flag Hackathon, Segamathon – Security Game Hackathon, Security debate-Bug BountyforEVMs,SkillsTownhall&AR/VRforCyberSecurityaspartoftheengagement.
PROGRAMS & INItIAtIVES
Outreach and Awareness
Annual Report 2017-1828
PROGRAMS & INItIAtIVES
Annual Report 2017-18 29
Best Practices Meet 2017
DSCI successfully concluded its ninth edition of Best Practices Meet (BPM) in Bengaluru. BPM focused on the contemporary evolution of varied aspects of security. The evolution of technology innovation and approach to securitythrough‘CognitiveComputing’hadinspiredthisyear’sthemeas‘CognitiveSecurity’.
BPM agenda focused on the contemporary evolution in security underscoring the emphasis on adoption of cognitive and data driven technologies, techniques and solutions and discussions around the challenges were brought forth. Keytopicsdeliberatedduringthetwo-dayconferenceincludedArtificialIntelligence,MachineLearning,AutomotiveSecurity,SOCstransitioningtoCyberDefense,CybercrimeInvestigation,CognitiveRiskFrameworkandmore.
To enable focused discussions on ongoing challenges faced by the industry, DSCI organized workshops on Malware Forensics, Cyber Insurance, Data Science, General Data Protection Regulation (GDPR) Implementation, ProductSecurity & DevSecOps, Indicators of Compromise & Attacks and others. Along with some intriguing session on Privacy in Identity systems and policy expectations in Artificial Intelligence, Blockchain, encryption etc., the conference witnessed security startups showcasing cutting-edge capabilities and setting new benchmarks for innovation in India in the domain.
With 30+ sessions, 70+ speakers and 400+ participants, BPM 2017 witnessed focused group meetings, technology showcase and peer-to-peer networking from both solution providers and user organizations
PROGRAMS & INItIAtIVES
Annual Report 2017-1830
DSCI Excellence Awards 2017
The seventh edition of DSCI Excellence Awards for Corporate, Product and Law Enforcement Segments was held atAISS2017.Dr.GulshanRai,NationalCyberSecurityCoordinator,GovernmentofIndiawastheChiefGuestandMr. Pramod Bhasin (Chair of Corporate Segment Jury), Founder, Genpact; Chairman Chairman, The Skills Academy, felicitated the winners.
DSCI received maximum nominations in this year with 220 entries. DSCI Excellence Awards is an effort to recognise and honour organisations and individuals for their exemplary performance in the fields of cyber security and data protection.
At the ceremony DSCI gave away awards to the winners of the corporate, law enforcement product segment. Winners of Innovation Box- Most Innovative Product of the Year, Segamathon and Hackathon were also awarded.
2017 Winners Details: https://www.dsci.in/content/dsci-excellence-awards-2017
PROGRAMS & INItIAtIVES
Annual Report 2017-18 31
Security Practices in Organization
Banking
IT-ITeS/BPM (MSME) Energy G2C
Insurance Critical Information Infrastructure
IT-ITeS/BPM (Large)
Special Jury Recognition Award
Privacy Practices in Organization Cyber Security Evangelists
Security Leader of the Year Privacy Leader of the Year
Bharat Panchal NPCI (Digital Payments)
Shiv Kumar Pandey BSE (CII)
Vishal Salvi Infosys (IT-ITeS)
Privacy in IT-ITeS/BPM Sector
Best Security Practices in Payments Bank
Cyber Security Research by Academic Institute
Emerging Security Leader
Privacy in User Industry
Cyber Security Services
Cyber Security Education Raising Security
Awareness
PROGRAMS & INItIAtIVES
(Telecom)
Sandeep Bansal Concentrix
Corporate Segment Winners
Satish Asnani BHEL
³ÖÖ¸üŸÖßµÖ ×¾Ö–ÖÖ −Ö ÃÖÓãÖÖ −Ö
Annual Report 2017-1832
PROGRAMS & INItIAtIVES
India Cyber Cop of the Year
Mr. K. E. Baiju ACP,KeralaPolice
Hackathon Winner Segamathon Winner
Innovation Box – Most Innovative Product of the Year
Excellence in Capacity Building of Law Enforcement Agencies
CID Telangana State
Team Pyramid Game I’ve been watching you
Team SpritePlay
Security Product Company of the Year
Product Segment Winners
law Enforcement Segment Winners
Annual Report 2017-18 33
Industry celebrated Data Privacy Day under the aegis of DSCI
January 28 is celebrated as Data Privacy Day (DPD) across the world with the objective to sensitize individuals and disseminate awareness on privacy practices and principles. On the occasion, DSCI disseminated a message centered on privacy encouraging the organizations to adopt Wallpaper theme created by DSCI. The Wallpaper was adopted by over 150 organizations including regulators and industry in various verticals like IT-BPM, BFSI, Health care, Energy, e-commerce, and others in India and abroad counting to over 6 Lacs screens. Privacy Quiz and meetings were also organised by various organisation where DSCI participated and apprised them on privacy issues and challenges.
PROGRAMS & INItIAtIVES
Annual Report 2017-1834
Global Conference on Cyber Space (GCCS 2017)
DSCIhostedaCurtainRaisereventofGCCSon‘DigitalPolicy–Keyimperatives’.‘ChangingCharacteristicsofDigitalEconomy’and‘ShiftingFocusonConsumers–Safety&Protection’werethethemesoftheworkshopsconductedduring the curtain raiser.
At GCCS, DSCI mentored a plenary session on ‘Guiding global collaborations and partnerships essential for ensuring asafeandsecurecyberspace’andconductedaparallelsessionon‘PoliciesandframeworkforprotectingCriticalInformationInfrastructure(CII)’.
Oracle Open World
CEO,DSCIpresentedatasession‘Security-Anewparadigm’attheOracleOpenWorldconferenceheldinNewDelhi.With the back drop of ambitious technology driven projects like Digital India and Smart Cities, which are primarily driven by Cloud technologies, CEO discussed new paradigms emerging in the Security domain. She highlighted theChiefInformationSecurityOfficers’(CISO’s)perspectiveonthechangingparadigmofsecurityintheworldofTechnology. She discussed security as an overarching concern for all digital initiatives and how CISOs are devising strategies and utilizing solutions to develop next gen proactive and defensive security capabilities.
Keynote in UAE Cyber Defence Summit
DSCIjoinedhandswithNASEBAasthe‘IndustryPartner’inthe10th Cyber Defence Summit conducted in UAE. CEO, DSCI,presentedon‘NationalCyberSecurityPreparedness’providingaglobalperspective.Thechangingworldofsecurity was highlighted showing the new age threats such as ransomware, DDOS attacks, and more. The global phenomena across various sectors in Critical Information Infrastructure (CII) & National Security was highlighted.
The priority areas such as CII Protection, security audits and testing of vulnerabilities, building Cyber Security Workforce, Cyber Fusion/Defence Centres was highlighted. The way forward for nations in improving their national Cyber Security was also touched upon.
Oil and Gas Digital technology Summit
DSCI presented on ‘Securing Oil & Gas Digitization Journey’ at ‘Oil & Gas Digital Technology Summit’. DSCIhighlighted the changing digitization paradigm, threats and challenges and Security in the oil & gas sector.
DSCI representation in Business World BFSI Risk & Security Summit 2017
CEO,DSCI,addresseddelegatesatBusinessWorldBFSIRisk&SecuritySummit2017inauguralsessiononBuildingDigital Trust Platform for Secure Electronic Banking, held in Mumbai. DSCI also presented on emerging technological approachofBlockChaininRiskManagement,DataSecurity.
Data Privacy & GDPR session in 10th Annual Global Conference 2017 of ControlCase
DSCIaddressedsecurityandcomplianceprofessionalsondataprotectionandGDPR.DSCIdiscussedthenuancesofdomesticandinternationalcomplianceregimesemergingdueto‘RighttoPrivacy’rulingoftheSupremeCourtandthenewEUGDPRregulation.
DSCI-CISCO Roundtable Meeting
DSCI inassociationwithCiscoconducted roundtablemeetingon ‘ChangingParadigmofCyberSecurity’.Varioustrackscoveredduringthemeetingswere‘EmergenceofPlatformSecurity’,‘Techniquesofdealingwithpotentandwiderattack’,‘TransitionofSOCstoCyberDefencecentres’andnuancesofcyberdefencecentres.Industryexpertsfrom leading critical infrastructure sector participated and contributed to the meeting.
PROGRAMS & INItIAtIVES
Other Events
Annual Report 2017-18 35
‘Palo Alto Networks - Cyber Security Forum’
DSCI, addressed delegates in a panel discussion on ‘Is Prevention the future of Cybersecurity?’ The session,attendedbymorethan70personnel,wasconductedat‘PaloAltoNetworks’-CyberSecurityForum’inBangalore.
Keynote address on ‘Cyber security & Malware Analysis’
DSCI,was invited as the Chief Guest in a two-dayworkshop on ‘Cyber security&MalwareAnalysis’ conductedby Oxford College of Engineering. He delivered the keynote address briefing over 250 students on the career opportunities in the field of cyber security and malware analysis.
DSCI presentation at Iot World Asia Conference
DSCI presented at the Internet of Things World Asia conference held at Singapore on July 3-4. DSCI presented on Cyber Security and privacy aspects of IoT in India’smanufacturing companies; defining Internet of Thingswithrespect to smart manufacturing sector in India and the timeline for evolution of smart manufacturing globally and in India from 2017 till 2025. The effort included the state of IoT adoption in manufacturing with the help of applicative scenarios, Cyber Security and Privacy Challenges derived from it, and countermeasures to overcome the challenges.
Cyber Security conference in Hyderabad
DSCI partneredwithNASSCOM for a conference on Cyber Resilience and Privacy Challenges under NASSCOM’sBusiness Excellence Initiative, organized in Hyderabad. It was inaugurated by CEO, DSCI and attended by over 135 participants. Agenda of the event covered various dimensions of Cyber security and privacy including preparedness in the age of fourth Industrial Revolution, Risk andResponsibility in aHyper ConnectedWorld, discussions onGDPR,InformationSharingandAnalysisforcreatingthreatintelligenceforbankingsector–initiativesundertakenbyIDRBT,PrivacyimperativesinTechnology&DataCentricInnovations.
Supplier’s Meet of Global telecom Giant
DSCI,upon invitationfromaglobaltelecomgiant,deliberated intheirsupplier’smeetontheevolutionofcybersecurity and privacy ecosystem in the country. The meeting was organized to deliberate on security and privacy risks managed by the third parties while delivering IT and Business services. DSCI interacted with suppliers and security team of the telecom giant on the evolving ecosystem for cyber security, and the paradigm change due to theSupremeCourt’sdecisiononRighttoPrivacy.
Cyber Economics session at Infosec Global 2017
CEODSCIaddressedasessionon ‘CyberEconomics:Getting theBoardonboardwithCyberSecurity’at InfosecGlobal2017inKolkata.
Participated at DigiComp 2018
DSCI presented on ‘Cyber Security of Industrial Enterprises’ at DigiComp 2018 organised by Indian Chamber ofCommerce. Topics discussed included changing Digitization Paradigm, evolving attack surface, transforming Security Paradigm, next gen cyber security elements.
Cyber Security Conclave for Financial Sector
DSCI participated in a session on ‘Challenges faced by Academia, Start-ups and Government in Creating a Cyber Security Ecosystem’ at the Cyber Security Conclave for Financial Sector organised by NITI Aayog. The sessionaimed to identify gaps in the current cyber ecosystem pertaining to capacity building and skill development of the existing workforce. The role of industry and academia in creating specialized training programmes for the existing cyber security workforce who need specific skills and specialized knowledge to address various threats was also discussed.
PROGRAMS & INItIAtIVES
Annual Report 2017-1836
BFSI Cloud & Security Summit
CEO, DSCI was Guest of Honour at the 2nd BFSI Cloud & Security Summit 2018 organised by Elets Technomedia. She addressed the delegates and shared the evolving technology landscape of banking sector, their digitization journey & cyber security preparedness. She also emphasized how emerging technologies like Blockchain is being leveraged by start-ups in the banking sector.
Privacy and Data Protection at Information Security forum meet
DSCI, presented on Privacy and Data Protection, at the Information Security forum meeting of the Oil & Gas industry association, hosted by HPCL at Hyderabad. The session focussed on the developments in the privacy ecosystem of the country, with special emphasis on the upcoming Indian Data Protection Law, which would be applicable across public and private entities.
Hitachi Social Innovation Forum
CEO,DSCIwaspartofthesessionon‘BOTvsBOT;InnovationinautomatingCyberSecurity’attheHitachiSocialInnovation Forum – an initiative by Hitachi in partnership with Business today. The session focussed on the current cyber security scene in Indian context and future readiness and strategies to make security solutions even better. CEO shared her views on Cyber Security preparedness and concerns in the age of Automation and IoT.
Address on Iot Security at VIVID 2018
DSCI presented at VIVID 2018 – three-day National Meet, organised by National Informatics Centre (NIC), on IoT Security. It focussed on IoT Paradigm, New Security Paradigm, Timeline of IoT Cyber Attacks, and way forward for India.
2nd Annual Smart tech Healthcare lecture
DSCI delivered a lecture at the 2nd Annual Smart Tech Healthcare event on “Managing Healthcare Cybersecurity beyond Checkbox Compliance”.
tRAI lecture on Cybercrimes & Incidence Response
DeputyDirector,DSCI,uponinvitebyTRAI,deliveredalectureon“Cybercrimes&IncidenceResponse”.HostedbyTRAIvariousdignitariesfromtheGovernmentdepartments,Lawfirms&Educationalinstitutionsparticipatedinit.
DSCI address at Bharat Heavy Electricals limited (BHEl)
DSCI CEO addressed senior delegates of BHEL at the BHEL Crisis Management Meet on Cyber Security of the Industry4.0.DSCIalsoconductedasessionon‘MythandRealitiesinCyberSecurityofSCADA’.
Workshop on Blockchain at IIt Bombay
DSCI sponsored an advanced workshop at IIT Bombay on Blockchain: Technology, Applications, and Challenges. The workshop entailed presentations from subject matter experts from the Industry as well as Academia.
PROGRAMS & INItIAtIVES
Annual Report 2017-18 37
Membership Engagement To understand the challenges faced by the industry both at the organisation and sectoral level, DSCI conducted several face-to-face meetings with its members management and larger Information security teams. Few activities carried out to engage the members are mentioned below:
Cyber Security Awareness Workshop for tHDC
Two cybersecurity awareness workshops were conducted for Tehri Hydro Development Corporation (TEHRI).Oneworkshopwas conducted inTehri, for40seniorofficialsofTEHRIanda second inRishikesh, for25 seniorInformation security officials. The content covered included cybersecurity ecosystem, best practices, operation Technology security basics, incidents on Industrial Control Systems (ICS) networks, among others.
Workshop on GDPR for State Bank of India
Ahalf-dayworkshopfocusedonGeneralDataProtectionRegulation(GDPR)wasconductedforSBIastheygearuptheirreadinessgivenSBI’slargefootprintinEU.TheworkshopwasattendedbyvariousGMs,DGMs,AGMs,IThead, Compliance and risk heads, business function heads and many other senior officials.
Workshop on Privacy for HPCl
A half-day data privacy awareness workshop was conducted for HPCL at HPCL, Mumbai. The workshop was attended by various functional leaders and senior officials in HPCL. The topics covered included data privacy ecosystem, drivers, challenges, principles, regime in India and various related updates in the industry.
Workshop on ‘Demystifying Cyber Range’ for energy and Oil & Gas sector
DSCI, in association with TCG-Digital organised a workshop on ‘Demystifying Cyber Range’ for its members.The workshop focussed on giving an overview on Global Security landscape in Oil & Gas and Energy sector and demonstratingCyberRangeasaplatformforconductingvariouscyberdrillsandRedTeam&BlueTeamexercises.The workshop was well received by the 20 participants from Critical Infrastructure organisations.
Sessions for IDFC Bank
DSCI conducted a session on various topics including digital signatures, privacy, Blockchain for IDFC Bank. The session included discussions on its evolution, functioning, use cases and cyber security challenges associated with it.
Several other awareness sessions undertaken to offer value to members are following:
• SessiononGeneralTrendsinCyberSecurity,ITgovernanceandInsiderThreatsforCanaraBank
• SessiononincidenceresponseforPunjabNationalBank
• WannacryandothercyberthreatsforNationalNationalHydroelectricPowerCorporation(NHPC)
Member Consultation on DSCI Charter and priorities
DSCI conducted a consultation meeting with select invitee members on shaping its future strategy and charter. DSCI presented its journey since inception and its evolution in the past nine years. Members shared their perspectives and the brainstorming exercise was concluded with many positive takeaways. DSCI AGM – Annual General Meeting was also hosted on the side-lines of the consultation meeting.
PROGRAMS & INItIAtIVES
Annual Report 2017-1838
Advisory to Members
DSCI Inputs on WannaCry Ransomware Petya’ Ransomware and Blue Whale’
DSCI-NASSCOM,acknowledgingtheglobaloutbreakon‘WannaCry’Ransomwarealertedtheindustryandissueda compilation of best practices to counter the challenge. DSCI proactively engaged with the industry, worked with leaders (CISOs/ CIOs) across industry andCERT In, and shared important information and advisory to theorganizations.
Blue Whale – DSCI also released an advisory on Blue Whale and advocated the role of parents and teachers in Internet safety.
Advisory on ‘BadRabbit’
DSCI,issuedanadvisoryon“BadRabbitRansomware”highlightingvariousdetailsoftheimpact.DSCIproactivelyengaged with the industry and shared important information to the members and community.
Community Evangelization
Mumbai Chapter Meeting
A half day chapter meeting was conducted in Mumbai hosted by AGC networks. The discussion was focused on EU GDPRimplementationandcompliancequeriesfacedbyvariousIT-ITeSandBPMorganizationsinIndia.
Cybersecurity event for Students, ‘Enigma’
Enigma 2017 – a cybersecurity event for students was conducted at the Symbiosis Centre for Information Technology (SCIT) campus, Hinjewadi, Pune. Students were apprised over the career opportunities in Cyber Security and the skills required to pursue them. Sessions with live demonstration was conducted for Denial of Service (DoS), Vulnerability Assessment and Penetration Testing (VAPT). Sessions on Blockchain, Cybercrime and challenges, and a quiz competition was conducted. Around 250+ students across 13 colleges attended the event.
Pune CIO Roundtable Meeting
DSCIPunechapterconductedaCIORoundTablemeetingtofocusoncreatingandsustaininginterestinadoptionof Smart Manufacturing. One of the major concerns in its adoption is “security and confidentiality of data” and the workshop deliberated on ways to implement secure smart manufacturing systems. Several business use cases were also discussed during the meeting.
PROGRAMS & INItIAtIVES
Annual Report 2017-18 39
DSCI IN NEWS
Annual Report 2017-1840
DSCI IN NEWS
Annual Report 2017-18 41
CORPORAtE MEMBERS lISt
3i Infotech
3M India
4i Apps Solutions Pvt Ltd
7seas Technologies Limited
Aabsys Information Technology Pvt. Ltd.
Abzooba India Infotech Private Limited
Accel Frontline Limited
Accenture Services Pvt. Ltd.
Acclaris Business Solutions Pvt. Ltd.
Accretive Health Private Limited
Add Technologies (India) Ltd
Aditya Birla Management Corporation Pvt. Ltd
Adobe Systems India Private Limited
Adp Private Limited
Advanced Business Intelligence And Analytics Pvt Ltd.
Adweb Technologies Pvt Ltd
Aegis Limited
Airtel Payments Bank Ltd
Aks Information Technology Services Pvt Ltd
Alcatel-Lucent India Ltd
Allahabad Bank
Allerin Tech Pvt Ltd
Allianz Worldwide Partners
Alsbridge Advisory Pvt Ltd
Altimetrik India Pvt. Ltd.
Amaze Infotainment Pvt Ltd
Amdocs Development Centre India Pvt. Ltd.
Amrut Software Pvt Ltd.
Anarghyaa Etech Solutions Pvt Ltd
Anibrain Digital Technologies Pvt Ltd
Appexigo Technologies Pvt. Ltd.
Applied Materials India Private Limited
Apppoint Software Solutions Pvt Ltd
Aptech Limited
Arctern Consulting Private Limited
Aricent Technologies (Holdings) Limited
Arrk Solutions Pvt. Ltd.
Arrka Infosec Private Limited
Ascenders Technologies Private Limited
Ascent Informatics (India) Pvt Ltd
Ase Structure Design Pvt Ltd.
Asm Technologies Ltd
Aspire Software Consultancy Pvt Ltd
Aspire Systems (India) Private Limited
Atos Origin India Pvt Ltd
Attra Infotech Pvt Ltd
Aufait Technologies Pvt Ltd
Aujas Networks Pvt. Ltd.
Aurionpro Solutions Ltd
Avantha Business Solutions Ltd.
Avaya India Pvt Ltd
AvioHeliTronics InfoSystems Pvt Ltd
AXA Business Services Pvt. Ltd.
Axis Bank
Axis Veriforte Services private limited
Bahwan Cybertek Pvt.ltd
Bank of India
Barclays Shared Services
Barry-WehmillerIntl.ResourcesPvt.Ltd.
Bebo Technologies Private Limited
Bechtel India Pvt. Ltd.
Best of Breed Software Solutions India Pvt. Ltd.
Bharat Electronics Ltd
Bharat Heavy Electricals Limited
Bharat Petroleum Corporation Limited
BhartiyaReservebank
Birlasoft (India) Limited
Blue Star Infotech Limited
BNP Paribas India Solutions Private Limited
BNY Mellon Technology Private Limited
Botree Software International Private Limited
Brainyard India Private Ltd.
Brickwork India Pvt Ltd
Broadridge Financial Solutions (India) Pvt Ltd
Busy Infotech Pvt. Ltd.
Butler Technical Services India Pvt. Ltd.
CA (India) Technologies Pvt. Ltd.
Cactus Communciations Pvt. Ltd.
Callens Solutions
Cambridge Technology Enterprises Ltd
Canara Bank
Canon India Private Limited
Capgemini Business Services (I) Ltd
Capita India Private Limited
Cdk Global (India) Private Limited
Cegura Technology Solutions Pvt Ltd
Central Bank of India
Centre for Development of Advanced Computing (C-DAC)
Centre For Development Of Telematics
CertiSafe Private Limited
CGI Information Systems and Management Consultants Pvt Ltd
ORGANISATION
Annual Report 2017-1842
CORPORAtE MEMBERS lISt
Changepond Technologies
CIBERsitesIndiaPvtLtd.
Ciena India Private Ltd.
CipherCloud India Pvt. Ltd.
Cisco Systems India Pvt. Ltd.
Clickcubes Technologies Private Limited
Cnergyis Infotech India Pvt. Ltd.
Codelogicx Technologies Private Limited
CognetHRSolutionsPvtLtd
Cognizant Technology Solutions India Pvt. Ltd.
Collabera Technologies Pvt Ltd
Colt Technology Services India Pvt. Ltd.
Compserv Consultants Private Limited
Compunnel Technology India Pvt Ltd
Concentrix Bpo Pvt Ltd
Conduent Business Services India LLP
Congruent Solutions
Connectm Technology Solutions Pvt. Ltd
Convergys India Services
Couth Infotech Pvt. Ltd.
CPA Global Support Services India Pvt. Ltd.
CSC Technologies India Private Limited
CSS Corp Pvt Ltd
CtrlS Datacenters Ltd
Curaksha
CyberSecurityKnowledgeSharingandResearchCouncil
CyberArmour Solutions Pvt Ltd
CyberEyeResearchLabs&SecuritySolutionsPvt.Ltd.
Cybertech Systems And Software Ltd.
Cygnet Infotech Pvt. Ltd.
CygNET Systems Pvt. Ltd
Cyient
Da4KTechnologiesPvt.Ltd.
Data Infosys Ltd.
DataResolve
DataResolveTechnologiesPrivateLimited
DataCard India
Datamatics Global Services Limited
DBOI Global Services Pvt. Ltd.
DBS Bank
Delgence Technologies Private Limited
Dell International Services India Pvt. Ltd.
Deloitte
Dimentrix Technologies Pvt. Ltd.
Drishti-Soft Solutions Pvt Ltd
DST worldwide Services
Eastern Software Systems Pvt Ltd
eCore-Agile Security Services Pvt Ltd
e-Emphasys Infotech Pvt. Ltd.
Elagoon Business Solutions Private Limited
Electronic Arts Games (India) Pvt Ltd
ELOGIC Technologies Private Limited
eMids Technologies Pvt Ltd
Engineering Projects (India) Ltd
Envestnet Asset Management India Pvt Ltd
e-Nxt Financials Ltd
Eperium Business Solutions India Pvt. Ltd.
Equinox Software & Services Pvt Ltd
ERPBoss
Espresso Technologies Pvt. Ltd
Etisalat Software Solutions Pvt Ltd
Evalueserve.Com Pvt. Ltd.
ExcellenceTech(ADivisionofKariwalaIndustriesLtd)
EXL Service
Expedien e-Solution Limited
e-Zest Solutions Ltd
Fareportal India
Fidelity Business Services India Pvt. Ltd.
Financial Technologies (I) Ltd
First Advantage Pvt. Ltd.
First American (India) Pvt. Ltd.
Firstsource Solutions Limited
FIS Global Business Solutions India Pvt. Ltd
Fiserv India Pvt Ltd.
FixNix Infosec Solutions Private Ltd.
Flipkart Internet Pvt. Limited
Fluxonix Security Solutions Pvt. Ltd.
FNF Business Process Outsourcing Services India
Fourth Dimension Solutions Ltd
Fourth Wall Technologies Private Limited
Franklin Templeton International Services (India) Pvt
Fusion Outsourcing Software Pvt. Ltd.
Future Calls Technology Private Limited
Future Focus Infotech Pvt Ltd
GAIL
GCC Services India Private Limited
GE Digital
Genpact
Geometric Limited
GlobeOp Financial Services (India) Private Limited
GMO GlobalSign Certificate Services Pvt. Ltd.
ORGANISATION
Annual Report 2017-18 43
Goods and Services Tax Network
Graycell Technologies Exports
Gujarat Informatics Limited
GuruGowriKrupaTechnologiesPvtLtd
H5 Asia Pacific Pvt. Ltd.
Hackett Group (India) Limited
HaltDos Pvt. Ltd
HCL Technologies
HCM Info Systems
HDFC Bank
Health Dynamics Solution Pvt Ltd
Helios and Matheson Information Technology Ltd
Hero MotoCorp
Hewlett-Packard Enterprise India Pvt Ltd
Hexaware Technologies Ltd.
Higher One Financial Technology Pvt Ltd
Hinduja Global Solutions Limited
Hindustan Petroleum Corporation Limited
Hi-Tech iSolutions LLP
Holistic Corporate Services Pvt. Ltd.
Honcho Commercial Pvt Ltd
Honeywell
HSBC Electronic Data Processing India Pvt. Ltd.
HTC Global Services (India) Pvt Ltd.
Huawei Technologies India Pvt Ltd
Hughes Systique India Private Limited
Hyperquality India Pvt. Ltd.
HyTech Professionals India Pvt Ltd
I2K2networksPvt.Ltd
i3 Software Pvt Ltd
i7 Networks
iAccept Softwares Pvt Ltd
IARMInformationSecurityPVTLtd
IBM India Pvt. Ltd.
IBS Software Services Pvt. Ltd.
ICICI Bank
ICICI Prudential
Ideas Inc Management Pvt Ltd
IDFCBANK
IDG Ventures India Advisors Pvt. Ltd.
IDS Infotech Ltd.
Iic Technologies Private Limited
Iinterchange Systems Pvt. Ltd.
iMetrix Solutions Private Limited
Indian Oil Corporation Limited
Indus Net Technologies
Indus Valley Partners (India) Pvt. Ltd.
Indusa Infotech Services Pvt. Ltd.
IndusInd Bank
Infinite Computer Solutions
Infinity Infotech Parks Limited
Info Edge (India) Limited
InfoBeans Systems India Private Limited
Infosoft Global Private Limited
Infosys BPM Limited
Infosys Limited
Infozech Software Ltd
Infrasoft Technologies Limited
Infrastructure Leasing & Financial Services Limited
Inlogic Bizcom Pvt. Ltd.
Innefu Labs Private Limited
InnobuzzKnowledgeSolutionsPvt.Ltd.
Innodata Isogen
Insoft.Com Private Limited
InstituteforDevelopment&ResearchinBankingTechnology(IDRBT)
Integra Software Services Private Limited
Intelenet Global Services Pvt Ltd
Inteliment Technologies (India) Pvt Ltd
Intense Technologies Limited
InterGlobe Technologies
Interra Information Technologies (I) Pvt. Ltd.
Invesco (Hyderabad) Private Limited
IonIdea Enterprise Solutions Pvt Ltd
Irevna,adivisionofCRISIL
ITC Infotech India Limited
ITCube Solutions Pvt. Ltd.
Ivy Comptech Pvt Ltd
iYogi Technical Services Pvt Ltd
Jeevan Technologies India Private Limited
JIJI Technologies Private Ltd
JKTechnosoftLtd
KaalbiTechnologiesPrivateLimited
KaavianSystemsPvt.Limited
KarvyDataManagementServicesLimited
KarvyGlobalServicesLimited
KensoftInfotechLtd
KotakMahindraBank
KPITTechnologiesLtd
KPMG
KumaranSystemsPvt.Ltd.
L&T Infotech
ORGANISATION
CORPORAtE MEMBERS lISt
Annual Report 2017-1844
Legasis Services Private Limited
Lexington Soft Pvt Ltd
LIC of India
Limtex Infotech Limited
Liqvid eLearning Services Private Limited
Lister Technologies Private Limited
Logic Heart Pvt Ltd
Mafiree
Magic Software Pvt. Ltd
Magnasoft Consulting India Pvt. Ltd.
Magus Customer Dialog Pvt. Ltd.
Maintec Technologies Pvt Ltd
Makemytrip India Pvt. Ltd.
Manipal Global Education services Pvt Ltd
Mastercard
Masys Technologies LLP
Maven Systems Private Limited
Mcafee Software (I) Private Limited
Multi Commodity Exchange of India Limited
Medimanage Insurance Broking Pvt Ltd
Medma Infomatix Pvt Ltd
Metacube Software Pvt. Ltd.
MetLife Services East Pvt Ltd
Micro Focus Software India Private Limited
Microland
Microsoft Corporation (India) Pvt. Ltd.
Midland Credit Management India Pvt. Ltd.
Mindcrest (India) Pvt. Ltd.
Mindteck (India) Ltd
Miramed Ajuba Solutions Private Limited
Misys Software Solutions (I) Pvt Ltd.,
Mjunction Services Limited
Morgan Stanley
MothersonSumi Infotech & Designs Ltd.
Motif India Infotech Pvt. Ltd.
MphasiS Ltd.
Mresult Services Private Limited
Mynd Solutions Pvt. Ltd.
National Payments Corporation of India
Neeyamo Enterprise Solution PVT LTD
Net Solutions
Net Vigil Software Private Limited
NetApp India Pvt. Ltd.
Netmagic Solutions Pvt. Ltd.
NetMonastry Network Security Pvt. Ltd
Netscout Systems Inc.
Newage Software and Solutions
nhance Engineering Solutions Pvt. Ltd.
NHPC
Nihilent Technologies Pvt Ltd
NIHON Technology Pvt ltd
NII Consulting
NIIT Technologies Ltd.
Nishith Desai Associates
Nomura Services India Pvt Ltd
Northern Operating Services Private Limited
Nous Infosystems Pvt Ltd
Novartis Healthcare P Ltd.
Ntrust Infotech Pvt. Ltd.
NTT Data Global Delivery Services Limited
Nucleus Software Exports
NVIDIA Graphics Pvt Ltd
Object Edge India Services Pvt Ltd
Octaware Technologies Pvt Ltd
Oil and Natural Gas Corporation
Oil India Limited
Omnitech Info Solutions Ltd.
One97 Communications Limited
Ontrack Systems Limited
Onward Technologies Ltd.
Opton Infocom Pvt Ltd
Optum Global Solutions (India) Private Limited
Oracle India Private Limited
Orbis Financial
Orbital Outsourcing Services
Orion Security Solutions Private Limited
Orkash Services Pvt Ltd
Oxygen Consulting Services Private Limited
Pan Business Lists Pvt. Ltd.
Panamax Infotech Limited
Panoramic Universal Limited
Parablu Systems Private Limited
Paripoorna Software Solution Service Pvt. Ltd.
Pawaa Software
Payoda Technologies Private Limited
Paypal India Limited
Persistent Systems Limited
PHi Business Solution Ltd
Pinnacle Infotech Solutions
Pintney Bowes Software India Private Ltd
Plintron
Pradot Technologies Private Limited
ORGANISATION
CORPORAtE MEMBERS lISt
Annual Report 2017-18 45
Pratham Software Pvt Ltd
PricewaterhouseCoopers Pvt Ltd
Principal Global Services
Protiviti Consulting Private Ltd
PTC Software (India) Pvt. Ltd.
Punjab National Bank
Pvt Ltd
Quadrisk Advisors Private Limited
Qualtech Consultants P Ltd
Quest Informatics Private Limited
QuisLex Legal Services Pvt. Ltd
RSystemsInternationalLimited
RackbankDatacentersPrivateLimited
RanceComputerPvtLtd
Ratnakarbank
RedsparkTechnologiesPvtLtd
RelianceJioInfocommLtd.
RightwaySolution(India)Pvt.Ltd.
RMEducationSolutionsIndiaPvt.Ltd.
RobertBoschEngineeringandBusinessSolutionsPrivate Limited
RoltaIndiaLtd.
RudrabhishekInfosystemPvtLtd
S Capital Solutions Pvt Ltd
Saama Technologies (India) Pvt. Ltd.
SAG Infotech Private Limited
Sahara Net Corp Ltd.
Saigun
SaltLake Institute of Engineering & Management Limited
Sankhyaa Learning Pvt. Ltd.
Sanovi Technologies (India) Pvt. Ltd.
Sans Institute
Sapient Corporation
Sapple Systems Private Limited
Sasken Technologies Limited
Saslab technologies Pvt Ltd
SBL knowledge Services Limited
SDG Software India Private Limited
SEAL Infotech Pvt Ltd
SecPod Technologies Pvt. Ltd.
Security Brigade InfoSec Private Limited
Securonix
Sella Synergy India Private Ltd
Serco BPO
Shriram Value Services P Ltd
Siddaganga Institute of Technology
Sigma Infosolutions Limited
Simeio Development Center Pvt. Ltd.
SISA Information Security Pvt Ltd
Skillmine Technology Consulting Pvt. Ltd.
SLKSoftwareServicesPvt.Ltd
Smart Chip Limited
Smart Cube India Private Limited
Snap-On Business Solutions India Pvt. Ltd.
Societe Generale Global Solutions Center
Soft Prodigy System Solutions Pvt. Ltd.
Softage Information Technology Limited
Software Associates
Software Technology Parks of India
Sonata Software Ltd.
Sony India Software Centre
SQS India Ltd
SSP India Private Limited
State Bank of India
Steria (India) Limited
Steria (India) Ltd
Stern Advisory (India) Pvt Ltd
Suma Soft Private Limited
Sumeru Software Solutions Pvt. Ltd
Summit Information Technologies Pvt ltd
SunKnowledgePrivateLimited
Sun Life India Service Centre Pvt. Ltd.
Sundaram Infotech Solutions Limited
SunGard Solutions (India) Pvt Ltd
SunTec Business Solutions
SWIFT INDIA
SwissReSharedServicesIndiaPvtLtd.
Symbiosys Technologies
Symbol Technologies, A Motorola Company
Symphony Teleca Corporation India Pvt Ltd
Synchrony International Services Pvt Ltd
Syntel, Inc.
Synygy India Pvt. Ltd.
Systems Valley Pvt. Ltd
SysTools Software Private Limited
Take Solutions
Talisma Corporation Pvt. Ltd.
Tally Solutions Private Limited
Target Corporation India Private Limited
TASEC Limited
Tata Communication
ORGANISATION
CORPORAtE MEMBERS lISt
Annual Report 2017-1846
Tata Consultancy Services Limited
TaurusQuest Services Private Limited
Tavant Technologies
Tech Mahindra Ltd.
Techies India Inc
Techindia Infoway Pvt Ltd
Technoforte Software Private Limited
Technology Nexus Secured Business Solutions AB
Techsys Solutions Pvt. Ltd
Tek Cube Private Limited
Telemune Software Solutions Pvt. Ltd.
Telerad Tech Pvt Ltd
Telesoft Technologies Ltd
Tesco HSC
Tesseract Consulting Pvt Ltd
Texas Instruments India Pvt Ltd
THDC Ltd
ThomsonReutersInternationalServicesPvtLtd
Tibco Software India Pvt Ltd
Tieto Software technologies Pvt
Topsource Global Solutions
Trigyn Technologies Ltd
UBS (India) Pvt Ltd
Ugam Solutions
Ujjivan Small Finance Bank Limited
Unisys Global Services - India
Unitforce Technologies Consulting Pvt. Ltd.
Unleash Networks
UTV Software Communications Limited
Valency Networks
ValueLabs
Vaneera HI-TECH
Verisign Services India
Verizon Data Services India Pvt. Ltd.
VFS Global Services Pvt Ltd
Vidyatech Solutions Pvt. Ltd.
Vijaya Bank
Vinove Software & Services Private Limited
Virtusa Consulting Services Private Limited
VirtusaPolaris (Virtusa Consulting Services Pvt Ltd)
VISA Consolidated Support Services(India) Pvt Ltd
Vodafone
Volvo India Private Limited
Web Access (I) Pvt. Ltd.
Webrosoft Solutions Pvt Ltd
Wells Fargo India Solutions Pvt Ltd
Williams Lea India
Winsoft Technologies India Pvt Ltd
Wipro Limited
WNS Global Services Pvt. Ltd.
World Vision India
Xiarch Solutions Pvt Ltd
Xpanxion International Pvt. Ltd
Xplore-Tech Services Pvt Ltd
XSYSYS TECHNOLOGIES PVT.LTD.
Yamaha Motor Solutions India Pvt. Ltd.
YaraGo Software Private Limited
Yes Bank
Yodlee Infotech Private Limited
Zscaler Softech India Pvt. Ltd.
ORGANISATION
CORPORAtE MEMBERS lISt
Annual Report 2017-18 47
Annual Report 2017-1848
DATA SECURITY COUNCIL OF INDIA
3rd Floor, NASSCOM Campus, Plot 7-10 Sector – 126, Noida, 201303, UP
This publication is available at www.dsci.in. Please contact us at [email protected] for any query regarding this publication.
Blog blogs.dsci.in
LinkedIn Data Security of India
Twitter DSCI_Connect
Facebook DSCI.Connect
YouTube dscivideo