India gives local techies 60 days to hit 6-hour deadline for infosec incident reporting

2022-04-29 10:46

India's Computer Emergency Response Team has given many of the nation's IT shops a big job that needs to be done in a hurry: complying with a new set of rules that require organizations to report 20 different types of infosec incidents within six hours of detection, be they a ransomware attack or mere compromise of a social media account.

The national infosec agency stated the short deadline is needed as it has identified "Certain gaps causing hindrance in incident analysis."

Organizations can use email, phone, or fax to send incident reports.

In total 20 incident types are listed, and some such as ransomware attacks and data breaches are clearly worthy of swift reporting.

The six-hour reporting window is also short: Europe's General Data Protection Regulations require data breach reporting within 72 hours and the USA is pondering 24-hour reporting requirements for government agencies.

Which is not a lot of time to establish the procedures required to deliver six-hour reporting.

News URL

https://go.theregister.com/feed/www.theregister.com/2022/04/29/cert_in_directive/

#india #infosec