I have reported previously on India’s new laws that will weaken the privacy offered to users of VPN technology: The new laws require the VPN vendors to record identifiable information about the users, and then make that information available to organisations authorised by the government, so effectively removing privacy from …
Indian government VPN logging deadline extended
The deadline for implementing a range of infosec directives, issued by India’s Ministry of Electronics and Information Technology (MeitY) and the Indian Computer Emergency Response Team (CERT-In) has been extended by 90-days. India extends deadline for compliance with IT Directions • The Register InfoSec in Indian now always seems to …
Continue reading “Indian government VPN logging deadline extended”
Indian Government’s confidential information security directive leaks!
So the Indian government issued a confidential document to it’s employees on how to keep things secure and secret. It sounds like a great idea and something you should be doing in your organisation – Octagon Technology has such a document. Our document is version controlled, and I, as CISO, …
Continue reading “Indian Government’s confidential information security directive leaks!”
VPN companies start to vote with their feet when it comes to storing user data in India
Because of the soon to be law, requirements for VPN companies operating in India, to keep full logs of their user’s activities for five years, so India’s Computer Emergency Response Team (CERT-In) and law enforcement can have access to them – so removing the levels of privacy that a VPN …
India, India, India…
I think it is a good thing that the Indian government is giving it’s full support to tightening up cyber security in the country. However it seems that their responses, which seem good on paper are not so when translated into the real world: Indian authorities issue conflicting advice about …
InfoSec in Indian now always seems to be in hurry
Following the Indian government directives about reporting of cyber-security incidents and the requirement to keep VPN user logs, both of which had ridiculously short deadlines for compliance – here is another: Indian stock markets given ten day deadline to file reports • The Register India in the news – when …
Continue reading “InfoSec in Indian now always seems to be in hurry”
India in the news – when is privacy not so private? UPDATED 20 May 2022
This article was first published on 5 May 2022 Update 20 May 2022 The Indian government has moved on it’s hard line approach to incident report reporting, and some of the other provisions in their new cyber security laws – except the rules on VPNs! India slightly softens infosec incident …
Continue reading “India in the news – when is privacy not so private? UPDATED 20 May 2022”