Contact with Special interest

group & Authorities guidelines

for

e-Governance
Draft

DEPARTMENT OF ELECTRONICS AND INFORMATION TECHNOLOGY

Ministry of Communication and Information Technology, Government of India.

e-Governance Contact with Special interest group and

Authorities guidelines

Document Control
S/L

Type of Information

1.

Document Title

2.
3.
4.
5.
6.
7.
8.

Document Code
Date of Release
Next Review Date
Document Revision Number
Document Owner
Document Author(s)
Document Reference

Document Data
e-Gov Contact with Special interest group
and authorities guidelines
GL_eGov_CWSIG

DietY

Document Approval
Sr. No.

Document Approver

Document Change History

Version
Revision Date
No.

For Internal Use Only

Approver Designation

Approver E-mail ID

Nature of Change

Date of Approval

Page 2 of 89

e-Governance Contact with Special interest group and

Authorities guidelines
Table of Contents

1.

IN TR O D UC T IO N ................................................................................................................................... 4

2.

SCOPE ................................................................................................................................... 4

3.

PURPOSE ............................................................................................................................ 45

4.

CONTACT WITH AUTHORITIES ....................................................................................................... 5

4.1

IDENTIFICATION OF DI FFERENT AUTHORITIES ...................................................................... 5

4.2

CONTACT WITH AUTHORITIES ....................................................................................................... 6

4.3

CONTACT WITH REGULATORY BODIES ........................................................................................ 6

5.

C ON T AC T W I TH S P EC I AL I N TE RES T GRO U PS ........................................................................ 7

6.

REF ER E NC E ........................................................................................................................................... 8

For Internal Use Only

Page 3 of 89

e-Governance Contact with Special interest group and

Authorities guidelines
1. INTRODUCTION

In the world of fast changing technology it becomes essential for an organization to keep
updated itself regarding latest technology, security threats and vulnerabilities. It becomes
essential for CISO to maintain appropriate contact with special interest groups and authorized
information security forums for receiving and distributing the updates on new vulnerabilities,
security threats, regulations

and/ or risks pertaining to the Information System assets and to

the services that are provided by e-Gov service delivery.

These guidelines are used to contact various special interest groups such as CERT-IN and
authorities such as law enforcement department, Regulatory bodies, Hospitals, Fire
department, or nearby Police station. These guidelines are to be followed by authorized person
or any user while contacting authorities. The objective of this document is to ensure that every
user is aware of their responsibility while contacting authorities.

2. SCOPE
These guidelines are applicable to State Data Centre and Disaster recovery site, and SWAN. It is
also applicable to CISO who will be responsible for maintaining contacts with Special Interest
Groups in the interest of e-Gov service deliverys security posture.

3. PURPOSE

For Internal Use Only

Page 4 of 89

e-Governance Contact with Special interest group and

Authorities guidelines
The purpose of these guidelines is to guide CISO and respective teams to contact special
interest group and authorities respectively.
It also helps to implement following controls:

Contact with authorities

Contact with special interest groups

Defined in ISO 27001/IEC 27001:2013 information security standard

4. CONTACT WITH AUTHORI TIES

4.1 IDENTIFICATION OF DIFFERENT AUTHORITIES
The data centre head function should identify all important authorities and maintain a list of
the same. Some of the important functions are fire department, hospitals, telecommunication
providers, water supplies, police stations, and local municipal authority.
Legal and Regulatory function should be responsible to identify and maintain list of regulatory
bodies with whom contacts are required to be maintained.
The list should include the following:

Name of the Authority;

Contact person;

Address of authority;

Telephone number of authority office and contact person; and

E-mail id of authority and contact person.

This list should be updated by data centre head and Legal and Regulatory Function respectively
as and when any changes are made.

For Internal Use Only

Page 5 of 89

e-Governance Contact with Special interest group and

Authorities guidelines
This list (consists contact number of fire department, hospitals, telecommunication providers,
water supplies, police stations etc) prepared by data centre head should be circulated to all
users and keep updated.

4.2 CONTACT WITH AUTHORITIES

Data centre head should designate one person at each location as a contact person
who can be contacted in case of any emergency. Additionally, one more person
should be designated as contact person who can be contacted in case the first
person is unavailable.

Data centre head should circulate the telephone numbers of both contact person to
all users and keep them updated of any changes.

In case of an emergency, all users should contact the contact person and inform
about the incident.

The contact person should establish contact with the relevant authority and inform
the incident mentioning location and nature of the incident.

The Contact person should assist the authority staff in handling the situation.

4.3 CONTACT WITH REGULATORY BODIES

Data centre head should appoint a Single Point of Contact (SPOC) to maintain
contact with HOD of User Departments for clarification, approvals and any changes/
updates in laws or regulations.

SPOC should intimate all functions within e-Gov service delivery regarding any
changes in laws and regulations.

For Internal Use Only

Page 6 of 89

e-Governance Contact with Special interest group and

Authorities guidelines
5. CONTACT WITH SPECIAL INTEREST GROUPS

The CISO shall maintain contacts with the following special interest groups, but not limited to:

Special Security Forums: These forums enhance security of Communications and

Information Infrastructure through proactive action and effective collaboration with
other security bodies. These forum issue security guidelines, advisories, share
information relating to latest changes in information security.e.g.securityforums.com, sla.ckers.org, forumsys.com, neohapsis.com.

Security Advisories: Security advisories provide objective, timely and comprehensive

information about security threats and vulnerabilities. An example could be certain
security advisory websites like frsirt.com, secunia.com.

Network System Updates: Vendors for information/ technical assets should be

contacted for hardware and software updates, patch updation, latest vulnerabilities.

Application Vendors: Contacts with vendors for application used within state Data
centre. Environment should be maintained to ensure latest threats and
vulnerabilities applicable to these applications are addressed.

CISO shall be associated with the above companies/ institutions with an objective to:

Get updates on new vulnerabilities, security threats, regulations pertaining to Data

Centre Standards;

Improve knowledge and keep up-to-date with relevant security information;

Ensure the understanding of the information security environment is current and

complete;

For Internal Use Only

Page 7 of 89

e-Governance Contact with Special interest group and

Authorities guidelines

Receive early warnings of alerts, advisories, and patches pertaining to attacks and
vulnerabilities;

Gain access to specialist information security advice; and

Share and exchange information about new technologies, products, threats, or

vulnerabilities with data centre Team. Data centre team will further circulate share
with Security SPOC of Disaster recovery site.

CISO shall appoint SPOC for contacting special interest groups. SPOC shall

Contact special interest group for latest security issues.

Update CISO fortnightly on latest security threats, vulnerabilities and latest updates.

Address security queries/ issues to CISO and get it solved or clarified.

6. REFERENCE
ISO 27001/IEC 27001:2013 information security standard:

Contact with authorities

Appropriate contacts with relevant authorities shall be maintained.

Contact with special interest groups

Appropriate contacts with special interest groups or other specialist security
forums and professional associations shall be maintained.

For Internal Use Only

Page 8 of 89