back to article India set to extend deadline for absurd infosec reporting requirements

India's minister of state for electronics and information technology, Rajeev Chandrasekhar, has hinted strongly that he will again extend the deadline to comply with sweeping new information security reporting rules that were imposed as an essential national defence mechanism. The unheralded rules were introduced in April 2022 …

  1. ColinPa Silver badge

    Give them what they want.

    I remember one onerous requirement that we had to report suspicious activity. We complained that the guidance was vague and the data would be meaningless. In end we "complied". We reported things like "something flashed up on the screen and disappeared within a second" too quick to take any details. "The machine suddenly did a lot of disk I/O when I was doing nothing". "The same problem as yesterday"

    This turned out to be automatic updates, and the corporate tools checking our machines, so perfectly normal activity - but how were we to know. We all sent this stuff in - a couple of times a day. We also asked our managers to get back "status" from the people requesting this data, and ask how they were doing, and asked for an analysis of the data.

    After a couple of weeks the requirements to collect this data was quietly scrapped.

    1. Pascal Monett Silver badge

      Re: Give them what they want.

      Nothing like swamping people in useless data to overturn reporting processes.

      It reminds me of an episode of Yes Minister.

  2. Potemkine! Silver badge
    Flame

    I love when people who know shit in IT take this kind of inapplicable/useless/stupid decisions that are mandatory to apply or face severe punishments. Those so-called 'Leaders' perhaps believe they are 'doing stuff', they are 'leading', when in reality they are just a PITA.

    This is far from being limited to governmental entities, big companies are also usual offenders.

    == Bring us Dabbsy back! ==

  3. pc-fluesterer.info
    Facepalm

    REPORTING is an "essential national defence mechanism"?

    Well, I still keep on learning.

    Up to now I thought that it is better to PREVENT an incident than to REPORT one that happened.

    Well, looks like I will have to rethink. ...

    1. Michael Wojcik Silver badge

      Re: REPORTING is an "essential national defence mechanism"?

      That doesn't mean reporting isn't valuable, or indeed essential.

      It's impossible to prevent all incidents. Perfect security is not achievable. For a system of moderate or greater complexity, it often can't even be defined in a rigorous manner.

  4. Anonymous Coward
    Anonymous Coward

    None have responded.

    what else to expect ? Their mailbox is probably receiving multiple GB of "login unsuccessful" reports each hour !

  5. This post has been deleted by its author

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like