The Tamil Nadu Government has introduced Cyber Security Policy 2.0, an upgrade to the earlier 2020 version. This revised policy offers clear guidelines for safeguarding the government’s digital systems and ensuring their security. It prioritizes the protection of IT infrastructure and data within the government’s digital ecosystem.
Key Objectives
The primary aims of the policy include shielding the government’s information assets from cyber threats and ensuring continuous availability of IT systems for both government operations and citizen services. It also involves establishing a monitoring system to oversee and ensure the smooth and secure functioning of IT infrastructure.
The policy applies to all state government departments and public sector units in Tamil Nadu, as well as third-party entities such as contractors, suppliers, and consultants collaborating with the government.
Essential Components
The policy emphasizes several security practices:
- Utilizing e-signatures or digital signatures to authenticate documents.
- Strengthening email and password security to prevent unauthorized access.
- Implementing a social media policy to regulate content shared on platforms.
- Developing backup and recovery plans to safeguard critical data.
- Performing regular information security audits to identify system vulnerabilities.
Incident Management and Training
Each department is required to:
- Appoint officials to coordinate with the Cyber Security Incident Response Team (CSIRT) in case of a cyber attack.
- Ensure staff undergoes annual training to effectively manage and respond to cyber incidents.
Data Backup Requirements
Departments must:
- Securely store backup data in multiple locations to ensure its protection.
- Regularly test the backup data to verify its accuracy and completeness.
Risk Assessment
A thorough risk assessment is mandated to evaluate the significance and sensitivity of the applications and assets being used. This process helps identify potential risks and the impact of any cyber compromise.
