The document discusses internet security in India. It summarizes that while the internet provides many benefits, it also enables many security threats. The Open Security Alliance (OSA) conducted research on internet security issues facing individual users, organizations, and the government in India. OSA categorized internet users and identified security issues for each group. Their analysis found that India faces unique technology risk issues with a growing internet user population in both urban and rural areas. Proactive strategies are needed to establish security standards and practices through research, education and policy changes.
1. www.opensecurityalliance.org
INTERNET SECURITY IN INDIA
The internet has revolutionized the way the world thinks,
communicates, collaborates for business, wages war or
terror. It was conceptualized as a system to foster
collaboration and knowledge sharing and has grown into a
medium that (additionally) facilitates communication,
business, commerce, friendship, love, life and much more.
60 mil
Since August 1995 when the first motley group of net
savvy individuals lined up at the doors of VSNL, the only
ISP in the country, for internet accounts, the number of
users stood at more than 6 crores by mid-2008. In the 13
years, the user base has grown exponentially serviced by
ISPs offering Internet over broadband, wireless, cable,
satellite or phone connections.
It has become an important component in the life of every citizen and is used by individuals,
organizations, and government for communication, business, finance, information, transactions etc.
Unfortunately, when something good comes your way, the bad follows – so
Web 2.0 has created a while the Internet provides the backbone that takes care of fundamental
Fundamental shift of components in life it is also a major delivery source of malware and the
content creation from gateway for numerous security threats. People, business, organizations,
trusted sources to everyone who depends on or uses the Internet has realized the crucial role
anonymous played by this medium in their day-to-day life or business; but
collaborations such as unfortunately, they are yet to realize the gravity of threat to their security.
wikis, blogs and social
networking sites, which The Internet Security threat takes many forms that can affect individuals,
are much more likely to corporations, governments or organizations. Threats originate from script
be infiltrated and kiddies, malicious hackers or crackers, terror organizations, non-state and
infected by hackers. state warmongers, disgruntled employees, insiders, in addition to natural
- Gartner, 2007 and man made disasters.
These threats take the form of viruses, trojans, malware, keyloggers,
identity theft, data breaches, denial of service attacks, botnets, phishing, cyber-bullying, IP theft, piracy
etc. All this requires service providers, system developers and infrastructure companies and users to
constantly be on guard, following a proactive approach to safeguarding their Internet and technology
assets and experience.
Open Security Alliance (OSA), an association of professionals working in Information Security and other
business domains, has undertaken to research and publish this report on Internet Security in India. This
paper will seek to provide an overview of the state of Internet Security in India and provide insight into
current practices, trends, solutions from the viewpoint of practices and policy.
Members have come together, under the OSA banner, driven by their desire to provide their expertise
and knowledge, helping the community at large and also endeavor to reach policy makers in the
Government to bring about positive and proactive change. OSA works with individuals, enterprises and
Version 1.0 Page 1
2. www.opensecurityalliance.org
institutions to conduct research and studies in security technology with published reports and white
papers. The objective is to ‘demystify’ security technology and to provide practical and factual solutions
for security issues confronting the community and country.
Since the Alliance members are from different specializations, great value is delivered in providing a
collective, unbiased analysis and perception of Security in technology and business. This paper is
authored by a team of volunteer members of OSA and is written with the spirit of collaboration and the
passion to contribute that symbolizes the essence of the Internet.
In preparing this paper, OSA has taken an approach to identify user groups and broadly define security
issues facing these Internet users. Users have been categorized into three groups - the individual who
may be using the net for personal or professional work or entertainment; an organization or enterprise
that uses the net for facilitating their business transactions, communication and connectivity; and the
Government which will include all departments, bodies, organizations directly and indirectly connected
to the State.
Internet Security is as complex as the WWW and it’s working, and poses multiple to all user groups,
across the world.
The OSA team has followed the classic audit approach to address the subject
by is to gather information on industry practices to establish the terms of
reference, do a current state assessment, collect knowledge about global
practices, conduct a gap analysis by correlating current state with desired 8,10,00,000 Internet
industry and global practices, identify a prioritized list of suggestions for users as of Nov/08,
action by concerned authorities and propose areas for collaboration. 7.1% penetration. (ITU)
As a first step the OSA team set about identifying and defining the Security 31,30,000 broadband
universe in industry best practices and standards. This was followed by Internet connections as
interviews and interactions with individuals and enterprise users to arrive at of Mar.31/08.(TRAI)
the current state assessment.
Next steps included expanding the knowledge with information about global
practices and a study of international organizations that provide thought
leadership in the Security domain. Yeoman work has been done by
organizations like NIST, CERT, CMU, ENISA, OGC, ISO, NSA, DHS, ISACA and many others across the
world and the frameworks, standards, practices and procedures are recognized and used for the value
they provide in mitigating risks from technology related security threats.
India presents a unique technology risk landscape with a net-aware population in urban areas and a
growing user population in rural areas that has to learn to mitigate threats on the Internet. It is
imperative to identify threats and vulnerabilities that may compromise the security of the user or that
of private or public infrastructure. We have to be proactive in initiating mitigation and remedial
strategies through research, studies, education and training. Government agencies, professional
organizations, academic research institutions and private enterprises have to lead the way in
establishing laws, practices and standards that will ensure security for the user.
Version 1.0 Page 2
3. www.opensecurityalliance.org
References:
Awareness on data security on rise
http://www.deccanherald.com/Content/Mar232009/eb20090322125675.asp
Internet World Stats
http://www.internetworldstats.com/asia.htm#in
Internet and Mobile Association of India
http://www.iamai.in/PRelease_detail.aspx?nid=1801&NMonth=1&NYear=2009
Version 1.0 Page 3