Page 19 - GiGW3
P. 19
3. New features of GIGW 3.0
Cybersecurity 3.4
A chapter on cybersecurity, organisations or users.
It is based on the best industry security
formulated by CERT-In, has also
practices and guidelines such as ISO 27001, the
been incorporated which relates
to websites, web portals, web
(ASVS) issued by Open Web Application
applications and mobile apps. Application Security Verification Standard
The chapter focuses on Security Project (OWASP), OWASP Top 10
protecting web resources from unauthorised vulnerabilities and the Center for Internet
use, access, changes, destruction, or Security (CIS) benchmarks as per the prevailing
disruption. It also guides on the prevention of security policy.
leakage of sensitive information like passwords, This chapter must be read in conjunction with
email addresses and credit card details, which the guidance and advisories issued by CERT-In
cause both personal embarrassment and from time to time, which should be treated as
financial risks. updates to the guidance contained in the
It deals with all aspects of security starting chapter.
from design, coding and implementation to Government organisations must continue to
testing and deployment, which prevent obtain a “safe to host” certificate issued by the
malfunctioning, phishing, cyber-crimes or cybersecurity auditors empanelled by
cyberattacks to avoid data loss of the CERT-In/STQC or the auditors of STQC or NIC.
19
