Text Space Image
Search

Security Policy

Website Security Policy of Indian Coast Guard, Ministry of Defence

Indian Coast Guard, Ministry of Defence has a responsibility to protect from disclosure to unauthorized parties the personally identifiable information (name, address, date of birth, social security number, etc.) of its website users. Therefore, Indian Coast Guard, Ministry of Defence has adopted and implemented a website security policy to protect account information of its website users.

• Indian Coast Guard, Ministry of Defence, Government of India has been placed in protected zones with implementation of firewalls and IDS (Intrusion Detection System) and high availability solutions.

• Before launch of the Indian Coast Guard, Ministry of Defence, Government of India, simulated penetration tests have been conducted. Penetration testing has also been conducted one time after the launch of the Indian Coast Guard, Ministry of Defence, Government of India.

• Indian Coast Guard, Ministry of Defence, Government of India has been audited for known application level vulnerabilities before the launch and all the known vulnerability has been addressed.

• Hardening of servers has been done as per the guideline of Cyber Security division before the launch of the Indian Coast Guard, Ministry of Defence, Government of India.

• Access to web servers hosting Indian Coast Guard, Ministry of Defence, Government of India is restricted both physically and through the network as far as possible.

• Web-servers hosting Indian Coast Guard, Ministry of Defence, Government of India are configured behind IDS, IPS (Intrusion Prevention System) and with system firewalls on them.

• All the development work is done in a separate development environment and is well tested on the staging server before updating it on the production server.

• After testing properly on the staging server the applications are uploaded to the production server using SSH and VPN through a single point.

• The content contributed by/from remote locations is duly authenticated & is not published on the production server directly. Any content contributed has to go through the moderation process before final publishing to the production server.

• All contents of the web pages are checked for intentional or unintentional malicious content before final upload to web server pages.

• Audit and Log of all activities involving the operating system, access to the system, and access to applications are maintained and archived. All rejected accesses and services are logged and listed in exception reports for further scrutiny.

• Help Desk staff at the Department IT centre to monitor the Indian Coast Guard, Ministry of Defence, Government of India at intervals of weekly to check the web pages to confirm that the web pages are up and running, that no unauthorized changes have been made, and that no

unauthorized links have been established.

• All newly released system software patches; bug fixes and upgrades are expediently and regularly reviewed and installed on the web server.

• On Production web servers, Internet browsing, mail and any other desktop applications are disabled. Only server administration related tasks are performed. Server passwords are changed at the interval of three months and are shared by Web Information Manager (WIM).Web Information Manger (WIM)have been designated as Administrator for the Indian Coast Guard, Ministry of Defence, Government of India and shall be responsible for implementing this policy for each of the web servers. The administrator shall also coordinate with the Audit Team for required auditing of the server(s).

• The Indian Coast Guard, Ministry of Defence, Government of India has been audited before launch and has complied with all the points mentioned in the policies document of the Cyber Security Group mentioned above.

• Indian Coast Guard, Ministry of Defence, Government of India has also been subjected to an automated risk assessment performed through vulnerability identification software before and after the launch and all the known vulnerabilities have been addressed.

Notice and Disclosures

Indian Coast Guard, Ministry of Defence will not sell, trade, nor disclose the personally identifiable information of its website users to any unauthorized third parties.

Data Quality and Access

Indian Coast Guard, Ministry of Defence takes all steps possible to ensure that the data on the website is accurate. If something is found to be inaccurate Indian Coast Guard, Ministry of Defence will make every effort to correct said information as quickly as possible. If it is found to be an inaccuracy with the entire system Indian Coast Guard, Ministry of Defence will work swiftly to correct the problem so that your web experience is as trouble-free as possible. Any change to your user account will not be reflected on the website until the following business day. The information contained on the Indian Coast Guard, Ministry of Defence website is subject to change without prior advance notice.

Indian Coast Guard, Ministry of Defence uses cookies to enhance the website experience for its registered users. A cookie is a small file that is stored on the user’s hard drive. Indian Coast Guard, Ministry of Defence uses this file to maintain certain information about the user as they move between pages. Upon closing your browser, the cookie becomes inactive and a new one will be created the next time you sign on to use one of the password protected features on the Indian Coast Guard, Ministry of Defence website. Most browsers are shipped to accept cookies, but this is a function that can be controlled by the user. However, many of the services offered on the website may not run optimally or at all without cookies enabled.

While using the Indian Coast Guard, Ministry of Defence website certain information such as your IP Address and time spent on pages may be collected. This non-personal information is collected in order to monitor any unauthorized use or access to the Indian Coast Guard, Ministry of Defence website. Anyone caught attempting to harm, steal information from, or otherwise damage the Indian Coast Guard, Ministry of Defence website will be prosecuted to the full extent of the law.

Data Security

Indian Coast Guard, Ministry of Defence takes security very seriously and has therefore taken every precaution to secure our borrowers information. In order to secure the user’s information, Indian Coast Guard, Ministry of Defence has implemented several security measures to prevent loss, theft, or misuse of any borrower data.