State Cyber Security Policy will be formulated in line with the National Cyber Security Policy that will apply to any State Government entity. Sub policies to cover information security in various technological/ business process areas supported by standards and guidelines will be formulated.
A framework for Secure Development Life Cycle will be rolled out that would guide the e-Governance Application Development teams.
Government Departments would be encouraged to do Risk Assessment on Information Security and put in place an Information Security Management System (ISMS) based on Policies implementing Security Controls and meeting compliance requirements based on ISO 27001 standard
Disaster Recovery and Business Continuity Plan would be mandatory for all e Governance projects. State Data Centre would establish a Disaster Recovery site that can enable Business Continuity of applications.
Period Risk Assessments, Vulnerability Assessments and resultant remedial action needs to be carried out on every e-Governance application of the Government. An effective IT audit mechanism needs to be put in place to ensure compliance.
A Crisis Management Plan would be implemented across the State Government to respond to any cyber incident and mitigate the severity of such incidents.