Hackers of India

Securing India The CERTIn Way

By  Saikat Datta   Sanjay Bahl   Ajit Menon   Anuprita Daga  on 06 Sep 2022 @ Nullcon


Presentation Material

AI Generated Summarymay contain errors

The content appears to be a transcript of a discussion or Q&A session between experts in the field of cybersecurity. Here is a summary of the main points raised:

  1. The concept of “principal agent” was discussed, with an analogy drawn from banking regulations where the principal (a bank) is held responsible for outsourced entities.
  2. The importance of choosing the right metaphor when addressing cyber attacks was emphasized, with a suggestion to use economic offenses or fraud as a more suitable comparison.
  3. A question was raised about how to decide what incidents need to be reported, with reference made to a list of 20 incidents that must be reported.
  4. Another question was asked about ensuring quality in security audits and tenders, particularly when governments opt for the lowest bidder. The issue of awareness at the user side was highlighted as a contributing factor to this problem.
  5. A suggestion was made to split security components from functionality in tender documents to prevent compromise on security aspects.
  6. The importance of responsible disclosure and vulnerability reporting programs was emphasized, with Certain offering such services.

Overall, the discussion revolved around the challenges of implementing effective cybersecurity measures, particularly in government tenders and contracts, and the need for increased awareness and responsibility among stakeholders.