National Security Database

National Security Database is a prestigious official accreditation program in India, awarded to credible & trustworthy information security experts with proven skills to protect the National Critical Infrastructure & economy of the country.

The program, developed by 'Information Sharing and Analysis Center' (ISAC), jointly in support with the Government of India, has multiple speciality domains under Information security, in which professionals can apply for empanelment in the database by clearing a technical lab examination and psychometric test. The program does not award any certification and provides credible recognition in form of empanelment in the database under specific security domain.

History

The project was conceived after the 2008 Mumbai attacks to protect the National Critical Infrastructure and Cyber space of India. The program was founded by Rajshekhar Murthy[1] under a non-profit section 25 company 'Information Sharing and Analysis Center', in support with highly specialised technical intelligence agency NTRO, Government of India.

Earlier, the program was announced as a pilot at the International Malware Conference, MalCon in 2010 in Mumbai where Indian Government officials reportedly asked Indian hackers to learn Chinese.[2][3]

Program launch

The program released on 26 November,[4] the same date of the 2008 Mumbai Attacks, at the International Malware Conference, MalCon at JW Marriott, Mumbai. The program was inaugurated by shri Sachin pilot, minister of state in the Ministry of Communications and Information Technology.

Access restrictions

The empanelment in database can only be applied by Indian citizens and a limited access is available to the Industry to benefit from list of credible experts. However, a major part of the database access is restricted to supporting Indian government organisations.

Debate

The program is largely believed to identify professional ethical hackers and security experts by the government of India to protect its critical infrastructure and cyber space. IT Minister Kapil Sibal has reportedly expressed the need of community of ethical hackers.[5]

Alok Vijayant, director of the information dominance group at the National Technical Research Organisation, the nation’s chief technical intelligence monitoring authority, quoted[6] in an interview with India's top weekly magazine Outlook, that NSD should not be “trivialised” by describing it as just as a group of hackers. “Supported by the government and the industry, NSD is a good initiative, since it will provide a readymade database of the most credible security professionals. This is more so because information security is a domain where individuals have the skills and not companies and they tend to regularly move from one firm to another.

Official support to the project

NSD is officially endorsed by multiple Indian Government organisations such as CERT-IN and NTRO for the stated National objectives with recognition of the foundation and a declared support for the work being done. The collaboration is open and all supporting organisations who need to access the database can do so with a formal MoU with the body.

Industry and community contribution

Various organisations are actively participating and supporting the National Security Database. Notable organisations having voluntary representations governing the NSD advisory panel at a national level include the HoneyNet India Chapter, Microsoft India and the country's oldest security conference clubhack.

Current speciality domains of the NSD

The National Security Database program has the following speciality domains under which professionals can apply for empanelment:

  1. Information security compliance and penetration testing
  2. Reverse engineering
  3. Web application security
  4. Malware research and analysis
  5. Exploit development
  6. Mobile application security
  7. Digital forensic analysis
  8. Telecom security (by Invitation)
  9. Banking security (by Invitation)

In a quote with Outlook magazine, the director of ISAC, Rajshekhar Murthy stated[6] that It is necessary to have people who are not only competent but also have a high degree of trustworthiness and integrity. "The selection process will involve examination of references, technical skills, criminal history, and even psychological assessment to generate a credit report for security clearance.”

Notes

Ethical Hacking and penetration testing with Kali

  1. "Archived copy". Archived from the original on October 21, 2011. Retrieved November 18, 2011.
  2. J Dey Date: 2010-12-05 Place: Mumbai (2010-12-05). "Ethical hackers asked to learn Chinese to beat red attacks". Mid-day.com. Retrieved 2013-05-16.
  3. kohi10 (2010-12-05). "Got Mad Hacking Skillz? Speak Chinese? | MadMark's Blog". Kohi10.wordpress.com. Retrieved 2013-05-16.
  4. "techgoss.com". techgoss.com. 2011-11-09. Retrieved 2013-05-16.
  5. ET Bureau Nov 16, 2011, 04.22am IST (2011-11-16). "We need a community of ethical hackers, says IT minister Kapil Sibal - Economic Times". Articles.economictimes.indiatimes.com. Retrieved 2013-05-16.
  6. 1 2 "Our Ether Warriors | Debarshi Dasgupta". Outlookindia.com. Retrieved 2013-05-16.
This article is issued from Wikipedia - version of the Sunday, April 03, 2016. The text is available under the Creative Commons Attribution/Share Alike but additional terms may apply for the media files.