Information Technology Act 2000 (amendments), Section 43/43A/65/66/66A-66F offenses, Digital Personal Data Protection Act 2023 (DPDP), Reasonable security practices and SOPs, Cyber Appellate Tribunal, Electronic signa...
Information Technology Act 2000 (amendments), Section 43/43A/65/66/66A-66F offenses, Digital Personal Data Protection Act 2023 (DPDP), Reasonable security practices and SOPs, Cyber Appellate Tribunal, Electronic signatures and digital certificates, Contract law in cyberspace, Jurisdiction issues (cross-border cybercrimes).
GDPR extraterritorial applicability, Legitimate interest vs. consent, Data Protection Impact Assessments (DPIA), Data processor obligations, Breach notification timelines (72 hours), Data Protection Officer (DPO) mandate, Privacy by Design/Default, India data localization requirements (critical personal data), Cross-border transfer mechanisms (SCCs, adequacy decisions).
Indian Evidence Act Section 65B (electronic records), First Information Report (FIR) for cybercrimes, Chain of custody preservation, Digital evidence admissibility, CERT-In incident reporting mandate (6-hour timeline), Forensic readiness planning, Mutual Legal Assistance Treaties (MLAT), Budapest Convention on Cybercrime.
NIST Cybersecurity Framework (Identify, Protect, Detect, Respond, Recover), ISO 27001:2022 controls and Annex A domains, Risk assessment methodologies (qualitative/quantitative), Threat modeling (STRIDE, PASTA), Risk treatment plans (avoid, mitigate, transfer, accept), Key Risk Indicators (KRIs), Third-party risk management, Supply chain security.
PCI-DSS requirements (cardholder data environment), SOC 2 Type II criteria (security, availability, processing integrity), HIPAA/HITECH for healthcare, COBIT 2019 governance framework, GRC platforms integration, Audit logging and retention policies, Continuous compliance monitoring, Regulatory reporting (SEBI cybersecurity framework), Board-level cyber governance responsibilities.